Friday, December 16th, 2016

Time	Event
3:23p	O'Cearbhaill: Reliably compromising Ubuntu desktops by attacking the crash reporter Donncha O'Cearbhaill has discovered that Ubuntu's "apport" tool, which handles application crash data, passes arbitrary data to the Python eval() function. There are a couple of other vulnerabilities as well, making it possible to fully compromise a system. The bugs (now known as CVE-2016-9949, CVE-2016-9950, and CVE-2016-9951) have been fixed; applying the updates is highly recommended for Ubuntu users. "The computer security industry has a serious conflict of interest right now. There is major financial motivation for researchers to find and disclose vulnerability to exploit brokers. Many of the brokers are in the business of keeping problems unfixed. Code execution bugs are valuable. As a data point, I received an offer of more than 10,000 USD from an exploit vendor for these Apport bugs." (Comment on this)
4:03p	Security advisories for Friday Arch Linux has updated flashplugin (multiple vulnerabilities) and lib32-flashplugin (multiple vulnerabilities). Debian has updated libupnp (two vulnerabilities). Debian-LTS has updated firefox-esr (multiple vulnerabilities) and icu (two vulnerabilities, one from 2014). Fedora has updated chromium (F25; F24: multiple vulnerabilities), firefox (F25; F24: denial of service), gstreamer-plugins-bad-free (F24: code execution), gstreamer-plugins-good (F24: multiple vulnerabilities), and libgsf (F24: denial of service). Mageia has updated chromium-browser-stable (multiple vulnerabilities) and firefox (multiple vulnerabilities). (Comment on this)
4:26p	Fedora 25: With Wayland, Linux has never been easier (Ars Technica) Ars Technica has a review of the Fedora 25 release. "What's perhaps most remarkable for a change that's so low-level, and in fact one that's taking a lot of X functionality and moving lower down into the stack, is how unlikely you are to notice it. During testing so far (encompassing about two weeks of use as I write this), the transition to Wayland has been totally transparent. Even better, GNOME 3.22 feels considerably smoother with Wayland." (Comment on this)
5:09p	Introducing GoboLinux 016 The GoboLinux project has announced the release of GoboLinux 016. The distribution takes a different approach to filesystem organization so that multiple versions of programs can all be installed at the same time. GoboLinux 016 has a new feature called Runner to manage that: "Runner is a brand new filesystem virtualization tool, specifically designed for GoboLinux. It dynamically changes a process' view of /System/Index based on the program's Dependencies file. From day one, GoboLinux has always supported keeping multiple versions of a program installed on disk at the same time, but when two versions had conflicts, you had to choose which one would be activated in the system as the default. With Runner, you don't need to worry about which version of a given dependency is currently linked (or activated) in /System/Index: Runner gives the process its own virtual /System/Index with all the right dependencies." Other features include the GoboNet wireless network manager and a desktop based on the awesome window manager. (Comment on this)

<< Previous Day

2016/12/16 [Calendar]

Next Day >>