Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Tuesday

    Security updates have been issued by Arch Linux (okular, thunderbird, and webkit2gtk), Debian (webkit2gtk), Fedora (php-horde-Horde-Form), Gentoo (libvorbis, nss, and proftpd), Oracle (firefox and kernel), Red Hat (kernel), Scientific Linux (firefox), SUSE (cni, cni-plugins, conmon, fuse-overlayfs, podman, librsvg, and ovmf), and Ubuntu (ceph, icu, linux, linux-aws, linux-kvm, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3, linux-kvm, linux-raspi2, linux-snapdragon, and linux-lts-xenial, linux-aws).

  • Feature Highlights: Kernel Rootkit Protection in Core Update 142

    Another exciting feature is landing in Core Update 142: Improved Kernel Rootkit Protection using code signing. This way, IPFire will protect itself against attackers trying to load third-party kernel modules.

  • How can I trust this git repository?

    Important part: Can't check signature: No public key. No public key. Because of course you would see that. Why would you have my key lying around, unless you're me. Or, to put it another way, why would that server I'm installing from scratch have a copy of my OpenPGP certificate? Because I'm a Debian developer, my key is actually part of the 800 keys in the debian-keyring package, signed by the APT repositories. So I have a trust path.

    But that won't work for someone who is not a Debian developer. It will also stop working when my key expires in that repository, as it already has on Debian buster (current stable). So I can't assume I have a trust path there either. One could work with a trusted keyring like we do in the Tor and Debian project, and only work inside that project, that said.

    But I still feel uncomfortable with those commands. Both git log and git show will happily succeed (return code 0 in the shell) even though the signature verification failed on the commits. Same with git pull and git merge, which will happily push your branch ahead even if the remote has unsigned or badly signed commits.

More in Tux Machines

System76 Thelio Major Proves To Be A Major Player For Linux Workstations

For the past two months we have been testing the System76 Thelio Major and it's been working out extremely well with performance and reliability. The Thelio Major offering with options for Intel Core X-Series or AMD Ryzen Threadripper and resides between their standard Thelio desktop with Ryzen/Core CPUs and the Thelio Massive that sports dual Intel Xeon CPUs. The Thelio Major is the platform we have been using for all of our AMD Ryzen Threadripper 3990X testing and it's been working out great. The Thelio Major besides having Threadripper and Core X-Series CPU options can be configured with up to 256GB of RAM, up to two GPUs, and up to 46TB of storage for really yielding incredibly powerful Linux workstation performance potential. Read more

Deprecating support for the Linux kernel

Running on the Hurd was always a goal for Guix, and supporting multiple kernels is a huge maintenance burden. As such it is expected that the upcoming Guix 1.1 release will be the last version featuring the Linux-Libre kernel. Future versions of Guix System will run exclusively on the Hurd, and we expect to remove Linux-Libre entirely by Guix 2.0. The Linux kernel will still be supported when using Guix on "foreign" distributions, but it will be on a best-effort basis. We hope that other distributions will follow suit and adopt the Hurd in order to increase security and freedom for their users. Read more Also: Guix deprecating support for the Linux kernel

Essential Guide: How to Upgrade to Ubuntu 20.04 (Beta) Right Now

Well, in this guide I show you the steps required to upgrade to Ubuntu 20.04 from Ubuntu 18.04 or Ubuntu 19.10 right now, , nice and early, ahead of the final release. You do not need to download an .iso, fuss around with a USB thumb drive, or lose any of your files — you can upgrade directly with a half-way decent internet connection. Just keep in mind that (at the time you read this) the final stable release of the Focal Fossa is not yet available, only a beta quality candidate is. Read more

Plasma Mobile: How to help us!

We often get asked: “how long until the 1.0 release?”. Or: “how far away is Plasma Mobile 1.0?”. The usual answer to both these question is “It’ll be ready when it is ready”. But, really, how do we know that it is ready? Recently some of us prepared a check list of items which we consider necessary before we can declare Plasma Mobile “ready” or at rc1 status. Read more