Wednesday, March 6th, 2019

Time	Event
12:43a	[$] Source-code access for the long haul Corporations that get their feet wet in the sea of free software often find out that not only do they now have obligations to provide source code, but that people will actually try to access it and complain loudly if they can't get it. At the first Copyleft Conference, Alexios Zavras from Intel spoke alongside Stefano Zacchiroli from Software Heritage about how the two organizations are working together. Software Heritage's mission makes it ideally suited to host Intel's many source-code releases in a way that provides stable long-term repositories that Intel can then reference. (Comment on this)
4:05p	Security updates for Wednesday Security updates have been issued by CentOS (java-1.7.0-openjdk and java-11-openjdk), Debian (mumble and sox), Fedora (drupal7, drupal7-link, firefox, gpsd, ignition, ming, php-erusev-parsedown, and php-Smarty), openSUSE (hiawatha, python, and supportutils), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 and linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle). (Comment on this)
4:12p	Stable kernel updates Stable kernels 4.20.14, 4.19.27, 4.14.105, and 4.9.162 have been released. They all contain the usual set of important fixes and users should upgrade. (Comment on this)
4:24p	[$] A container-confinement breakout The recently announced container-confinement breakout for containers started with runc is interesting from a few different perspectives. For one, it affects more than just runc-based containers as privileged LXC-based containers (and likely others) are also affected, though the LXC-based variety are harder to compromise than the runc ones. But it also, once again, shows that privileged containers are difficult—perhaps impossible—to create in a secure manner. Beyond that, it exploits some Linux kernel interfaces in novel ways and the fixes use a perhaps lesser-known system call that was added to Linux less than five years back. (Comment on this)
6:01p	Maru 0.6 released The Maru distribution adds a full Linux desktop to Android devices; it was reviewed here in 2016. The 0.6 release is now available. Changes include a rebase onto LineageOS and Debian 9, and the ability to stream the desktop to a Chromecast device. (Comment on this)
9:42p	[$] The Thunderclap vulnerabilities It should come as no surprise that plugging untrusted devices into a computer system can lead to a wide variety of bad outcomes—though often enough it works just fine. We have reported on a number of these kinds of vulnerabilities (e.g. BadUSB in 2014) along the way. So it will not shock readers to find out that another vulnerability of this type has been discovered, though it may not sit well that, even after years of vulnerable plug-in buses, there are still no solid protections against these rogue devices. This most-recent entrant into this space targets the Thunderbolt interface; the vulnerabilities found have been dubbed "Thunderclap". (Comment on this)

<< Previous Day

2019/03/06 [Calendar]

Next Day >>