Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Mozilla AMO and Reproducible Arch Linux Packages

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Debian (ampache, chromium, djvulibre, firefox-esr, gdal, and ruby-haml), Fedora (chromium, file, gd, hostapd, nspr, and rssh), openSUSE (bcm20702a1-firmware, firefox, gdal, libtomcrypt, php7, python-ecdsa, python3, samba, and thunderbird), SUSE (apache2-mod_auth_openidc, libssh2_org, and rsyslog), and Ubuntu (bash).

  • Security improvements in AMO upload tools

    We are making some changes to the submission flow for all add-ons (both AMO- and self-hosted) to improve our ability to detect malicious activity.

    These changes, which will go into effect later this month, will introduce a small delay in automatic approval for all submissions. The delay can be as short as a few minutes, but may take longer depending on the add-on file.

    If you use a version of web-ext older than 3.2.1, or a custom script that connects to AMO’s upload API, this new delay in automatic approval will likely cause a timeout error. This does not mean your upload failed; the submission will still go through and be approved shortly after the timeout notification. Your experience using these tools should remain the same otherwise.

  • Reproducible Arch Linux Packages

    Arch Linux has been involved with the reproducible builds efforts since 2016. The goal is to achieve deterministic building of software packages to enhance the security of the distribution.

    After almost 3 years of continued effort, along with the release of pacman 5.2 and contributions from a lot of people, we are finally able to reproduce packages distributed by Arch Linux!

    This enables users to build packages and compare them with the ones distributed by the Arch Linux team. Users can independently verify the work done by our packagers, and figure out if malicious code has been included in the pristine source during the build, which in turns enhances the overall supply chain security. We are one of the first binary distributions that has achieved this, and can provide tooling down to users.

    That was the TL;DR! The rest of the blog post will explain the reproducible builds efforts, and the technical work that has gone into achieving this.

  • Arch Linux Updates Its Kernel Installation Handling

    Arch Linux has updated the behavior when installing the linux, linux-lts, linux-zen, and linux-hardened kernel options on this popular distribution. 

    The actual kernel images for their official Linux, Linux LTS, Linux Zen, and Linux Hardened flavors will no longer be installed to /boot by default. By not having the actual kernel reside on /boot should help those with separate boot partitions that are quite small and avoid running out of space when keeping multiple kernels installed. 

More in Tux Machines

Here are the 5 Lightweight Linux Distributions We Recommend

Linux is quite good in that it offers a lot of options for almost any use case. A lot of you may have an old desktop or laptop thrown in some dark corners of your house, but did you know that you can fully renew it with Linux? Here are some lightweight Linux distributions that we recommend for the task. A lot of other people and websites may recommend a totally different set of lightweight distributions for you, but in our selection, we didn’t just care for resources usage and the distro’s ability to work on old hardware. Instead, we also cared for the ease of use and your ability as a user to deal with the distribution on daily basis to do your tasks. At the end, the goal is not simply to get an old computer to just work – the goal is to get an old computer to work and do things that you need as someone living in 2020. Read more

Android Leftovers

Canonical Announces Ubuntu AWS Rolling Linux Kernel for Ubuntu 18.04 LTS AMIs

Until now, the Ubuntu images for AWS (Amazon Web Services) have been using a normal Linux kernel that was updated whenever a new security update was available. With the new rolling model, the kernel in the Ubuntu AWS images gets all the latest fixes, performance tweaks, and security patches from upstream, as soon as they are available. "The Ubuntu rolling kernel model provides the latest upstream bug fixes and performance improvements around task scheduling, I/O scheduling, networking, hypervisor guests and containers to our users," said Canonical. "Canonical has been following this model in other cloud environments for some time now, and have found it to be an excellent way to deliver these benefits while continuing to provide LTS level stability." Read more Direct: Introducing the Ubuntu AWS Rolling Kernel

Getting started with the GNOME Linux desktop

The GNOME project is the Linux desktop's darling, and deservedly so. It began as the free and open desktop alternative to proprietary options (including KDE at the time), and it's been going strong ever since. GNOME took GTK+, developed by the GIMP project, and ran with it, developing it into a robust, all-purpose GTK framework. The project has pioneered the user interface, challenging preconceptions of what a desktop "should" look like and offering users new paradigms and options. GNOME is widely available as the default desktop on most of the major modern Linux distributions, including RHEL, Fedora, Debian, and Ubuntu. If your distribution doesn't offer a version of it, you can probably install GNOME from your software repository. Before you do, though, be aware that it is meant to provide a full desktop experience, so many GNOME apps are installed along with the desktop. If you're already running a different desktop, you may find yourself with redundant applications (two PDF readers, two media players, two file managers, and so on). If you just want to try the GNOME desktop, consider installing a GNOME distribution in a virtual machine, such as GNOME Boxes. Read more