Posts

Linux kernel gets longer-term support, could be good new for Android devices

Image
There’s a major update to the Linux kernel released once every 70 days or so. If you’re using a Linux-based PC that’s probably good news, since you can look forward to new features and improved hardware support pretty frequently. But if you’re building an Android device, you’re probably going to look for something a bit more stable, which is why Android phones and tablets tend to ship with a Linux LTS (Long Term Support) kernel, which receives 2 years of support. Even that isn’t really very much though… since it takes a while to develop the software for an Android phone, so that LTS kernel is usually near the end of its support lifecycle by the time a phone ships… which means Google and its hardware and software partners are on the hook for providing support. That’s one of the reasons some phones receive few, if any software updates over time. Now Long Term Support is being extended from 2 years to 6… which could theoretically mean better long-term support for Android devices. ...
Post a Comment
Read more

2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw

Image
A bug in Linux kernel that was discovered two years ago, but was not considered a security threat at that time, has now been recognised as a potential local privilege escalation flaw. Identified as CVE-2017-1000253, the bug was initially  discovered  by Google researcher Michael Davidson in April 2015. Since it was not recognised as a serious bug at that time, the patch for this kernel flaw was not backported to long-term Linux distributions in kernel 3.10.77. However, researchers at Qualys Research Labs has now found that this vulnerability could be exploited to escalate privileges and it affects all major Linux distributions, including Red Hat, Debian, and CentOS. The vulnerability left "all versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable," Qualys said in an  advisory  ...
Post a Comment
Read more