Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• Announcing KataOS and Sparrow — Our team in Google Research has set out to solve this problem by building a provably secure platform that's optimized for embedded devices that run ML applications.
• Google launches KataOS
• Google Announces KataOS As Security-Focused OS, Leveraging Rust & seL4 Microkernel
• Some remotely exploitable kernel WiFi vulnerabilities — It would appear that there is a set of memory-related vulnerabilities in the kernel's WiFi stack that can be exploited over the air via malicious packets; five CVE numbers have been assigned to the set.
• Linux Gets Patched For WiFi Vulnerabilities That Can Be Exploited By Malicious Packets - Phoronix
• Firefox 106 Brings Improved WebRTC - Better Screen Sharing On Wayland — Firefox 106 upgrades its WebRTC capabilities to now make use of libwebrtc 103.
• impervious.ai — A Suite of Peer-to-Peer Tools for Communications, Data Transport, and Payments, Built Directly Into the Web Browser
• Impervious Ai GitHub
• You’re invited to the Fedora Linux 37 Release Party! — Please register on Hopin and join us on November 4th and 5th for a short program of informational sessions and social activities.
• Fedora Linux 37 Release Party Registration
• Linus Torvalds to Linux devs: Stop pulling all-nighters — "Let me just say that after I got my machine sorted out and caught up with the merge window, I was somewhat frustrated with various late pull requests. I've mentioned this before, but it's _really_ quite annoying to get quite a few pull requests in the last few days of the merge window"
• Linux 6.1 Features Include Initial Rust Code, MGLRU, New AMD CPU Features, More Security
• Linux 6.1 Will Likely Be This Year’s LTS Kernel Release
• Taming the Beast - LUP 480
• Send a Boost — Upgrade to a Podcasting 2.0 compatible app, and send a Boost and enjoy other improvements to your podcasts.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Linux has been bitten by its most high-severity vulnerability in years — Dirty Pipe has the potential to smudge people using Linux and Linux derivitives.
• Catalin Cimpanu on Twitter — “DirtyPipe (CVE-2022-0847) is a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit.
• Ron Amadeo on Twitter — “By my count, Dirty Pipe affects only brand-new Android 12 devices like the Pixel 6 and S22. Linux 5.8 and above has only been an Android option for five months."
• Canonical Patches “Dirty Pipe” Vulnerability in Ubuntu 21.10 and 20.04 LTS
• BLASTY on Twitter: “Hacked up a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary.”
• The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
• AMD Posts Some New Linux Job Openings From Client CPU To Server — AMD would need a lot more Linux engineers to achieve the same level of timely Linux support and low-level kernel enhancements that Intel has been focused on for years, especially when it comes to Intel's open-source work beyond just the actual hardware device enablement.
• Introducing Native Matrix VoIP with Element Call! — What’s more, Element Call is built entirely on Matrix: it doesn’t need any additional servers to get going. You can run it against your existing Matrix homeserver to provide complete self-sovereignty… while still being able to talk to anyone else anywhere on the wider Matrix network! We will also be able to automatically use Matrix’s end-to-end encryption to secure all Element Call conferences
• call.element.io
• https://github.com/vector-im/element-call/issues
• Extending Matrix’s E2EE calls to multiparty
• Danielle Foré on Twitter — Okay it’s been a full month and this situation still isn’t resolved, and it sucks for you to just be completely in the dark and it’s pretty obvious something is up and people are asking what’s going on, so here is my side of the story 🧵
• Danielle gives an update on elementary Reddit Thread
• Jupiter Broadcasting East Coast Meetup