Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Mitigations, Myths, DNS/IPFire and Huawei

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by CentOS (spice-gtk), Debian (libemail-address-list-perl), openSUSE (chromium, libqt5-qtbase, nginx, systemd, and wicked), Oracle (spice-gtk), Slackware (firefox and thunderbird), and Ubuntu (libexif and Yubico PIV Tool).

  • Mitigations are attack surface, too

    This blog post discusses a bug leading to memory corruption in Samsung's Android kernel (specifically the kernel of the Galaxy A50, A505FN - I haven't looked at Samsung's kernels for other devices). I will describe the bug and how I wrote a (very unreliable) exploit for it. I will also describe how a second vulnerability, which had long been fixed in the upstream kernel, the upstream stable releases, and the Android common kernel, but not in Samsung's kernel, aided in its exploitation.

    If you want to look at the corresponding source code yourself, you can download Samsung's kernel sources for the A505FN from here. The versions seem to be sorted such that the newer ones are at the top of the list; A505FNXXS3ASK9 is the newest one at the time of writing, corresponding to the November 2019 security patch level.

  • What to know about open source security

    Many companies have a preference towards open source technology, so what should be kept in mind in regards to ensuring its security?

  • Enhancements to our DNS Resolver

    Today, we have taken some important changes on our DNS Resolver into production. Having released support for DNS-over-TLS in 2018, we have now added TCP Fast Open and TLSv1.3.

    Lightning Wire Labs is managing a DNS Resolver to provide an alternative to the large corporation who are trying to get the global DNS system under their control and use it for marketing purposes.

    To not fall behind the technical development, we have now enabled some new features on our resolver to make it ready for the new DNS changes that are going to land with IPFire 2.25 - Core Update 141 very soon.

  • U.S. Officials Say Huawei Can Covertly Access Telecom Networks

    Huawei can covertly access mobile networks through back doors meant for law enforcement, the U.S. has told allies in a bid to show that the firm poses a security threat. 

    U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.

More in Tux Machines

Experience Collabora Online on your Intel NUC with Nextcloud and Ubuntu

Keeping full control over your personal data and documents, is more and more important. Sharing by email or via the services of big tech companies is losing its shine, for obvious reasons. To help our users we introduce a new fresh Nextcloud Ubuntu Appliance for the Intel NUC, that comes with Collabora Online. Simply take an Intel NUC server, install the Ubuntu Appliance and take back control over storing and sharing your personal data and files with Nextcloud. Next, of course, you want to read and edit your documents, now stored on your own server, wherever you are. Naturally you will be able to allow others to review and comment on text, presentations, charts and more, perhaps during a video call or chat. All this under your own control! The new Ubuntu Appliance with Collabora Online and Nextcloud offers you just that – and more too. Do read these articles about the Ubuntu Appliance and the Nextcloud features. Now, let’s have a look at Collabora Online and some of the great features that you will benefit from. Read more

Kubuntu Linux 20.04 for a digital painting workstation: Reasons and Install guide.

Wooo, summer... Hot weather and a quick computer reinstall right in the middle of the production of the books because my previous Kubuntu 19.10 was obsolete and reached end of life in July. Bad surprise for me this time in the process: no way to install Scribus 1.4.8 stable anymore and all my books are done with that. The package was savagely forced replaced by 1.5.5~Development and no way to reinstall the previous version flagged as stable by the Scribus team. So, I'll have to move the book project to this development version (it will take hours of adaptation because the text-engine changed between 1.4x and 1.5x). If you are on Windows, Mac, 18.04 or CentOS no worry for you: the package still exists there. Sad to see that no Appimage, Flatpack or Snap are around to rescue this issue... But let's close for now this parenthesis with a taste of bitterness. I'll cope with that, I saw uglier situations of upgrade in my life and this Kubuntu 20.04 is −about all other aspect− a splendid distribution so far. Read more

The GNU C Library version 2.32 is now available

The GNU C Library version 2.32 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2017. It is also internationalized and has one of the most complete internationalization interfaces known. Read more

Identifying Operating Systems in GNOME Boxes

One secret sauce of GNOME Boxes is libosinfo. It basically is an umbrella for three components: libosinfo, osinfo-db-tools, and osinfo-db. libosinfo offers programmatic means to query for information about OSes. osinfo-db-tools is a set of tools that help manipulate and extract information from OS images (such as ISO files). osinfo-db is a database of operating system information describing requirements for virtualized installations as well as virtual drivers and devices that work with each OS in the database. Read more