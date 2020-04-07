Security Leftovers
Boeing Finds New Software Flaws on 737 Max
The new flaws deepen the engineering challenge for Boeing as it tries to return its best-selling jet to the skies. One of the problems involves “hypothetical faults” in the computer’s microprocessor, which could lead the plane to climb or dive on its own, Boeing said. A safety system on the Max caused the jet to dive automatically in both accidents, but the problems aren’t related, Boeing said.
The other newly revealed fault could potentially cause the autopilot to disengage as the aircraft prepares to land. Neither problem has been observed in flight, but the software changes will eliminate the possibility that they could occur, the company said. The modifications can be incorporated into the plane at the same time.
Security updates for Wednesday
Security updates have been issued by Arch Linux (firefox), Debian (chromium and firefox-esr), Oracle (ipmitool and telnet), Red Hat (firefox and qemu-kvm), Scientific Linux (firefox, krb5-appl, and qemu-kvm), Slackware (firefox), SUSE (gmp, gnutls, libnettle and runc), and Ubuntu (firefox, gnutls28, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, and linux-azure, linux-gcp, linux-gke-5.0, linux-oem-osp1, linux-oracle-5.0).
Linux Security Feature Revised For Randomizing The Kernel Stack Offset At Each System Call
Patches have been revised for allowing Linux to support kernel stack base address offset randomization for each system call.
This feature is designed for preventing various stack-based attacks that rely upon a known layout of the stack structure. With these patches and enabling the feature, the stack offset would be randomized on each system call so the layout changes for each syscall.
The PaX/GrSecurity folks previously implemented a "RANDKSTACK" feature for which this upstream work is based on their idea but with a different implementation approach.
Red Hat Summit and License Track at FOSS-North
Canonical on NFV and Wellcome Sanger Institute
Android Leftovers
Mapzen open-source mapping project revived under the Urban Computing Foundation
The Mapzen open-source mapping platform has a hard history. On the one hand, Mapzen is used by over 70,000 developers and it's the backbone of such mapping services as OpenStreetMap, Remix, and Carto. But, as a business, Mapzen failed in 2018. Mapzen's code and service lived on as a Linux Foundation Project. Now, it's moved on to the Urban Computing Foundation (UCF), another Linux Foundation group with more resources. UCF is devoted to helping create smarter cities, multimodal transportation, and autonomous vehicles.
