Security: New Patches, Exim, New Fedora 30 Builds and Election Security Still Hurting at Every Level
Security updates for Thursday
Severe vulnerability in Exim
As per the distros list policy:
Below is an abridged version of our advisory (with all the vulnerability
details, but without exploitation details); we will publish the complete
version in 24 hours, or as soon as third-party exploits are published,
whichever happens first.
We believe that it makes no sense to delay this any longer than that:
this vulnerability is trivially exploitable in the local and non-default
cases (attackers will have working exploits before that, public or not);
and in the default case, a remote attack takes a long time to succeed
(to the best of our knowledge).
F30-20190605 Updated isos Released
The Fedora Respins SIG is pleased to announce the latest release of Updated F30-20190605 Live ISOs, carrying the 5.1.6-300 kernel.
This set of updated isos will save considerable amounts of updates after install. ((for new installs.)(New installs of Workstation have 1.2GB of updates)).
Election Security Is Still Hurting at Every Level
The Russian meddling that rocked the 2016 United States presidential election gave the public a full view of something election officials and advocates have warned about for years: weak voting infrastructure and election systems around the US, and a lack of political will and funding to strengthen them. Two and a half years later, real progress has been made in key areas. But with a new presidential election less than 18 months away, glaring systemic risks remain.
Many of those inadequacies show up in new report from the Stanford Cyber Policy Center, which breaks down the threats facing the 2020 election and beyond, and proposes paths to managing them. But as the report also makes clear, many of those necessary steps will not be completed before 2020. Smooth-running elections will require a clear-eyed view of those lingering deficiencies.
Six-port networking appliance has extended temp support and optional SFP
Lanner announced an NCR-1510 networking appliance with an Atom C3000 SoC and either 6x GbE ports or 4x GbE with 2x SFP. The mini-PCIe and M.2-equipped system is notable for offering -40 to 70°C support. Lanner’s 6-port NCR-1510 is its first networking computer with -40 to 70°C support. Although networking appliances are increasingly being deployed in industrial settings, we do not recall seeing any with this level of extended temperature support. Aimed at uCPE, SD-WAN, or edge security gateway applications, the fanless NCR-1510 is a variation on the 0 to 40°C tolerant, up to 8x port NCA-1515, which similarly runs on an Intel Atom C3000 “Denverton” SoC. As before, no OS support is listed, but Linux is almost certainly available. Lanner’s 310 x 240 x 44mm NCR-1510 is larger than the NCA-1515, despite replacing that earlier model’s fan with a heatsink. Like the NCA-1515, you can choose between the octa-core Atom C3708, the quad-core C3508, and the dual-core C3308, with clock rates ranging between 1.5GHz and 2.0GHz.
Games: Quake II RTX, SteamWorld, Humble, Roguebook, Stadia Connect
Software: Best Database Management Systems and Firefox's Privacy Pivot
MX Linux Reinvents Computer Use
MX Linux makes transitioning from any desktop operating system simple. It provides a computing platform that is a bit different and very reliable. MX Linux is a powerful, easy-to-use computing platform that goes beyond lightweight performance without filling your computer with software bloat. The latest MX Linux 18.3 ISO is a "refresh" release, not a major upgrade. It has all the recent updates, bug fixes and system updates. This distro does not offer rolling releases, however. You can perform a system upgrade from an existing MX Linux installation when new refresh releases are issued to get all the updates since the original MX-18 version release. There is no need to do a re-installation with each new release.
