LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, November 21st, 2019

    Time Event
    12:48a
    [$] LWN.net Weekly Edition for November 21, 2019
    The LWN.net Weekly Edition for November 21, 2019 is available.
    2:33p
    Security updates for Thursday
    Security updates have been issued by Fedora (oniguruma and thunderbird-enigmail), openSUSE (chromium, ghostscript, and slurm), Oracle (kernel), Red Hat (kpatch-patch), Slackware (bind), SUSE (python-ecdsa), and Ubuntu (bind9 and mariadb).
    2:55p
    Stable kernels 5.3.12, 4.19.85, and 4.14.155
    Greg Kroah-Hartman has announced the release of the 5.3.12, 4.19.85, and 4.14.155 stable kernels. As usual, they
    contain fixes throughout the kernel tree; users of those series should upgrade.
    6:24p
    [$] Fedora's modularity mess
    Fedora's Modularity
    initiative     has been no stranger to controversy since its inception in 2016. Among other things, there
    were enough problems with the original design that Modularity went back to the drawing board in early 2018.
    Modularity has since been integrated with both the Fedora and Red Hat
    Enterprise Linux (RHEL) distributions, but the controversy continues, with
    some developers asking whether it's time for yet another redesign — or to
    abandon the idea altogether. Over the last month or so, several lengthy,
    detailed, and heated threads have explored this issue; read on for your
    editor's attempt to integrate what was said.
    11:46p
    Bad Binder: Android In-The-Wild Exploit (Project Zero)
    Over on the Project Zero blog, Maddie Stone has a lengthy post about a zero-day exploit that was found and fixed in the Android Binder interprocess communication mechanism. The post details the search for the problem, which was apparently being used in the wild, its fix, and how it can be exploited. This is all part of an effort to "make zero-day hard"; one of the steps the project is taking is to disseminate more information on these bugs. "Complete detailed analysis of the 0-days from the point of view of bug hunters and exploit developers and share it back with the community. Transparency and collaboration are key. We want to share detailed root cause analysis to inform developers and defenders on how to prevent these types of bugs in the future and improve detection. We hope that by publishing details about the exploit and its methodology, this can inform threat intelligence and incident responders. Overall, we want to make information that’s often kept in silos accessible to all."

    << Previous Day 2019/11/21
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org