Linux Weekly News

Subscribe to Linux Weekly News feed
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 21 min 55 sec ago

Happy New Year- Welcome to Linux Journal 2.0

Tue, 01/02/2018 - 11:26
Linux Journal is back. "Talk about a Happy New Year. The reason: it turns out we're not dead. In fact, we're more alive than ever, thanks to a rescue by readers—specifically, by the hackers who run Private Internet Access (PIA) VPN, a London Trust Media company. PIA are avid supporters of freenode and the larger FOSS community. They’re also all about Linux and the rest of the modern portfolio of allied concerns: privacy, crypto, freedom, personal agency, rewriting the rules of business and government around all of those, and having fun with constructive hacking of all kinds. We couldn’t have asked for a better rescue ship to come along for us."

Security updates for Tuesday

Tue, 01/02/2018 - 11:19
Security updates have been issued by Debian (imagemagick), Fedora (chromium), and Mageia (iceape, libzip, and mad).

Security updates for New Year's day

Mon, 01/01/2018 - 12:10
Security updates have been issued by Debian (asterisk, gimp, thunderbird, and wireshark), Fedora (global, python-mistune, and thunderbird-enigmail), Mageia (apache, bind, emacs, ffmpeg, freerdp, gdk-pixbuf2.0, gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad, gstreamer0.10-plugins-ugly, gstreamer0.10-plugins-ugly/gstreamer1.0-plugins-ugly, gstreamer1.0-plugins-bad, heimdal, icu, ipsec-tools, jasper, kdebase4-runtime, ldns, libvirt, mupdf, ncurses, openjpeg2, openssh, python/python3, ruby, ruby-RubyGems, shotwell, thunderbird, webkit2, and X11 client libraries), openSUSE (gdk-pixbuf and phpMyAdmin), and SUSE (java-1_7_1-ibm).

Kernel prepatch 4.15-rc6

Mon, 01/01/2018 - 10:06
The 4.15-rc6 kernel prepatch has been released for testing. "This would have been a very quiet week, if it wasn't for the final x86 PTI stuff - and that shows in the diffstat too. About half the rc6 work is x86 updates. The timing for this isn't wonderful, but it all looks nice and clean."

Kernel page-table isolation merged

Sat, 12/30/2017 - 10:45
Linus has merged the kernel page-table isolation patch set into the mainline just ahead of the 4.15-rc6 release. This is a fundamental change that was added quite late in the development cycle; it seems a fair guess that 4.15 will have to go to -rc8, at least, before it's ready for release.

Stable kernels 4.14.10 and 4.9.73

Fri, 12/29/2017 - 13:18
Greg Kroah-Hartman has announced the release of the 4.14.10 and 4.9.73 stable kernels. Both have fixes across the tree, though 4.14.10 is rather larger and contains more of the kernel page-table isolation work.

Security updates for Friday

Fri, 12/29/2017 - 11:23
Security updates have been issued by Debian (imagemagick, mercurial, and thunderbird), Fedora (asterisk, libexif, python-mistune, sensible-utils, shellinabox, and webkitgtk4), Mageia (glibc, kernel-firmware, and phpmyadmin), and openSUSE (global).

Security updates for Wednesday

Wed, 12/27/2017 - 10:42
Security updates have been issued by Fedora (asterisk, evince, lynx, ruby, sensible-utils, and shellinabox) and SUSE (GraphicsMagick and java-1_7_1-ibm).

salsa.debian.org (git.debian.org replacement) going into beta

Tue, 12/26/2017 - 11:42
The Debian Project has been working on replacing git.debian.org with a GitLab based service at https://salsa.debian.org. Active Debian Developers already have accounts. "External users are invited to create an account on salsa. To avoid clashes with future Debian Developers, we are enforcing a '-guest' suffix for any guest username. Therefore we developed a self-service portal which allows non-Debian Developers to sign up, available at https://signup.salsa.debian.org. Please keep in mind that your username will have '-guest' appended."

Security updates for a holiday Monday

Mon, 12/25/2017 - 14:00
Security updates have been issued by Debian (enigmail, gimp, irssi, kernel, rsync, ruby1.8, and ruby1.9.1), Fedora (json-c and kernel), Mageia (libraw and transfig), openSUSE (enigmail, evince, ImageMagick, postgresql96, python-PyJWT, and thunderbird), Slackware (mozilla), and SUSE (evince).

Some holiday stable kernel updates

Mon, 12/25/2017 - 11:43
The 4.14.9, 4.9.72, 4.4.108, and 3.18.90 stable kernel updates have been released with a large set of important fixes. The 4.14.9 update includes the kernel page-table isolation precursor patches that also just landed in 4.15-rc5.

Kernel prepatch 4.15-rc5

Sun, 12/24/2017 - 10:52
The 4.15-rc5 kernel prepatch is out. "This (shortened) week ended up being fairly normal for rc5, with the exception of the ongoing merging of the x86 low-level prep for kernel page table isolation that continues and is noticeable. In fact, about a third of the rc5 patch is x86 updates due to that."

Privilege escalation via eBPF in Linux 4.9 and beyond

Fri, 12/22/2017 - 18:22
Jann Horn has reported eight bugs in the eBPF verifier, one for the 4.9 kernel and seven introduced in 4.14, to the oss-security mailing list. Some of these bugs result in eBPF programs being able to read and write arbitrary kernel memory, thus can be used for a variety of ill effects, including privilege escalation. As Ben Hutchings notes, one mitigation would be to disable unprivileged access to BPF using the following sysctl: kernel.unprivileged_bpf_disabled=1. More information can also be found in this Project Zero bug entry. The fixes are not yet in the mainline tree, but are in the netdev tree. Hutchings goes on to say: "There is a public exploit that uses several of these bugs to get root privileges. It doesn't work as-is on stretch [Debian 9] with the Linux 4.9 kernel, but is easy to adapt. I recommend applying the above mitigation as soon as possible to all systems running Linux 4.4 or later."

[$] An introduction to the BPF Compiler Collection

Fri, 12/22/2017 - 17:58
In the previous article of this series, I discussed how to use eBPF to safely run code supplied by user space inside of the kernel. Yet one of eBPF's biggest challenges for newcomers is that writing programs requires compiling and linking to the eBPF library from the kernel source. Kernel developers might always have a copy of the kernel source within reach, but that's not so for engineers working on production or customer machines.

Judge rm -rf Grsecurity's defamation sue-ball against Bruce Perens (Register)

Fri, 12/22/2017 - 15:42
The Register reports that the grsecurity defamation suit filed against Bruce Perens has been tossed out of court. "On Thursday, the judge hearing the case, San Francisco magistrate judge Laurel Beeler, granted Peren's motion to dismiss the complaint while also denying – for now – his effort to invoke California's anti-SLAPP law."

FSF adds PureOS to list of endorsed GNU/Linux distributions

Fri, 12/22/2017 - 15:17
The Free Software Foundation (FSF) has announced that it added PureOS to its list of endorsed Linux distributions. "'PureOS is a GNU operating system that embodies privacy, security, and convenience strictly with free software throughout. Working with the Free Software Foundation in this multi-year endorsement effort solidifies our longstanding belief that free software is the nucleus for all things ethical for users. Using PureOS ensures you are using an ethical operating system, committed to providing the best in privacy, security, and freedom,' said Todd Weaver, Founder & CEO of Purism."

Moglen fires back at the Software Freedom Conservancy

Fri, 12/22/2017 - 15:16
Here's the latest from Eben Moglen on the Software Freedom Law Center's trademark attack against the Software Freedom Conservancy. "We propose a general peace, releasing all claims that the parties have against one another, in return for an iron-clad agreement for mutual non-disparagement, binding all the organizations and individuals involved, with strong safeguards against breach. SFLC will offer, as part of such an overall agreement, a perpetual, royalty-free trademark license for the Software Freedom Conservancy to keep and use its present name, subject to agreed measures to prevent confusion, and continued observance of the non-disparagement agreement."

In the spirit of non-disparagement, it also says: "In view of this evidence and the sworn pleading submitted by the Conservancy, we have now moved to amend our petition, to state as a second ground for the cancellation that the trademark was obtained by fraud."

Security updates for Friday

Fri, 12/22/2017 - 09:55
Security updates have been issued by Debian (bouncycastle, enigmail, and sensible-utils), Fedora (kernel), Mageia (dhcp, flash-player-plugin, glibc, graphicsmagick, java-1.8.0-openjdk, kernel, kernel-linus, kernel-tmb, mariadb, pcre, rootcerts, rsync, shadow-utils, and xrdp), and SUSE (java-1_8_0-ibm and kernel).

Security updates for Thursday

Thu, 12/21/2017 - 09:36
Security updates have been issued by Debian (libreoffice, openafs, and otrs2) and SUSE (ImageMagick).

[$] LWN.net Weekly Edition for December 21, 2017

Wed, 12/20/2017 - 20:23
The LWN.net Weekly Edition for December 21, 2017 is available.

Pages