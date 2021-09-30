Security Leftovers
Freexian’s report about Debian Long Term Support, October 2021
Every month we review the work funded by Freexian’s Debian LTS offering. Please find the report for October below.
Secure development: New and improved Linux Random Number Generator ready for testing
The Linux Random Number Generator (LRNG), which relies on several computing functions to act as a source of entropy, is designed to be a drop-in replacement for the long-established /dev/random function.
The technology is designed to offer both API (application programming interface) and ABI (application binary interface) compatibility with its /dev/random predecessor, while offering several performance and utility advantages.
CISA Adds Four Known Exploited Vulnerabilities to Catalog [Ed: Microsoft is a threat to National Security]
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which require remediation from federal civilian executive branch (FCEB) agencies by December 1, 2021. CISA has evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
How has Abcbot been targeting Linux? [Ed: "This botnet mainly targets systems and web servers with wear passwords, which makes it easier for the botnet to deploy the DDoS attack," so it does not sound like a Linux issue]
Reportedly, a new kind of botnet called Abcbot has been observed in the dark web world. According to the sources, this botnet has some worm-like propagation features to infect Linux systems. The main target of the botnet is to launch malicious denial-of-service (DDoS) attacks on the devices.
GitHub fixes authorisation vulnerability in the NPM JavaScript package registry
Kernel and Graphics: NVMe, Universal Scalable Firmware, Mesa, and Zink
Mesa 21.3 Graphics Stack Is Here with Zink, RADV, and Panfrost Improvements
Mesa 21.3 is here three and a half months after Mesa 21.2 to further improve Linux’s number one graphics stack. It brings many great improvements, starting with official OpenGL ES 3.1 compliance for Collabora’s Panfrost driver, threaded shader compilation for the Iris driver, OpenGL ES 3.2 support for the Zink driver, and support for AV1 videos for the Video Acceleration API (VA-API ).
Security Leftovers
Sam Thursfield: Status update, November 2021
I am impressed with the well-deserved rise of Sourcehut, a minimalist and open source alternative to Github and Gitlab. I like their unbiased performance comparison with other JavaScript-heavy Git forges. I am impressed by their substantial contributions to Free Software. And I like that the main developers, Drew DeVault and Simon Ser, both post monthly status update blog posts on their respective blogs.
