LWN.net's Journal
[Most Recent Entries]
[Calendar View]
Tuesday, January 14th, 2020
| Time |
Event |
| 2:34p |
Exploit that gives remote access affects ~200 million cable modems (ars technica) Ars technica reports
on the "Cable Haunt" vulnerability that afflicts a large number of cable modems. " The first and most straightforward way is to serve malicious JavaScript that causes the browser to connect to the modem. Normally, a mechanism called cross-origin resource sharing prevents a Web application from one origin (such as malicious.example.com) from working on a different origin (such as 192.168.100.1, the address used by most or all of the vulnerable modems).
Websockets, however, aren't protected by CORS, as the mechanism is usually
called. As a result, the modems will accept the remote JavaScript, thereby
allowing attackers to reach the endpoint and serve it code." Thus far, there doesn't seem to be any information out there on whether routers running OpenWrt are vulnerable. | | 4:11p |
Security updates for Tuesday
Security updates have been issued by Debian (wordpress and xen), Mageia (graphicsmagick, kernel, makepasswd, and unbound), openSUSE (containerd, docker, docker-runc,, dia, ffmpeg-4, libgcrypt, php7-imagick, proftpd, rubygem-excon, shibboleth-sp, tomcat, trousers, and xen), Oracle (firefox), Red Hat (kernel), Scientific Linux (firefox), SUSE (e2fsprogs, kernel, and libsolv, libzypp, zypper), and Ubuntu (libgcrypt20, libvirt, nginx, sdl-image1.2, and spamassassin). | | 7:44p |
[$] Accelerating netfilter with hardware offload, part 1 Supporting network protocols at high speeds in pure software is getting
increasingly difficult, with 25-100Gb/s interfaces available now and
200-400Gb/s starting to show up. Packet processing at 100Gb/s must happen in 200 cycles or less, which does
not leave much room for processing at the operating-system
level. Fortunately some operations can be performed by hardware,
including checksum verification and offloading parts of the packet send and
receive paths.
As modern hardware adds more functionality, new options are
becoming available. The 5.3 kernel includes a patch set from Pablo Neira
Ayuso that added
support for offloading some packet filtering with netfilter. This patch
set not only adds the offload support, but also performs a refactoring of
the existing offload paths in the generic code and the network card
drivers. More work came in the following kernel releases. This seems like a
good moment to review the recent advancements in offloading in the network
stack. | | 11:36p |
|
|