Language Selection

English French German Italian Portuguese Spanish

Month of Kernel Bugs: Linux in the lead

Filed under
OS

At this point in time, nine vulnerabilities in operating system kernels have been publicised as part of the Month of Kernel Bugs. Following on July's Month of Browser Bugs initiated by H.D. Moore, a similar project to highlight security vulnerabilities has been announced for November under the title "Month of Kernel Bugs" (MoKB). The project's initiators intend to release one security hole per day for the various operating system kernels. Up until now, fuzzing tools like "fsfuzzer" and "fs-bugs" have been used to turn up the errors.

Three of the publicised holes affect Linux kernel 2.6, two FreeBSD 6.1, two Mac OS X, one Solaris and one Windows. Proof of concept exploits have already been released for seven of the vulnerabilities, demonstrating the problems in the respective kernels.

No patches have been released for any of the vulnerabilities as yet.

Full Story.

More in Tux Machines

Devices: Aaeon, Corvalent, and Renesas Electronics

Red Hat and Servers: India, China, Docker and Kubernetes

GNOME: LVFS and Epiphany

  • Richard Hughes: Shaking the tin for LVFS: Asking for donations!
    Nearly 100 million files are downloaded from the LVFS every month, the majority being metadata to know what updates are available. Although each metadata file is very small it still adds up to over 1TB in transfered bytes per month. Amazon has kindly given the LVFS a 2000 USD per year open source grant which more than covers the hosting costs and any test EC2 instances. I really appreciate the donation from Amazon as it allows us to continue to grow, both with the number of Linux clients connecting every hour, and with the number of firmware files hosted. Before the grant sometimes Red Hat would pay the bandwidth bill, and other times it was just paid out my own pocket, so the grant does mean a lot to me. Amazon seemed very friendly towards this kind of open source shared infrastructure, so kudos to them for that. At the moment the secure part of the LVFS is hosted in a dedicated Scaleway instance, so any additional donations would be spent on paying this small bill and perhaps more importantly buying some (2nd hand?) hardware to include as part of our release-time QA checks.
  • Epiphany 3.28 Development Kicks Off With Safe Browsing, Better Flatpak Handling
    Epiphany 3.27.1 was released a short time ago as the first development release of this web-browser for the GNOME 3.28 cycle. For being early in the development cycle there is already a fair number of improvements with Epiphany 3.27.1. Some of the highlights include Google Safe Browsing support, a new address bar dropdown powered by libdazzle, and improvements to the Flatpak support.
  • Safe Browsing in Epiphany
    I am pleased to announce that Epiphany users will now benefit from a safe browsing support which is capable to detect and alert users whenever they are visiting a potential malicious website. This feature will be shipped in GNOME 3.28, but those who don’t wish to wait that long can go ahead and build Epiphany from master to benefit from it. The safe browsing support is enabled by default in Epiphany, but you can always disable it from the preferences dialog by toggling the checkbox under General -> Web Content -> Try to block dangerous websites.

today's howtos