NEWS
Debian 9 Stretches Its Wings
The latest release of Debian, code-named Stretch, has been released after 26 months of development. Debian 9 will be supported for the next five years, making it one of the longest supported community-based distributions. Ubuntu LTS is supported for three years on desktops and five years on severs; CentOS is supported for 10 years.
Debian has done some reshuffling with default software: MariaDB has replaced MySQL as the default database, and since the Mozilla and Debian communities have sorted out their trademark dispute, you can now use vanilla Firefox and Thunderbird instead of rebranded Iceweasel and Icedove.
Debian is primarily a leading server operating system, but it's well revered among the desktop users who need reliable and stable systems. Debian is a Gnome distribution, and Stretch comes with a generation-older Gnome Shell 3.22. That's the only downside of using Debian on the desktop; you are often stuck with very old packages.
Looking at the continuous disclosure of security bugs in Linux, Debian is maintaining a very tight grip on security.
"Thanks to the Reproducible Builds project, over 90% of the source packages included in Debian 9 will build bit-for-bit identical binary packages. This is an important verification feature which protects users from malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive," said the release announcement.
The X display server no longer needs "root" privileges, which has been a major criticism and security risk.
This is also the first release of Debian that features the modern branch of GnuPG in the gnupg package. "This brings with it elliptic curve cryptography, better defaults, a more modular architecture, and improved smart card support. We will continue to supply the classic branch of GnuPG as gnupg1 for people who need it, but it is now deprecated," said the release announcement. This release has also improved UEFI support, which now also supports installing on 32-bit UEFI firmware with a 64-bit kernel. The Debian Live images now include support for UEFI booting as a new feature, too.
Debian is known for wide support for architecture. This release supports 10 architectures, including 64-bit PC/Intel EM64T/x86-64 (amd64), 32-bit PC/Intel IA-32 (i386), 64-bit little-endian Motorola/IBM PowerPC (ppc64el), and 64-bit IBM S/390 (s390x) for ARM; armel and armhf for older and more recent 32-bit hardware, plus arm64 for the 64-bit AArch64 architecture; and, in addition to the two 32-bit mips (big endian) and mipsel (little endian) for MIPS, a new mips64el architecture for 64-bit little-endian hardware.
Debian 9 is available for free download
Serious Stack Clash Bug Affects Linux Systems
Security researchers at Qualys have discovered an old vulnerability in Linux systems that can be exploited executing arbitrary code on system.
The flaw is related to the way the computer uses the stack (a special memory region). As the programs need more memory, this region grows and can come close to another stack. This vicinity may confuse the program with other memory regions.
"An attacker could use this flaw to jump over the stack guard page, causing controlled memory corruption on the process stack or the adjacent memory region, thus increasing their privileges on the system," Red Hat explained in a security advisory.
The vulnerability has been christened Stack Clash and assigned CVE-2017-1000364 for the Linux kernel and CVE-2017-1000366 for glibc.
Ironically this jump is not a new problem, it has been around for more than a decade now and was exploited earlier in 2005 and 2010. Linux fixed the issue by adding a protection called stack guard page after the 2010 exploit.
"Access to the stack guard page triggers a trap, so it serves as a divider between a stack memory region and other memory regions in the process address space so that sequential stack access cannot be fluently transformed into access to another memory region adjacent to the stack (and vice versa)," wrote Red Hat.
However, Qualys discovered that despite stack guard page protection, stack clashes are still exploitable.
Qualys worked closely with Linux vendors to develop patches. The company also managed to develop seven exploits and seven proofs of concept for this weakness to help write patches.
More Online
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.