Language Selection

English French German Italian Portuguese Spanish

OpenBSD and FreeBSD Updates

Filed under
BSD
  • OpenBSD -stable binary packages

    The OpenBSD base system has received binary updates for security and some other important problems in the base OS through syspatch(8) for the last few releases.

    We are pleased to announce that we now also provide selected binary packages for the most recent release. These are built from the -stable ports tree which receives security and a few other important fixes: [...]

  • FreeBSD Around the World

    One of our major goals this year is to increase FreeBSD awareness around the world. I’m excited about upcoming events, like the Linux Foundation’s Open Source Summit, where we are giving a talk on FreeBSD. But first, I wanted to highlight some of the events we’ve attended over the past few months. I have been pretty bad about writing event reports, so I’m summarizing some of them here. It’s a good thing our Marketing Director isn’t local, otherwise she would be camping in our office forcing me to write the reports.

More in Tux Machines

Android Leftovers

Android Leftovers

How App Stores Are Addressing Fragmentation in the Linux Ecosystem

According to DistroWatch, 273 Linux distributions are currently active, with another 56 dormant and 521 discontinued. While some of these have shared underpinnings, it still makes for an extremely varied landscape for companies and developers. It means developers must create multiple versions of their applications to be able to provide their software to all Linux users or just address a fraction of the market. Also, developers require multiple versions of build tools, which inevitably results in significant resource overhead. Desktop application distribution is complex across all operating systems in general; in Linux, this is further compounded by such fragmentation and inter-dependencies both in the packaging and distribution of software. For example, Fedora uses the RPM packaging format, while Debian uses the .deb format. Moreover, packages built for one version of a Linux distribution are often incompatible with other versions of the same distribution and need to be built for each version separately. Read more

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Debian (ansible, faad2, linux-4.9, and thunderbird), Fedora (jbig2dec, libextractor, sphinx, and thunderbird), Mageia (expat, kconfig, mediawiki, nodejs, openldap, poppler, thunderbird, webkit2, and wireguard), openSUSE (buildah, ghostscript, go1.12, libmirage, python-urllib3, rdesktop, and skopeo), SUSE (python-Django), and Ubuntu (exim4, ibus, and Wireshark).

  • Open Source Security Podcast: Episode 161 - Human nature and ad powered open source

    Josh and Kurt start out discussing human nature and how it affects how we view security. A lot of things that look easy are actually really hard. We also talk about the npm library Standard showing command line ads. Are ads part of the future of open source?

  • Skidmap malware drops LKMs on Linux machines to enable cryptojacking, backdoor access

    Researchers have discovered a sophisticated cryptomining program that uses loadable kernel modules (LKMs) to help infiltrate Linux machines, and hides its malicious activity by displaying fake network traffic stats. Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access to any user account in the system, according to Trend Micro threat analysts Augusto Remillano II and Jakub Urbanec in a company blog post today. “Skidmap uses fairly advanced methods to ensure that it and its components remain undetected. For instance, its use of LKM rootkits – given their capability to overwrite or modify parts of the kernel – makes it harder to clean compared to other malware,” the blog post states. “In addition, Skidmap has multiple ways to access affected machines, which allow it to reinfect systems that have been restored or cleaned up.”

  • Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload

    Cryptocurrency-mining malware is still a prevalent threat, as illustrated by our detections of this threat in the first half of 2019. Cybercriminals, too, increasingly explored new platforms and ways to further cash in on their malware — from mobile devices and Unix and Unix-like systems to servers and cloud environments. They also constantly hone their malware’s resilience against detection. Some, for instance, bundle their malware with a watchdog component that ensures that the illicit cryptocurrency mining activities persist in the infected machine, while others, affecting Linux-based systems, utilize an LD_PRELOAD-based userland rootkit to make their components undetectable by system monitoring tools.