Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • FreeBSD Security Advisory FreeBSD-SA-20:19.unbound
  • GCC Compiler Lands Mitigation For Arm's Straight Line Speculation Vulnerability

    It took a month after Arm disclosed the CPU "SLS" vulnerability and when the LLVM compiler landed their initial mitigation, but the GNU Compiler Collection (GCC) now has mitigations as well for this Straight Line Speculation vulnerability.

    The Straight Line Speculation vulnerability could lead to instructions on ARMv8 processors being executed following a change in control flow. Mitigating SLS involves using SB instructions for a speculation barrier following vulnerable instructions.

  • Security updates for Thursday

    Security updates have been issued by CentOS (firefox), Debian (ffmpeg, fwupd, ruby2.5, and shiro), Fedora (freerdp, gssdp, gupnp, mingw-pcre2, remmina, and xrdp), openSUSE (chocolate-doom), Oracle (firefox and kernel), and Ubuntu (linux, linux-lts-xenial, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon and thunderbird).

  • Mozilla Security Blog: Reducing TLS Certificate Lifespans to 398 Days

    We intend to update Mozilla’s Root Store Policy to reduce the maximum lifetime of TLS certificates from 825 days to 398 days, with the aim of protecting our user’s HTTPS connections. Many reasons for reducing the lifetime of certificates have been provided and summarized in the CA/Browser Forum’s Ballot SC22. Here are Mozilla’s top three reasons for supporting this change.

More in Tux Machines

Cosmo Communicator Review: the dual boot pocket PC phone

Around the turn of the century, smartphones came in many clever and innovative shapes and sizes. For about 10 years, we lost that innovation to rectangular touch screen slabs, but now some of that innovation is coming back. The Cosmo Communicator is a good example. It’s an Android smartphone with a real physical keyboard, a clam-shell hinge to open it up, and an external screen. It even allows you to partition the storage area and install full Linux for a dual boot experience. The Cosmo Communicator is 171.4mm long, 79.3mm wide, and 17.3mm thick. It’s not a small device. The weight is 326g, so it’s not light either. It’s got a 4220mAh battery with fast charging, 5.99″ FHD 2160×1080 pixel main display, 1.91″ external OLED touch display, 24Mp external camera with LED flash, and 5Mp front-facing video call camera. It supports all of the GSM, CDMA, and 4G LTE radios and is also available in a Verizon version or Japan version for those different frequencies. You’ve got dual nano-SIM card slots and eSIM support as well. It comes with Android 9.0 installed, but now with recent updates, we can also install a special version of Debian Linux. Sailfish might work too. Read more

Games: DRAG, Valve Index kit and Inscryption

  • DRAG | Linux Gaming | Ubuntu 20.04 | Native

    DRAG running natively through Linux.

  • Sci-fi racer with fancy 4-point physics 'DRAG' is now in Early Access

    Orontes Games have finally unleashed DRAG, their sci-fi racer with advanced 4-point physics into Early Access. Note: key provided to GOL by the developer. Introducing what they say is a "new kind of vehicle-physics", their 4-way contact point traction technology (or 4CPT-technology for short) simulates every component of the vehicles in real time. The result is supposed to give you "realistic, dynamic" behaviour with a full damage model, so expect to see wheels flying across your screen when in multiplayer.

  • My experiences of Valve's VR on Linux

    As the proud and excited owner of a shiny new Valve Index kit to go with my almost-new all-AMD rig, I thought I’d outline the journey to getting it all working, exclusively on Linux. Now bear in mind that I’m not amazingly Linux-savvy. I’ve been using it since the early 2000’s, sure, and full time, exclusively, since 2013, but I’m not very interested in learning the guts of this stuff. I’m extremely technical as a network nerd, but my O/S is just a tool to let me run cool things. I want to be a “normal” consumer of that O/S and if things don’t work out of the box, I take a dim view of it and I don’t have a lot of patience for terminal hacks or “compiling my own kernel”.

  • Inscryption from the developer of Pony Island has a new trailer

    Inscryption from Daniel Mullins Games (Pony Island, The Hex) sounds absolutely wild and it's got a brand new trailer but we've got quite some time to wait on it. Based upon the title Sacrifices Must Be Made, which Mullins made for the Ludum Dare 43 Game Jam, Inscryption is described as an "inky black card-based odyssey that blends the deckbuilding roguelike, escape-room style puzzles, and psychological horror into a blood-laced smoothie".

LibreOffice 7.0: A week in stats

One week ago, we announced LibreOffice 7.0, our brand new major release. It’s packed with new features, and has many improvements to compatibility and performance too. So, what has happened in the week since the announcement? Let’s check out some stats… These are just stats for our official downloads page, of course – some Linux users will have acquired the new release via their distribution’s package repositories. Read more Also: LibreOffice 7.0 Is Already Approaching A Half-Million Downloads

LibreELEC (Leia) 9.2.4

LibreELEC 9.2.4 (Leia) has arrived based upon Kodi v18.8. Changes since 9.2.3: firmware fixes for RPi (fixes booting issues) Kodi 18.8 Kodi 19 Matrix: We have currently no plans yet to create an official Alpha release of LE10 with the Alpha version of Kodi 19. Due the drawn out release cycle of Kodi and the experiences from the past few years we are waiting a bit longer to avoid major problems. Nightly builds could be downloaded like usual, that includes the latest unstable development snapshot of LE10/Kodi19. Read more