Cisco Confirms 88 Products Vulnerable to FragmentStack Bug, KDE neon Rebased on Ubuntu 18.04 LTS, GNOME 3.30.1 Released, Rust Announces Version 1.29.1 and Mozilla Launches Firefox Monitor
News briefs for September 26, 2018.
Cisco confirms that 88 of its products that rely on the Linux kernel are vulnerable to the FragmentStack bug. According to ZDNet, "the bug can saturate a CPU's capacity when under a low-speed attack using fragmented IPv4 and IPv6 packets, which could cause a denial-of-service condition on the affected device." Affected products include "Nexus switches, Cisco IOS XE software, and equipment from its lines of Unified Computing and Unified Communications brands, several TelePresence products, and a handful of wireless access points."
The KDE neon team announces the rebase of its packages onto Ubuntu 18.04 LTS "Bionic Beaver" and encourages users to upgrade now. You also can download a clean installation from here.
GNOME 3.30.1 has been released. This release contains only bugfixes. If you want to compile it, you can use the BuildStream project snapshot. See the list of updated modules and changes here.
The Rust Team yesterday announced Rust
1.29.1. This new version fixes a security vulnerability in the standard
library "where if a large number was passed to str::repeat
, it could cause a
buffer overflow after an integer overflow. If you do not call the
str::repeat
, function you are not affected." See the release
notes on GitHub for all the details.
Mozilla yesterday launched Firefox Monitor, a free service that alerts you if you've been part of a data breach. Enter your email at Firefox Monitor for a basic scan.