Language Selection

English French German Italian Portuguese Spanish

Canonical Outs Linux Kernel Security Update for Ubuntu 19.04 to Patch 9 Flaws

Filed under
Linux
Security
Ubuntu

The new security update for Ubuntu 19.04 is here to patch a total of seven security flaws affecting the Linux 5.0 kernel used by the operating system, including an issue (CVE-2019-15902) discovered by Brad Spengler which could allow a local attacker to expose sensitive information as a Spectre mitigation was improperly implemented in the ptrace susbsystem.

It also fixes several flaws (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) discovered by Wen Huang in the Marvell Wi-Fi device driver, which could allow local attacker to cause a denial of service or execute arbitrary code, as well as a flaw (CVE-2019-15504) discovered by Hui Peng and Mathias Payer in the 91x Wi-Fi driver, allowing a physically proximate attacker to crash the system.

Read more

More in Tux Machines

today's leftovers

  • Vulkan 1.1.128 Released With Performance Query Extension

    Vulkan 1.1.128 is out with various corrections and clarifications to this graphics/compute API specification but it also comes with one exciting new extension. The new extension that is quite notable for Vulkan 1.1.128 is VK_KHR_performance_query. This KHR-ratified extension is the first cross-vendor extension in Vulkan for the querying of any performance counters on the hardware. We are used to seeing various performance counter extensions within Vulkan (and other APIs like OpenGL) but they tend to be vendor-specific extensions tailored towards their own individual needs.

  • Calligra Plan version 3.2.0 released

    We are pleased to announce the release of Calligra Plan 3.2.0.

  • The Linux who command tells who’s logged in and a lot more
  • Prague launches mobile app to make its budget more transparent

    CityVizor was developed by the Ministry of Finance of the Czech Republic and published as an open-source under the GNU GPL license - free to use. The operation for non-Prague town halls is provided by the Open Cities Association and the Czech.digital community.

  • Photoshop for free? The best free alternatives

    We’re starting off with a big dog here. GIMP, which stands for Gnu Image Manipulation Program is the most fully formed and arguably most well-known Photoshop alternative there is. GIMP is like an open source Photoshop developed by a global team of volunteer developers to work on Microsoft Windows, Linux, and Apple Mac. It has an extensive set of features to rival what even Photoshop has to offer and can edit a wide range of file formats including RAW files. This means GIMP is a pro-friendly alternative to Photoshop with features like layer masks and filters enabling photographers and graphic designers to get their work done. GIMP is also a customizable photo editing software as users can download add-on packs to add the extra features they need.

  • Security updates for Monday

    Security updates have been issued by Debian (angular.js, libapache2-mod-auth-openidc, mosquitto, postgresql-common, and thunderbird), Fedora (chromium, djvulibre, freetds, ghostscript, java-1.8.0-openjdk-aarch32, samba, thunderbird-enigmail, wpa_supplicant, and xen), openSUSE (go1.12, ImageMagick, and ucode-intel), Oracle (ghostscript and kernel), Red Hat (libcomps and sudo), Slackware (kernel), SUSE (microcode_ctl, slurm, and ucode-intel), and Ubuntu (mysql-5.7, mysql-8.0 and python-ecdsa).

  • Linux, Windows Users Targeted With New ACBackdoor Malware [Ed: Microsoft has back doors, Linux hasn't.]

    Windows version is being pushed through malvertising with the help of the Fallout Exploit Kit while the Linux payload is dropped via a yet unknown delivery system.

Events: Linux and LibreOffice Microconferences

  • Summaries of Some Microconferences Released

    We know everyone is still waiting for the videos. Unfortunately, we?re having a small production glitch, so until we can release them, several MC leads have now sent us written summaries of their MCs which you can see here: Tracing microconference You, Me and IoT microconference Live Patching microconference Open Printing microconference Databases microconference Scheduler microconference VFIO/IOMMU/PCI microconference Power Management and Thermal Control microconference

  • LibreOffice localisation sprint (and other events) in Albania

    The Albanian LibreOffice community has been super active in recent years, organising the LibreOffice Conference 2018 in Tirana, and regularly contributing with translation and marketing efforts.

Servers: Kubernetes, Red Hat, USENET and Solaris

  • HPE launches container platform, aims to be 100% open source Kubernetes

    Hewlett Packard Enterprise launched its HPE Container Platform, a Kubernetes container system designed to run both cloud and on-premises applications. On the surface, HPE Container Platform will face an uphill climb as all the top cloud providers have Kubernetes management tools and instances and IBM with Red Hat has a big foothold for hybrid cloud deployments and the container management that goes with it. HPE, which recently outlined a plan to make everything a service, is betting that the HPE Container Platform can differentiate itself based on two themes. First, HPE is pledging that its container platform will be 100% open source Kubernetes compared to other systems that have altered Kubernetes. In addition, HPE Container Platform will be able to run across multiple environments and provide one management layer.

  • Virtio-networking: first series finale and plans for 2020

    Let's take a short recap of the Virtio-networking series that we've been running the past few months. We've covered a lot of ground! Looking at this series from a high level, let's revisit some of the topics we covered: [...] For those who didn't crack and made it all the way here, we hope this series helped you clarify the dark magic of virtio and low-level networking both in the Linux kernel and in DPDK.

  • Inside the Book of Red Hat

    Shared stories are the cornerstone of community. And in open organizations like Red Hat—where community is paramount—shared stories are especially important to the collective identity that binds participants together. At Red Hat, we're quite fond of the stories that inform our shared history, purpose, and culture. We've just collected some of them in a new version of the Book of Red Hat, which is available now. Here are just three of the community-defining moments the book recounts.

  • The Early History of Usenet, Part III: File Format

    When we set out to design the over-the-wire file format, we were certain of one thing: we wouldn't get it perfectly right. That led to our first decision: the very first character of the transmitted file would be the letter "A" for the version. Why not a number on the first line, including perhaps a decimal point? If we ever considered that, I have no recollection of it. A more interesting question is why we didn't use email-style headers, a style later adopted for HTTP. The answer, I think, is that few, if any, of us had any experience with those protocols at that time. My own personal awareness of them started when I requested and received a copy of the Internet Protocol Transition Workbook a couple of years later — but I was only aware of it because of Usenet. (A few years earlier, I gained a fair amount of knowledge of the ARPANET from the user level, but I concentrated more on learning Multics.) Instead, we opted for the minimalist style epitomized by 7th Edition Unix. In fact, even if we had known of the Internet (in those days, ARPANET) style, we may have eschewed it anyway. Per a later discussion of implementation, the very first version of our code was a shell script. Dealing with entire lines as single units, and not trying to parse headers that allowed arbitrary case, optional white space, and continuation lines was certainly simpler! [...] Sending a date and an article title were obvious enough that these didn't even merit much discussion. The date and time line used the format generated by the ctime() or asctime() library routines. I do not recall if we normalized the date and time to UTC or just ignored the question; clearly, the former would have been the proper choice. (There is an interesting discrepancy here. A reproduction of the original announcement clearly shows a time zone. Neither the RFC nor the ctime() routine had one. I suspect that announcement was correct.) The most interesting question, though, was about what came to be called newsgroups. We decided, from the beginning, that we needed multiple categories of articles — newsgroups. For local use, there might be one for academic matters ("Doctoral orals start two weeks from tomorrow"), social activities ("Reminder: the spring picnic is Sunday!"), and more. But what about remote sites? The original design had one relayed newsgroup: NET. That is, there would be no distinction between different categories of non-local articles.

  • From humble Unix sysadmin to brutal separatist suppressor to president of Sri Lanka

    A former Unix sysadmin has been elected the new president of Sri Lanka, giving hope to all those IT workers who fear they are trapped in a role where the smallest of decisions can have catastrophic consequences if it goes wrong. Gotabaya Rajapaksa, younger brother of former president Mahindra, won the popular vote in an election held on Saturday (16 November). He is notable to The Register's readership for his stint working in America as a Solaris system integrator and later as a Unix sysadmin for a Los Angeles university.

Ubuntu and Debian Picks

  • Ubuntu Weekly Newsletter 605

    Welcome to the Ubuntu Weekly Newsletter, Issue 605 for the week of November 10 – 16, 2019. The full version of this issue is available here.

  • Russell Coker: 4K Monitors

    I like having lots of terminal windows on my desktop. For common tasks I might need a few terminals open at a time and if I get interrupted in a task I like to leave the terminal windows for it open so I can easily go back to it. Having more 80*25 terminal windows on screen increases my productivity. My previous monitor was 2560*1440 which for years had allowed me to have a 4*4 array of non-overlapping terminal windows as well as another 8 or 9 overlapping ones if I needed more. 16 terminals allows me to ssh to lots of systems and edit lots of files in vi. Earlier this year I had found it difficult to read the font size that previously worked well for me so I had to use a larger font that meant that only 3*3 terminals would fit on my screen. Going from 16 non-overlapping windows and an optional 8 overlapping to 9 non-overlapping and an optional 6 overlapping is a significant difference. I could get a second monitor, and I won’t rule out doing so at some future time. But it’s not ideal.

  • SCP Foundation needs you!

    SCP is a mind-blowing, diverse, high-quality collection of writings and illustrations, all released under the CC-BY-SA free license. If you never read horror stories written with scientific style -- have a try :) [obviously this has nothing to do with OpenSSH Secure CoPy ;)]