Post Syndicated from corbet original https://lwn.net/Articles/980654/

The LWN.net Weekly Edition for July 11, 2024 is available.

Post Syndicated from corbet original https://lwn.net/Articles/981334/

Version
128.0 of the Firefox browser has been released. Changes this time
include the ability to translate highlighted phrases from the context menu,
display of recent searches on opening the address bar (US/Canada only), a
streamlined dialog for clearing user data, and more.

Post Syndicated from corbet original https://lwn.net/Articles/981287/

Alexander “Solar Designer” Peslyak has disclosed another OpenSSH
vulnerability that can be exploited for remote code execution, but only
on distributions that have applied a patch to add auditing support.
Specifically, RHEL 9 and derivatives are affected, as are
Fedora 36 and 37 (but not later releases).

The main difference from CVE-2024-6387 is that the race condition
and RCE potential are triggered in the privsep child process, which
runs with reduced privileges compared to the parent server process.
So immediate impact is lower. However, there may be differences in
exploitability of these vulnerabilities in a particular scenario,
which could make either one of these a more attractive choice for
an attacker, and if only one of these is fixed or mitigated then
the other becomes more relevant.

Post Syndicated from corbet original https://lwn.net/Articles/981285/

Security updates have been issued by AlmaLinux (virt:rhel and virt-devel:rhel), Fedora (ghostscript, golang, httpd, libnbd, netatalk, rust-sequoia-chameleon-gnupg, rust-sequoia-gpg-agent, rust-sequoia-keystore, rust-sequoia-openpgp, and rust-sequoia-sq), Mageia (apache), Red Hat (booth, buildah, edk2, fence-agents, git, gvisor-tap-vsock, kernel, kernel-rt, less, libreswan, linux-firmware, openssh, pki-core, podman, postgresql-jdbc, python3, tpm2-tss, virt:rhel, and virt:rhel and virt-devel:rhel modules), SUSE (krb5, poppler, and python-docker), and Ubuntu (apache2, cinder, glance, nova, and Tomcat).

Post Syndicated from corbet original https://lwn.net/Articles/981256/

The 6.6.38 stable kernel update has been
released, without the benefit of the usual review process. It reverts some
BPF changes with patches that do not appear in the mainline (in this form,
at least). “All powerpc and arm64 users of the 6.6 kernel series must
upgrade. Everyone else probably should as well to be safe.“

Post Syndicated from corbet original https://lwn.net/Articles/981080/

Version 15.1 of the GNU debugger has been released. Changes include a
number of enhancements to GDB’s Python support, some Debugger Adapter
Protocol additions, some new GDBserver options, and more.

Post Syndicated from corbet original https://lwn.net/Articles/981020/

The 6.10-rc7 kernel prepatch is out for
testing.

Things remain calm, although I do suspect that part of it is that
it’s been the July 4th week in the US, and a lot of Europe is
starting to go away on summer vacation.

But hey, let’s not look a gift horse too closely in the
mouth. Maybe it’s really just that 6.10 is shaping up well. Right?
RIGHT?

Post Syndicated from corbet original https://lwn.net/Articles/980447/

Random numbers, it seems, can never be random enough, and they cannot be
generated quickly enough. The kernel’s getrandom()
system call might, after years of discussion, be seen as sufficiently
secure by most users, but it is still a system call. Linux system calls
are relatively fast, but they are necessarily slower than calling a
function directly. In an attempt to speed the provision of secure random
data to user space, Jason Donenfeld has put together an
implementation of getrandom() that lives in the virtual dynamic
shared object (vDSO) area.

Post Syndicated from corbet original https://lwn.net/Articles/979852/

The LWN.net Weekly Edition for July 4, 2024 is available.

Post Syndicated from corbet original https://lwn.net/Articles/980556/

David Rosenthal looks
back at 40 years of the X Window System:

A major reason for Sun’s early success was that they in effect
open-sourced the Network File System. X11 was open source under the
MIT license. I, and some of the other Sun engineers, understood
that NeWS could not displace X11 as the Unix standard window system
without being equally open source. But Sun’s management looked at
NeWS and saw superior technology, an extension of the PostScript
that Adobe was selling, and couldn’t bring themselves to give it
away.

Post Syndicated from corbet original https://lwn.net/Articles/979683/

Like many kernel subsystems, the Linux security module (LSM) subsystem
makes extensive use of indirect function calls. Those calls, however, are
increasingly problematic, and the pressure to remove them has been growing.
The good news is that there is a patch
series from KP Singh that accomplishes that goal. Its progress into
the mainline has been slow — this change was first proposed
by Brendan Jackman and Paul Renauld in 2020 — and this work has been caught
up in some wider controversies along the way, but it should be close to
being ready.

Post Syndicated from corbet original https://lwn.net/Articles/980393/

Security updates have been issued by AlmaLinux (httpd:2.4/httpd), Arch Linux (openssh), Fedora (cups, emacs, and python-urllib3), Gentoo (OpenSSH), Mageia (ffmpeg, gdb, openssl, python-idna, and python-imageio), Red Hat (golang and kernel), SUSE (booth, libreoffice, openssl-1_1-livepatches, podman, python-arcomplete, python-Fabric, python-PyGithub, python- antlr4-python3-runtime, python-avro, python-chardet, python-distro, python- docker, python-fakeredis, python-fixedint, pyth, python-Js2Py, python310, python39, and squid), and Ubuntu (cups and netplan.io).

Post Syndicated from corbet original https://lwn.net/Articles/980312/

While the end of support for CentOS 7, which happened on June 30, is
significant, it is also worth taking a moment to reflect on the end of
Scientific Linux 7, which has also just occurred. Scientific Linux
was once a popular RHEL rebuild supported by Fermilab, CERN, DESY, and ETH
Zurich. Development of Scientific Linux stopped with SL7, with the labs
switching to CentOS thereafter, but the SL7 release was supported through
to the bitter end. Thanks are due to all who built and supported
Scientific Linux; you provided a useful and stable platform for many years.

Post Syndicated from corbet original https://lwn.net/Articles/980252/

Security updates have been issued by Debian (dcmtk, edk2, emacs, glibc, gunicorn, libmojolicious-perl, openssh, org-mode, pdns-recursor, tryton-client, and tryton-server), Fedora (freeipa, kitty, libreswan, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, mingw-poppler, and mingw-python-urllib3), Gentoo (cpio, cryptography, GNU Emacs, Org Mode, GStreamer, GStreamer Plugins, Liferea, Pixman, SDL_ttf, SSSD, and Zsh), Oracle (pki-core), Red Hat (httpd:2.4, libreswan, and pki-core), SUSE (glib2 and kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t), and Ubuntu (espeak-ng, libcdio, and openssh).

Post Syndicated from corbet original https://lwn.net/Articles/980211/

OpenSSH 9.8 has been
released, fixing an ugly vulnerability:

Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to
be possible but has not been demonstrated at this time. It’s likely
that these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been
examined.

There is a
configuration workaround for systems that cannot be updated, though it
has its own problems. See this Qualys
advisory for more details.

Post Syndicated from corbet original https://lwn.net/Articles/980175/

Linus has released 6.10-rc6 for testing.
“This release continues to be fairly calm, and rc6 looks pretty small.
It’s also entirely just random small fixes spread all over, with no bigger
pattern.“

Post Syndicated from corbet original https://lwn.net/Articles/979912/

The academic and the Linux real-time and scheduling community mourns the
premature death of Daniel Bristot de
Oliveira. Daniel died at the age of 37 on Monday, June 24, 2024.
Juri Lelli, Tommaso Cucinotta, Steve Rostedt, Kate Stewart, and Thomas
Gleixner have come together to share their thoughts on his life and what he
has left behind

Post Syndicated from corbet original https://lwn.net/Articles/979549/

It has been nearly one year since the
first version of the device memory TCP patches was posted by Mina
Almasry. Now on the 14th
revision, this series appears to be stabilizing. Device memory TCP is
a specialized networking feature requiring a certain amount of setup, but
it could provide a significant performance improvement for some
data-intensive applications.

Post Syndicated from corbet original https://lwn.net/Articles/979084/

The LWN.net Weekly Edition for June 27, 2024 is available.

Post Syndicated from corbet original https://lwn.net/Articles/979741/

The Rust Blog is carrying an
update on what the Rust Types Team has been up to and its near-future
plans.

There has been a
lot of work on the next-generation
trait solver. The initiative posted a
separate update at the end of last year. While we would have
liked to stabilize its
use in coherence a few months ago, this surfaced additional
small behavior regressions and hangs, causing delays. We are
working on fixing these issues and intend to merge the
stabilization PR soon. We are getting close to compiling the
standard library and the compiler with the new solver enabled
everywhere, after which will be able to run crater to figure out
the remaining issues.