|
|
Subscribe / Log in / New account

Brief items

Security

2 New Mozilla Firefox 0-Day Bugs Under Active Attack (The Hacker News)

According to this report on The Hacker News, there are a couple of recent Firefox vulnerabilities that are currently being exploited.

Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the WebGPU inter-process communication (IPC) Framework.

Updating seems like a good idea.

Comments (3 posted)

Today's Spectre variant: branch history injection

A few days prior to the expected 5.17 release, the mainline kernel has just received a series of Spectre mitigations for the x86 and ARM architectures. The vulnerability this time is called "branch history injection"; it has been deemed CVE-2022-0001 and CVE-2022-0002. Some information can be found in this Intel disclosure, this ARM advisory, and this VUSec page:

Branch History Injection (BHI or Spectre-BHB) is a new flavor of Spectre-v2 in that it can circumvent eIBRS and CSV2 to simplify cross-privilege mistraining. The hardware mitigations do prevent the unprivileged attacker from injecting predictor entries for the kernel. However, the predictor relies on a global history to select the target entries to speculatively execute. And the attacker can poison this history from userland to force the kernel to mispredict to more “interesting” kernel targets (i.e., gadgets) that leak data.

According to a documentation patch merged into the mainline, the only known way to exploit this problem is via unprivileged BPF.

Comments (2 posted)

Kernel development

Kernel release status

The current development kernel is 5.17-rc7, released on March 6. This should be the final -rc for this development series: "as things stand, I expect that final 5.17 will be next weekend unless something surprising comes up".

Stable updates: 5.16.13, 5.15.27, 5.10.104, 5.4.183, 4.19.233, 4.14.270, and 4.9.305 were released on March 8 after an abbreviated review cycle; as Greg Kroah-Hartman explained: "this one had to go out a bit sooner for reasons I don't want to speculate about".

Those reasons appear to be a need to clear the decks for 5.16.14, 5.15.28, 5.4.184, 4.19.234, 4.14.271, and 4.9.306, which contain the mitigations for the branch history injection Spectre vulnerabilities. They are ostensibly due on March 11, but it would not be entirely surprising if they were released earlier.

Comments (none posted)

The "dirty pipe" vulnerability

Max Kellermann has disclosed a disconcerting kernel vulnerability:

Two weeks ago, I found a vulnerability in the Linux kernel since version 5.8 commit f6dd975583bd ("pipe: merge anon_pipe_buf*_ops") due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is O_RDONLY, immutable or on a MS_RDONLY filesystem. It can be used to inject code into arbitrary processes.

This vulnerability has been named "dirty pipe"; Kellermann has put up a web page describing it in detail. Updates from distributors are already being released.

Full Story (comments: 14)

Quote of the week

This patch is a work of art.

And I mean that in the worst possible way.

Linus Torvalds

Comments (1 posted)

Distributions

DENT 2.0 released

DENT is a special-purpose Linux distribution aimed at router deployments; "DENT utilizes the Linux Kernel, Switchdev, and other Linux based projects as the basis for building a new standardized network operating system without abstractions or overhead". Version 2.0 has been released:

DENT 2.0 adds secure scaling with Internet Protocol version 6 (IPv6) and Network Address Translation (NAT) to support a broader community of enterprise customers. It also adds Power over Ethernet (PoE) control to allow remote switching, monitoring, and shutting down. Connectivity of IoT, Point of Sale (POS), and other devices is highly valuable to retail storefronts, early adopters of DENT. DENT 2.0 also adds traffic policing, helping mitigate attack situations that overload the CPU.

Comments (13 posted)

Development

Blender 3.1 released

Version 3.1 of the Blender artistic suite is out. The list of changes is long and can be seen in the video-heavy announcement page; it includes Apple Metal support, a new "point cloud" object, and much more.

Comments (5 posted)

Firefox 98 released

Version 98.0 of the Firefox browser is out. The big change this time is a new "optimized download flow" that is alleged to make the process of downloading files go much more smoothly. There are also some significant security fixes in this release.

Comments (28 posted)

PipeWire: A year in review & a look ahead (Collabora blog)

The Collabora blog looks at recent developments in the PipeWire media system and looks forward to what is yet to come:

Now in 2022, we are looking to the future. We already have designs to improve WirePlumber and experiment with new things. On the short-term horizon, we have plans to rework some parts of WirePlumber in order to make its configuration more user-friendly and the scripts easier to work with. We are also planning to revisit the policy logic and try to go a step beyond what PulseAudio has ever offered. In addition, we are looking forward to experimenting with complex cameras to improve how PipeWire and libcamera work together for an optimal user experience.

Comments (16 posted)

Page editor: Jake Edge
Next page: Announcements>>


Copyright © 2022, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds