lwn.net

lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 36분 5초 지남

Security updates for Monday

월, 2023/01/23 - 11:51오후
Security updates have been issued by Debian (powerline-gitstatus, tiff, and trafficserver), Fedora (dotnet6.0, firefox, git, kernel, libXpm, rust, sudo, upx, and yarnpkg), Mageia (kernel and kernel-linus), Red Hat (firefox, java-11-openjdk, and sudo), Slackware (mozilla and seamonkey), SUSE (cacti, cacti-spine, samba, and tor), and Ubuntu (firefox, php7.2, php7.4, php8.1, and python-setuptools, setuptools).
카테고리:

Kernel prepatch 6.2-rc5

월, 2023/01/23 - 12:53오전
The 6.2-rc5 kernel prepatch is out.

Ok, so I thought we were back to normal after the winter holidays at rc4. Now, a week later, I think I was mistaken - we have fairly sizable rc5, so I suspect there was still pent up testing and fixes from people being off.

Anyway, I am expecting to do an rc8 this release regardless, just because we effectively had a lost week or two in the early rc's, so a sizable rc5 doesn't really worry me. I do hope we're done with the release candidates growing, though.

카테고리:

[$] Nolibc: a minimal C-library replacement shipped with the kernel

토, 2023/01/21 - 12:04오전
The kernel project does not host much user-space code in its repository, but there are exceptions. One of those, currently found in the tools/include/nolibc directory, has only been present since the 5.1 release. The nolibc project aims to provide minimal C-library emulation for small, low-level workloads. Read on for an overview of nolibc, its history, and future direction written by its principal contributor.
카테고리:

Security updates for Friday

금, 2023/01/20 - 11:53오후
Security updates have been issued by Debian (lava and libitext5-java), Oracle (java-11-openjdk, java-17-openjdk, and libreoffice), SUSE (firefox, git, mozilla-nss, postgresql-jdbc, and sudo), and Ubuntu (git, linux-aws-5.4, linux-gkeop, linux-hwe-5.4, linux-oracle, linux-snapdragon, linux-azure, linux-gkeop, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15, and linux-bluefield).
카테고리:

Exploiting null-dereferences in the Linux kernel (Project Zero)

금, 2023/01/20 - 4:34오전
The Google Project Zero page shows how to compromise the kernel by using a NULL pointer to repeatedly force an oops and overflow a reference count.

Back when the kernel was able to access userland memory without restriction, and userland programs were still able to map the zero page, there were many easy techniques for exploiting null-deref bugs. However with the introduction of modern exploit mitigations such as SMEP and SMAP, as well as mmap_min_addr preventing unprivileged programs from mmap’ing low addresses, null-deref bugs are generally not considered a security issue in modern kernel versions. This blog post provides an exploit technique demonstrating that treating these bugs as universally innocuous often leads to faulty evaluations of their relevance to security.

This is the sort of vulnerability that the oops-limit patch is meant to block.

카테고리:

[$] Kernel code on the chopping block

금, 2023/01/20 - 12:26오전
Code that is added to the kernel can stay there for a long time; there is code in current kernels that has been present for over 30 years. Nothing is forever, though. The kernel development community is currently discussing the removal of two architectures and one filesystem, all of which seem to have mostly fallen out of use. But, as we will see, removal of code from the kernel is not easy and is subject to reconsideration even after it happens.
카테고리:

Pandoc 3.0 released

목, 2023/01/19 - 11:47오후
Version 3.0 of the Pandoc document-conversion tool has been released; the list of new features is quite long, including "chunked" HTML output, support for complex figures, and much more.
카테고리:

Security updates for Thursday

목, 2023/01/19 - 11:31오후
Security updates have been issued by Debian (firefox-esr, libitext5-java, sudo, and webkit2gtk), Fedora (firefox and qemu), Red Hat (java-11-openjdk and java-17-openjdk), Slackware (sudo), SUSE (sudo), and Ubuntu (python-urllib3 and sudo).
카테고리:

[$] LWN.net Weekly Edition for January 19, 2023

목, 2023/01/19 - 10:05오전
The LWN.net Weekly Edition for January 19, 2023 is available.
카테고리:

[$] Changing Fedora's shutdown timeouts

목, 2023/01/19 - 7:17오전
On today's Fedora systems, a reboot cycle—for a kernel update, say—is normally a fairly quick affair, but that is not always true. The system will wait for services to shut down cleanly and will wait for up to two minutes before killing a service and moving on. A recent proposal to change the default timeout to 15 seconds, while still allowing some services to require more time, ran into more opposition than was perhaps anticipated. Not everyone was comfortable shortening the timeout period, though the decision has now been made to reduce it, but not as far as was proposed.
카테고리:

Six stable kernel updates

수, 2023/01/18 - 11:06오후
The 6.1.7, 5.15.89, 5.10.164, 5.4.229, 4.19.270, and 4.14.303 stable kernels have all been released; each contains another big set of important fixes.
카테고리:

Security updates for Wednesday

수, 2023/01/18 - 11:03오후
Security updates have been issued by Fedora (awstats), Oracle (dpdk, libxml2, postgresql:10, systemd, and virt:ol and virt-devel:rhel), Red Hat (kernel), Slackware (git, httpd, libXpm, and mozilla), SUSE (libzypp-plugin-appdata), and Ubuntu (git, libxpm, linux-ibm-5.4, linux-oem-5.14, and ruby2.3).
카테고리:

[$] A survey of the Python packaging landscape

수, 2023/01/18 - 5:44오전
Over the past several months, there have been wide-ranging discussions in the Python community about difficulties users have with installing packages for the language. There is a bewildering array of options for package-installation tools and Python distributions focused on particular use cases (e.g. scientific computing); many of those options do not interoperate well—or at all—so they step on each others' toes. The discussions have focused on where solutions might be found to make it easier on users, but lots of history and entrenched use cases need to be overcome in order to get there—or even to make progress in that direction.
카테고리:

Git 2.39.1 (and more) released

수, 2023/01/18 - 5:11오전
Git 2.39.1 has been released with a set of security fixes; there are also updated versions of many older Git releases available. A pair of integer overflow vulnerabilities can lead to code execution in some scenarios; see the announcement and this GitHub blog entry for more information.
카테고리:

Firefox 109 released

수, 2023/01/18 - 12:53오전
Version 109.0 of the Firefox browser has been released. The headline feature this time is the enabling of Manifest Version 3 support — a new extension mechanism that, among other things, gives a higher degree of control over what extensions can do.

MV3 also ushers an exciting user interface change in the form of the new extensions button (already available on Firefox Nightly). This will give users direct control over which extensions can access specific web sites. Users are able to review, grant, or revoke MV3 extension access to any website.

카테고리:

Security updates for Tuesday

수, 2023/01/18 - 12:00오전
Security updates have been issued by Debian (tor) and SUSE (python-setuptools, python36-setuptools, and tor).
카테고리:

[$] Fedora's tempest in a stack frame

화, 2023/01/17 - 12:48오전
It is rare to see an extensive and unhappy discussion over the selection of compiler options used to build a distribution, but it does happen. A case in point is the debate over whether Fedora should be built with frame pointers or not. It comes down to a tradeoff between a performance loss on current systems and hopes for gains that exceed that loss in the future — and some disagreements over how these decisions should be made within the Fedora community.
카테고리:

Täht: Flaws and features in the Flent network testing tool

화, 2023/01/17 - 12:27오전
Dave Täht describes the Flent network-testing tool and its use in great detail.

With flent - in the 110 tests in it - in a matter of minutes you can replicate any network stress test “out there” and compare networking results across an extraordinary number of variables, over time, across many tests. Before Toke Høiland-Jørgensen developed flent, it would take days to set up a single test and single plot. Now you can be deluged in data, graph it quickly, and can investigate network behaviors in minutes that take other support staff, engineers and SREs months, plot accurately, over each change you make, with comparable results in a standardized file format, and a zillion useful plot types.

카테고리:

Security updates for Monday

월, 2023/01/16 - 11:54오후
Security updates have been issued by Debian (chromium, lava, libapreq2, net-snmp, node-minimatch, and openvswitch), Fedora (jpegoptim, kernel, kernel-headers, kernel-tools, and python2.7), Mageia (ctags, ffmpeg, minetest, python-gitpython, w3m, and xrdp), Oracle (kernel), Red Hat (dpdk and libxml2), Slackware (netatalk), SUSE (apptainer, chromium, libheimdal, python-wheel, python310-setuptools, and SDL2), and Ubuntu (linux-aws, linux-gcp-4.15, maven, and net-snmp).
카테고리:

Kernel prepatch 6.2-rc4

월, 2023/01/16 - 9:17오전
The fourth 6.2 kernel prepatch is out for testing.

So here's another -rc release, this time with pretty much everybody back from winter holidays, and so things should be back to normal. And you can see that in the size, this is pretty much bang in the middle of a regular rc size for this time in the merge window.

카테고리:

페이지