Navigation

Language Selection

Search

Security: Updates, Mitigations, Myths, DNS/IPFire and Huawei

Submitted by Roy Schestowitz on Thursday 13th of February 2020 03:27:29 AM Filed under

Security

Security updates for Wednesday

Security updates have been issued by CentOS (spice-gtk), Debian (libemail-address-list-perl), openSUSE (chromium, libqt5-qtbase, nginx, systemd, and wicked), Oracle (spice-gtk), Slackware (firefox and thunderbird), and Ubuntu (libexif and Yubico PIV Tool).
Mitigations are attack surface, too

This blog post discusses a bug leading to memory corruption in Samsung's Android kernel (specifically the kernel of the Galaxy A50, A505FN - I haven't looked at Samsung's kernels for other devices). I will describe the bug and how I wrote a (very unreliable) exploit for it. I will also describe how a second vulnerability, which had long been fixed in the upstream kernel, the upstream stable releases, and the Android common kernel, but not in Samsung's kernel, aided in its exploitation.

If you want to look at the corresponding source code yourself, you can download Samsung's kernel sources for the A505FN from here. The versions seem to be sorted such that the newer ones are at the top of the list; A505FNXXS3ASK9 is the newest one at the time of writing, corresponding to the November 2019 security patch level.
What to know about open source security

Many companies have a preference towards open source technology, so what should be kept in mind in regards to ensuring its security?
Enhancements to our DNS Resolver

Today, we have taken some important changes on our DNS Resolver into production. Having released support for DNS-over-TLS in 2018, we have now added TCP Fast Open and TLSv1.3.

Lightning Wire Labs is managing a DNS Resolver to provide an alternative to the large corporation who are trying to get the global DNS system under their control and use it for marketing purposes.

To not fall behind the technical development, we have now enabled some new features on our resolver to make it ready for the new DNS changes that are going to land with IPFire 2.25 - Core Update 141 very soon.
U.S. Officials Say Huawei Can Covertly Access Telecom Networks

Huawei can covertly access mobile networks through back doors meant for law enforcement, the U.S. has told allies in a bid to show that the firm poses a security threat.

U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.

Login or register to post comments
Printer-friendly version
3589 reads
PDF version

More in Tux Machines

Noise With Blanket

Make Some Noise in Ubuntu Linux with Blanket | UbuntuHandbook

Want to make some ambient sounds? Try Blanket, an open-source tool with modern user interface.
Blanket: Ambient Noise App For Linux That Helps You Stay Focused And Improves Your Productivity (Version 0.4.0 Released)

Blanket is an application for playing ambient noises, which boosts your productivity, helps you stay focused or fall asleep. The lightweight application comes with sounds like rain, storm, waves, train, city, coffee shop, fireplace, pink and white noise, and many others. Each sound has a volume slider that you can adjust, this allowing you to mix various sounds as you wish. You can also add your own custom sounds.

Videos/Audiocasts/Shows: Linux Journal Expats, Linux Experiment, and Krita Artwork

You Should Open Source Now, Ask Me How!

Katherine Druckman chats with Petros Koutoupis and Kyle Rankin about FOSS (Free and Open Source Software), the benefits of contributing to the projects you use, and why you should be a FOSS fan as well.
System76 starts their own desktop environment, Arch goes the easy route - Linux & Open Source news

This time, we have System76 working on their own desktop environment based on GNOME, Arch Linux adding a guided installer, Google winning its court case against Oracle on the use of Java in Android, and Facebook is leaking data online, again. Become a channel member to get access to a weekly patroncast and vote on the next topics I'll cover
Timelapse: inking a comic page in Krita (uncommented)

An uncommented timelapse while inking this page 6 of episode 34 of my webcomic Pepper&Carrot ( https://www.peppercarrot.com/ ). During the process, I thought about activating the recorder and I even put a webcam so you can see what I'm doing on the tablet too. I'm not doing it for everypages; because you can imagine the weight on disk about saving around 10h of videos like this; and also how it is not multi-tasking: when I record, you don't see me open the door to get the mail of the postman, you don't see me cleaning temporary accident of a cat bringing back a mouse at home, you don't see me typing to solve a merge request issue to merge a translation of Pepper&Carrot.

Kernel Leftovers

[Intel-gfx] [RFC 00/28] Old platform/gen kconfig options series
Patches Resubmitted For Linux With Selectable Intel Graphics Platform Support

Back in early 2018 were patches proposed for selectable platform support when building Intel's kernel graphics driver so users/distributions if desired could disable extremely old hardware support and/or cater kernel builds for specific Intel graphics generations. Three years later those patches have been re-proposed. The patches then and now are about allowing selectable Intel graphics "Gen" support at kernel configure/build time so that say the i8xx support could be removed or other specific generations of Intel graphics handled by the i915 kernel driver. This disabling could be done if phasing out older hardware support, seeking smaller kernel images, or other similar purposes. The patches don't change any default support levels but leaves things as-is and simply provides the knobs for disabling select generations of hardware.
Linux Kernel Runtime Guard 0.9.0 Is Released

Linux Kernel Runtime Guard (LKRG) is a security module for the Linux kernel developed by Openwall. The latest release adds compatibility with Linux kernels up to soon to be released 5.12, support for building LKRG into kernel images, support for old 32-bit x86 machines and more. Loading the LKRG 0.9.0 module will cause a kernel panic and a complete halt if SELinux is enabled.
Hans de Goede: Logitech G15 and Z-10 LCD-screen support under Linux

A while ago I worked on improving Logitech G15 LCD-screen support under Linux. I recently got an email from someone who wanted to add support for the LCD panel in the Logitech Z-10 speakers to lcdproc, asking me to describe the process I went through to improve G15 support in lcdproc and how I made it work without requiring the unmaintained g15daemon code.

Devuan 4.0 Alpha Builds Begin For Debian 11 Without Systemd

Debian 11 continues inching closer towards release and it looks like the developers maintaining the "Devuan" fork won't be far behind with their re-base of the distribution focused on init system freedom. The Devuan fork of Debian remains focused on providing Debian GNU/Linux without systemd. Devuan Beowulf 3.1 is their latest release based on Debian 10 while Devuan Chimaera is in the works as their re-base for Debian 11.

Latest News

Graphics: Intel and NVIDIA

Intel Compute Runtime 21.15.19533 Released With Initial Level Zero 1.1 Support - Phoronix

Intel's engineers working on their open-source Linux-based Compute Runtime stack just released their latest version. Intel Compute Runtime 21.15.19533 is the new release for this open-source compute stack for their graphics hardware to expose OpenCL and oneAPI Level Zero functionality. The main change with v21.15.19533 is exposing Level Zero 1.1 support. Last month was the release of oneAPI Level Zero 1.2.3 with Level Zero 1.1 specification support as an incremental step forward for this low-level Intel interface for interacting with the bare metal hardware. The initial Level Zero 1.1 headers and loader came back in January.
Mesa 21.2 Begins Seeing Intel Xe-HP Graphics Driver Changes - Phoronix

With Mesa 21.1 now branched for this collection of primarily OpenGL/Vulkan open-source drivers for Linux, feature development is on for Mesa 21.2 that will debut in Q3. One of the first major changes to land for Mesa 21.2 is the beginning of the graphics compiler support for Intel's forthcoming Xe-HP high performance graphics processor.
NVIDIA CUDA 11.3 Released - Previews Better Python Support - Phoronix

For GTC21 week NVIDIA has released version 11.3 of their CUDA toolkit. CUDA 11.3 is bringing CUDA Graph enhancements, new stream priorities, Steam-ordered memory allocator enhancements, new APIs, support for virtual aliasing across kernel boundaries, and also support now for the Ubuntu 20.04.2 LTS point release. CUDA 11.3 also ships improvements to the NVIDIA C++ Standard Library (libcu++), various compiler improvements, and more.

Annual Report 2020: TDF and the Pandemic

2020 was a year to remember, because of LibreOffice’s 10th anniversary and the COVID-19 pandemic, which impacted our lives, hindered travel and canceled community meetings [...] We were planning LibreOffice events in Asia and Latin America, as in 2019, and a LibreOffice Conference in Germany, in the lovely medieval city of Nuremberg. We were also planning to attend conferences in Africa, Asia, Europe, North and South America, to celebrate LibreOffice’s 10th anniversary. We were planning local meetings of native language communities, to engage new volunteers, and talks at local events, to advocate the use of LibreOffice and the Open Document Format. We were planning meetups with other community members, for a chat over food and drinks, as we have been used to doing on a regular basis over the last 10 – or even 20 – years (in the OpenOffice.org project). Unfortunately, since March 2020 we have been forced to spend most of our time at home, to protect each other from COVID-19. Although our community has not been hit severely, we have suffered from the pandemic like anyone else, to the point that we will not remember 2020 as the year of the 10th LibreOffice anniversary, but as the year of the big lockdown.

today's howtos

Install Virtual Box on Fedora 34 via rpmfusion repository
35 Bash Script Examples

Bash script programming is a sequence of executable commands, carrying out numerous commands at once, task performance automation, and administrative tasks customization. Generally, all Linux users must acquaint themselves with the basic knowledge of bash script programming because of the importance it offers.
Deepin 20 Repository Setup

This tutorial explains how you can enable your Deepin GNU/Linux version 20 upwards on your computer (codenamed Apricot) to install more software. This done by setting up the repository (central of software on the internet) so the user has the correct configuration. The result is you can later search, download, and run software you wish on your Deepin computer. You are required to be able to edit text in administrator mode to practice this. For experienced persons, you may want to go to Sources.list section right away.
Perfect Server Automated ISPConfig 3 Installation on Debian 10 and Ubuntu 20.04

This tutorial will take you through installing your own ISPConfig 3 single server setup using the ISPConfig auto-installer. This installer follows the old Perfect Server guides but is more modular and easy to follow. If you want to set up a multiserver setup with dedicated servers for each service instead, see the Perfect Multiserver guide. This guide works for both Debian 10 and Ubuntu 20.04. We will use the hostname server1.example.com. Replace it where necessary.
5 Practical Examples of “cd” Command in Linux - LateWeb.Info

There are many commands in Linux and for this reason many people are worried about using the terminal. For this reason, today we will look at one of the main commands in Linux, the CD command. We will learn its most basic ways to use it and try to make your Linux experience more enjoyable. What is the cd command? The cd (change directory) command was developed with the main purpose of changing the directory we are working in to move to another, if necessary. This cd command is a system integrated command, a.k. no external program or application is required, as it is executed directly by the Linux Shell. The cd command is available in all current Linux distributions.

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Support Tux Machines

Help Support TM
Wall of Appreciation

Gizmoz

LXer

UbuntuBuzz

SparkyLinux

Linux Journal

Linux Today

System 76

Kernel Planet

Purism

LinuxSecurity.com Advisories

Debian

It's FOSS

OMG! Ubuntu!

GamingOnLinux

Slashdot

DW Latest Releases

DistroWatch

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

FSF

Ubuntu Buzz

LinuxLinks

Content available under CC-BY-SA