Wi-Fi software security bug could leave Android, Windows, Linux open to attack (Ars Technica)

By jake Ars Technica reports on a wpa_supplicant bug that might leave Linux and other systems open to remote code execution.
That’s because the code fails to check the length of incoming SSID information and writes information beyond the valid 32 octets of data to memory beyond the range it was allocated. SSID information ‘is transmitted in an element that has a 8-bit length field and potential maximum payload length of 255 octets,’ [Google security team member Jouni] Malinen wrote, and the code ‘was not sufficiently verifying the payload length on one of the code paths using the SSID received from a peer device. This can result in copying arbitrary data from an attacker to a fixed length buffer of 32 bytes (i.e., a possible overflow of up to 223 bytes). The overflow can override a couple of variables in the struct, including a pointer that gets freed. In addition, about 150 bytes (the exact length depending on architecture) can be written beyond the end of the heap allocation.’

From: LWN

Share

Security updates for Thursday

By jake

Arch Linux has updated glibc
(code execution).

Fedora has updated chrony (F21:
three vulnerabilities), gnupg2 (F20: denial
of service), java-1.7.0-openjdk (F20:
unspecified), java-1.8.0-openjdk (F21:
unspecified), kernel (F21; F20: denial of service), ntp (F20: two vulnerabilities), python (F20: denial of service from 2013), spatialite-tools (F21: three vulnerabilities),
and sqlite (F21: three vulnerabilities).

Oracle has updated kvm (OL5: two vulnerabilities).

From: LWN

Share

[$] The kdbuswreck

By corbet Few readers will have failed to notice by now that the attempted merging of
the kdbus interprocess communication system into the 4.1 kernel has failed
to go as well as its proponents would have liked. As of this writing, the
discussion continues and nothing has been merged. This article constitutes
an attempt to derive a bit of light from the massive amounts of heat that
have been generated so far, with a specific focus on the issue of metadata
and capabilities.

From: LWN

Share

Sourcegraph: A free code search tool for open source developers (Opensource.com)

By ris Opensource.com introduces
Sourcegraph. “Sourcegraph is a code search engine and browsing tool that semantically indexes all the open source code available on the web. You can search for code by repository, package, or function and click on fully linked code to read the docs, jump to definitions, and instantly find usage examples. And you can do all of this in your web browser, without having to configure any editor plugin.

From: LWN

Share

Security advisories for Wednesday

By ris

Arch Linux has updated firefox (code execution).

CentOS has updated kernel (C6:
multiple vulnerabilities), kvm (C5: two
vulnerabilities), and qemu-kvm (C6: privilege escalation).

Debian has updated curl (multiple
vulnerabilities) and subversion (two vulnerabilities).

Debian-LTS has updated wireshark (multiple vulnerabilities).

Fedora has updated ceph-deploy
(F21: information leak), firefox (F20:
multiple vulnerabilities), libzip (F21; F20: code
execution), mingw-gnutls (F21: denial of
service), mingw-libtasn1 (F21; F20: denial of service), openstack-neutron (F20: denial of service), python-virtualenv (F21; F20: insecure software download), qt5-qtwebkit (F21; F20: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode), and qtwebkit (F21; F20: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode).

openSUSE has updated Chromium
(13.2, 13.1: multiple vulnerabilities).

Oracle has updated glibc (OL6:
two vulnerabilities), kernel (OL6: multiple
vulnerabilities), and qemu-kvm (OL6: privilege escalation).

Red Hat has updated kernel
(RHEL5.9: privilege escalation), kvm
(RHEL5: two vulnerabilities), and qemu-kvm
(RHEL6: privilege escalation).

Scientific Linux has updated kernel (SL6: multiple vulnerabilities), kvm (SL5: two vulnerabilities), and qemu-kvm (SL6: privilege escalation).

Slackware has updated bind
(denial of service), gnupg (multiple
vulnerabilities), httpd (multiple
vulnerabilities), libssh (two
vulnerabilities), firefox (multiple
vulnerabilities), thunderbird (multiple
vulnerabilities), mutt (denial of service),
ntp (two vulnerabilities), openssl (multiple vulnerabilities), php (multiple vulnerabilities), ppp (two vulnerabilities), proftpd (unauthenticated copying of files), qt (multiple vulnerabilities), and seamonkey (multiple vulnerabilities).

SUSE has updated mariadb (SLE12: multiple vulnerabilities).

From: LWN

Share

GCC 5.1 released

By corbet Version 5.1 of the GNU Compiler Collection is out. “GCC 5.1 is a
major release containing substantial new functionality not available in GCC
4.9.x or previous GCC releases.
” Some of that new functionality
includes full C++14 language support, quite a few optimization
improvements, partial OpenACC support, OpenMP 4.0 support, an
experimental JIT library, and more; see the changelog for details.

From: LWN

Share

How Tor is building a new Dark Net with help from the U.S. military (The Daily Dot)

By ris The Daily Dot reports
that the Tor project is receiving some funding from the US Defense Advanced
Research Projects Agency (DARPA) to improve Tor’s hidden services. “The Dark Net road map moving forward is ambitious. Tor plans to double the encryption strength of hidden service’s identity key and to allow offline storage for that key, a major security upgrade.

Next-generation hidden services may be run from multiple hosts to better deal with denial of service attacks and high traffic in general, a potentially big power boost that further closes the gap between the Dark Net and normal websites.”

From: LWN

Share

Announcing the release of Fedora 22 Beta

By ris Fedora 22 Beta has been released. It comes in Workstation, Server, and
Cloud editions, as well as several spins. This version replaces yum with
dnf for package management, as discussed in this recent LWN article. The Cloud edition features the
latest versions of rpm-ostree and rpm-ostree-toolbox and introduces the
Atomic command line tool. The Server edition features a new database server
role based on PostgreSQL, an updated Cockpit, and XFS as the default
filesystem. The Workstation product has also seen a number of enhancements
and improvements, including a redesigned GNOME Shell notification system,
transitional Wayland support, and much more.

From: LWN

Share

Tuesday’s security updates

By ris

Arch Linux has updated jdk8-openjdk (multiple vulnerabilities), jre8-openjdk (multiple vulnerabilities), jre8-openjdk-headless (multiple vulnerabilities), and tcpdump (denial of service).

CentOS has updated glibc (C6: two
vulnerabilities).

Debian-LTS has updated python-django-markupfield (information leak).

Red Hat has updated glibc (RHEL6:
two vulnerabilities) and kernel (RHEL6: multiple vulnerabilities).

Scientific Linux has updated glibc (SL6: two vulnerabilities).

SUSE has updated Real Time Linux
Kernel
(SLERTE11 SP3: multiple vulnerabilities).

Ubuntu has updated mysql-5.5
(14.10, 14.04, 12.04: multiple vulnerabilities), openjdk-6 (12.04, 10.04: multiple
vulnerabilities), openjdk-7 (14.10, 14.04:
multiple vulnerabilities), and php5 (14.10,
14.04, 12.04, 10.04: multiple vulnerabilities).

From: LWN

Share