NEWS
Thunderbird 78 Ported to Ubuntu 20.04
Ubuntu 20.04.2 has already shipped and the developers found themselves in a tricky position with Thunderbird, the popular open source email client. Essentially they had two choices:
- Backport individual security fixes to Thunderbird 68.
- Port the latest version.
One of the most important aspects of Ubuntu is stability. Because of this, the platform doesn't generally ship with the latest releases of software. And initially Ubuntu 20.04 shipped with Thunderbird 68. However, because that version is no longer supported by upstream, it would no longer be receiving security updates.
That's a problem.
So the Ubuntu developers had to choose between two options. Fortunately, they opted to go with porting the latest version of Thunderbird. This will cause an issue for some users, as not all Thunderbird extensions will work with the latest release. For example, now that Thunderbird has native encryption, the Enigmail extension is not only redundant, it simply won't install on the client. This means users accustomed to Enigmail must now get up to speed on Thunderbird's built-in encryption technology.
For those users who prefer installing applications via standard .deb packages, you won't be forced to use either a snap or flatpak version of Thunderbird.
For more information on the decision, check out this post by Ubuntu's own, Oliver Tilloy: https://discourse.ubuntu.com/t/thunderbird-lts-update/20819?u=d0od.
Linux Exploit for Spectre Flaw Discovered
Spectre has been in the public knowledge base since January 9, 2018, when Intel was forced to go public with the information that all of their CPUs (since 1995) can allow applications to be tricked into leaking information they hold in memory. Since then, there have been a number of Spectre exploits, across all operating systems on Intel hardware.
Recently a French researcher, Julien Voisin, announced (https://dustri.org/b/spectre-exploits-in-the-wild.html) he was able to view the contents of /etc/shadow on a vulnerable Fedora system, thereby verifying this new Spectre exploit.
This vulnerability works in four stages:
- Finding the superblock of a file.
- Finding the inode of the file to be dumped.
- Finding the corresponding page address.
- Dumping the contents of the file.
According to Voisin, this exploit had a 0 detection rate before he published his announcement.
Of this vulnerability, Andrew Cooper, senior software engineer, Citrix, had this to say, "SMAP prevents supervisor code from accessing user memory operands outside of explicitly permitted areas." Cooper continues, "This is enough to prevent the cacheline fill (of a userspace pointer) and break the covert channel. A more sophisticated attack could use a supervisor pointer, e.g. the directmap mapping, or one of a multitude of other covert channels to transmit the same data, which is a higher barrier, but definitely not impossible."
The new Spectre exploit looks to have been created and distributed by a company called Immunity Inc, and VirusTotal allows the downloading of the exploit for a fee.
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.