Security: Updates and More
Security updates for Thursday
Security updates have been issued by Debian (jetty9 and openexr), openSUSE (mariadb and virtualbox), Red Hat (go-toolset-1.15 and go-toolset-1.15-golang), SUSE (djvulibre and mariadb), and Ubuntu (opencryptoki).
Linux Security Improvements Needed
Linux security expert Kees Cook says more investment is needed in “bug fixers, reviewers, testers, infrastructure builders, toolchain devs, and security devs.” He notes, for example, that "the stable kernel releases ("bug fixes only") each contain close to 100 new fixes per week."
Google slams Linux kernel, says it needs major security investment | TechRadar
Google has highlighted what it says are shortcomings in the Linux kernel from a security perspective, and the issues these create for downstream vendors who roll the kernel into products.
In a blog post, Kees Cook from Google’s Open Source Security Team compares the Linux kernel to the US automotive industry of the 1960s in order to drive home the point that while the kernel runs flawlessly, when it fails, it falls apart miserably.
“The huge community surrounding Linux allows it to do amazing things and run smoothly. What's still missing, though, is sufficient focus to make sure that Linux fails well too,” wrote Cook.
NSA, CISA release Kubernetes hardening guidance following Colonial Pipeline, other attacks | CSO Online
Earlier this week, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint document entitled Kubernetes Hardening Guidance. Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling and management of applications, usually in a cloud environment. According to the most recent State of Kubernetes Security report by RedHat, more than half the security professionals surveyed said they delayed deploying Kubernetes applications into production due to security.
Qualys, Red Hat To Drive Greater Security For Red Hat Enterprise Linux CoreOS, Red Hat OpenShift
Qualys has joined hands with Red Hat to drive greater security for both the container and host operating system for Red Hat OpenShift. The Cloud Agent for Red Hat Enterprise Linux CoreOS on OpenShift combined with the Qualys solution for Container Security provides continuous discovery of packages and vulnerabilities for the complete Red Hat OpenShift stack.
Researchers Find Significant Vulnerabilities...
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
Audiocasts/Shows: JingPad, BSDNow, and Ubuntu Podcast
Android Leftovers
Linux-driven encoder board supports 4K H.265/HEVC
Z3’s “Z3-Q603-RPS” encoder board runs Linux on Qualcomm’s quad-core QCS603 and encodes up to 4K H.265/HEVC and H.264 video with micro-HDMI in/out, Composite-in, GbE, COM, and KEL ports for Sony 4K and LVDS HD cameras. The last time we checked in on Z3 Technology was back in 2013 when the Lincoln, Nebraska based company launched a Z3-DM8168-APP-3x video transcoding subsystem built around a TI DaVinci SoC. The company offers a variety of camera solutions, video encoding boards, and “Zeus” video encoding systems that run Linux on low-end Arm SoCs. Z3 broke with its tradition of not disclosing the various Cortex-A8 or -A9 based processors in its products when it launched the Z3-Q603-RPS, which features Qualcomm’s AI-enabled, quad-core QCS603 camera SoC.
Alpine 3.14.1 released
The Alpine Linux project is pleased to announce the immediate availability of version 3.14.1 of its Alpine Linux operating system. This release includes a fix for apk-tools CVE-2021-36159. The full lists of changes can be found in the git log.
