Vue normale

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
Aujourd’hui — 28 mars 2024Actualités libres

Samba 4.20.0 released

Par : corbet
28 mars 2024 à 14:19
Version 4.20.0 of the Samba Windows interoperability suite has been released. Changes include better support for group-managed service accounts, an experimental Windows search protocol client, support for conditional access control entries, and more.
Hier — 27 mars 2024Actualités libres

The PostgreSQL community mourns Simon Riggs

Par : corbet
27 mars 2024 à 15:51
The PostgreSQL community is dealing with the loss of Simon Riggs, who passed away on March 26:

Simon was responsible for many of the enterprise features we find in PostgreSQL today, including point in time recovery, hot standby, and synchronous replication. He was the founder of 2ndQuadrant which employed many of the PostgreSQL developers, later becoming part of EDB where he worked as a Postgres Fellow until his retirement. He was responsible for the UK PostgreSQL conferences for many years until he passed that responsibility to PostgreSQL Europe last year.
À partir d’avant-hierActualités libres

[$] The rest of the 6.9 merge window

Par : corbet
25 mars 2024 à 16:08
The 6.9-rc1 kernel prepatch was released on March 24, closing the merge window for this development cycle. By that time, 12,435 non-merge changesets had been merged into the mainline, making for a less-busy merge window than the last couple of kernel releases (but similar to the 12,492 seen for 6.5). Well over 7,000 of those changes were merged after the first-half merge-window summary was written, meaning that the latter part of the merge window brought many more interesting changes.

Emacs 29.3 released

Par : corbet
25 mars 2024 à 11:11
Version 29.3 of the Emacs editor has been released:

Emacs 29.3 is an emergency bugfix release; it includes no new features except a small number of changes intended to resolve security vulnerabilities uncovered in Emacs 29.2.

Those vulnerabilities mostly have to do with executing untrusted Lisp code; see the NEWS file for a bit more information.

[$] Hardening the kernel against heap-spraying attacks

Par : corbet
21 mars 2024 à 15:07
While a programming error in the kernel may be subject to direct exploitation, usually a more roundabout approach is required to take advantage of a security bug. One popular approach for those wishing to take advantage of vulnerabilities is heap spraying, and it has often been employed to compromise the kernel. In the future, though, heap-spraying attacks may be a bit harder to pull off, thanks to the "dedicated bucket allocator" proposed by Kees Cook.

Redis is no longer free software

Par : corbet
21 mars 2024 à 07:33
The Redis in-memory database system has had its license changed to either the Redis Source Available License or the Server Side Public License (covered here in 2018); neither license qualifies as free software.

Under the new license, cloud service providers hosting Redis offerings will no longer be permitted to use the source code of Redis free of charge. For example, cloud service providers will be able to deliver Redis 7.4 only after agreeing to licensing terms with Redis, the maintainers of the Redis code.

Distributors like Fedora are already looking at removing Redis as a consequence. (Thanks to Emmanuel Seyman).

The "Nova" driver for NVIDIA chipsets

Par : corbet
21 mars 2024 à 07:10
Danilo Krummrich has announced the existence of the "Nova" project within Red Hat.

We just started to work on Nova, a Rust-based GSP-only driver for Nvidia GPUs. Nova, in the long term, is intended to serve as the successor of Nouveau for GSP-firmware-based GPUs.

With Nova we see the chance to significantly decrease the complexity of the driver compared to Nouveau for mainly two reasons. First, Nouveau's historic architecture, especially around nvif/nvkm, is rather complicated and inflexible and requires major rework to solve certain problems (such as locking hierarchy in VMM / MMU code for VM_BIND currently being solved with a workaround) and second, with a GSP-only driver there is no need to maintain compatibility with pre-GSP code.

Besides that, we also want to take the chance to contribute to the Rust efforts in the kernel and benefit from from more memory safety offered by the Rust programming language.

Given that the effort has just begun, it will be a while before this driver shows up in a distribution release.

GNOME 46 released

Par : corbet
20 mars 2024 à 21:07
Version 46 of the GNOME desktop has been released. "GNOME 46 is code-named 'Kathmandu', in recognition of the amazing work done by the organizers of GNOME.Asia 2023." Significant changes include a new global search feature, enhancements to the Files app, improved remote login support, and more.

Security updates for Tuesday

Par : corbet
19 mars 2024 à 16:55
Security updates have been issued by Debian (cacti, postgresql-11, and zfs-linux), Fedora (freeimage, mingw-expat, and mingw-freeimage), Mageia (apache-mod_security-crs, expat, and multipath-tools), Oracle (.NET 7.0 and kernel), Red Hat (kernel, kernel-rt, and kpatch-patch), and Ubuntu (bash, kernel, linux, linux-aws, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, and vim).

Man Yue Mo: Gaining kernel code execution on an MTE-enabled Pixel 8

Par : corbet
19 mars 2024 à 13:39
Man Yue Mo explains how to compromise a Pixel 8 phone even when the Arm memory-tagging extension is in use, by taking advantage of the Mali GPU.

So, by using the GPU to access physical addresses directly, I'm able to completely bypass the protection that MTE offers. Ultimately, there is no memory safe code in the code that manages memory accesses. At some point, physical addresses will have to be used directly to access memory.

[$] Toward a real "too small to fail" rule

Par : corbet
18 mars 2024 à 15:17
Kernel developers have long been told that any attempt to allocate memory might fail, so their code must be prepared for memory to be unavailable. Informally, though, the kernel's memory-management subsystem implements a policy whereby requests below a certain size will not fail (in process context, at least), regardless of how tight memory may be. A recent discussion on the linux-mm list has looked at the idea of making the "too small to fail" rule a policy that developers can rely on.

[$] A new filesystem for pidfds

Par : corbet
13 mars 2024 à 08:20
The pidfd abstraction is a Linux-specific way of referring to processes that avoids the race conditions inherent in Unix process ID numbers. Since a pidfd is a file descriptor, it needs a filesystem to implement the usual operations performed on files. As the use of pidfds has grown, they have stressed the limits of the simple filesystem that was created for them. Christian Brauner has created a new filesystem for pidfds that seems likely to debut in the 6.9 kernel, but it ran into a little bump along the way, demonstrating that things you cannot see can still hurt you.

Today's hardware vulnerability: register file data sampling

Par : corbet
12 mars 2024 à 20:38
The mainline kernel has just received a set of commits addressing the "register file data sampling" hardware vulnerability.

RFDS may allow a malicious actor to infer data values previously used in floating point registers, vector registers, or integer registers. RFDS does not provide the ability to choose which data is inferred

Only Atom cores are affected, but those cores can be found inside a number of processors. See this documentation commit for more information.

❌
❌