Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.

Support Linux Action News

Links:

• Element suspended on Google Play Store — At 2021-01-29 at 21:35 UTC Google suspended Element from the Play Store without warning or notification
• Element sees fivefold increase in signups after Whatsapp privacy debacle — After Whatsapp’s announcement, rival app Telegram reported a 500% increase in users and Signal saw an 18-fold increase in download numbers, putting it on track to cross 1m new users each day.
• Element team waiting hours — Update: we’re still waiting for a response from Google to our explanatory mail sent ~8 hours ago. Thanks all for your patience while we get this sorted...
• New Linux SUDO flaw lets local users gain root privileges — The issue is a heap-based buffer overflow exploitable by any local user (normal users and system users, listed in the sudoers file or not), with attackers not being required to know the user's password to successfully exploit the flaw. The vulnerability was introduced in the Sudo program almost 9 years ago, in July 2011.
• 10-year-old Sudo bug lets Linux users gain root-level access
• Buffer overflow in command line unescaping
• Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156) - Help Net Security — "This vulnerability is perhaps the most significant sudo vulnerability in recent memory (both in terms of scope and impact) and has been hiding in plain sight for nearly 10 years."
• New Linux Kernel Vulnerabilities Patched in All Supported Ubuntu Releases
• Mitre - CVE-2020-28374
• Red Hat Customer Portal: CVE-2020-28374
• Debian: CVE-2020-28374
• Ubuntu: CVE-2020-28374
• The killing of CentOS Linux: ‘The CentOS board doesn’t get to decide what Red Hat engineering teams do’ — Brian Exelbierd, responsible for Red Hat liaison with the CentOS project and a board member of that project, has told The Register that CentOS Linux is ending because Red Hat simply refused to invest in it.
• Rocky Linux gets a new sponsor—Gregory Kurtzer’s startup, Ctrl IQ — Rocky Linux is to be a beneficiary of Ctrl IQ's revenue, not its source—the company describes itself in its announcement as the suppliers of a "full technology stack integrating key capabilities of enterprise, hyper-scale, cloud and high-performance computing."
• Linux maintainer says long-term support for 5.10 will stay at two years unless biz world steps up and actually uses it — Linux kernel maintainer Greg Kroah-Hartman has responded to complaints that the current promise of two years for 5.10 is not enough, explaining that support is not automatic but requires commercial help.
• Rust Game Server One-Click App Linode — A free-for-all battle in a harsh open-world environment.

Plus Mozilla and KaiOS team up to bring the modern web to feature phones, and the surprising way Microsoft is shipping a Linux kernel.

Support Linux Action News

Links:

• Firefox 74 arrives with stricter add-on rules, TLS 1.0 and TLS 1.1 disabled — Starting with Firefox 74, users will need to take explicit action to install the extensions they want, and will be able to remove previously sideloaded extensions when they want to.
• Introducing GNOME 3.36: “Gresik” — GNOME 3.36 is the latest version of GNOME 3, and is the result of 6 months’ hard work by the GNOME community. It contains major new features, such as new login and unlock experience, and a dedicated app for managing extensions.
• GNOME 3.36 Released with New Lock Screen, Better Performance — Six months of development later and the official GNOME 3.36 release is finally here, with source code available to download from the usual places.
• Announcing Bottlerocket — Bottlerocket comes with a single-step update mechanism and includes only the essential software to run containers. These properties enable customers to use container orchestrators to manage OS updates with minimal disruptions, enabling better uptime for containerized applications and lower operational cost.
• Docker: Helping You and Your Development Team Build and Ship Faster — How are we going to do this? By focusing on developer experience through Docker Desktop, partnering with the ecosystem, and making Docker Hub the nexus for all the integrations, configuration, and management of the application components which constitute your apps and microservices.
• VMware Announces Expanded Portfolio of Products and Services to Help Customers Modernize Applications and Infrastructure — Tanzu, first introduced at the VMworld event in August 2019, is a portfolio of products centered on K8s. Also announced was vSphere 7, newly rearchitected using Kubernetes, and optimized to run both modern container-based and traditional virtual machine-based workloads.
• KaiOS Technologies and Mozilla partner to enable a healthy mobile internet for everyone — This partnership bolsters the security and performance of KaiOS-enabled smart feature phones, as well as the platform’s developer tools, security, and available functions, including better Progressive Web App and WebAssembly support.
• Magisk may no longer be able to hide bootloader unlocking from apps — Users have noticed that their bootloader-unlocked devices are failing SafetyNet’s Basic Integrity check even though they used Magisk to patch the boot image. According to Magisk creator John Wu, this is because Google may have implemented hardware-level key attestation to verify that the boot image has not been tampered with.
• Kernels for WSL2 will come from Windows Update — WSL2 will soon be officially available as part of Windows 10, version 2004! As we get ready for general availability, we want to share one additional change: updating how the Linux kernel inside of WSL2 is installed and serviced on your machine.