The New StarFighter Linux Laptop Now Available for Preorder

Star Labs has been creating Linux laptops for some time now and recently they announced a new addition to their fleet of options, the StartFighter custom laptop (https://us.starlabs.systems/pages/starfighter). This beautiful piece of technology features a true matte display that uses a protective coating to defuse ambient light so colors can shine brighter. The display offers up to 3840x2400 4K resolution, a 16:10 aspect ratio, and 600cd/m≤ of brightness at a 165Hz refresh rate and 178 degrees of viewing.

Other features found on the StarFighter include a removable webcam with built-in storage, a kill switch to shut off wireless when needed, a backlit keyboard with media keys, international layouts, and LED indicators. The StarFighter also includes a haptic trackpad, and a plasma electrolytic oxidation coaching for a textured finish that is stronger than steel and fingerprint resistant.

You'll find WiFI 6E and Bluetooth 5.3, HDMI, USB-C/A, microSD, and an audio combo jack. The firmware on the StarFighter is the open-course coreboot and the battery is charged by a gallium nitride charger that provides 65 watts over USB-C.

As far as components, the base model comes with a 12th generation Intel i3 CPU but can be upgraded to an AMD Ryzen 7 (6800H) or an Intel i9. The StarFighter can support up to 64GB of RAM and the storage can range from 240GB to 2TB.

Configure and preorder your StarFighter laptop today (https://us.starlabs.systems/products/starfighter?variant=43623053000958). The base model starts at $1,509.30. Keep in mind, however, the laptops may not ship for four to five months from now.

Critical Escalation Vulnerability Found in the Linux Kernel

Red Hat added a new CVE code, listed as 2022-3977 (https://access.redhat.com/security/cve/CVE-2022-3977), which is described as a use-after-free flaw. A use-after flaw can occur when a program attempts to use memory that has been released.

CVE 2022-3977 resides in the Linux kernel Management Component Transport Protocol (MCTP). How this vulnerability works is after a user simultaneously calls DROPTAG ioctl at the same time a socket close occurs. When this happens, the vulnerability can then be used to elevate privileges all the way up to root.

This CVE has been listed as Moderate, with a CVSS v3 base score of 7.0 and the vulnerability was found in the most recent upstream Linux kernel.

It was the Venustech Active Defense Laboratory that originally reported the vulnerability, finding it in kernel v5.18.0 with the commit 63ed1aab3d40aa61aaa66819bdce9377ac7f40fa. Fortunately, with a recent commit, the vulnerability has been patched.

If you have a Linux machine running kernel 5.18, you should immediately run an upgrade to patch the kernel. Most major repositories have most likely added the patch to their standard repositories.

AlmaLinux 8.7 Now Available

The newest release of AlmaLinux, version 8.7, is now available to the general public. This release is a 1:1 binary-compatible replacement for Red Hat Enterprise Linux 8.7 and features plenty of changes and updates.

One of the big changes comes in the ability to build custom images with custom/boot mount-point partitions and sizes. In addition, the latest release includes important security updates, such as all Network Security Service (NSS) libraries have increased the minimum key size for all RSA operations from 128 to 1023 bits. Other updates include, scap-security-guide is now better aligned with Defense Information Systems Agency technical guides content; a new package, xmlstarlet, which can parse, transform, query, validate, and edit XML files; Ruby 3.1; Mercurial 6.2; and Node.js 18.

The kernel shipping with AlmaLinux 8.7 is 4.18.0-423.el8 and the operating system includes support for x86_64, AArch64, ppc64le, and s390x architectures.

This new release is ready for production and, according to Benny Vasquez, chair of the AlmaLinux OS Foundation board, "We aim to deliver the quality and timeliness end users require from the leading CentOS successor, and to provide a free and open, community-owned and governed, enterprise-grade Linux operating system."

Download a copy of AlmaLinux 8.7 (https://mirrors.almalinux.org/isos.html).