Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror

Submission + - Google and Intel Warn of High-Severity Bluetooth Security Bug In Linux (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Google and Intel are warning of a high-severity Bluetooth flaw in all but the most recent version of the Linux Kernel. While a Google researcher said the bug allows seamless code execution by attackers within Bluetooth range, Intel is characterizing the flaw as providing an escalation of privileges or the disclosure of information. The flaw resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. Besides Linux laptops, it's used in many consumer or industrial Internet-of-things devices. It works with Linux versions 2.4.6 and later. So far, little is known about BleedingTooth, the name given by Google engineer Andy Nguyen, who said that a blog post will be published “soon.” A Twitter thread and a YouTube video provide the most detail and give the impression that the bug provides a reliable way for nearby attackers to execute malicious code of their choice on vulnerable Linux devices that use BlueZ for Bluetooth.

Intel, meanwhile, has issued this bare-bones advisory that categorizes the flaw as privilege-escalation or information-disclosure vulnerability. The advisory assigned a severity score of 8.3 out of a possible 10 to CVE-2020-12351, one of three distinct bugs that comprise BleedingTooth. “Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure,” the advisory states. “BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities.” Intel, which is a primary contributor to the BlueZ open source project, said that the most effective way to patch the vulnerabilities is to update to Linux kernel version 5.9, which was published on Sunday. Those who can’t upgrade to version 5.9 can install a series of kernel patches the advisory links to. Maintainers of BlueZ didn’t immediately respond to emails asking for additional details about this vulnerability.

Submission + - Tesla Investigates After Parked Model S Appears To Explode In China (cnn.com)

Submitted by dryriver
dryriver writes: CNN reports on CCTV footage from China showing a parked Model S bursting violently into flames: "Tesla is investigating after one of its vehicles appeared to explode in China. A short video of surveillance footage posted on Chinese social media site Weibo (WB) showed white smoke emerging from what looks like a white Tesla car parked at a lot in Shanghai. After a few seconds, the electric vehicle bursts into flames and the clip ends soon afterward. The video, which was filmed just after 8:15 pm local time on April 21, appears to show a Tesla Model S sedan. It was posted on Chinese social media a couple of hours later and has since been shared widely. The clip attracted a mix of derision and outrage on Weibo. 'Us car owners demand an explanation,' wrote user Miao Hongyang. 'Jeopardizing our safety in a moment's instant and the fact it ignited so quickly is something we will not tolerate.' Another Weibo user registered under the name Your Dad, added: "One thing I've learned from this incident: from now on, don't ever park next to a Tesla.'"
Games

Valve Starts Promoting Steam For Linux To Windows Users 474

Posted by samzenpus from the you-might-also-like dept.
An anonymous reader writes "Steam is now being used by thousands of gamers running a Linux OS, and Valve has got to the point where they are happy to start urging Windows users to make the switch. Proof of that comes from a 'Join the Beta' promotion on the homepage of Steam suggesting you try Steam for Linux. There's even a download link to get Ubuntu 12.04 LTS, which removes yet another barrier to entry. With Gabe Newell's clear hatred of Windows 8, this shouldn't be a surprising move. We aren't going to see another version of Windows appear for a few years, so in Valve's eyes pushing Linux to gamers makes a lot of sense."

Comment Better Than Before (Score 2) 58

by ronark (#42549011) Attached to: OpenStreetMap Hits One Million Registered Users

Haven't been there in a while. The accuracy in my area (NEPA) was terrible. I had made some improvements, but became discouraged when someone reverted them to mimic what was on Google Maps. Google Maps in horrific in the NEPA area, so I was upset that my work was destroyed by someone who would just blatantly copy. After visiting today, it was nice to see that the NEPA area has been significantly improved. It is much more up to date than my Garmin at this point. It would be nice to get OSM on the thing if the accuracy is improving the way that it has for me. An encouraging project, I just hope that it doesn't get killed by the complaints that routinely get leveraged against Wikipedia.
GNU is Not Unix

Linux 3.4 Released 385

Posted by timothy from the latest-in-a-long-long-run dept.
jrepin writes with news of today's release (here's Linus's announcement) of Linux 3.4: "This release includes several Btrfs updates: metadata blocks bigger than 4KB, much better metadata performance, better error handling and better recovery tools. There are other features: a new X32 ABI which allows to run in 64 bit mode with 32 bit pointers; several updates to the GPU drivers: early modesetting of Nvidia Geforce 600 'Kepler', support of AMD RadeonHD 7xxx and AMD Trinity APU series, and support of Intel Medfield graphics; support of x86 cpu driver autoprobing, a device-mapper target that stores cryptographic hashes of blocks to check for intrusions, another target to use external read-only devices as origin source of a thin provisioned LVM volume, several perf improvements such as GTK2 report GUI and a new 'Yama' security module."

Comment Re:Freedom (Score 1) 569

by ronark (#29718707) Attached to: BSA Says 41% of Software On Personal Computers Is Pirated

> ZinePaint

Never heard of it, which is a problem with FLOSS software, it doesn't get the same marketing.

> Font Forge

Fontlab Studio. Never tried it, but it came up in Google on my first search.

> Pidgin

Pidgin is crap for one, but not the question. Trillian is much better, and both free and non-free.

> Firefox

Slow but not the question (Chrome or Iron are great). There are no non-free browsers of significance.

> Apache (Duh, IIS isn't)

That's your opinion, which is worthless. Apache can't do ASP.NET so it doesn't compare to IIS. IIS7 is excellent by the way, try it. I prefer Apache for some things, IIS for another, as each has its strengths (IIS being great internally where it's less open).

> SQLite

Using SQLite will prevent a company from getting government contracts. Government agencies want SQL Server because it is remote (SQLite is machine local), and is in fact highly secure for their purposes (my company has a lot of experience in this department).

> Windows as a server OS?

Windows Server 2003 and 2008/R2 are fine if you know how to set them up (same as Linux/UNIX/Solaris). You need Windows Server for Exchange and AD, Samba simply isn't there yet for large organizations with multi-domain setups and integrated Exchange (again, my company's experience is here). I do hope Samba gets there someday and for a free Exchange alternative that does email, calendar, meetings, scheduling, etc.

> Without LVM and software RAID?

Don't do software RAID. Do hardware RAID with SAS. I don't bother with LVM, it isn't necessary in any setup I've ever seen.

> Solaris with ZFS...

Is dying, and can't support a Windows network setup. I only use Solaris in Windows environments for DNS and routing.

> I'm a troll today

That's fine, just take it easy and remember that Linux and FLOSS are not the solution to every problem and simply never will be.
Google

Sony To Put Chrome On Laptops 278

Posted by CmdrTaco from the what-happened-to-firefox dept.
consonant writes "FT is reporting that Google has reached a deal with Sony to ship Chrome on the Vaio line of PCs. Google confirmed that Sony PCs carrying Chrome had started to go on sale and said it was in talks for similar deals with other computer makers. It said the arrangement was 'experimental' and part of wider efforts to boost distribution, including a deal to make Chrome available to internet users who download the RealPlayer software and the company's first use of television advertising. While mainstream media coverage and financial details were very sparse, El Reg terms it a 'Microsoft-snubbing deal.' Google also mentioned it was pushing for similar deals with other vendors. Could this spell the beginning of the end for IE?"
Microsoft

Microsoft Office 2007 to Support ODF - But Not OOXML 377

Posted by timothy from the such-strange-goings-on dept.
Andy Updegrove writes "About two hours ago, Microsoft announced that it will update Office 2007 to natively support ODF 1.1, but not to implement its own OOXML format. Not until Office 14 is released (no date given so far for that) will anyone be able to buy an OOXML ISO-compliant version. Why will Microsoft do this after so many years of refusal? Perhaps because the only way it can deliver a product to government customers that meets an ISO/IEC document format standard is by finally taking the plunge, and supporting 'that other format.' Still, many questions remain, such as when this upgrade will actually be released, how good a job it will do, and whether the API Microsoft has said it will make available to permit developers to supply 'save to ODF' default plugins will be supported by a patent non-assertion promise allowing implementations under the GPL (the upgrade supplied by Microsoft will not allow ODF as the default setting)."

Slashdot Top Deals

Parkinson's Law: Work expands to fill the time alloted it.

Close