SegmentSmack Kernel Bug Discovered, Android 9 Pie Now Available, Google's August Security Bulletin for Android, Kernel 4.19 to Get STACKLEAK Feature and GNOME Releases Keysign 0.9.8
News briefs for August 7, 2018.
Security researchers have discovered a bug in kernel 4.9 called SegmentSmack. Red Hat comments that "a remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system". There's no known workaround other than a fixed kernel at this time. See also the story on ZDNet for more information.
Android 9 "Pie" was released yesterday. Android 9 uses AI to help it adapt to your preferences as you use it. Other new features include an adaptive battery, gesture navigation and tools to help you see how much time you're spending on your phone.
Google also released its August security bulletin for Android yesterday, and the most severe issue "is a critical vulnerability that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process".
The upcoming 4.19 kernel will be getting the STACKLEAK feature, Phoronix reports. STACKLEAK provides further security as it "wipes out the kernel stack before returning from system calls. By clearing the kernel stack, it reduces possible leakage and can block some possible attack vectors, including stack clash attacks and uninitialized stack variable attacks."
GNOME Keysign 0.9.8 has been released. This update fixes several bugs and now includes Bluetooth support so you can exchange keys without a network connection. The app is also now on Flathub, and you can install it from here.
Limited Time Offer
Take Linux Journal for a test drive. Download our September issue for FREE.
Topic of the Week
The cloud has become synonymous with all things data storage. It additionally equates to the many web-centric services accessing that same back-end data storage, but the term also has evolved to mean so much more.