Canonical Patches Kernel Security Vulnerability in Ubuntu 20.10 and 20.04 LTS, Update Now

9to5Linux

Canonical released today a new Linux kernel security update for its Ubuntu 20.10 (Groovy Gorilla) and Ubuntu 20.04 LTS (Focal Fossa) systems to address a single security vulnerability.

The vulnerability (CVE-2021-26708) was discovered by Alexander Popov as multiple race conditions in Linux kernel’s AF_VSOCK implementation, which could allow a local attacker to crash the system by causing a denial of service or run programs as an administrator (root).

This security issue affects all Ubuntu 20.10 and Ubuntu 20.04 LTS systems running the Linux 5.8 kernel on all supported architectures, including 64-bit, Raspberry Pi (V8) systems, OEM systems, cloud environments (KVM), as well as Amazon Web Services (AWS), Google Cloud Platform (GCP), Oracle Cloud, and Microsoft Azure Cloud systems.

Full article

New Debian Buster Linux Kernel Security Update Fixes 11 Vulnerabilities

9to5Linux

The Debian Project released today a new Linux kernel security update for its stable Debian GNU/Linux 10 “Buster” operating system series to address several vulnerabilities and some bugs.

The new Linux kernel update for Debian GNU/Linux 10 is here to fix no less than 11 security vulnerabilities, including CVE-2020-28374, a critical flaw discovered by David Disseldorp in Linux kernel’s LIO SCSI target implementation, allowing a remote attacker with access to at least one iSCSI LUN in a multiple backstore environment to expose sensitive information or modify data.

Same goes for CVE-2020-36158, a buffer overflow flaw discovered in the mwifiex Wi-Fi driver that could allow remote attackers to execute arbitrary code via a long SSID value.

Also fixed in this new Debian kernel security update is CVE-2021-20177, a flaw discovered in Linux kernel’s string matching implementation within a packet, which could allow a privileged user with root or CAP_NET_ADMIN privileges to cause a kernel panic when inserting iptables rules, as well as CVE-2020-27825, a use-after-free flaw found in the ftrace ring buffer resizing logic, which could result in denial of service or information leak.

Two other use-after-free flaws were fixed, namely CVE-2020-29569, discovered by Olivier Benjamin and Pawel Wieczorkiewicz in the Linux kernel through 5.10.1, allowing a misbehaving guest to trigger a dom0 crash by continuously connecting and disconnecting a block frontend, and CVE-2021-3347, discovered in the Linux kernel through 5.10.11 and allowing an unprivileged user to crash the kernel or escalate his/her privileges.

Full article

Mozilla Firefox 85 Is Now Available for Download, This Is What’s New

9to5Linux

The Mozilla Firefox 85 web browser is now available for download, ahead of its official unveiling on January 26th, for all supported platforms, including GNU/Linux, macOS, and Windows.

Firefox 85 has been in development since mid-November 2020 when it entered the Nightly channel and landed in the beta channel on December 15th, when Mozilla released the Firefox 84 web browser as the last release to ship with support for Adobe’s now deprecated Flash Player plugin.

Full article

Tails Anonymous Linux OS Wants to Migrate to Wayland to Improve App Security

9to5Linux

In 2021, the Tails anonymous Linux OS will continue to fight surveillance and censorship by planning to add various improvements and new features that will make the distro more secure and reliable.

Powered by Debian GNU/Linux and the Tor anonymous communication technologies, Tails is the live GNU/Linux distribution you want to use when you’re serious about protecting your anonymity while on the Web. Being a live distro means that you can run it straight from a USB stick without installing anything on your PC.

I think 2020 has been a great year for Tails, with lots of release and achievements, but the development team has much bigger plans for 2021 as they finally want to adopt the next-generation Wayland display system instead of the vulnerable X.Org Server, for their GNOME-based graphical interface.

By migrating to Wayland, the Tails devs hope to make all the apps included in the distribution more secure, as well as to fix some long-standing issues, such as the way Tail’s Unsafe Browser feature can be used to deanonymize you.

Full article

New Ubuntu Linux Kernel Security Updates Fix 14 Vulnerabilities, Patch Now

9to5Linux

Canonical published today new Linux kernel security updates to address a total of 14 security vulnerabilities in all supported Ubuntu Linux releases.

The new Ubuntu kernel patches fix several security issues discovered by various security researchers. Only for Ubuntu 20.10 (Groovy Gorilla) systems, it addresses CVE-2020-12912, a flaw found in Linux kernel’s AMD Running Average Power Limit (RAPL) driver that could allow a local attacker to expose sensitive information, as well as CVE-2020-29534, a security issue discovered by Jann Horn in the io_uring subsystem, which could allow a local attacker to either expose sensitive information or escalate his/her privileges.

For Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS systems, the new Linux kernel updates fix CVE-2020-25656 and CVE-2020-25668, race conditions discovered in Linux kernel’s console keyboard and tty drivers that could allow a local attacker to expose sensitive information (kernel memory), as well as CVE-2020-28974, a flaw discovered by Minh Yuan in Linux kernel’s framebuffer console driver, which could allow a local attacker to either crash the system by causing a denial of service or possibly expose sensitive information (kernel memory).

Full article

LibreOffice 7.0.4 Office Suite Released with More Than 110 Bug Fixes

9to5Linux

The Document Foundation announced today the release and general availability of the LibreOffice 7.0.4 update to their open-source, free, and cross-platform office suite.

Coming about two months after LibreOffice 7.0.3, the LibreOffice 7.0.4 update is packed with a total of 114 bug fixes across all core components of the office suite in an attempt to further improve its stability, reliability and document compatibility. The details on the bug fixes included in this release are available here and here.

The Document Foundation urges all users to update to LibreOffice 7.0.4, even if you’re still using the LibreOffice 6.4 series, which reached end of life on November 30th, 2020, and will no longer receive updates.

This also means that enterprises can now finally adopt the LibreOffice 7.0 series and update their infrastructure of office computers with one of the best free office suites on the market. LibreOffice 7.0 comes with numerous enhancement and new features over LibreOffice 6.4 so the upgrade is worth the effort.

Full article

Mozilla Thunderbird 78.5 Released with More OpenPGP Improvements

9to5Linux

Mozilla Thunderbird 78.5 has been released today as a new maintenance update to the latest 78 series of the open-source and free email client used by numerous GNU/Linux distributions.

Mozilla Thunderbird 78.5 is all about improving the best feature of the 78 series, OpenPGP support, which is now built into the application and enabled by default to let users send encrypted emails.

In this version, OpenPGP gains a new option that let users disable the attaching of the public key to a signed email, improved support for inline PGP messages, as well as a fix for the message security dialog to no longer display unverified keys as unavailable.

Mozilla Thunderbird 78.5 also improves the MailExtensions feature by implementing a new “compose_attachments” context menu item to the Menus API, which was made available on displayed messages. Moreover, the browser.tabs.create function will now wait for the “mail-delayed-startup-finished” event.

Full article

Mozilla Firefox 83 Is Now Available for Download with HTTPS-Only Mode, Improvements

9to5Linux

The Mozilla Firefox 83 web browser is now available for download on Linux, macOS, and Windows systems ahead of its official launch tomorrow, November 17th, 2020.

The biggest new change in the Mozilla Firefox 83 release appears to be a new security feature called HTTPS-Only Mode, which is implemented in Preferences, under the Privacy & Security section. It provides a secure and encrypted connection between your web browser and the websites you visit, even if they don’t use HTTPS.

By default it’s disabled, but when enabled, the HTTPS-Only Mode will upgrade all your website connections to use Secure HTTP (HTTPS). The good news is that it can be used in all windows or only on private windows.

Full article

Ubuntu 20.10 Gets Its First Linux Kernel Security Patch, Update Now

9to5Linux

Canonical published today the very first Linux kernel security patch for the latest Ubuntu 20.10 (Groovy Gorilla) operating system to address two security vulnerabilities.

Released about three weeks ago, Ubuntu 20.10 is the latest version of the popular Linux-based operating system. It ships with the Linux 5.8 kernel series by default, which has now been patched against two recently discovered security vulnerabilities.

The first security vulnerability addressed in this update is CVE-2020-27194, discovered by Simon Scannell in Linux kernel’s bpf verifier, which could allow a local attacker to expose sensitive information (kernel memory) or gain administrative privileges.

The second security flaw is CVE-2020-8694 and was discovered by Andreas Kogler, Catherine Easdon, Claudio Canella, Daniel Gruss, David Oswald, Michael Schwarz, and Moritz Lipp in Linux kernel’s Intel Running Average Power Limit (RAPL) driver. This could allow a local attacker to expose sensitive information.

Full article

Mozilla Thunderbird 78.1 Released with Full OpenPGP Support, Search in Preferences Tab

9to5Linux

Mozilla Thunderbird 78.1 is now rolling out today to all supported platforms as the first point release to the latest major Mozilla Thunderbird 78 release with a bunch of exciting new features.

As you know, Mozilla Thunderbird 78 arrived two weeks ago with many exciting changes, including OpenPGP support, new minimum runtime requirements for Linux systems, DM support for Matrix, a new, centralized Account Hub, Lightning integration, and support for the Red Hat Enterprise Linux 7 operating system series.

Probably the most exciting new feature in Mozilla Thunderbird 78 is support for the OpenPGP open standard of PGP encryption, which lets users send encrypted emails without relying on a third-party add-on. However, OpenPGP support wasn’t feature complete in the Thunderbird 78 release and it was disable by default.

With the Thunderbird 78.1 point release, Mozilla says that OpenPGP support is now feature complete, including the new Key Wizard, the ability to search online for OpenPGP keys, and many other goodies. But it’s still disable by default to allow more time for testing, so you need to enable it manually to take full advantage of the new Thunderbird release.

Apart from the fully featured OpenPGP functionality, the Mozilla Thunderbird 78.1 point release introduces a new search filed in the Preferences tab to help you more easily find the settings you want to modify.

Full article