Arch Linux Security Advisory:jasper multiple vulnerabilities, Ubuntu 12.04 end of life

Arch Linux put a security advisory on March 14 for multiple vulnerabilities found in jasper. The vulnerabilities have been patched. You can update your Arch machine by running;

pacman -Syu “jasper>=2.0.12-1”

For more;
Arch Linux: ASA-201703-9

Ubuntu announces end of life for Precise Pangolin which will be on April 28, 2017. But if you wanted to keep getting security and essential package updates for your Pangolin machines that just can’t be upgraded you can join the Ubuntu Advantage program.
For more;
Ubuntu:12.04 End of Life and Ubuntu Advantage

Google: First SHA1 Collision, Cloudflare Memory Leak Incident Report

At security.googleblog.com they went over the sha-1 collision from last week;
“Hash functions compress large amounts of data into a small message digest. As a cryptographic requirement for wide-spread use, finding two messages that lead to the same digest should be computationally infeasible. Over time however, this requirement can fail due to attacks on the mathematical underpinnings of hash functions or to increases in computational power.

Today, more than 20 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision.”
for more:
security.googleblog

Cloudflare released a report on the memory leak incident from late last week.
In some circumstances, their edge servers were running past the edge of a buffer and returning memory that contained private information such as, HTTP cookies, authentication tokens and more. Cloudflare went on in the report about the fix and details about the issue. For more:
Cloudflare:Incident Report on Memory Leak Caused by Cloudflare Parser Bug

Kernel Vulnerabilities Fixed In Ubuntu, Virgina Supreme Court:License Plate Surveillance, and Supertux Racer on Steam Greenlight

Multiple vulnerabilities have been found in the Ubuntu 16.04 LTS Linux 4.4 kernel. The recent update to 16.04.2 uses the 16.10 (Yakkety) Linux 4.8 kernel. So if you made the jump to 16.04.2 then check this out:
Ubuntu 16.10 Security issue
CVE-2016-9588 Discovered by Jim Mattson and Dmitry Vyukov, a flaw in the kernel’s implementation of KVM.
UbuntuFree:New Ubuntu Vulnerabilities

EFF Reports VA Supreme Court Should Protect Drivers from License Plate Surveillance

You can vote for Supertux Racer now at Steam Greenlight below.
Steam:Supertux Racer

Ubuntu 16.04.2 LTS released, Arch Linux ending i686 support, AnC side-channel attack, and OpenSSL update.

Arch Linux’s February ISO is to be the last release with i686 support, and will only receive updates for the next nine months. According to Archlinux.org it is due to a decreasing lack of popularity among devs and the community. The people at Arch are encouraging anyone still interested to “keep it alive” with some guidance from the Arch team.

Arch:Phasing out i686

Over at Vusec they document a side-channel attack, which can detect which locations in the page table are accessed by the memory management unit. The attack takes advantage of the cache hierarchy of modern processors being shared by untrusted applications. More details in the link below.

Vusec:AnC attack

OpenSSL 1.1.0 updates to 1.1.0e.

OpenSSL:1.1.0e update

Ubuntu releases 16.04.2 LTS.

Ubuntu:16.04.2 released

Happy Holidays!

If you celebrate Christmas, merry late Christmas and happy early New Years, I hope you got everything you wanted 🙂 I picked up an Arduino and Raspberry pi and have been having a good time messing around with those in my spare time.
Maybe I’ll write something up on my adventures with them in the future.



In other news, I started up my computer tutorial youtube channel again, Fingers on the keyboard. Right now I am working on a “Bash to Basics” series going over some basic bash commands and their uses. You can check out the first one here



-gmaus



Hosting for this site is provided by

The SDF Public Access UNIX System