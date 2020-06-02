Security Leftovers
-
WordPress 5.4.2 Security and Maintenance Release
This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade.
If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the bugs for you.
-
Hacks Are Always Worse Than Reported: Nintendo's Breached Accounts Magically Double
One of these days, we writers at Techdirt will put our collective and enormous heads together, and come up with an actual proposed mathematical formula that should be applied whenever a company first announces a security or account breach, so that the public can calculate what that breach count will eventually end up being. The reason the world needs such a formula is because you can pretty much set your watch when a company announces such a breach that in the following weeks or months it will grow significantly. This happened with Equifax, with TJX, and even with our own vaunted federal government. But if we ever really did want to try to put some kind of formula together for measuring the underplaying of a breach on initial response, the historical breach that would probably brake such an algorithm would have to be Yahoo's email breach, which, in 2013, was the breach of a few hundred thousand email accounts, but in 2017 magically became all of the accounts. As in, literally all of them.
-
Security updates for Thursday
Security updates have been issued by CentOS (kernel and microcode_ctl), Debian (roundcube), Mageia (coturn, cups, libarchive, libvirt, libzypp, nghttp2, nrpe, openconnect, perl, python-typed-ast, ruby-rack, ruby-RubyGems, sudo, vino, wpa_supplicant, and xawtv), openSUSE (firefox, gnutls, GraphicsMagick, ucode-intel, and xawtv), Oracle (dotnet3.1 and kernel), Red Hat (curl, expat, file, gettext, kernel, kpatch-patch, libexif, pcs, python, tomcat, tomcat6, and unzip), Scientific Linux (kernel and microcode_ctl), SUSE (kernel), and Ubuntu (intel-microcode and sqlite3).
-
Reproducible Builds (diffoscope): diffoscope 147 released
The diffoscope maintainers are pleased to announce the release of diffoscope version 147.
-
Arm CPUs Hit By Straight Line Speculation Vulnerability, LLVM Adds Initial Mitigation
While Intel's CrossTalk/SRBDS vulnerability dominated the conversation on Tuesday, Arm quietly revealed a new speculative execution vulnerability of its own called Straight Line Speculation.
-
If Mitigations Weren't Already Bad Enough: Slow Build Times Now Lead To An Unoptimized Intel LVI Pass
Disclosed back in March was the LVI attack (Load Value Injection) affecting Intel CPUs. Mitigating LVI requires compiler toolchain changes and LLVM 11 merged its LVI mitigation last month that adds a load fence after each instruction that may be vulnerable to this attack, similar to the GNU Assembler changes. Now though LLVM is adding an unoptimized version of their LVI pass.
-
System76 announce their 3rd Gen AMD Ryzen powered Serval WS laptop
Users have been pestering Linux hardware vendor and Pop!_OS distribution maker System76 for some time to make an AMD powered laptop, even in our comments we've seen plenty of calls for it and so they listened. Today they announced the 3rd Gen AMD Ryzen powered Serval WS. System76 say it has desktop-level power in a portable housing, making it "uniquely positioned for a wide variety of uses". They're not really overstating that either. The new Serval WS will come with either the 3rd Gen Ryzen 3600, 3700X, or 3900 CPU making all models quite a power-house and good for gaming too. Have a look at some images provided by System76, including a sweet interior shot - click for a gallery... Also: System76 Begins Offering Serval WS Laptop With AMD Ryzen
Stable Kernels: 5.7.2, 5.6.18, 5.4.46, 4.19.128, 4.14.184, 4.9.227, and 4.19.128
today's howtos
Free and Proprietary Software: NinjaRMM 4.6, AMD, LeoCAD, Pidgin
