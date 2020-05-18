Security Leftovers
Security updates for Wednesday
Security updates have been issued by Debian (bind9 and clamav), Fedora (kernel, moodle, and transmission), Oracle (kernel), Red Hat (ipmitool, kernel, ksh, and ruby), Slackware (bind and libexif), SUSE (dpdk, openconnect, python, and rpmlint), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv and linux-gke-5.0, linux-oem-osp1).
NXNSAttack: upgrade resolvers to stop new kind of random subdomain attack
Ubuntu Blog: FIPS certification for Ubuntu 18.04 LTS
Canonical has received FIPS 140-2, Level 1 certification for cryptographic modules in Ubuntu 18.04 LTS, with FIPS-validated OpenSSL-1.1.1. modules included. This certification enables organisations to meet compliance requirements within the public sector, healthcare and finance industries when utilising Ubuntu 18.04 LTS within public and private cloud environments.
Canonical worked with U.S. Government and BSI accredited laboratory, atsec information security, for the 18.04 LTS FIPS certification. The publications related to FIPS standards are issued by the National Institute of Standards and Technology (NIST).
FIPS-certified and FIPS-compliant modules for Ubuntu 18.04 LTS and 16.04 LTS are available through an Ubuntu Advantage for Infrastructure subscription, alongside additional open source security and support services. To get started with an Ubuntu Advantage subscription, contact our team.
EU Parliament says sensitive data of 1,200 officials left exposed on web
Information about more than a thousand staff and members of the European Parliament has been exposed in what a key lawmaker called a "major data breach."
The data includes 1,200 accounts of elected officials and staff, along with another 15,000 other accounts of EU affairs professionals, Marcel Kolaja, the Parliament's vice president for IT policy, confirmed to POLITICO on Saturday.
The exposed information — “a huge amount of data” — includes sensitive information and encrypted passwords, he added.
It comes from a system that had been run under the European Parliament’s official "europarl.eu" domain, Kolaja said, but the data had not been hosted by the institution itself.
“The system in question is a system run by one particular political group and it was data by that political group," Kolaja said, "and they were immediately made aware of that incident.”
Ubuntu MATE 20.04 Focal Fossa - Roll on for the mystery tour
Ubuntu MATE 20.04 Focal Fossa is not as good as it should be. It's an LTS, and yet, you get application crashes, inconsistent behavior, some fresh new and weird errors I've not seen before. All in all, it delivers an acceptable experience, and Boutique and MATE Tweaks are serious heavyweights that help shift the odds in its favor. But then, they are offset by niggles and bug in almost every aspect of the usage - networking, media, desktop customization, etc. Feels like it's been rushed too early to the market, and perhaps most of these ailments will be gone in the coming months. But as a starting point, it ain't stellar. Now, I had a similar experience with Kubuntu 18.04, and eventually came to like it a lot. Then again, you can't bet on patience and goodwill from the users, and they have every right to expect the best from a long-term release. Worth testing, but feels raw, so you should wait for the initial avalanche of problems to be sorted. At the moment, something like 6.5/10. And ... cut.
