Security updates for Wednesday

By ris Security updates have been issued by Debian (botan1.10, mysql-5.5, and rtmpdump), Fedora (collectd, firefox, java-1.8.0-openjdk, libdwarf, nss-softokn, nss-util, and tigervnc), Red Hat (httpd24-httpd and python27), and SUSE (kernel).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

No more grsecurity test patches

By corbet The grsecurity project has announced that its
kernel-hardening patches will now be an entirely private affair.
Today we are handing over future maintenance of grsecurity test
patches to the community. This makes grsecurity for Linux 4.9 the last
version Open Source Security Inc. will release to non-subscribers.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] Which email client for Ubuntu 17.10?

By jake An email client was once a mandatory offering for any operating system, but
that may be changing. A discussion on the ubuntu-desktop mailing list
explores the choices for a default email client for Ubuntu 17.10, which is
due in October. One of the possibilities being considered is to not have a
default email client at all.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Kali Linux 2017.1 Release

By ris The Kali Linux 2017.1 rolling release is available.
Kali is a Debian derivative aimed at penetration testing and related
tasks. This release includes support for RTL8812AU wireless card
injection, streamlined support for CUDA GPU cracking, OpenVAS 9 packaged in
Kali repositories, and more.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Bash Bunny: Big hacks come in tiny packages (InfoWorld)

By corbet InfoWorld plays
with the Bash Bunny
, a USB device for attacking computers.
It can run anything a regular Debian Linux distro can run, such as
Python scripts or common Linux commands. To infiltrate other computing
devices, Bash Bunny can fake its identity as a trusted media device,
networking device, keyboard, or other serial device. For example, it can
load itself as a keyboard device and mimic keystrokes. You can download
dozens of existing payload scripts, create your own, or ask questions in a
fairly active user forum.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] Turmoil for Drupal

By jake

The Drupal content management system
(CMS) has been an open-source tool of choice for many web site owners for
well over a decade now. Over that time, it has been overseen by its
original developer, Dries Buytaert, who is often referred to as the
benevolent dictator for life (BDFL) for the project. Some recent events
have led a sizable contingent in the Drupal community to question his
leadership, however. A request that a prominent developer leave the Drupal
community, apparently over elements of his private life rather than any
Drupal-related misstep, has led to something of an outcry in that
community—it may well lead to a change in the governance of the project.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail