Language Selection

English French German Italian Portuguese Spanish

Security: Bugfixes, Short-Sighted Outsourcing, and SolarWinds

Filed under
  • Microsoft Delivers Fixes for 83 Vulnerabilities in January Security Patch Bundle

    Microsoft released its January security patch bundle on Tuesday, delivering fixes for 83 common vulnerabilities and exposures (CVEs).

    Of that number, 10 CVEs were described as "Critical" by security researchers, while 73 are deemed "Important." One vulnerability (CVE-2021-1647) is known to have been exploited (Microsoft's first "zero day" of the new year), while another (CVE-2021-1648) was described as being publicly known before Tuesday's patch release. A list describing all of the January patches can be found in this Trend Micro Zero Day Initiative post by Justin Childs.

  • Security updates for Wednesday

    Security updates have been issued by Debian (coturn, imagemagick, and spice-vdagent), Fedora (roundcubemail and sympa), Gentoo (asterisk and virtualbox), Oracle (kernel and kernel-container), Red Hat (dotnet3.1, dotnet5.0, and thunderbird), SUSE (crmsh, firefox, hawk2, ImageMagick, kernel, libzypp, zypper, nodejs10, nodejs14, openstack-dashboard, release-notes-suse-openstack-cloud, and tcmu-runner), and Ubuntu (coturn).

  • Alan Pope: null [Ed: Canonical has outsourced its control to Microsoft already. Outsourcing GNU/Linux to Microsoft is a big no-no but part of Microsoft's plan.]

    The Snap Store has a delightful open source web frontend, the source code for which is on GitHub.

  • David A. Wheeler: Preventing Supply Chain Attacks like SolarWinds

    In late 2020, it was revealed that the SolarWinds Orion software, which is in use by numerous US Government agencies and many private organizations, was severely compromised. This was an incredibly dangerous set of supply chain compromises that the information technology community (including the Open Source community) needs to learn from and take action on.

    The US Cybersecurity and Infrastructure Security Agency (CISA) released an alert noting that the SolarWinds Orion software included malicious functionality in March 2020, but it was not detected until December 2020. CISA’s Emergency Directive 21-01 stated that it was being exploited, had a high potential of compromise, and a grave impact on entire organizations when compromised. Indeed, because Orion deployments typically control networks of whole organizations, this is a grave problem. The more people look, the worse it gets. As I write this, it appears that a second and third malware have been identified in Orion.

More in Tux Machines

OpenSUSE: YaST Development Sprint and Digest of YaST Development Sprint

  • Digest of YaST Development Sprint 116

    Let’s start with an installer improvement quite some people was waiting for. Both openSUSE and SUSE Linux Enterprise can use either wicked or NetworkManager to handle the system’s network configuration. Only the former can be fully configured with YaST (which is generally not a problem because there are plenty of tools to configure NetworkManager). Moreover, during the standard installation process, wicked is always used to setup the network of the installer itself. If the user decides to rely on wicked also in the final system, then the configuration of the installer is carried over to it. But, so far, if the user opted to use NetworkManager then the installer configuration was lost and the network of the final system had to be be configured again using NetworkManager this time. Not anymore! That’s not the only installer behavior we have refined based on feedback from our users. In some scenarios, the logic used to decide whether an existing EFI System Partition (ESP) could be reused was getting in the way of those aiming for a fine-grained control of their partitions. That should now be fixed by the changes described in this pull request, that have been already submitted to Tumbleweed and will be part of the upcoming releases (15.3) of both openSUSE Leap and SLE.

  • Session One Meetup Generates Enhancements, Actions

    The first session of the openSUSE Project’s meetup regarding the End of the Year Survey Results on Jan. 23 is already starting produce some actionable items from contributors. The session on openSUSE’s Jitsi instance had engagement from about 20 people from around the globe. Topics discussed in the two-hour session focused on addressing pain points, transferring knowledge and promoting openSUSE projects. Members of the “let’s improve the openSUSE learning experience” shared statics and analysis from the survey and attendees engaged in generating ideas and actions to enhance and improve the above mentioned items.

The 10 Best Linux Server Distributions [2021 Edition]

One of the best things about Linux is the various types of distributions it has to offer. No matter how you plan to use your Linux PC, there’s a Linux distro optimized with all the necessary tools and functionalities to meet your needs. And this brings us to Linux server distributions – Linux distros optimized to be used on servers. These are lightweight Linux distros, sometimes even stripped of a desktop environment, and packed with tools to improve speed, stability, and security – the traits of a good server OS. But with that being said, there are literally hundreds of Linux server distros circulating the internet. So which one should you choose for your home server or even for professional use? Well, to answer your question, we have put together a comprehensive list of the 10 best Linux Server Distributions for 2021. [...] So this brings us to the end of our list of the 10 best Linux server distributions of 2021. We hope this was useful and helped you find the right Linux server distro for your specific needs and requirements. All the server distros come with their own unique advantages and disadvantages, as you can see. If you are completely new, we recommend starting with a Ubuntu server. With time, you’ll understand what features you need and then migrate to a distro that delivers those functionalities. But that being said, this is by no means a comprehensive list of all the best Linux server distros out there. So if your favorite distro didn’t make it up on this list, then feel free to mention it down in the comments along with why you prefer it over the options discussed here. We would surely like to know. Read more

openSUSE "Leap" 15.2 - Any Good?

This is a review I've been wanting to write since forever. Having tried many iterations of SUSE Linux over its long life before, during and after the Novell era, it always left me feeling ambivalent. And I really wanted to like it. The last time I set out to write a review but then canned the idea was for 12.3, when images would work in VMware Player but did not boot on my real hardware. Now THAT is a long time ago and it also means a lot may have changed, hopefully for the better. SUSE is known and often praised for their offering of a highly polished KDE desktop. This is what I will go for in this little experiment. On the download page we can choose between a netinstall image for openSUSE "Leap" approx. 125 MB in size for x86_64 and the full DVD image of 4.3 GB. This is the equivalent of the box set of olden days. Live images are available with the KDE Plasma and Gnome desktops as well as a Rescue Live CD which are all staying under 1 GB in size, but only the rescue image is small enough to burn to CD. All images can be written to USB and DVD. Community maintained ports are also available for ARM, the Raspberry Pi and PPC architectures. Instructions to install or change to "Leap" as well as minimum system requirements are further down the page. Quite a traditional selection really. The web page layout is simple and clear and conveys the most pertinent information right away. Years ago installing from live image was not recommended so the choice here is basically between downloading the entire library or the netinstall image. I decided to go for the netinstall. Not having an installable live image obviously robs us of the test run people have become accustomed to unless we down yet another image just for testing. I decided against that as we can see from the netinstall image whether openSUSE will boot up or not. The rest is just desktop showcasing. I downloaded images for the x86_64 architecture. Read more

Linux Kernel and Linux Foundation

  • Two Powerful SSD Benchmark Utilities for Linux

    The 21st century has seen unprecedented growth in the technological sector, and many upgrades have been made in the past several years. The evolution of phones from landlines to smartphones is a clear indicator of this technological phenomenon. The latter has become a key part of our lives, providing us a means to connect with the world around us. The desktops and laptops that we use today have also seen major progression, and this can be observed in the improvement in the quality of tools and games in the world of computers. One such sector in the computer world is that of memory storage, which has quickly moved on from traditional hard disks to a newer, faster type of storage called a solid-state drive, or SSD for short. SSDs are extremely fast, require less power, and are more shock-resistant than HDDs. You can see this for yourself by benchmarking your SSDs. Benchmarking is the process of measuring the performance of any tool, which can be done using a benchmarking utility. This article looks at two of the best utilities available for SSD benchmarking in the Linux operating system, Disks and hdparm.

  • Radeon ROCm 4.0.1 Released For AMD Open-Source GPU Compute

    Last month marked the release of the big Radeon Open eCosystem 4.0 update (ROCm 4.0) while today that has been replaced by a v4.0.1 point release. ROCm 4.0 brought CDNA / MI100 (Arcturus) compute support and other "Exascale Era" preparations in making this open-source GPU compute stack competitor more competitive with NVIDIA's CUDA. For now though it's still been leaving out the Navi GPU support.

  • Linux Foundation Public Health Joins The Fight Against COVID-19 Pandemic

    Brian Behlendorf is one of the most respected luminaries of the open-source world. He has been heading the Linux Foundation’s Hyperledger project since its inception and recently took over additional responsibilities of the Linux Foundation Public Health.