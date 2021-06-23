Language Selection

Security Leftovers

Submitted by Roy Schestowitz on Friday 27th of August 2021 02:15:54 PM
Security
  • Security updates for Friday

    Security updates have been issued by Fedora (haproxy and libopenmpt), openSUSE (aws-cli, python-boto3, python-botocore,, dbus-1, and qemu), Oracle (rh-postgresql10-postgresql), Red Hat (compat-exiv2-023, compat-exiv2-026, exiv2, libsndfile, microcode_ctl, python27, rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon, rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon, and rh-python38), Scientific Linux (compat-exiv2-023 and compat-exiv2-026), SUSE (compat-openssl098), and Ubuntu (libssh, openssl, and openssl1.0).

  • Reproducible Builds (diffoscope): diffoscope 182 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 182. This version includes the following changes:

    [ Chris Lamb ]
* Also ignore, for example, spurious "fwGCC: (Debian ... )" lines in output
  from strings(1).
* Only use "java -jar /path/to/apksigner.jar" if we have a .jar as newer
  versions of apksigner use a shell wrapper script which will obviously be
  rejected by the JVM. Also mention in the diff if apksigner is missing.
* Pass "-f" to apktool to avoid creating a strangely-named subdirectory and
  to simplify code.
* If we specify a suffix for temporary file or directory, ensure it starts
  with a "_" to make the generated filenames more human-readable.
* Drop an unused File import.
* Update the minimum version of the Black source code formatter.

[ Santiago Torres Arias ]
* Support parsing the return value of squashfs versions which discriminate
  between fatal and non-fatal errors.
  • [IBM's 'Linux Man': Understanding the Impact of Cybersecurity on International Trade

    The explosive success of the Internet in the 1990s led to a historical transition from the industrial age of the past two centuries to an economy and society increasingly based on global, digital interactions. This transition has continued to advance over the past two decade with the advent of billions of smartphones, hundreds of billions of IoT devices, a wide variety of online applications and mobile apps, and huge amounts of data, all connected via Internet-based broadband networks.

    Then came Covid-19. A recent McKinsey survey found that the pandemic has accelerated the overall adoption of digital technologies and applications by three to seven years in just a few months.

    At the same time, cybersecurity threats have been growing. Large-scale fraud, data breaches, and identity thefts have become far more common. As we moved from a world of physical interactions and paper documents, to a world primarily governed by digital data and transactions, our existing cybersecurity methods have been far from adequate.

    More recently, international cyberthreats have escalated, with a growing number of high profile attacks by criminal groups and adversarial governments. Cybersecurity is now invoked by governments as a major aspect of national security, as they focus on protecting their critical infrastructures and the overall wellbeing of their nations. In early June, for example, FBI Director Christopher Wray compared the danger of ransomware attacks on US firms by Russian criminal groups to the September 11 terrorist attacks. And, in a recent editorial, the NY times editorial board argued that ransomware attacks have emerged as “a formidable potential threat to national security,” given “their ability to seriously disrupt economies and to breach strategically critical enterprises or agencies,” urging governments that “It is a war that needs to be fought, and won.”

    Beyond terrorism and national security, cyber threats have the potential to wreak havoc with international trade and the global economy. In a recent paper, Framework for Understanding Cybersecurity Impacts on International Trade, MIT professors Stuart Madnick and Simon Johnson and research scientist Keman Huang said that cybersecurity concerns have become a key issue for international trade policy.

Kernel: Slack, AMD, Alibaba

  • Brendan Gregg: Slack's Secret STDERR Messages
  • AMD Adds 17 PCI IDs to Linux Kernel Driver, Teasing a Possible RDNA 2 Refresh | Tom's Hardware

    AMD's Radeon product line-up based on RDNA 2 could get expanded with even more products, that are possibly a refreshed designs for additional performance and efficiency. According to the report coming from Phoronix, AMD has added as many as 17 new PCI IDs to the Linux kernel driver, showing us some hints of refreshing the RDNA 2 GPU line-up soon. Today, AMD engineers have submitted the latest round of patches for the AMDGPU Linux kernel DRM driver, which adds as many as 17 additional PCI IDs over the existing plethora of device IDs already present in the driver. While these new IDs show us what GPU codename they correspond to, we are still left to wonder why AMD has decided to do this.

  • AVX2-Optimized SM4 Cipher Implementation Queued Ahead Of Linux 5.15 - Phoronix

    The Linux kernel has already sported SM4 cipher algorithm implementation optimized for AES-NI and AVX while now an Alibaba engineer has contributed an AVX2 optimized variant for even greater performance. Tianjia Zhang of Alibaba has submitted and now queued in crypto-next an AES-NI/AVX2 optimized implementation for the SM4 cipher algorithms. The SM4 cipher is backed by China and used for their WLAN WAPI standard and other purposes. Alibaba previously worked on speeding up the SM4 AVX/AES-NI code while now they are providing this alternative implementation for AVX2 with AES-NI.

  • AMD Adds 17 More PCI IDs For RDNA2 GPUs To Their Linux Driver - Phoronix

    On top of all the PCI IDs in place already for the AMDGPU Linux kernel graphics driver, another 17 PCI IDs were added in a new patch for this open-source Radeon graphics driver. Seeing 17 more PCI IDs being added to the AMDGPU kernel driver at this stage is a bit surprising given all the other IDs already in place. However, it's important to keep in mind this doesn't necessarily mean there are 17 more RDNA2 graphics cards being launched but often times some PCI IDs may be reserved for engineering models, added proactively for possible future but currently unplanned models, and similar cases. Some of these IDs may also be used for AMD's custom designs for partners. The new IDs sent out over night add five more to Sienna Cichlid (0x73A5, 0x73A8, 0x73A9, 0x73AC, and 0x73AD) on top of the 7 Sienna Cichlid PCI IDs already in place.

You Can Now Upgrade to MATE Desktop 1.26 on Ubuntu

The ‘Fresh MATE PPA’ is maintained by Ubuntu MATE developers, and is aimed at existing users of Ubuntu MATE who want to install MATE desktop 1.26 on their systems. However, the PPA (and the packages within) are compatible with all Ubuntu flavours, meaning you can add this PPA to install the MATE desktop experience alongside whichever DEs you use at present (just, be careful). The PPA provides updated MATE desktop components (including new versions of core apps like Pluma and Caja) for Ubuntu MATE 20.04 LTS and Ubuntu MATE 21.04 (Ubuntu 20.10 went EOL last month). Read more

today's howtos

  • How To Install Elasticsearch on Debian 11 - idroot

    In this tutorial, we will show you how to install Elasticsearch on Debian 11. For those of you who didn’t know, Elasticsearch is the distributed, RESTful search and analytics engine at the heart of the Elastic Stack. Elasticsearch is well-liked and popular amongst sysadmins and developers as it is a mighty search engine based on the Lucene library. It is generally used as the underlying engine/technology that powers applications with complex search features and requirements. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Elasticsearch on a Debian 11 (Bullseye) server.

  • Everything You Need To Know About Linux /tmp Directory

    The “/tmp” or tmp directory (temporary directory) in Linux is a place where any program stores the necessary files it can use during an executive session. It is one of the most used directories in Linux. Let us say you are writing a document. You are doing that in vscode. The vscode will save a temporary copy of your document in the tmp file and will update it on a regular basis. You can always go there and can restore it if necessary. Learning about the tmp directory thoroughly is a must if you want to be an effective Linux user. Knowing how it works, what are the attributes of this directory, etc., is going to enhance your Linux controlling a lot. We shall answer all of the possible questions that can come to your mind. Stay with us to learn.

  • How to Install Latest PHP 8 on Rocky Linux

    According to the W2techs surveys, there is 79% of all websites using PHP as a server-side programming language. On top of that, there are 67% of websites using PHP version 7, after 4 years after its initial release. PHP is one of the most popular server-side programming languages for websites. Some notable web applications are based on PHP like WordPress, Magento E-commerce, Wikipedia, Drupal, etc. At this time, the PHP version 8 has been released with additional features and improvements, including named arguments, union types, attributes, constructor property promotion, match expression, nullsafe operator, JIT, and improvements in the type system, error handling, and consistency.

  • How to detect and manage devices on Linux – VITUX

    Many of the Linux beginners coming from Windows know how to manage devices on their Windows systems. But they do not know how to do the same on Linux unfortunately. This is not because Linux is different, rather they are new and unaware of where to find the right help. Here I am going to help you how to detect and manage devices in your Linux system. I will be using Ubuntu 20.04 distribution. All commands are valid for related distribution which uses the apt package manager.

  • Hardening filesystem Centos/RHEL 8 - Unixcop

    Linux has continued used for many years beyond multiple industries and offers customizable and versatile systems. It is, therefore, essential that computers, servers, and even virtual machines that run Linux have specific security measures in place. In addition, because Linux-based operating systems (Ubuntu, Debian, RedHat, etc.) are so different and widely used, it’s essential to establish robust security standards to hold each specific operating system. The Center for Internet Security (CIS) has published benchmarks as standards for securing operating systems, a process known as hardening filesystem. Linux is not a secure operating system. These steps can be practiced and be improved. This tutorial aims to explain how to harden Linux as much as possible for security and privacy vulnerabilities. This will show you how to make distribution-agnostic and is not attached to any specific one. Also, try types of filesystem Centos/RHEL 8.

  • Perform a vulnerability scan with Openscap scanner - Unixcop

    RHEL 7 makes it simple to support secure and compliant systems with the openscap scanner. Also, try openssl.

  • Easy way to Install PHP 8.0 on Debian 11 Bullseye Server - Linux Shout

    A quick guide for installing PHP 8.0 on Debian 11, 10, and 9 Servers to install various web applications or CMS based on this server-side scripting language. Php 8.0 is the latest stable version of this programming language to use for commercial purposes. It is a server-side language, this means that the language can only perform actions on the server: For example, it can establish connections to a database or delete files on the server. You can easily convert an HTML file into PHP. To do this, you simply have to save the HTML file under .php. You can upload this PHP file to your server and call it up – without the actual PHP code. The output is unchanged. PHP is a cross-platform language hence can be executed on all popular operating systems. If you want to use PHP 8.0.x for your web application installed on Debian Linux then here is the tutorial to follow.

  • 15 Docker Commands to Manage Containers [List, Stop, Start, Remove and More]

    In Docker, you either build your own images to run your application as a container, or you can pull and use thousands of public images from the Docker repository and use them in your project. Once your image is ready, you can launch your containers using those images. A container is a running instance of a Docker image. Managing Docker containers is one of the most important aspects to look after as a system administrator who manages Docker hosts/containers.

The 8 Best Productivity Apps for Linux

The computer has become the center of many of our working lives. If you’ve come to adopt Linux as your digital workplace, there’s a good chance you’re using the GNOME desktop interface. In recent years a number of handy apps have popped up to help you be more productive at whatever professional or creative task you’re hard at work on. Here are eight options worth taking a look at. Read more

