lwn.net

lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 13분 17초 지남

[$] Fedora and pkexec

목, 2022/02/03 - 6:22오전
The nasty vulnerability in pkexec has been rippling through the Linux world, leading to lots of security updates to the underlying polkit authorization toolkit. It also led to a recent discussion on the Fedora devel mailing list about whether pkexec, which runs a program as another user, is actually needed—or wanted—in some or all of the distribution's editions. But pkexec is used by quite a few different Fedora components, particularly in desktop-oriented editions, and it could perhaps be a better choice than the alternatives for running programs with the privileges of another user.
카테고리:

LibreOffice 7.3 released

수, 2022/02/02 - 11:45오후
Version 7.3 of the LibreOffice "Community" edition is out. "In addition to the majority of code commits being focused on interoperability with Microsoft's proprietary file formats, there is a wealth of new features targeted at users migrating from Office, to simplify the transition".
카테고리:

Security updates for Wednesday

수, 2022/02/02 - 11:41오후
Security updates have been issued by CentOS (samba), Debian (apache2 and python-django), Fedora (kernel and phpMyAdmin), Mageia (kernel and kernel-linus), openSUSE (samba), Oracle (nginx:1.20 and samba), Red Hat (cryptsetup, java-1.8.0-ibm, kernel, nodejs:14, rpm, and vim), SUSE (kernel, python-Django, python-Django1, and samba), and Ubuntu (cron).
카테고리:

[$] Python and deprecations redux

수, 2022/02/02 - 7:55오전
The problem of how to deprecate pieces of the Python language in a minimally disruptive way has cropped in various guises over the last few years—in truth, it has been wrangled with throughout much of language's 30-year history. The scars of the biggest deprecation, that of Python 2, are still rather fresh, both for users and the core developers, so no one wants (or plans) a monumental change of that sort. But the language community does want to continue evolving Python, which means leaving some "baggage" behind; how to do so without leaving further scars is a delicate balancing act, as yet another discussion highlights.
카테고리:

Kasper: a tool for finding speculative-execution vulnerabilities

수, 2022/02/02 - 3:03오전
The Systems and Network Security Group at Vrije Universiteit Amsterdam has announced a tool called Kasper that is able to scan the kernel source and locate speculative-execution vulnerabilities:

Namely, it models an attacker capable of controlling data (e.g., via memory massaging or value injection a la LVI), accessing secrets (e.g., via out-of-bounds or use-after-free accesses), and leaking these secrets (e.g., via cache-based, MDS-based, or port contention-based covert channels). As a result, Kasper discovered 1,379 previously unknown gadgets in the heavily-hardened Linux kernel.

The page includes a discussion of a vulnerability in the kernel's linked-list implementation as well as link to the code and the full paper. (Thanks to Paul Wise).

카테고리:

Yet another set of stable kernel updates

수, 2022/02/02 - 2:29오전
For anybody who feels they haven't had enough stable kernel releases recently, the 5.16.5, 5.15.19, 5.10.96, and 5.4.176 stable kernel updates have been released; each contains another set of important fixes.
카테고리:

Security updates for Tuesday

화, 2022/02/01 - 11:43오후
Security updates have been issued by Debian (ipython), Fedora (kernel and usbview), Gentoo (webkit-gtk), Oracle (java-1.8.0-openjdk), Red Hat (kpatch-patch and samba), Scientific Linux (samba), Slackware (kernel), SUSE (kernel and samba), and Ubuntu (samba).
카테고리:

[$] Restartable sequences in glibc

화, 2022/02/01 - 2:42오전
"Restartable sequences" are small segments of user-space code designed to access per-CPU data structures without the need for heavyweight locking. It is a relatively obscure feature, despite having been supported by the Linux kernel since the 4.18 release. Among other things, there is no support in the GNU C Library (glibc) for this feature. That is about to change with the upcoming glibc 2.35 release, though, so a look at the user-space API for this feature is warranted.
카테고리:

Debian tweaks its resolution process

화, 2022/02/01 - 1:08오전
The vote has concluded in the Debian project on a general resolution affecting the way such resolutions are discussed in the future. The changes, as proposed by Russ Allbery, have been adopted with the required three-to-one supermajority, though the overall level of voting was low. The new process is mostly as described in this article from October with a few changes. The end result may be to shorten the discussion period for controversial issues and make the end of that period more predictable.
카테고리:

Another pile of stable kernel releases

화, 2022/02/01 - 12:13오전
Greg Kroah-Hartman has announced another set of eight stable kernels: 5.16.4, 5.15.18, 5.10.95, 5.4.175, 4.19.227, 4.14.264, 4.9.299, and 4.4.301. These are relatively small updates that, as usual, contain important fixes; users should upgrade.
카테고리:

Nitrux 2.0.0 released

화, 2022/02/01 - 12:04오전
Version 2.0.0 of the Debian-based Nitrux distribution is available. "This new version brings together the latest software updates, bug fixes, performance improvements, and ready-to-use hardware support."
카테고리:

Security updates for Monday

월, 2022/01/31 - 11:56오후
Security updates have been issued by Debian (apache-log4j1.2, expat, libraw, prosody, and python-nbxmpp), Fedora (chromium, hiredis, java-11-openjdk, java-latest-openjdk, lua, rust-afterburn, rust-ammonia, rust-askalono-cli, rust-below, rust-cargo-c, rust-cargo-insta, rust-fd-find, rust-insta, rust-lsd, rust-oxipng, rust-python-launcher, rust-ripgrep, rust-ron, rust-ron0.6, rust-similar, rust-similar-asserts, rust-skim, rust-thread_local, rust-tokei, vim, wpa_supplicant, and zola), Gentoo (chromium, chrome), openSUSE (log4j12), Oracle (log4j and polkit), Scientific Linux (java-1.8.0-openjdk), SUSE (log4j12), and Ubuntu (ldns).
카테고리:

Kernel prepatch 5.17-rc2

월, 2022/01/31 - 10:35오전
The 5.17-rc2 kernel prepatch is out for testing.

Nothing hugely surprising here - it's a bit on the bigger side for being an rc2, but maybe part of that is that there's a NFS client merge-window pull request that got merged late due to it having been marked as spam.

카테고리:

[$] Handling argc==0 in the kernel

토, 2022/01/29 - 12:16오전
By now, most readers are likely to be familiar with the Polkit vulnerability known as CVE-2021-4034. The fix for Polkit is relatively straightforward and is being rolled out across the net. The root of this problem, though, lies in a misunderstanding about how programs are run on Unix-like systems. This problem is highly likely to exist in other programs, so it would be nice to find a more general solution. The best place to address this issue may be in the kernel, but properly working around this misunderstanding without causing regressions is not an easy task.
카테고리:

Security updates for Friday

금, 2022/01/28 - 11:47오후
Security updates have been issued by CentOS (java-1.8.0-openjdk), Debian (graphicsmagick), Fedora (grafana), Mageia (aom and roundcubemail), openSUSE (log4j and qemu), Oracle (parfait:0.5), Red Hat (java-1.7.1-ibm and java-1.8.0-openjdk), Slackware (expat), SUSE (containerd, docker, log4j, and strongswan), and Ubuntu (cpio, shadow, and webkit2gtk).
카테고리:

페이지