| 3:46p |
Security updates for Monday
Security updates have been issued by Arch Linux (chromium, ffmpeg, flatpak, git, gnutls, minio, openssh, opera, and wireshark-qt), Debian (cloud-init, pygments, and xterm), Fedora (flatpak, glib2, kernel, kernel-headers, kernel-tools, pki-core, and upx), Mageia (glibc, htmlunit, koji, and python-cairosvg), openSUSE (chromium, connman, froxlor, grub2, libmysofa, netty, privoxy, python-markdown2, tor, and velocity), Oracle (ipa), SUSE (evolution-data-server, glib2, openssl, python3, python36, and wavpack), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon, linux-oem-5.10, and pygments). |
| 4:52p |
[$] Patching until the COWs come home (part 1)
The kernel's memory-management subsystem is built upon many concepts, one
of which is called "copy on write", or "COW".
The idea behind COW is conceptually simple, but its
details are tricky and its past is troublesome. Any change to its
implementation can have unexpected consequences and cause subtle breakage
for existing workloads. So it is somewhat surprising that last year we saw
two major changes the kernel's COW code; less surprising is the fact that,
both times, these changes had unexpected consequences and broke things.
Some of the resulting problems are still not fixed
today, almost ten months after the first change, while the original reason
for the changes — a security vulnerability — is also not fully fixed. Read
on for a description of COW, the vulnerability, and the initial fix; the
concluding article in the series will describe the complications that arose
thereafter. |