NEWS
Debian 9 Stretches Its Wings
The latest release of Debian, code-named Stretch, has been released after 26 months of development. Debian 9 will be supported for the next five years, making it one of the longest supported community-based distributions. Ubuntu LTS is supported for three years on desktops and five years on severs; CentOS is supported for 10 years.
Debian has done some reshuffling with default software: MariaDB has replaced MySQL as the default database, and since the Mozilla and Debian communities have sorted out their trademark dispute, you can now use vanilla Firefox and Thunderbird instead of rebranded Iceweasel and Icedove.
Debian is primarily a leading server operating system, but it's well revered among the desktop users who need reliable and stable systems. Debian is a Gnome distribution, and Stretch comes with a generation-older Gnome Shell 3.22. That's the only downside of using Debian on the desktop; you are often stuck with very old packages.
Looking at the continuous disclosure of security bugs in Linux, Debian is maintaining a very tight grip on security.
"Thanks to the Reproducible Builds project, over 90% of the source packages included in Debian 9 will build bit-for-bit identical binary packages. This is an important verification feature which protects users from malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive," said the release announcement.
The X display server no longer needs "root" privileges, which has been a major criticism and security risk.
This is also the first release of Debian that features the modern branch of GnuPG in the gnupg package. "This brings with it elliptic curve cryptography, better defaults, a more modular architecture, and improved smart card support. We will continue to supply the classic branch of GnuPG as gnupg1 for people who need it, but it is now deprecated," said the release announcement. This release has also improved UEFI support, which now also supports installing on 32-bit UEFI firmware with a 64-bit kernel. The Debian Live images now include support for UEFI booting as a new feature, too.
Debian is known for wide support for architecture. This release supports 10 architectures, including 64-bit PC/Intel EM64T/x86-64 (amd64), 32-bit PC/Intel IA-32 (i386), 64-bit little-endian Motorola/IBM PowerPC (ppc64el), and 64-bit IBM S/390 (s390x) for ARM; armel and armhf for older and more recent 32-bit hardware, plus arm64 for the 64-bit AArch64 architecture; and, in addition to the two 32-bit mips (big endian) and mipsel (little endian) for MIPS, a new mips64el architecture for 64-bit little-endian hardware.
Debian 9 is available for free download
Serious Stack Clash Bug Affects Linux Systems
Security researchers at Qualys have discovered an old vulnerability in Linux systems that can be exploited executing arbitrary code on system.
The flaw is related to the way the computer uses the stack (a special memory region). As the programs need more memory, this region grows and can come close to another stack. This vicinity may confuse the program with other memory regions.
"An attacker could use this flaw to jump over the stack guard page, causing controlled memory corruption on the process stack or the adjacent memory region, thus increasing their privileges on the system," Red Hat explained in a security advisory.
The vulnerability has been christened Stack Clash and assigned CVE-2017-1000364 for the Linux kernel and CVE-2017-1000366 for glibc.
Ironically this jump is not a new problem, it has been around for more than a decade now and was exploited earlier in 2005 and 2010. Linux fixed the issue by adding a protection called stack guard page after the 2010 exploit.
"Access to the stack guard page triggers a trap, so it serves as a divider between a stack memory region and other memory regions in the process address space so that sequential stack access cannot be fluently transformed into access to another memory region adjacent to the stack (and vice versa)," wrote Red Hat.
However, Qualys discovered that despite stack guard page protection, stack clashes are still exploitable.
Qualys worked closely with Linux vendors to develop patches. The company also managed to develop seven exploits and seven proofs of concept for this weakness to help write patches.
More Online
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.