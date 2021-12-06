Security Leftovers
Security updates for Thursday
Security updates have been issued by Debian (flac, openssl, and openssl1.0), Fedora (nbd, pesign, and rust-regex), openSUSE (ansible, java-1_8_0-openjdk, libreoffice, and stunnel), Oracle (expat, glibc, and virt:ol and virt-devel:rhel), Red Hat (expat, redhat-ds:11.3, and virt:av and virt-devel:av), SUSE (atftp, java-1_8_0-openjdk, libreoffice, python3, and stunnel), and Ubuntu (apache2, bind9, firefox, fuse, and man-db).
NSA spies ample opportunities to harden Kubernetes [Ed: Why would anyone trust the NSA on security? It's not what they do; they undermine security.]
If Kubernetes is so complicated that even Google is automating its setup, then it's worth paying attention when U.S. spy giant, the National Security Agency (NSA) points to strengthening it.
Kubernetes, as the NSA points out, provides "several flexibility and security benefits compared to traditional, monolithic software platforms." Unfortunately, that flexibility comes with a lot of moving pieces with their own cybersecurity considerations.
The NSA and Cybersecurity and Infrastructure Security Agency (CISA) recently updated their Kubernetes Hardening Guidance [PDF] which, while designed for government agencies, is still a great set of recommendations for independent organizations.
WordPress Releases Security Update
WordPress versions prior to 5.9.2 are affected by multiple vulnerabilities. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected website.
ISC Releases Security Advisories for BIND | CISA
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
CISA encourages users and administrators to review the following ISC advisories and apply the necessary updates or workarounds.
OpenSSL Releases Security Updates | CISA
OpenSSL has released security updates addressing a vulnerability affecting multiple versions of OpenSSL. An attacker could exploit this vulnerability to cause a denial-of-service condition.
CISA encourages users and administrators to review the OpenSSL Advisory and upgrade to the appropriate version.
Drupal Releases Security Updates | CISA
Drupal has released security updates to address vulnerabilities affecting Drupal 9.2 and 9.3. An attacker could exploit one of these vulnerabilities to take control of an affected system.
Chromium 99 critical security fix, upgrade asap | Alien Pastures
I have uploaded new chromium 99 packages for Slackware. The chromium-ungoogled 99 packages are currently being built and will follow shortly.
These new packages were triggered by a recent Google Chromium update which mentions a fix for a security hole which allows remote attackers to take control of your computer. Opening a malicious advertisement or web page is already sufficient, the vulnerability does not need any interaction to do its work. See CVE-2022-0971.
Raphaël Hertzog: Freexian’s report about Debian Long Term Support, February 2022
Every month we review the work funded by Freexian’s Debian LTS offering. Please find the report for February below.
FreeBSD 13.1-BETA2 Now Available
The second BETA build of the 13.1-RELEASE release cycle is now available. Installation images are available for: o 13.1-BETA2 amd64 GENERIC o 13.1-BETA2 i386 GENERIC o 13.1-BETA2 powerpc GENERIC o 13.1-BETA2 powerpc64 GENERIC64 o 13.1-BETA2 powerpcspe MPC85XXSPE o 13.1-BETA2 armv6 RPI-B o 13.1-BETA2 armv7 GENERICSD o 13.1-BETA2 aarch64 GENERIC o 13.1-BETA2 aarch64 RPI o 13.1-BETA2 aarch64 PINE64 o 13.1-BETA2 aarch64 PINE64-LTS o 13.1-BETA2 aarch64 PINEBOOK o 13.1-BETA2 aarch64 ROCK64 o 13.1-BETA2 aarch64 ROCKPRO64 Note regarding arm SD card images: For convenience for those without console access to the system, a freebsd user with a password of freebsd is available by default for ssh(1) access. Additionally, the root user password is set to root. It is strongly recommended to change the password for both users after gaining access to the system. Installer images and memory stick images are available here: https://download.freebsd.org/ftp/releases/ISO-IMAGES/13.1/ The image checksums follow at the end of this e-mail. If you notice problems you can report them through the Bugzilla PR system or on the -stable mailing list. If you would like to use Git to do a source based update of an existing system, use the "releng/13.1" branch. A summary of changes since 13.1-BETA1 includes: o OpenZFS has been updated to version 2.1.3. o Fixes to buf_alloc() and __sfvwrite(). o Support for obtaining early entropy from UEFI has been added. o OpenSSL has been updated to prevent a consistent loop under certain circumstances. [FreeBSD-SA-22:03.openssl] o Updates to fsck(8) and fsck_ffs(8) to ensure the correct exit code is returned for missing devices. o A race condition in if_epair(4) on multi-core systems has been addressed. A list of changes since 13.0-RELEASE is available in the releng/13.1 release notes: https://www.freebsd.org/releases/13.1R/relnotes/ Please note, the release notes page is not yet complete, and will be updated on an ongoing basis as the 13.1-RELEASE cycle progresses.Also: Controlling Resource Limits with rctl in FreeBSD
Linux Candy: Emote - modern popup emoji picker
The internet has rapidly transformed the way we communicate. Since body language and verbal tone are not conveyed in text messages or e-mails, we’ve developed alternate ways to convey nuanced meaning. The most prominent change to our online style has been the addition of two new-age hieroglyphic languages: emoticons and emoji. Emoji originated from the smiley, which first evolved into emoticons, followed by emoji and stickers in recent years. Smiley first appeared in the 1960s and is regarded as the first expression symbols. Smiley is a yellow face with two dots for eyes and a wide grin which is printed on buttons, brooches, and t-shirts.
Ubuntu revamp its logo after 12 years
The first impression of the new logo makes me wonder why Ubuntu needed to change the logo, which was looking far better in terms of visual appeal.
today's leftovers
