A Couple New Vulnerabilities, Unity 8 Futures
Another day, another vulnerability; The Register today reported that a new local vulnerability that can allow someone root access. Hack A Day also reported on a bug, this one sounded so fun the way they explained it. Elsewhere, OMG!Ubuntu! and Phoronix previewed Unity coming attractions sourced from Ubuntu 17.04 UOS summit notes and DarkDuck gave Debian 8 a quick run-through. Now you may want to sit down for this next one, Microsoft has joined the Linux Foundation.
Chris Evans found an odd, if not downright obscure, vulnerability in old GStreamer 0.10.x. That's rarely used anymore, but sometimes it gets installed and is in the default install of Ubuntu 12.04.5. I installed it on purpose a while back on mine trying to get an old game to work. Anyway, it seems to involve NES 6502 emulation and automatic file opening options that could allow an attacker to possibly read sensitive data. But what was great was the reaction of the discoverer who was pleasantly surprised to find such a curious emulator. He said, "Is that cool or what?" Hack A Day said, "The year 2000 called, they want their auto-opening Windows ME worms back." 1999 called, they want their joke back.
Another vulnerability in the news today that exploits a bug in Linux Unified Key Setup. On systems with that one can depress and hold the Enter key for 70 seconds to get to a root initramfs shell. The Register quoted Hector Marco saying, "Attackers can copy, modify or destroy the hard disc as well as set up the network to exfiltrate data." Cloud systems aren't exempt. Patches are already on their way to a desktop near you.
The last look at Unity 8 gave users a bit of pause, but upcoming releases promise to be much improved. While focusing on a "full desktop experience," convergence is still the key word of the day. They plan to make Snaps more important and rely less on .debs (eventually removing them altogether), they want to move the apps scope and dash into an "app drawer." They hope to add multi-monitor support and implement full window management (app windows, dialog boxes, context menus, tool tips, and the like). OMG!Ubuntu! and Phoronix have more on that.
Steven J. Vaughan-Nichols today said that Microsoft's joining the Linux Foundation is a sign they've really changed. He said this is because "Linux won" and is ruling "clouds, supercomputers, and servers." Microsoft has been contributing to some projects and even to the kernel, but now they're putting their money where their future is by becoming a Platinum member of the Linux Foundation. Vaughan-Nichols quotes Jim Zemlin saying, "Microsoft has grown and matured in its use of and contributions to open-source technology. The company has become an enthusiastic supporter of Linux and of open source and a very active member of many important projects." What, me worry?
Elsewhere:
* wattOS Energizes Aging Hardware