Tails Anonymous Linux OS Wants to Migrate to Wayland to Improve App Security

9to5Linux

In 2021, the Tails anonymous Linux OS will continue to fight surveillance and censorship by planning to add various improvements and new features that will make the distro more secure and reliable.

Powered by Debian GNU/Linux and the Tor anonymous communication technologies, Tails is the live GNU/Linux distribution you want to use when you’re serious about protecting your anonymity while on the Web. Being a live distro means that you can run it straight from a USB stick without installing anything on your PC.

I think 2020 has been a great year for Tails, with lots of release and achievements, but the development team has much bigger plans for 2021 as they finally want to adopt the next-generation Wayland display system instead of the vulnerable X.Org Server, for their GNOME-based graphical interface.

By migrating to Wayland, the Tails devs hope to make all the apps included in the distribution more secure, as well as to fix some long-standing issues, such as the way Tail’s Unsafe Browser feature can be used to deanonymize you.

Full article

New Ubuntu Linux Kernel Security Updates Fix 14 Vulnerabilities, Patch Now

9to5Linux

Canonical published today new Linux kernel security updates to address a total of 14 security vulnerabilities in all supported Ubuntu Linux releases.

The new Ubuntu kernel patches fix several security issues discovered by various security researchers. Only for Ubuntu 20.10 (Groovy Gorilla) systems, it addresses CVE-2020-12912, a flaw found in Linux kernel’s AMD Running Average Power Limit (RAPL) driver that could allow a local attacker to expose sensitive information, as well as CVE-2020-29534, a security issue discovered by Jann Horn in the io_uring subsystem, which could allow a local attacker to either expose sensitive information or escalate his/her privileges.

For Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS systems, the new Linux kernel updates fix CVE-2020-25656 and CVE-2020-25668, race conditions discovered in Linux kernel’s console keyboard and tty drivers that could allow a local attacker to expose sensitive information (kernel memory), as well as CVE-2020-28974, a flaw discovered by Minh Yuan in Linux kernel’s framebuffer console driver, which could allow a local attacker to either crash the system by causing a denial of service or possibly expose sensitive information (kernel memory).

Full article

LibreOffice 7.0.4 Office Suite Released with More Than 110 Bug Fixes

9to5Linux

The Document Foundation announced today the release and general availability of the LibreOffice 7.0.4 update to their open-source, free, and cross-platform office suite.

Coming about two months after LibreOffice 7.0.3, the LibreOffice 7.0.4 update is packed with a total of 114 bug fixes across all core components of the office suite in an attempt to further improve its stability, reliability and document compatibility. The details on the bug fixes included in this release are available here and here.

The Document Foundation urges all users to update to LibreOffice 7.0.4, even if you’re still using the LibreOffice 6.4 series, which reached end of life on November 30th, 2020, and will no longer receive updates.

This also means that enterprises can now finally adopt the LibreOffice 7.0 series and update their infrastructure of office computers with one of the best free office suites on the market. LibreOffice 7.0 comes with numerous enhancement and new features over LibreOffice 6.4 so the upgrade is worth the effort.

Full article

Mozilla Thunderbird 78.5 Released with More OpenPGP Improvements

9to5Linux

Mozilla Thunderbird 78.5 has been released today as a new maintenance update to the latest 78 series of the open-source and free email client used by numerous GNU/Linux distributions.

Mozilla Thunderbird 78.5 is all about improving the best feature of the 78 series, OpenPGP support, which is now built into the application and enabled by default to let users send encrypted emails.

In this version, OpenPGP gains a new option that let users disable the attaching of the public key to a signed email, improved support for inline PGP messages, as well as a fix for the message security dialog to no longer display unverified keys as unavailable.

Mozilla Thunderbird 78.5 also improves the MailExtensions feature by implementing a new “compose_attachments” context menu item to the Menus API, which was made available on displayed messages. Moreover, the browser.tabs.create function will now wait for the “mail-delayed-startup-finished” event.

Full article

Mozilla Firefox 83 Is Now Available for Download with HTTPS-Only Mode, Improvements

9to5Linux

The Mozilla Firefox 83 web browser is now available for download on Linux, macOS, and Windows systems ahead of its official launch tomorrow, November 17th, 2020.

The biggest new change in the Mozilla Firefox 83 release appears to be a new security feature called HTTPS-Only Mode, which is implemented in Preferences, under the Privacy & Security section. It provides a secure and encrypted connection between your web browser and the websites you visit, even if they don’t use HTTPS.

By default it’s disabled, but when enabled, the HTTPS-Only Mode will upgrade all your website connections to use Secure HTTP (HTTPS). The good news is that it can be used in all windows or only on private windows.

Full article

Ubuntu 20.10 Gets Its First Linux Kernel Security Patch, Update Now

9to5Linux

Canonical published today the very first Linux kernel security patch for the latest Ubuntu 20.10 (Groovy Gorilla) operating system to address two security vulnerabilities.

Released about three weeks ago, Ubuntu 20.10 is the latest version of the popular Linux-based operating system. It ships with the Linux 5.8 kernel series by default, which has now been patched against two recently discovered security vulnerabilities.

The first security vulnerability addressed in this update is CVE-2020-27194, discovered by Simon Scannell in Linux kernel’s bpf verifier, which could allow a local attacker to expose sensitive information (kernel memory) or gain administrative privileges.

The second security flaw is CVE-2020-8694 and was discovered by Andreas Kogler, Catherine Easdon, Claudio Canella, Daniel Gruss, David Oswald, Michael Schwarz, and Moritz Lipp in Linux kernel’s Intel Running Average Power Limit (RAPL) driver. This could allow a local attacker to expose sensitive information.

Full article

Mozilla Thunderbird 78.1 Released with Full OpenPGP Support, Search in Preferences Tab

9to5Linux

Mozilla Thunderbird 78.1 is now rolling out today to all supported platforms as the first point release to the latest major Mozilla Thunderbird 78 release with a bunch of exciting new features.

As you know, Mozilla Thunderbird 78 arrived two weeks ago with many exciting changes, including OpenPGP support, new minimum runtime requirements for Linux systems, DM support for Matrix, a new, centralized Account Hub, Lightning integration, and support for the Red Hat Enterprise Linux 7 operating system series.

Probably the most exciting new feature in Mozilla Thunderbird 78 is support for the OpenPGP open standard of PGP encryption, which lets users send encrypted emails without relying on a third-party add-on. However, OpenPGP support wasn’t feature complete in the Thunderbird 78 release and it was disable by default.

With the Thunderbird 78.1 point release, Mozilla says that OpenPGP support is now feature complete, including the new Key Wizard, the ability to search online for OpenPGP keys, and many other goodies. But it’s still disable by default to allow more time for testing, so you need to enable it manually to take full advantage of the new Thunderbird release.

Apart from the fully featured OpenPGP functionality, the Mozilla Thunderbird 78.1 point release introduces a new search filed in the Preferences tab to help you more easily find the settings you want to modify.

Full article