Language Selection

English French German Italian Portuguese Spanish

Exim and GNU Screen Patched

Filed under
GNU
Security
Web
  • New RCE vulnerability impacts nearly half of the internet's email servers

    A critical remote command execution (RCE) security flaw impacts over half of the Internet's email servers, security researchers from Qualys have revealed today.

    The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients.

    According to a June 2019 survey of all mail servers visible on the Internet, 57% (507,389) of all email servers run Exim -- although different reports would put the number of Exim installations at ten times that number, at 5.4 million.

  • CVE-2019-10149 Exim 4.87 to 4.91

    We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.

    A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87.

    The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better.

    Exim 4.92 is not vulnerable.

  • GNU Screen MScrollV Function Denial of Service Vulnerability [CVE-2015-6806]

    A vulnerability in the MScrollV function of GNU Screen could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

    The vulnerability exists because the MScrollV function, as defined in the ansi.c source code file of the affected software, does not properly limit recursion. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could trigger a stack overflow condition, resulting in a DoS condition.Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available. GNU has confirmed the vulnerability and released software updates.

More in Tux Machines

This week in KDE: building up to something big

We’ve got some really big things planned and in progress for Plasma 5.18 and Frameworks, and work proceeds smoothly. None of it is quite done yet, but we did land a number of nice bugfixes and user interface polish for issues that have been irritating people for years…and mere days! Read more

GNOME in Review and Outreachy in GNOME

  • Ten Years Past GNOME's 10x10 Goal, The Linux Desktop Is Still Far From Having A 10% Marketshare [Ed: The desktop itself is on the decline and they're not counting Chromebooks (or misuse the brand "Linux")]

    That very ambitious 10x10 goal is still documented on the GNOME Wiki and is about "10% of the global desktop market." Perhaps in some very select geographic regions, the Linux desktop marketshare may be close to 10%, but on any large scale that goal is still a pipe-dream. [...] In any case, GNOME has advanced a lot over the past decade and particularly the past 2~3 years since Canonical switched back to GNOME Shell by default and has helped in addressing many bugs -- including several high profile performance issues. GNOME 3.34 is a hell of a lot better than the state of GNOME 3.0 from at the start of this decade. In reliving GNOME's highlights from the past decade, here is a look at the twenty most viewed GNOME stories since 2010.

  • Outreachy week-2 progress report!

    It was a really productive week. I am almost done with the current tasks. I’ve finished replicating the wire-frame of gnome-builder’s search-and-replace-bar widget into the libdazzle-example application. There are a couple (or maybe a couple more) of final nitpicks to do to actually mark these as finished. At the moment, I am far more comfortable with the project. Nothing seems really alien-sih now, rather most of the stuffs (from the project) looks quite familier (and imparts somewhat proper sense).

D9VK 0.40

  • D9VK, the Direct3D9 to Vulkan layer has a huge new 0.40 'Croakacola' release out

    For use with Wine and Steam Play Proton, D9VK is the awesome project based on DXVK which translates Direct3D9 to Vulkan for better performance. A big new release just went out. Codenamed Croakacola, D9VK 0.40 is a big one. D9VK can now use more than 4GB VRAM on 32-bit applications/games, with it being noted to help modded Skyrim/Oblivion and obviously more too. There's also now async presentation across all vendors, some "query flushing" improvements, performance fixes for Risen and Legend of the Heroes: Trails of the Sky, bloom rendering fixes for SpinTyres/Mudrunner and other misc updates.

  • D9VK 0.40 Uses Async Present On All Drivers, Various Other Features + Perf Optimizations

    D9VK 0.40 is out today as the latest feature update to this Direct3D 9 over Vulkan translation layer based on DXVK. D9VK lead developer Joshua Ashton released version 0.40 today as the "Croakacola" release and it includes some big features like for 32-bit applications to be able to utilize more than 4GB of video RAM, which should help Skyrim, Oblivion, and other games.

Graphics: Mesa 20.0 Development, Mir Work and Radeon's Linux Limits

  • Mesa 20.0-devel Intel Gallium3D Performance Benchmarks Are Looking Good For Ice Lake

    While the Mesa 20.0 cycle is quite young and still over one month to go until the feature freeze for this next quarterly installment of these open-source OpenGL/Vulkan Linux drivers, it's quite exciting already with the changes building up. In particular, on the Intel side they are still positioning for the Intel Gallium3D driver to become the new default on hardware of generations Broadwell and newer. Here is a quick look at how the Intel Gallium3D performance is looking compared to their legacy "i965" classic OpenGL driver that is the current default. As you should already know if you've been reading Phoronix for any real length of time, the new Intel Gallium3D driver is quite competitive and for supported generations is generally now ahead of their classic OpenGL driver. The Intel Gallium3D driver supports OpenGL 4.6 like the i965 driver and the lingering bugs are just being addressed before turning it on as the default Intel OpenGL Linux driver while i965 will be sticking around as the default for Haswell and older.

  • Ubuntu's Mir Display Stack Accomplished A Lot In 2019 For Being Discounted Two Years Ago

    Canonical's Alan Griffiths continues leading the Mir efforts and his team had a very busy 2019 continuing to push along Mir even though it's not featured on the Ubuntu desktop right now is still playing a big role at the company due to IoT use-cases like digital signage. Griffiths provided a look back at Mir in 2019 on Ubuntu Discourse. Here were some of the highlights:

  • AMD releases the Radeon 5500XT

    Now step forward almost six months and the drivers for the 5700 and 5500 lines still don’t exist. OK sure there are drivers for Ubuntu 18.04.03, and ONLY for Ubuntu 18.04.03, nothing newer.