Dirty Cow, Ubuntu @ 12, Save a Penguin
The top story today was the news of long time bug CVE-2016-5195, referred to as "Dirty Cow." This "critical" bug has been in the kernel for over 11 years and there's evidence that it's been used. Elsewhere, folks are celebrating 12 years of Ubuntu and Canonical blogged about their new live patching service. The East Idaho News ran an article about exorcising Windows from older computers and if you buy a copy of Can't Drive This you'll save a penguin.
Dirty Cow is a local privilege vulnerability that can allow one to gain root access. Specifically, "race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." Linus signed off and pushed the patch to git a few days ago and distributions are currently updating their products. This is considered a critical bug and users are encouraged to update as soon as possible because researchers have found code in the wild to exploit it. Worse still, the exploit leaves little or no trace of being compromised. So, keep an eye on your update applets or security advisories over the next few days. Since this bug has been in existence for so long, Kees Cook had to revise his critical bug lifetime average from 3.3 to 5.2 years, while the overall average for all bugs increased only slightly.
Ubuntu is 12. Jon Gold and OMG!Ubuntu! remembered with a little look back at how it all started and a quiz of your Ubuntu knowledge. As I recall, Ubuntu was little more than a re-branded Debian those first releases, but the little brown distro did change things. Their marketing campaigns brought in the community and free mailings of CDs did a lot to expand Linux usage that even its staunchest critics can't deny. In other Ubuntu news, Canonical posted a download of the Yakkety Yak wallpaper in two versions and announced Livepatch for Ubuntu 16.04. And Hackaday.com reported on Ubuntu 16.10 ported to the Raspberry Pi line.
The developers of Can't Drive This, described by www.htxt.co.za as a "party driving game" because your friends build the track as you're racing, said they'll donate their October Linux sales to SANCCOB adopt a penguin program. SANCCOB is a South African non-profit that rescues seabirds. The game costs 10 USD on Steam and the current saved penguin count is 6. In other gaming news, the Mad Max port has been released.
Some other interesting tidbits today include: