LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, May 4th, 2021

    Time Event
    2:35p
    Instant replay: Debugging C and C++ programs with rr (Red Hat Developer)
    The Red Hat Developer Blog has posted an
    introduction to the rr debugger    . "rr records trace information
    about the execution of an application. This information allows you to
    repeatedly replay a particular recording of a failure and examine it in the
    GNU Debugger (GDB) to better investigate the cause. In addition to
    replaying the trace, rr lets you run the program in reverse, in essence
    allowing you 'rewind the tape' to see what happened earlier in the
    execution of the program.    "
    3:20p
    An important Exim security release
    There are, it seems, 21 vulnerabilities in the
    Exim email server that have been fixed in the 4.94.2 release; at least some
    of these are remotely exploitable for root access.
    "The current Exim versions (and likely older versions too) suffer from
    several exploitable vulnerabilities. These vulnerabilities were reported
    by Qualys via security@exim.org back in October 2020.

    Due to several internal reasons it took more time than usual for the Exim
    development team to work on these reported issues in a timely
    manner.    " See this advisory
    from Qualys     for the details.
    3:49p
    Security updates for Tuesday
    Security updates have been issued by Debian (bind9, chromium, exim4, and subversion), Fedora (exiv2 and skopeo), openSUSE (gsoap), Oracle (bind, kernel, and sudo), SUSE (bind, ceph, ceph, deepsea, permissions, and stunnel), and Ubuntu (clamav, exim4, openvpn, python-django, and samba).
    8:45p
    [$] Rustls: memory safety for TLS
    The movement toward using memory-safe
    languages, and Rust in particular,
    has picked up a lot of steam over the past year or two. Removing the
    possibility of buffer overflows, use-after-free bugs, and other woes associated
    with unmanaged pointers is an attractive feature, especially given that
    the majority of today's vulnerabilities stem from memory-safety
    issues. On April 20, the Internet Security Research
    Group     (ISRG) announced
    a funding initiative targeting the Rustls TLS library in order to
    prepare it for more widespread adoption—including by ISRG's Let's Encrypt project.

    << Previous Day 2021/05/04
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org