Navigation

Language Selection

Search

Canonical Outs New Linux Kernel Security Update for Ubuntu 18.04 and 16.04 LTS

Submitted by Rianne Schestowitz on Wednesday 23rd of October 2019 12:04:20 AM Filed under

Affecting both the Linux 4.15 kernel used in Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04.6 LTS (Xenial Xerus) systems, the new security patch fixed an improperly implemented Spectre mitigation in the ptrace susbsystem (CVE-2019-15902), which could allow a local attacker to expose sensitive information.

It also addresses a buffer overread (CVE-2019-15918) discovered that the SMB networking file system implementation, which could allow an attacker to expose sensitive information (kernel memory), two flaws (CVE-2019-15117 and CVE-2019-15118) discovered in the USB audio driver that may allow a physically proximate attacker to crash the system, and a flaw (CVE-2019-14821) in the KVM hypervisor implementation that let a local attacker to crash the system.

Login or register to post comments
Printer-friendly version
1200 reads
PDF version

More in Tux Machines

Type	Title	Author	Last Post
Story	Customize your Linux desktop with FVWM	Rianne Schestowitz	10/12/2019 - 10:07am
Story	Best Linux Distributions that Look Like MacOS	Rianne Schestowitz	10/12/2019 - 7:43am
Story	Daniel Stenberg: Mr Robot curl	Roy Schestowitz	10/12/2019 - 6:49am
Story	Ampere's Arm-based eMAG CPU is now available in a workstation	Roy Schestowitz	10/12/2019 - 6:45am
Story	It's Not A VPN-busting Bug, It's A Social Media Enhancer For UNIX Users	Roy Schestowitz	10/12/2019 - 6:41am
Story	New GNU/Linux Screencasts and Audiocasts: Ubuntu Cinnamon Remix 19.10, Debian 11 Alpha 1, This Week in Linux and Linux Headlines	Roy Schestowitz	10/12/2019 - 6:31am
Story	Programming: RcppClassic, LLVM, Rust, Python and Django	Roy Schestowitz	10/12/2019 - 6:26am
Story	Fedora: rpminspect, Fedora 31 and Fedora 32 Passwords	Roy Schestowitz	10/12/2019 - 6:21am
Story	today's howtos	Roy Schestowitz	10/12/2019 - 6:19am
Story	A better Qt because of Open Source and KDE	Roy Schestowitz	10/12/2019 - 6:04am

Latest News

Customize your Linux desktop with FVWM

The FVWM window manager started out as modifications to TWM, back in 1993. After several years of iteration, what emerged is an extremely customizable environment where any behavior, action, or event is configurable. It has support for custom key bindings, mouse gestures, theming, scripting, and much more. While FVWM is usable immediately after installation, its default distribution provides only the absolute minimum configuration. It's a great foundation to start your own custom desktop environment, but if you just want to use it as a desktop, then you probably want to install a full configuration distributed by another user. There are a few different distributions of FVWM, including FVWM95, which mimics Windows 95 (at least in appearance and layout). I tried FVWM-Crystal, a modern-looking theme with some common Linux desktop conventions.

Best Linux Distributions that Look Like MacOS

The Linux world is filled with several distributions born of the desire to solve a specified problem using unique design and build approaches. There are distros created for chemists, astrologers, music producers, and there are ones created to emulate macOS. Do you miss the UI/UX of your old Mac? Or do you want to turn up your computing experience by giving your laptop a shiny new look with an appearance difficult to distinguish from macOS? Today’s list is of the best Linux distributions that look like macOS.

Daniel Stenberg: Mr Robot curl

Vasilis Lourdas reported that he did a “curl sighting” in the show and very well I took a closer peek and what do we see some 37 minutes 36 seconds into episode 8 season 4… (I haven’t followed the show since at some point in season two so I cannot speak for what actually has happened in the plot up to this point. I’m only looking at and talking about what’s on the screenshots here.) Elliot writes Python. In this Python program, we can see two curl invokes, both unfortunately a blurry on the right side so it’s hard to see them exactly (the blur is really there in the source and I couldn’t see/catch a single frame without it). Fortunately, I think we get some additional clues later on in episode 10, see below. He invokes curl with -i to see the response header coming back but then he makes some questionable choices. The -k option is the short version of --insecure. It truly makes a HTTPS connection insecure since it completely switches off the CA cert verification. We all know no serious hacker would do that in a real world use. Perhaps the biggest problem for me is however the following -X POST. In itself it doesn’t have to be bad, but when taking the second shot from episode 10 into account we see that he really does combine this with the use of -d and thus the -X is totally superfluous or perhaps even wrong. The show technician who wrote this copied a bad example…

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Support Tux Machines

Help Support TM
Wall of Appreciation

Softpedia News

Gizmoz

LXer

Linux Today

LinuxSecurity.com Advisories

Debian

It's FOSS

OMG! Ubuntu!

GamingOnLinux

Slashdot

DW Latest Releases

DistroWatch

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

FSF

Ubuntu Buzz

LinuxLinks

Content available under CC-BY-SA

Navigation

Language Selection

Search

Tux Machines Section/s

Authors Information

LWN

Active forum topics

Phoronix

OpenSource.com

Linux Gizmos

Insider

Linux.com

Kde Planet

Fedora Magazine