F26 Live Respins Test Builds available, *** Call for additional testers ***

With the recent public release of Fedora 26, we in the Respins SIG, have begun testing of Fedora 26 builds.  These test builds include:

Cinnamon (CINN)

KDE (KDE)

LXDE (LXDE)

LXQT (LXQT) — New addition with Fedora 26, additional/heavy testing requested.

MATE (MATE)

Sugar On A Stick (SOAS) – Educational spin, tailored to youth and those with cognitive problems, (i.e. rehab after a stroke)

Gnome Workstation (WORK)

XFCE (XFCE)

Please grab the ISOs from [ http://de.fspin.org/Testing/ ] or  [ http://tx.fspin.org/Testing/ ]. If you happen to see multiple runs there unless otherwise asked to, test the newest date run.

 

It is planned to have any build issues worked out by mid-August and by the start of Fall term having Official 26 Respins replace the present 25 builds.

For any questions, feel free to join us on IRC, [ ircs://irc.chat.freenode.net/#fedora-respins ].

 

 

 

 

 

 

Advertisements

Dirty Cow: Privilege Escalation Exploit, Linux Kernel

Okay so likely have heard about this, if you like me use Linux daily, in your college, professional or hobbyist life but like what the heck is it really?

To paraphrase from the initial disclosure docs:

the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory

So exactly what does all that mean?  It means your web facing servers and even Androids have a big time issue with multi tasking in a sense.  This bug allows for what is called a ‘race condition’  which as you may have guessed makes for a first one in wins scenario.  The bad part is that that allows the kernel to be tricked into mapping a new ‘page’  (a coding term for the memory allocation) without fully un-allocating or ‘unlocking’  the previous one. This in turn allows for a bad memory page to get into a root-owned (the almighty full system admin) which is bad news.  The process that is overwritten or bypassed is called Copy-On-Write  (hence the COW part of the name) and being that the race condition is executed by using and triggering dirty paging within or  in an effort to gain privileged access its been Dubbed Dirty CoW.  If you feel so inclined to read the much more technical details feel free to read up on CVE 2016-5195

New Malware for Windows targets firefox users.

Below is an image of the new malware attempting to get  Windows users of Firefox to install a drive-by malware labeled by  Windows Defender as  Trojan:Kovtar.

 

Valid versions of  Firefox for windows are:

Stable: 47.0.1 available  @ https://firefox.com

Beta: 48.0.b5  available @ https://www.mozilla.org/en-US/firefox/channel/

Nightly: 50.0.a1 available @ https://nightly.mozilla.org/

For any questions about using any or the validity of your version free free to visit:

SUMO (SUpport MOzilla)

Mozilla IRC network   in channels #firefox or #sumo

DC area Developer? Emerging Tech your thing?

Well then Let’s see you come out to  DevIgnition 2016  over at the AoL Campus in Dulles,Va on Apr 29th.

Not sure if you are up for the topics? Have a look at Last year’s Elephant Talks

DevIgnition 2016 – Apr 29 2016 $30

Git clients & servers need checked. Pre-2.7 bugs.

Courtesy of Laël Cellier we are now aware of  several rather nasty  bugs in  git versions 1.7 -1.9, even tho they were patched in 2.7  (released back in Feb, rather quietly  I may add).  The bugs stem mostly form  signed vs. unsigned  integers in a strcopy function path_name()….  okay so now in layman’s terms what the heck does all that mean?

Essentially  when you have a really long  filename or  repo using files with long names using a older version of  git,  there runs a verifiable risk that you run into what is know as a heap_overwrite   aka  100%+ of  container.

 

Source:  git-server-client bugs