Collection of Linux related news hopefully!

Pseudo-term buffer blunder from 2009 discovered

Linux admins need to get busy patching, as a newly discovered bug has emerged in the kernel's tty handling – and it lets logged-in users crash the system, gain root privileges, or otherwise modify and access data they shouldn't.

The Xen Project community today announced it will be a founding project in the CentOS Project's new virtualization special interest group (Virt SIG).  The open source hypervisor, a Linux Foundation collaborative project, will thus play a pivotal role in shaping the direction of virtualization support and innovation on top of the CentOS Linux distribution, as well as help to field test the new governance model for future SIGs.

OpenStack Summit Ellison's RHEL lookalike, now with cloud software, too

Never one to be outdone by rival Red Hat, Oracle has unveiled its own distribution of the OpenStack cloud control freak on the same day that Shadowman opened its latest beta distribution to the public.

rastos1 sends in a report about a significant bug fix for the Linux kernel (CVE-2014-0196). "'The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device. 'This is the first serious privilege escalation vulnerability since the perf_events issue (CVE-2013-2049) in April 2013 that is potentially reliably exploitable, is not architecture or configuration dependent, and affects a wide range of Linux kernels (since 2.6.31),' Dan Rosenberg, a senior security researcher at Azimuth Security, told Ars in an e-mail. 'A bug this serious only comes out once every couple years.' ... While the vulnerability can be exploited only by someone with an existing account, the requirement may not be hard to satisfy in hosting facilities that provide shared servers, Rosenberg said."

Read more of this story at Slashdot.








SaltStack is part of the next evolution of infrastructure management tools that System Administrators have in their toolbox for provisioning and managing an ever growing fleet of servers. This post describes how to provision Amazon EC2 instances with Salt Cloud. I also describe how to provision several instances in parallel with a single command using Salt Cloud’s Map feature.

OpenStack Summit Brings in Foreman to calm cloud wrangler concerns over install and administration

Red Hat has released a beta of a new OpenStack distribution that gives customers greater choice over the types of networking systems they pair with the project's troubled Neutron component.

Flash, Illustrator, IE and Windows all receive fixes

Administrators and end users are being advised to update their systems following a set of Patch Tuesday releases from Microsoft and Adobe, which address more than 30 security flaws combined.

Canonical, best known as the company behind Ubuntu Linux, is entering the private cloud hosting business with an OpenStack-based option for your data center or hosting provider.
Review Right? Core i7 paperweight with Intel Iris Pro 5200 graphics

PC sales maybe on a downward trend, but it seems there will always be an interest in an alternative to buying into the console wars. Enter the Gigabyte Brix Pro, just one offering among over a dozen from manufacturers that have committed to releasing Steam gaming machines this year.

This upstirring undertaking Ubuntu is, as my colleague MPT explains, performance art. Not only must it be art, it must also perform, and that on a deadline. So many thanks and much credit to the teams and individuals who made our most recent release, the Trusty Tahr, into the gem of 14.04 LTS. And after the uproarious ululation and post-release respite, it’s time to open the floodgates to umpteen pent-up changes and begin shaping our next show.

The discipline of an LTS constrains our creativity – our users appreciate the results of a focused effort on performance and stability and maintainability, and we appreciate the spring cleaning that comes with a focus on technical debt. But the point of spring cleaning is to make room for fresh ideas and new art, and our next release has to raise the roof in that regard. And what a spectacular time to be unleashing creativity in Ubuntu. We have the foundations of convergence so beautifully demonstrated by our core apps teams – with examples that shine on phone and tablet and PC. And we have equally interesting innovation landed in the foundational LXC 1.0, the fastest, lightest virtual machines on the planet, born and raised on Ubuntu. With an LTS hot off the press, now is the time to refresh the foundations of the next generation of Linux: faster, smaller, better scaled and better maintained. We’re in a unique position to bring useful change to the ubiquitary Ubuntu developer, that hardy and precise pioneer of frontiers new and potent.

That future Ubuntu developer wants to deliver app updates instantly to users everywhere; we can make that possible. They want to deploy distributed brilliance instantly on all the clouds and all the hardware. We’ll make that possible. They want PAAS and SAAS and an Internet of Things that Don’t Bite, let’s make that possible. If free software is to fulfil its true promise it needs to be useful for people putting precious parts into production, and we’ll stand by our commitment that Ubuntu be the most useful platform for free software developers who carry the responsibilities of Dev and Ops.

It’s a good time to shine a light on umbrageous if understandably imminent undulations in the landscape we love – time to bring systemd to the centre of Ubuntu, time to untwist ourselves from Python 2.x and time to walk a little uphill and, thereby, upstream. Time to purge the ugsome and prune the unusable. We’ve all got our ucky code, and now’s a good time to stand united in favour of the useful over the uncolike and the utile over the uncous. It’s not a time to become unhinged or ultrafidian, just a time for careful review and consideration of business as usual.

So bring your upstanding best to the table – or the forum – or the mailing list – and let’s make something amazing. Something unified and upright, something about which we can be universally proud. And since we’re getting that once-every-two-years chance to make fresh starts and dream unconstrained dreams about what the future should look like, we may as well go all out and give it a dreamlike name. Let’s get going on the utopic unicorn. Give it stick. See you at vUDS.