Canonical Outs New Linux Kernel Security Update for Ubuntu 18.04 and 16.04 LTS

Affecting both the Linux 4.15 kernel used in Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04.6 LTS (Xenial Xerus) systems, the new security patch fixed an improperly implemented Spectre mitigation in the ptrace susbsystem (CVE-2019-15902), which could allow a local attacker to expose sensitive information. It also addresses a buffer overread (CVE-2019-15918) discovered that the SMB networking file system implementation, which could allow an attacker to expose sensitive information (kernel memory), two flaws (CVE-2019-15117 and CVE-2019-15118) discovered in the USB audio driver that may allow a physically proximate attacker to crash the system, and a flaw (CVE-2019-14821) in the KVM hypervisor implementation that let a local attacker to crash the system.

Leftovers: MX-19, Versalogic and Security

• MX-19 “patito feo” released!

  We are pleased to offer MX-19 for your use. As usual, this iso includes the latest updates from debian 10.1 (buster), antiX and MX repos.

• Compact Apollo Lake SBC aims sky high

  Versalogic’s Linux-ready, sandwich-style “Harrier” SBC has an Apollo Lake processor and a compact 95 x 55mm footprint, ECC RAM support, and ruggedization features designed for high altitude UAVs. Versalogic announced a Harrier SBC due in Q1 2020 that revises the compact, COM-and-carrier design of its three-year-old, Intel Bay Trail based Osprey, but advances to the newer Intel Apollo Lake. The Osprey is similarly bereft of real-world ports to enable easier real-world deployments in constrained environments.

• Security updates for Tuesday

  Security updates have been issued by CentOS (jss and kernel), Debian (libpcap, openjdk-8, and tcpdump), Fedora (java-11-openjdk), openSUSE (libreoffice), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk, python, and wget), Scientific Linux (java-1.7.0-openjdk), SUSE (ceph, ceph-iscsi, ses-manual_en, dhcp, openconnect, and procps), and Ubuntu (exiv2, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-azure, linux-gcp, linux-gke-5.0, linux-snapdragon, and uw-imap).

• Password lessons: Longer is better, so is salt

  Infosec pros who had no idea of how easily a stolen list of hashed passwords could be cracked got a sobering lesson at this month’s SecTor security conference in Toronto. There, Will Hunt, co-founder of the U.K. based In.security consulting firm, casually talked of systems that can be built around a common (about $1,500) Nvidea GTX 2080 graphics card that could make 100 billion guesses a second in a brute force attack.

Unix Celebrates 50 Years

Today and tomorrow Nokia Bell Labs is hosting a two-day event celebrating 50 years of the Unix operating system, reflecting on Unix’s past and exploring the future of computing. Speakers and panelists include many of the original team that built Unix and designed the C programming language.

Red Hat Leftovers

• How we brought JavaScript to life for Command Line Heroes

  Animators within Red Hat?s Open Studio help bring Command Line Heroes? artwork more to life. All throughout Season 3, they?ve added movement to our episode pages and created eye-catching trailers for social and Red Hat?s YouTube channel. This post highlights their important contributions to the Command Line Heroes? creative process by looking at their work for Episode 3 of Season 4: Creating JavaScript. Also, designer Karen Crowson talks about the easter eggs in that episode?s artwork.

• Red Hat Ceph Storage RGW deployment strategies and sizing guidance

  Starting in Red Hat Ceph Storage 3.0, Red Hat added support for Containerized Storage Daemons (CSD) which allows the software-defined storage components (Ceph MON, OSD, MGR, RGW, etc) to run within containers. CSD avoids the need to have dedicated nodes for storage services thus reducing both CAPEX and OPEX by co-located storage containerized daemons. Ceph-Ansible provides the required mechanism to put resource fencing to each storage container which is useful for running multiple storage daemon containers on one physical node. In this blog post, we will cover strategies to deploy RGW containers and their resource sizing guidance. Before we dive into the performance, let's understand what are the different ways to deploy RGW.

• OpenShift 4.2: New YAML Editor

  Through our built-in YAML editor, users can create and edit resources right in the Red Hat OpenShift Web Console UI. In the latest release, we’ve upgraded our editor to include language server support. What is language server support? The language server support feature uses the OpenAPI schema from Kubernetes to provide content assist inside the YAML editor based on the type of resource you are editing. More specifically, the language server support offers the following capabilities: Improved YAML validation: The new editor provides feedback in context, directing you to the exact line and position that requires attention. Document outlining: Document outlines offer a quick way to navigate your code. Auto completion: While in the editor, language server support will provide you with valid configuration information as you type, allowing you to edit faster. Hover support: Hovering over a property will show a description of the associated schema. Advanced formatting: Format your YAML.