That Linux flaw may be fixed, but what about your containers?

By Katherine Noyes

Countless patching efforts are now under way for the years-old bug discovered in the GNU C Library this week, but organizations that use container technology shouldn’t relax just yet.

“As patches are being delivered by Linux vendors and community distributions, there’s one glaring issue at play: Who’s fixing containers?” wrote Red Hat’s Gunnar Hellekson, director of product management, and Josh Bressers, security strategist, in a blog post Friday.

To read this article in full or to leave a comment, please click here

From: Network World

Share

Reviewing the Lenovo 11e: A sub-$300 Thinkpad with great Linux support

By Bryan Lunduke

I recently decided I needed a new laptop. Something small. Something inexpensive (sub $300). And, perhaps most importantly, something that ran Linux (without any tweaking) like a champ.

Quickly, I decided to give the Lenovo Thinkpad 11e a try. And, holy moly, am I glad I did.

This glorious little laptop cost me a measly $258 USD (from Amazon.com; Lenovo’s website lists the same, or similar, models at over $500) and came equipped with an Intel Quad-core N2940 1.83GHz CPU, 4GB of RAM (upgradeable to 8GB), a 128GB SSD and an 11.6-inch, 1366×768 screen. It even has a gigabit Ethernet port (something lacking on so many laptops nowadays).

To read this article in full or to leave a comment, please click here

From: Network World

Share

Google discloses serious Linux stack-buffer overflow bug in widely used C library

By Steven Max Patterson

A Google security engineer studying an SSH connection to a host unexpectedly discovered a deeper, darker secret in the GNU C Library (glibc). Google later proved that a bug in this library could be used to remotely execute code and cause a stack-buffer overflow condition. Though most Linux operating systems are protected from such an attack by address space layout randomization (ASLR), Google security engineers were able to circumvent this mitigation method.

SSH is the Linux secure shell that provides an encrypted remote channel for authentication and a command line interface. The glibc library defines the system calls and other basic facilities used by many Linux distributions that C programs use to interact with the OS.

To read this article in full or to leave a comment, please click here

From: Network World

Share

KDE Neon and the value of communication

By Bryan Lunduke

Last week I wrote a little article about something that I felt was a truly terrible idea – the KDE project’s announcement of their own Linux Distro… dubbed “KDE Neon.”

The reaction, by portions of the KDE community, to that article would be best described as “a bit intense.” People were angry with me for writing something that was so negative towards a KDE project. People were angry with the KDE community for allowing such a project to exist. People were… angry.

While everything I wrote in that article was true – based on the information available at the time (including the KDE Neon website itself, the announcement, an interview, and an email from the KDE Board) – there was a large contingency of KDE community members that felt my article was incorrect. So I decided to dig a little deeper.

To read this article in full or to leave a comment, please click here

From: Network World

Share

Use Linux? Stop what you’re doing and apply this patch

By Katherine Noyes

A buffer-overflow vulnerability uncovered Tuesday in the GNU C Library poses a serious threat to countless Linux users.

Dating back to the release of glibc 2.9 in 2008, CVE-2015-7547 is a stack-based buffer overflow bug in the glibc DNS client-side resolver that opens the door to remote code execution when a particular library function is used. Software using the function can be exploited with attacker-controlled domain names, attacker-controlled DNS servers or man-in-the-middle attacks.

Glibc, which was also at the core of the “Ghost” vulnerability found last year, is a C library that defines system calls and other basic functions on Linux systems. Its maintainers had apparently been alerted of the new problem last July, but it’s not clear if any remediation effort was launched at that time.

To read this article in full or to leave a comment, please click here

From: Network World

Share

SCO vs. IBM legal battle over Linux may – finally – be finished

By Jon Gold

A breach-of-contract and copyright lawsuit filed nearly 13 years ago by a successor company to business Linux vendor Caldera International against IBM may be drawing to a close at last, after a U.S. District Court judge issued an order in favor of the latter company earlier this week.

Judge David Nuffer said that all of SCO’s claims against IBM are dismissed, and that briefs for a final legal certification of the judgment would be due Feb. 26, with responses, if necessary, on March 11. Nuffer re-opened the case in 2013.

+ ALSO ON NETWORK WORLD: Data science achieves the ultimate ROI: a craft beer | Retired IT specialist shares inside story of botched National Park Moose project +

To read this article in full or to leave a comment, please click here

From: Network World

Share