Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• A new privilege escalation vulnerability in the Linux kernel — The vulnerability consists of a stack buffer overflow due to an integer underflow vulnerability inside the nft_payload_copy_vlan function, which is invoked with nft_payload expressions as long as a VLAN tag is present in the current skb.
• netfilter: nft_payload: add C-VLAN support · torvalds/linux@f6ae9f1
• CVE-2023-0179
• CVE-2023-0179- Red Hat Customer Portal
• [net,3/3] netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits - Patchwork
• oss-sec: Re: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup
• libvirt 9.0 Released For Latest Linux Virtualization API — Libvirt 9.0 adds support for external snapshot deletion with QEMU using its existing API, libvirt 9.0 with QEMU now supports PASST as "Plug A Simple Socket Transport" for connecting an emulated network device to the host's network, QEMU external back-end support for SWTPM as a software Trusted Platform Module (TPM), support for passing file descriptors rather than passing files for the QEMU disk, and other additions.
• JFS Filesystem’s Days are Numbered — IBM developed the JFS file-system originally in the 90's for AIX and the second-generation implementation then ported to Linux after it was made open-source.
• Firefox 109.0 Ships Manifest Version 3 — Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button.
• Here’s what’s going on in the world of extensions
• Manage your extensions using the extensions button in the toolbar
• Manifest v3 signing available November 21 on Firefox Nightly
• Google delays start of Manifest V2 Chrome extension deprecation — The original plan called for Chrome Beta, Dev, and Canary builds to start experiments that turned off Manifest V2 extension support. Additionally, Manifest V3 would be required to get the “Featured” badge in the Chrome Web Store. 
• Firefox 109 Adds New Extensions Button, Manifest V3 Support — The biggest new feature is the new Unified Extensions button in the toolbar.
• Chrome’s “Manifest V3” plan to limit ad-blocking extensions is delayed
• Chrome Users Beware: Manifest V3 is Deceitful and Threatening — Manifest V3, or Mv3 for short, is outright harmful to privacy efforts. It will restrict the capabilities of web extensions

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• Apple GPU drivers now in Asahi Linux — We’ve been working hard over the past two years to bring this new driver to everyone, and we’re really proud to finally be here. This is still an alpha driver, but it’s already good enough to run a smooth desktop experience and some games
• Asahi Linux Enables Early Apple GPU Driver Support - WIP OpenGL 2.1 + GLES 2.0
• Apple Silicon CPUFreq Driver Heading To Linux 6.2 — Sent in yesterday were the Arm CPUFreq updates to queue in the Linux power management tree ahead of the Linux 6.2 merge window.
• [GIT PULL] cpufreq/arm updates for 6.2 - Viresh Kumar
• Floppy Driver Update Ready For Linux 6.2 — This memory leak with the floppy disk driver has been in the mainline kernel since Linux 5.11
• Android memory safety vulnerabilities declined as Rust usage grew — Specifically, the number of annual memory safety vulnerabilities fell from 223 to 85 between 2019 and 2022. They are now 35% of Android’s total vulnerabilities versus 76% four years ago. In fact, “2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.”
• Google says Android runs better when covered in Rust
• Fedora 38 Cleared To Produce “Mobility Phosh” Spins — The Fedora Engineering and Steering Committee (FESCo) has provided their blessing to begin creating new x86_64 and AArch64 ISO images for mobile devices that feature the Phosh Wayland compositor.
• Ping bug potentially allows remote hack of FreeBSD systemsSecurity Affairs — A remote attacker can trigger the vulnerability, causing the ping program to crash and potentially leading to remote code execution in ping.
• D-Installer needs your help — Today we published a new prototype of D-Installer, fixing several bugs reported by early testers and improving the usage experience in some areas like the configuration of passwords and users. But beyond those improvements, a couple of new features deserve some attention.
• Bug 1205938 – D-Installer - Slowness initialization on real hardware
• GitHub - yast/d-installer: A service-based Linux installer
• openSUSE’s D-Installer Adds LVM & Full Disk Encryption Configuration

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• OpenSSL 3.0.7 Released Fixing Critical Flaw — Today we published an advisory about CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”).
• OpenSSL version 3.0.7 published
• /news/openssl-3.0-notes.html
• Fedora 37 Release Delayed To Mid-November Over Critical OpenSSL Vulnerability
• Linux 6.2 Power-Savings While Idle Or Lightly Loaded — The short story for Linux end-users is the Lazy RCU work can provide 5~10% power-savings for idle or lightly-loaded systems by this lazy/batching functionality.
• Linux 6.2 Picking Up Mainline Support For Apple M1 Pro/Max/Ultra Hardware — This gets the high-end Mac Studio systems with those premium SoCs now compatible with the mainline kernel.
• Hector's Deleted Tweet — I'm getting tired of arguing with kernel maintainers. The other day I spent 6 hours arguing on IRC about what should've been a 30 minute fix patch.
• Hector Martin on Twitter Follow Up Tweet — Like dude, if you aren't going to step into my world and actually understand what I'm trying to do here, just suck it up and ack my patch. It is not my job to drag you kicking and screaming until you either give up or have a lightbulb moment.
• Seems some Kernel Maintainers Noticed the Twitter Rant — Well they saw my tweets and apparently didn't like them 🤷‍♂️
• Bcachefs Rolling Out New Allocator, Performance Continues Improving — Bcachefs developer Kent Overstreet on Friday published a new status update on this original file-system born out of Linux's block cache (BCache) code.
• FreeBSD Re-Introduces WireGuard Support Into Its Kernel — As of Friday, a new WireGuard driver implementation has been re-introduced with many fixes/improvements over the code state from 2020.
• Open Letter to Gitea - Restoring Trust in the Gitea Project — This unfortunately concludes the Gitea Open Letter has failed and there is no alternative but forking the project under a new name, with a healthy democratic governance.