Thursday, January 17th, 2019

Time	Event
2:32a	[$] LWN.net Weekly Edition for January 17, 2019 The LWN.net Weekly Edition for January 17, 2019 is available. (Comment on this)
4:01p	Security updates for Thursday Security updates have been issued by CentOS (libvncserver), Debian (sssd), Fedora (kernel and kernel-headers), Red Hat (ansible, openvswitch, pyOpenSSL, python-django, and redis), and Ubuntu (policykit-1). (Comment on this)
4:09p	Stable kernel updates Stable kernels 4.20.3, 4.19.16, 4.14.94, 4.9.151, and 4.4.171 have been released. They all contain important fixes and users should upgrade. (Comment on this)
5:04p	[$] Defending against page-cache attacks The kernel's page cache works to improve performance by minimizing disk I/O and increasing the sharing of physical memory. But, like other performance-enhancing techniques that involve resources shared across security boundaries, the page cache can be abused as a way to extract information that should be kept secret. A recent paper [PDF] by Daniel Gruss and colleagues showed how the page cache can be targeted for a number of different attacks, leading to an abrupt change in how the mincore() system call works at the end of the 5.0 merge window. But subsequent discussion has made it clear that mincore() is just the tip of the iceberg; it is unclear what will really need to be done to protect a system against page-cache attacks or what the performance cost might be. (Comment on this)

<< Previous Day

2019/01/17 [Calendar]

Next Day >>