Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Linux Format Special and POWER9 Problems

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by CentOS (firefox), Fedora (chromium, microcode_ctl, mingw-libxml2, seamonkey, and xen), openSUSE (slurm_18_08 and tor), Oracle (thunderbird), SUSE (buildah, firefox, go1.14, go1.15, krb5, microcode_ctl, perl-DBI, podman, postgresql12, thunderbird, ucode-intel, wireshark, wpa_supplicant, and xen), and Ubuntu (firefox and phpmyadmin).

  • Cyber insecurity | Linux Format

    Each year we proclaim it’s time to learn how to hack. But why? Jonni always gets angry at the subversion of the term ‘hacking’ and I can understand why. Hacking is fun, as is finding out how systems work and how to get them to do things they were never meant to do.

    With open source and the Linux ecosystem there’s an abundance of hacking fun to be had, and it’s no wonder all the key tools for learning how to hack – and actually hack – are developed and run out of Linux systems.

    For this year’s look at the world of hacking Jonni’s introducing you to the metasploit framework. This is a playground where you can learn, explore and develop hacking skills. It’s usually paired with Kali Linux, and we’re putting these on the Linux Format DVD, which makes a welcome return.

  • IBM POWER9 CPUs Need To Flush Their L1 Cache Between Privilege Boundaries Due To New Bug

    CVE-2020-4788 is now public and it's not good for IBM and their POWER9 processors... This new vulnerability means these IBM processors need to be flushing their L1 data cache between privilege boundaries, similar to other recent CPU nightmares.

    While IBM POWER9 allows speculatively operating on completely validated data in the L1 cache, when it comes to incompletely validated data that bad things can happen. Paired with other side channels, local users could improperly obtain data from the L1 cache.

    CVE-2020-4788 was made public this morning and is now causing all stable Linux kernel series to receive the mitigation that amounts to hundreds of lines of new code. The mitigation is flushing the L1 data cache for IBM POWER9 CPUs across privilege boundaries -- both upon entering the kernel and on user accesses.

More in Tux Machines

Android Leftovers

Devices/Embedded: MiTAC, Raspberry Pi and ESP32/Arduino

  • Fanless Linux embedded system makes a compact IoT gateway

    ICP Germany has recently introduced the MiTAC ME1-8MD series family of compact, fanless Linux embedded systems powered by NXP i.MX 8M processor and designed to be used as IoT gateways, data acquisition and processing systems, and mini servers. Three models have been launched with a choice of dual or quad-core processors, up to 4GB LPDDR4 RAM, and 32GB eMMC flash storage. The embedded computers also come with up to two Ethernet ports, support up to two displays, and include an internal Raspberry Pi compatible 40 pin GPIO header.

  • Official Raspberry Pi 4 case fan adds cooling to Raspberry Pi 4 case

    When the Raspberry Pi Foundation first introduced the Raspberry Pi 4, they claimed the board would work just fine under most cases without a heatsink, and the latter was only really needed under load. That may have been true when using the board in a temperate climate like in the United Kingdom, but then Raspberry Pi 4 met Thailand with some benchmarks results lower than on a Raspberry Pi 3. People using plastic enclosures had even more troubles. It’s only when I installed a heatsink on Raspberry Pi 4 that the board could really shine. The company also provided some firmware optimizations later on to further cool-down the board. But you can only do much with software, and many third-party cooling solutions such as fansinks or metal cases have been introduced for the popular SBC.

  • Pi-oT 2 IoT module adds 24V digital inputs, RS-485, and UPS to Raspberry Pi (Crowdfunding)

    Pi-oT was launched last year as a Raspberry Pi add-ons designed for commercial and industrial IoT automation. It features 5V I/Os, relays, and ADC inputs suitable for light-duty projects and prototyping. The company, called Edge Devices, has now launched an update with Pi-oT 2 adding optional support for 24V digital inputs, RS-485, and an uninterruptible power supply (UPS).

  • M5Paper ESP32 IoT development kit features a 4.7-inch e-Ink touchscreen display

    M5Stack has just launched its unique and latest core device with a touchscreen e-Ink display. M5Paper ESP32 IoT Development Kit is a fully programmable microcontroller-based platform that can be an ideal choice for your IoT applications. This low-power device could suit such purposes as an industrial controller or smart weather display.

today's howtos

  • Enable Timestamp For History Command In Fish Shell - OSTechNix

    Whenever a command is entered in the terminal, it will be saved at the end of the history file in Linux. You can easily retrieve these commands at any time using history command. The shell is also tracking the timestamp of all command entries, so that we can easily find when a specific command is executed. We already have shown you how to enable timestamp in Bash and Zsh shells. Today we will see how to enable timestamp for history command in Fish shell in Linux. In addition, we will also learn how to create a simple function to show the date and time stamps in history command output in fish shell.

  • Linux: How To Encrypt And Decrypt Files With A Password
  • How to convert pdf to image on Linux command line - nixCraft

    I have many PDF files, and I need to convert them to a png file format, add a border to those images, and convert back all those images to pdf format. How can I convert pdf to image format on Linux and vice versa using the CLI?

  • How To Install PHP 8 on Ubuntu 20.04 LTS - idroot

    In this tutorial, we will show you how to install PHP 8 on Ubuntu 20.04 LTS. For those of you who didn’t know, PHP (recursive acronym for PHP: Hypertext Preprocessor) is a popular server scripting language known for creating dynamic and interactive Web pages. PHP is a widely-used programming language on the Web. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation of PHP 8 on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian based distribution like Linux Mint.

  • How to Restrict WordPress Site Access - Anto Online

    A lot of the time, you need to restrict access to various users on your website. Whether you’re cordoning premium content, sensitive pages, or content targeted to specific individuals, there are various ways you can restrict user access easily and effectively on your WordPress website. The easiest method is using plugins that you can just download and link with your website. If you have coding skills, you can also edit various functions to achieve the same thing. We shall also take a look at how you can restrict site managers with various levels of access. Whatever kind of site restrictions you need to accomplish, stick with us and we will help you do it.

Linux Kernel: Greg Kroah-Hartman's Talk and Panics

  • Greg Kroah-Hartman: Lessons for Developers from 20 Years of Linux Kernel Work [Ed: "The Linux Foundation is a sponsor of The New Stack" for the latter to write puff pieces such as these, so it's basically marketing]
  • Greg Kroah-Hartman: 'Don't Make Users Mad'

    Kroah-Hartman explains that one of Linus Torvalds' most deeply-held convictions: don't break userspace. "Other operating systems have this rule as well — it's a very solid rule — because we always want you to upgrade. And we want you to upgrade without worrying about it. We don't want you to feel scared. If you see a new release, and we say, 'Hey, this fixes a bunch of problems,' we don't want you to feel worried about taking that. That's really really important — especially with security...." If you do make a change, make sure there truly is a compelling reason. "You have to provide enough reason and enough goodness to force somebody to take the time to learn to do something else. That's very rare." His example of this was systemd, which unified a variety of service configurations and initialization processes. "They did it right. They provided all the functionality, they solved a real problem that was there. They unified all these existing tools and problems in such a way that it was just so much better to use, and it provided enough impetus that everybody was willing to do the work to modify their own stuff and move to the new model. It worked. People still complain about it, but it worked. Everybody switched... It works well. It solves a real problem. "That was an example of how you can provide a compelling reason to move on — and make the change."

  • What to do in case of a Linux kernel panic

    Linux is used everywhere in the IT world. You've probably used Linux today, even if you didn't realize it. If you have learned anything about Linux, then you know it is indeed a kernel. The kernel is the primary unit of the Linux operating system (OS) and is responsible for communications between a computer's hardware and its processes. In this article, you will learn about one situation related to the Linux kernel: The kernel panic. The term itself can make you panic, but if you have the proper knowledge, then you can remain calm. Every system admin faces this issue at least once in their career, but reinstalling the system is not the first solution you should turn to. [...] Now, anytime you see a kernel panic error, you will definitely not panic because you know why this error occurred and how to resolve it. This article covers one of the common Linux boot problems: kernel panic. There are so many other potential boot problems that can occur in Linux, but resolving those issues will become much less of a panic when you gain some advanced knowledge of your system.