Linux Action News 220
12/20/21 • 19 min
The nasty Log4Shell vulnerability isn't solved yet, this week saw a new round of attacks and patches.
Plus how the work to port Linux to the Apple M1 resulted in fixing a bug that impacted all Linux distros.
Sponsored By:
- Jupiter Network Membership: Support the entire network, and get access to every member's special feed for every show on the network. Promo Code: thesignal
- Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
- Ting: Save $25 off your first device, or $25 in service credit if you bring one!
Links:
- Log4j 2.15.0 and previously suggested mitigations may not be enough — It was discovered that version 2.15.0 would still be vulnerable when the configuration has a pattern layout containing a Context Lookup.
- Statement from CISA Director Easterly on “Log4j” Vulnerability
- PipeWire 0.3.41 Offers Improved Flatpak & JACK Compatibility, Apple AirPlay Streaming — PipeWire 0.3.41 also adds a new RAOP module (raop-sink and raop-discover) that can be used for streaming to Apple AirPlay devices.
- EXT4 Prepared To Switch To Linux’s New Mount API — Linux's new mount API is what came about in recent times as a set of system calls offering more flexibility than the long-standing mount syscall that is a one-shot effort while this new multi-step mounting procedure allows for more options.
- The End-Of-Year 2021 State Of Linux On Apple’s M1 SoC — The Asahi Linux project has published their October and November status update to provide an overview of where the Apple Silicon / Apple M1 open-source support is now at as we approach the end of 2021.
- Asahi Linux looks forward to exciting 2022 on Apple silicon
- Hector Martin on Twitter — Looks like Apple changed the requirements for Mach-O kernel files in 12.1, breaking our existing installation process... and they *also* added a raw image mode that will never break again and doesn't require Mach-Os. And people said they wouldn't help. This is intended for us.
- Podcastindex.org — The Podcast Index is here to preserve, protect and extend the open, independent podcasting ecosystem.
- Linux Action News on Podcastindex.org
The nasty Log4Shell vulnerability isn't solved yet, this week saw a new round of attacks and patches.
Plus how the work to port Linux to the Apple M1 resulted in fixing a bug that impacted all Linux distros.
Sponsored By:
- Jupiter Network Membership: Support the entire network, and get access to every member's special feed for every show on the network. Promo Code: thesignal
- Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
- Ting: Save $25 off your first device, or $25 in service credit if you bring one!
Links:
- Log4j 2.15.0 and previously suggested mitigations may not be enough — It was discovered that version 2.15.0 would still be vulnerable when the configuration has a pattern layout containing a Context Lookup.
- Statement from CISA Director Easterly on “Log4j” Vulnerability
- PipeWire 0.3.41 Offers Improved Flatpak & JACK Compatibility, Apple AirPlay Streaming — PipeWire 0.3.41 also adds a new RAOP module (raop-sink and raop-discover) that can be used for streaming to Apple AirPlay devices.
- EXT4 Prepared To Switch To Linux’s New Mount API — Linux's new mount API is what came about in recent times as a set of system calls offering more flexibility than the long-standing mount syscall that is a one-shot effort while this new multi-step mounting procedure allows for more options.
- The End-Of-Year 2021 State Of Linux On Apple’s M1 SoC — The Asahi Linux project has published their October and November status update to provide an overview of where the Apple Silicon / Apple M1 open-source support is now at as we approach the end of 2021.
- Asahi Linux looks forward to exciting 2022 on Apple silicon
- Hector Martin on Twitter — Looks like Apple changed the requirements for Mach-O kernel files in 12.1, breaking our existing installation process... and they *also* added a raw image mode that will never break again and doesn't require Mach-Os. And people said they wouldn't help. This is intended for us.
- Podcastindex.org — The Podcast Index is here to preserve, protect and extend the open, independent podcasting ecosystem.
- Linux Action News on Podcastindex.org
Previous Episode
Linux Action News 219
The Log4Shell vulnerability is making waves this week; we'll explain why and break down how it works.
Plus, some good news for the Desktop and systemd-homed gets one step closer.
Sponsored By:
- Ting: Save $25 off your first device, or $25 in service credit if you bring one!
- Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
- Jupiter Network Membership: Support the entire network, and get access to every member's special feed for every show on the network. Promo Code: thesignal
Links:
- GNOME 42 To Finally Allow Input Events To Happen Full-Rate — Up to now GNOME Shell has been compressing pointer motion events so they are synchronized to the monitor refresh rate, which can be anywhere from around 30 to 144 events per second depending upon display.
- An Eventful Instant – GNOME Shell & Mutter
- Do not throttle input in wayland event delivery
- FreeBSD 12.3-RELEASE Announcement — The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 12.3-RELEASE. This is the fourth release of the stable/12 branch.
- systemd 250 Is Coming With A Boat Load Of New Features — systemd 250 is packing a rather large number of new features and changes across the board for this dominant Linux init system and service manager.
- Log4Shell — RCE 0-day exploit found in log4j2, a popular Java logging package
- Apache - The ASF on Twitter — “Did you know that Ingenuity, the Mars 2020 Helicopter mission, is powered by Apache Log4j? https://t.co/gV0uyE1ylk #Apache #OpenSource #innovation #community #logging #services
- Tom (^-^) on Twitter
- Kevin Beaumont on Twitter — “Starting a new thread for log4j security vulnerability and fallout. Spoiler: although this emerged as a Minecraft issue (lol) there is going to be impacts across a wide range of enterprise software for some time.”
- Log4jAttackSurface MEMES
Next Episode
Linux Action News 221
We kick off our annual predictions episode with what we got right and wrong this year and then attempt to predict what will happen in 2022.
Sponsored By:
- Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
- Ting: Save $25 off your first device, or $25 in service credit if you bring one!
Links:
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
Select type & size
<a href="https://goodpods.com/podcasts/linux-action-news-34394/linux-action-news-220-22070134"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to linux action news 220 on goodpods" style="width: 225px" /> </a>
Copy