By ris Security updates have been issued by Debian (botan1.10, mysql-5.5, and rtmpdump), Fedora (collectd, firefox, java-1.8.0-openjdk, libdwarf, nss-softokn, nss-util, and tigervnc), Red Hat (httpd24-httpd and python27), and SUSE (kernel).
By corbet The grsecurity project has announced that its
kernel-hardening patches will now be an entirely private affair.
“Today we are handing over future maintenance of grsecurity test
patches to the community. This makes grsecurity for Linux 4.9 the last
version Open Source Security Inc. will release to non-subscribers.”
By jake An email client was once a mandatory offering for any operating system, but
that may be changing. A discussion on the ubuntu-desktop mailing list
explores the choices for a default email client for Ubuntu 17.10, which is
due in October. One of the possibilities being considered is to not have a
default email client at all.
By ris The Kali Linux 2017.1 rolling release is available.
Kali is a Debian derivative aimed at penetration testing and related
tasks. This release includes support for RTL8812AU wireless card
injection, streamlined support for CUDA GPU cracking, OpenVAS 9 packaged in
Kali repositories, and more.
By corbet The linkerd
1.0 release is available. “Linkerd a service mesh for cloud
native applications. As part of this release, we wanted to define what this
actually meant.” Support for per-service router configuration has
been added, along with new plugin interfaces for policy control. (LWN looked at linkerd in early April).
By corbet InfoWorld plays
with the Bash Bunny, a USB device for attacking computers.
“It can run anything a regular Debian Linux distro can run, such as
Python scripts or common Linux commands. To infiltrate other computing
devices, Bash Bunny can fake its identity as a trusted media device,
networking device, keyboard, or other serial device. For example, it can
load itself as a keyboard device and mimic keystrokes. You can download
dozens of existing payload scripts, create your own, or ask questions in a
fairly active user forum.”
The Drupal content management system
(CMS) has been an open-source tool of choice for many web site owners for
well over a decade now. Over that time, it has been overseen by its
original developer, Dries Buytaert, who is often referred to as the
benevolent dictator for life (BDFL) for the project. Some recent events
have led a sizable contingent in the Drupal community to question his
leadership, however. A request that a prominent developer leave the Drupal
community, apparently over elements of his private life rather than any
Drupal-related misstep, has led to something of an outcry in that
community—it may well lead to a change in the governance of the project.