Cisco Confirms 88 Products Vulnerable to FragmentStack Bug, KDE neon Rebased on Ubuntu 18.04 LTS, GNOME 3.30.1 Released, Rust Announces Version 1.29.1 and Mozilla Launches Firefox Monitor
News briefs for September 26, 2018.
Cisco confirms that 88 of its products that rely on the Linux kernel are vulnerable to the FragmentStack bug. According to ZDNet, "the bug can saturate a CPU's capacity when under a low-speed attack using fragmented IPv4 and IPv6 packets, which could cause a denial-of-service condition on the affected device." Affected products include "Nexus switches, Cisco IOS XE software, and equipment from its lines of Unified Computing and Unified Communications brands, several TelePresence products, and a handful of wireless access points."
The KDE neon team announces the rebase of its packages onto Ubuntu 18.04 LTS "Bionic Beaver" and encourages users to upgrade now. You also can download a clean installation from here.
The Rust Team yesterday announced Rust
1.29.1. This new version fixes a security vulnerability in the standard
library "where if a large number was passed to
str::repeat, it could cause a
buffer overflow after an integer overflow. If you do not call the
str::repeat, function you are not affected." See the release
notes on GitHub for all the details.