Security Leftovers

Monday 11th of July 2022
Security
  • Security updates for Monday [LWN.net]

    Security updates have been issued by Debian (php7.4), Fedora (gerbv, kernel, openssl, and podman-tui), Oracle (squid:4), Slackware (wavpack), and SUSE (apache2, chafa, containerd, docker and runc, fwupd, fwupdate, libqt5-qtwebengine, oracleasm, and python).

  • Ronacher: Congratulations: We Now Have Opinions on Your Open Source Contributions

    On his blog, Armin Ronacher comments about a recent security key giveaway by the Python Package Index (PyPI) to provide two-factor authentication (2FA) tokens to the maintainers of the "critical" projects on the index. While (eventually) requiring maintainers to use 2FA before being able to update PyPI packages is reasonable, Ronacher worries about where the idea might lead...

  • Major Linux kernel vulnerability affects Pixel 6, Galaxy S22, and others

    Android security has come a long way in recent years. The fostering of monthly security patches has kept hundreds of threats at bay, while Google Play Protect is there to bar malware from the Play Store. However, there are still instances where rogue actors can exploit vulnerabilities hidden within in Android’s code for nefarious purposes. Zhenpeng Lin, a security researcher and Northwestern University PhD student, recently discovered such a vulnerability on the Google Pixel 6, and you may be at risk even after installing the latest July 2022 security update.

    The vulnerability in question affects the kernel portion of Android, allowing the attacker to gain arbitrary read and write access, root privilege, and the authority to disable SELinux. With this kind of privilege escalation, a malicious actor could tamper with the operating system, manipulate built-in security routines, and do a lot more harm.

  • Hacker's Corner: Complete Guide to Anti-Debugging in Linux - Part 1

    What good is a keylogger (or any such tool, for that matter), that is reversed using a debugger within minutes? Let's level up just a little bit, and try to make malware analyst's job slightly more involved.

Jonathan Blandford: Crosswords 0.3.3: Double Dutch

It’s time for another GNOME Crosswords release! This time we had a focus on I18N support. I also got patches from another new contributor – Philip – who added some nice improvements, dutch-language support, and a downloader. Read more

Tropy: An Open-Source App to Organize Your Research Photos

Organizing photos is a big deal for individuals and researchers. Managing a large photo collection is not easy, whether it is just for a passion project or professional work. What if you want photos for research or a detailed archive? Tropy can help you out with that. Read more

Chattr Command in Linux with 5 Examples

When many users access and use the Linux system there is a chance for accidental deletion of files or directories. So it's important for administrators to keep the required files in an undeletable state. There comes chattr command to help in this situation. In this guide, we learn about chattr command with some practical examples. Read more

Free Software Directory (FSD) IRC Meeting and Rust/GCC

  • FSD meeting recap 2022-07-01

    Check out the great work our volunteers accomplished at today's Free Software Directory (FSD) IRC meeting. Every week, free software activists from around the world come together in #fsf on Libera.Chat to help improve the FSD. This recaps the work we accomplished at the Friday, July 1st, 2022 meeting, where we didn't see any new programs added, but we had a few great conversations and several entries updated.

  • Rust front-end
  • Re: Rust front-end
    Congratulations! The GCC Steering Committee has voted to accept the
contribution of the Rust Frontend (aka GCC Rust) to GCC.  Please work
with the GCC Global Reviewers and GCC Release Managers for technical
review and technical approval of the patches.  We look forward to
including a preliminary, beta version of GCC Rust in GCC 13 as a
non-default language.

Thanks, David
  • Rust frontend approved for GCC

    The GCC steering committee has approved the contribution of the Rust frontend to the compiler suite. "We look forward to including a preliminary, beta version of GCC Rust in GCC 13 as a non-default language".

