Debian 9 Stretches Its Wings

The latest release of Debian, code-named Stretch, has been released after 26 months of development. Debian 9 will be supported for the next five years, making it one of the longest supported community-based distributions. Ubuntu LTS is supported for three years on desktops and five years on severs; CentOS is supported for 10 years.

Debian has done some reshuffling with default software: MariaDB has replaced MySQL as the default database, and since the Mozilla and Debian communities have sorted out their trademark dispute, you can now use vanilla Firefox and Thunderbird instead of rebranded Iceweasel and Icedove.

Debian is primarily a leading server operating system, but it's well revered among the desktop users who need reliable and stable systems. Debian is a Gnome distribution, and Stretch comes with a generation-older Gnome Shell 3.22. That's the only downside of using Debian on the desktop; you are often stuck with very old packages.

Looking at the continuous disclosure of security bugs in Linux, Debian is maintaining a very tight grip on security.

"Thanks to the Reproducible Builds project, over 90% of the source packages included in Debian 9 will build bit-for-bit identical binary packages. This is an important verification feature which protects users from malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive," said the release announcement.

The X display server no longer needs "root" privileges, which has been a major criticism and security risk.

This is also the first release of Debian that features the modern branch of GnuPG in the gnupg package. "This brings with it elliptic curve cryptography, better defaults, a more modular architecture, and improved smart card support. We will continue to supply the classic branch of GnuPG as gnupg1 for people who need it, but it is now deprecated," said the release announcement. This release has also improved UEFI support, which now also supports installing on 32-bit UEFI firmware with a 64-bit kernel. The Debian Live images now include support for UEFI booting as a new feature, too.

Debian is known for wide support for architecture. This release supports 10 architectures, including 64-bit PC/Intel EM64T/x86-64 (amd64), 32-bit PC/Intel IA-32 (i386), 64-bit little-endian Motorola/IBM PowerPC (ppc64el), and 64-bit IBM S/390 (s390x) for ARM; armel and armhf for older and more recent 32-bit hardware, plus arm64 for the 64-bit AArch64 architecture; and, in addition to the two 32-bit mips (big endian) and mipsel (little endian) for MIPS, a new mips64el architecture for 64-bit little-endian hardware.

Debian 9 is available for free download

Serious Stack Clash Bug Affects Linux Systems

Security researchers at Qualys have discovered an old vulnerability in Linux systems that can be exploited executing arbitrary code on system.

The flaw is related to the way the computer uses the stack (a special memory region). As the programs need more memory, this region grows and can come close to another stack. This vicinity may confuse the program with other memory regions.

"An attacker could use this flaw to jump over the stack guard page, causing controlled memory corruption on the process stack or the adjacent memory region, thus increasing their privileges on the system," Red Hat explained in a security advisory.

The vulnerability has been christened Stack Clash and assigned CVE-2017-1000364 for the Linux kernel and CVE-2017-1000366 for glibc.

Ironically this jump is not a new problem, it has been around for more than a decade now and was exploited earlier in 2005 and 2010. Linux fixed the issue by adding a protection called stack guard page after the 2010 exploit.

"Access to the stack guard page triggers a trap, so it serves as a divider between a stack memory region and other memory regions in the process address space so that sequential stack access cannot be fluently transformed into access to another memory region adjacent to the stack (and vice versa)," wrote Red Hat.

However, Qualys discovered that despite stack guard page protection, stack clashes are still exploitable.

Qualys worked closely with Linux vendors to develop patches. The company also managed to develop seven exploits and seven proofs of concept for this weakness to help write patches.

More Online

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • System76 Releases Pop!_OS

    An Ubuntu-based operating system designed for professionals.

  • News

    In the news: Dell to Enable Privacy Controls for Linux Hardware; Linux Mint Unveils New Packages; Pop!_OS 20.10 Now Supports DEB822 Format; Ubuntu 20.10 with Raspberry Pi Support; SaltStack Acquisition Brings More Automation to VMware; and New Storage Model Could Replace POSIX.

  • Pop!_OS

    Pop!_OS, known for its innovation, customization, and user-friendliness, features one of the easiest tiling desktop options available.

  • Tiling Desktops

    Tiling desktops have been experiencing a resurgence in popularity. Here are a few options that can help keep your desktop better organized.

  • News

    In the news: Apple M1 Hardware Support To Be Merged into Linux Kernel 5.13; KDE Launches the Qt 5 Patch Collection; Linux Creator Warns Next Kernel Could Be Delayed; System76 Updates Its Pangolin Laptop; New Debian-Based Distribution Arriveson the Market; System76 Releases New Thelio Desktop; and AlmaLinux Is Officially Available.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More