NEWS
Debian 9 Stretches Its Wings
The latest release of Debian, code-named Stretch, has been released after 26 months of development. Debian 9 will be supported for the next five years, making it one of the longest supported community-based distributions. Ubuntu LTS is supported for three years on desktops and five years on severs; CentOS is supported for 10 years.
Debian has done some reshuffling with default software: MariaDB has replaced MySQL as the default database, and since the Mozilla and Debian communities have sorted out their trademark dispute, you can now use vanilla Firefox and Thunderbird instead of rebranded Iceweasel and Icedove.
Debian is primarily a leading server operating system, but it's well revered among the desktop users who need reliable and stable systems. Debian is a Gnome distribution, and Stretch comes with a generation-older Gnome Shell 3.22. That's the only downside of using Debian on the desktop; you are often stuck with very old packages.
Looking at the continuous disclosure of security bugs in Linux, Debian is maintaining a very tight grip on security.
"Thanks to the Reproducible Builds project, over 90% of the source packages included in Debian 9 will build bit-for-bit identical binary packages. This is an important verification feature which protects users from malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive," said the release announcement.
The X display server no longer needs "root" privileges, which has been a major criticism and security risk.
This is also the first release of Debian that features the modern branch of GnuPG in the gnupg package. "This brings with it elliptic curve cryptography, better defaults, a more modular architecture, and improved smart card support. We will continue to supply the classic branch of GnuPG as gnupg1 for people who need it, but it is now deprecated," said the release announcement. This release has also improved UEFI support, which now also supports installing on 32-bit UEFI firmware with a 64-bit kernel. The Debian Live images now include support for UEFI booting as a new feature, too.
Debian is known for wide support for architecture. This release supports 10 architectures, including 64-bit PC/Intel EM64T/x86-64 (amd64), 32-bit PC/Intel IA-32 (i386), 64-bit little-endian Motorola/IBM PowerPC (ppc64el), and 64-bit IBM S/390 (s390x) for ARM; armel and armhf for older and more recent 32-bit hardware, plus arm64 for the 64-bit AArch64 architecture; and, in addition to the two 32-bit mips (big endian) and mipsel (little endian) for MIPS, a new mips64el architecture for 64-bit little-endian hardware.
Debian 9 is available for free download
Serious Stack Clash Bug Affects Linux Systems
Security researchers at Qualys have discovered an old vulnerability in Linux systems that can be exploited executing arbitrary code on system.
The flaw is related to the way the computer uses the stack (a special memory region). As the programs need more memory, this region grows and can come close to another stack. This vicinity may confuse the program with other memory regions.
"An attacker could use this flaw to jump over the stack guard page, causing controlled memory corruption on the process stack or the adjacent memory region, thus increasing their privileges on the system," Red Hat explained in a security advisory.
The vulnerability has been christened Stack Clash and assigned CVE-2017-1000364 for the Linux kernel and CVE-2017-1000366 for glibc.
Ironically this jump is not a new problem, it has been around for more than a decade now and was exploited earlier in 2005 and 2010. Linux fixed the issue by adding a protection called stack guard page after the 2010 exploit.
"Access to the stack guard page triggers a trap, so it serves as a divider between a stack memory region and other memory regions in the process address space so that sequential stack access cannot be fluently transformed into access to another memory region adjacent to the stack (and vice versa)," wrote Red Hat.
However, Qualys discovered that despite stack guard page protection, stack clashes are still exploitable.
Qualys worked closely with Linux vendors to develop patches. The company also managed to develop seven exploits and seven proofs of concept for this weakness to help write patches.
More Online
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs