LWN.net's Journal
[Most Recent Entries]
[Calendar View]
Thursday, January 10th, 2019
| Time |
Event |
| 12:31a |
[$] LWN.net Weekly Edition for January 10, 2019
The LWN.net Weekly Edition for January 10, 2019 is available. | | 2:43p |
Security updates for Thursday
Security updates have been issued by Debian (libcaca), Fedora (beep and libgxps), Mageia (krb5, live, ffmpeg, mplayer, and vlc, and mbedtls), SUSE (helm-mirror, java-1_7_0-openjdk, and systemd), and Ubuntu (nss and python-django). | | 3:42p |
A set of systemd-journald exploits
Qualys has sent out a security advisory describing three stack-overrun
vulnerabilities in systemd-journald. "We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that
obtains a local root shell in 10 minutes on i386 and 70 minutes on
amd64, on average. We will publish our exploit in the near future.
To the best of our knowledge, all systemd-based Linux distributions are
vulnerable, but SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora
28 and 29 are not exploitable because their user space is compiled with
GCC's -fstack-clash-protection." | | 5:29p |
[$] A slow start to OpenSUSE's board election What if you announced a board election and nobody ran? That is the quandary the openSUSE project faced
as recently as January 4, when the nomination deadline loomed and no candidates for the three open seats had come forward. The situation has since changed, and openSUSE members will have a wide slate of candidates to choose from. But the seeming reticence to come forward may well be a reflection of some unresolved tensions that exploded into a flame war several months ago. |
|