Critical Vulnerability Found in Linux Printing System CUPS
A critical vulnerability in the Common Unix Printing System (CUPS) poses a significant risk to Linux users, allowing remote attackers to hijack devices. Discovered by developer Simone Margaritelli, this flaw affects systems with the cups-browsed service enabled, enabling potential remote code execution. Users are urged to disable cups-browsed, block UDP port 631, and stay updated on security patches to mitigate risks. As the situation evolves, proactive security measures are essential for safeguarding against potential attacks.
Navigating the End of Support for CentOS 7: Options for Businesses
With CentOS 7 nearing its end of support, businesses must make critical decisions on migrating to alternative operating systems like Red Hat Enterprise Linux, SUSE Linux Enterprise, or Oracle Linux. Options such as AlmaLinux and Rocky Linux offer specific migration paths for CentOS 7 users. SUSE Liberty Linux Lite provides ongoing support for CentOS 7 servers at a cost, while migrating to Ubuntu Server is another viable option. However, businesses must consider the associated costs, with subscriptions for SUSE Liberty Linux Lite ranging from $2,500 to $20,000. Migrating to AlmaLinux emerges as a compelling choice, converting existing CentOS 7 machines to AlmaLinux 8 for the latest OS version. Prior to migration, thorough testing on a non-production machine is advisable to ensure a smooth transition. Selecting the right path forward is crucial for maintaining operational efficiency and security in the tech landscape.
Millions of OpenSSH Servers at Risk Due to Newly Disclosed Vulnerability
Millions of OpenSSH servers are at risk of a newly disclosed vulnerability, regreSSHion (CVE-2024-6387), allowing unauthenticated remote code execution. Exploiting a signal handler race condition in ‘sshd’, attackers can gain root privileges on glibc-based Linux systems. With over 14 million potentially vulnerable instances, organizations must address this critical threat promptly to prevent system takeovers and malware installations.
GNOME Wraps Up June with Exciting Updates and New Features
GNOME wraps up June with new features in Libadwaita and the ability to build GNOME Shell and Mutter without X11 support. The update includes a new alert/message dialog style, optimized performance for Wayland-based systems, integration of Rclone for cloud support in Deja Dup backups tool, and the announcement of GUADEC 2024 in Denver, Colorado.
Flathub Surpasses Two Billion Downloads, Highlighting Success of Flatpak
Flathub, the centralized repository for Flatpak sandboxed Linux applications, celebrates surpassing two billion downloads. With over 2,600 apps available, Flathub remains a popular choice for users seeking diverse software packages. The platform’s success underscores the growing preference for Flatpak as a reliable packaging system for Linux desktop applications.
Mesa 24.1 Released with Exciting Features and Improvements
Exciting news for open-source graphics enthusiasts as Mesa 24.1 has been released, packed with a host of new features and improvements. The update includes explicit sync support for Vulkan drivers, enhancements to AMD RadeonSI and RADV drivers, progress on the open-source NVK Vulkan driver for NVIDIA GPUs, and optimizations for Intel ANV driver. Mesa 24.1 also introduces support for Intel Arrow Lake graphics and async VM bind support, among other enhancements. With Mesa 24.1, the open-source graphics community can expect an enhanced experience and improved performance across various hardware platforms.
Valve’s Steam Deck Platform Driver Facing Delays in Mainline Linux Kernel Upstreaming
Valve’s Steam Deck is experiencing delays in getting its platform driver upstreamed into the mainline Linux kernel, causing concerns among users about optimal device performance and compatibility. Despite efforts to push a new version of the driver in the coming months, the lack of urgency in this process raises questions about Valve’s priorities. Stay tuned for updates on the integration of this crucial component into the mainline kernel.
NVIDIA Releases 555.42.02 Linux Beta Driver with Wayland Sync Support
The NVIDIA 555.42.02 Linux beta driver has been released with Wayland explicit sync support, GSP firmware utilization, and various other updates and improvements. Download the driver from the official NVIDIA website and stay tuned for upcoming benchmarks on Phoronix to see the performance enhancements in action.
Potential SSH Backdoor Uncovered in xz Package Poses Security Threat to Linux Systems
A potential SSH backdoor has been uncovered in the xz package, posing a significant security threat to Linux systems. The discovery of a backdoor in the xz release tarballs has raised concerns about compromised SSH logins. The malicious code was cleverly disguised as test files within the repository, making it difficult to detect any anomalies at first glance. Further investigation has raised questions about its connection to SSH, and the potential implications of this exploit are concerning, as it could enable unauthorized access by bypassing the normal SSH login process.
HDMI Forum Blocks Open Source Implementation, Impacting Linux Users
The HDMI Forum has reportedly told AMD that it does not allow an open source implementation of the HDMI 2.1 specification, effectively blocking tools such as AMD’s FreeSync from working over HDMI connections at high resolutions and frame rates on Linux systems. This decision has significant implications for Linux users, as they are unable to achieve the same resolutions and speeds as Windows users or those using DisplayPort connections. The rejection of an open source HDMI 2.1 implementation has raised concerns and speculation, with some suggesting potential interference from media firms worried about digital video ripping. This decision has significant implications for the Linux community and highlights the ongoing challenges faced by open source developers in accessing and implementing industry standards.