Security: Updates, Containers, Compilers and More
-
Security updates for Wednesday
-
Containers pose security risks, but mitigation isn't tough: Lees
Recent concerns over the security offered by containers are not unjustified, the chief technologist for Germany-based SUSE in the Asia-Pacific says, adding however that there are a lot of operational things that could be done to mitigate the risk.
Peter Lees told iTWire in response to queries that the whole point of containers was to be able to get new functionality out quickly. "And in modern development that often means gluing together micro-services from many different sources, which in turn could mean that the ultimate source of those functions may not have been vetted," he said.
Container security was in the limelight in April when the credentials of some 190,000 account holders at Docker Hub, the official repository for Docker container images, were exposed due to "a brief moment of unauthorised access".
-
Ubuntu 19.10 To Harden Its Compiler With Stack Clash Protection & Intel CET
In addition to discontinuing i386 support, Canonical announced another change being worked on for Ubuntu 19.10 is compiler hardening.
In the name of increased security, their GCC 9 compiler for Ubuntu 19.10 will have some additional tunables enabled: -fstack-clash-protection and -fcf-protection.
The stack clash protection is designed to fend off stack clash attacks by checking pages at allocation-time that instead would result in ideally just a segmentation fault.
-
What Red Hat OpenShift Online and OpenShift Dedicated customers should know about June 2019 kernel network stack flaws
-
Netflix Finds Bug That Creates Linux Kernel Panic
-
Docker Is Porting Its Container Platform to Microsoft Windows Subsystem for Linux 2, Ubuntu 19.10 Will Drop 32-Bit Builds, Children of Morta Still Coming to Linux and Vulnerabilities Discovered in the Linux TCP System
Security researchers over at Netflix uncovered some troubling security vulnerabilities inside the Linux (and FreeBSD) TCP subsystem, the worst of which is being called SACK. It can permit remote attackers to induce a kernel panic from within your Linux operating system. Patches are available for affected Linux distributions.
- Login or register to post comments
- Printer-friendly version
- 1890 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago