ITWire reports: A flaw in systemd, the init system used on many Linux systems, can be exploited using a malicious DNS query to either crash a system or to run code remotely. The vulnerability resides in the daemon systemd-resolved and can be triggered using a TCP payload, according to Ubuntu developer Chris Coulson. This component can be tricked into allocating less memory than needed for a look-up. When the reply is bigger it overflows the buffer allowing an attacker to overwrite memory. This would result in the process either crashing or it could allow for code execution remotely. "A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," is how Coulson put it.
Affected Linux vendors have pushed out patches -- but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root.

prisoninmate quotes Softpedia: After seven weeks of announcing release candidate versions, Linus Torvalds today informs the Linux community through a mailing list announcement about the general availability of the Linux 4.12 kernel series. Development on the Linux 4.12 kernel kicked off in mid-May with the first release candidate, and now, seven weeks later we can finally get our hands on the final release... A lot of great improvements, new hardware support, and new security features were added during all this time, which makes it one of the biggest releases, after Linux 4.9...

Prominent features of the Linux 4.12 kernel include initial support for AMD Radeon RX Vega graphics cards, intial Nvidia GeForce GTX 1000 "Pascal" accelerated support, implementation of Budget Fair Queueing (BFQ) and storage-I/O schedulers, more MD RAID enhancements, support for Raspberry Pi's Broadcom BCM2835 thermal driver, a lot of F2FS optimizations, as well as ioctl for the GETFSMAP space mapping ioctl for both XFS and EXT4 filesystems.
Linus said in announcing the release that "I think only 4.9 ends up having had more commits," also noting that 4.9 was a Long Term Support kernel, whereas "4.12 is just plain big."

"There's also nothing particularly odd going on in the tree - it's all just normal development, just more of it than usual."

Thursday Lproven (Slashdot reader #6030) wrote: It appears that Ubuntu is using a feature it has added -- intended to insert headlines of breaking tech news (security alerts and so on) into the Message of the Day displayed at login to the console -- to display advertising and promotional messages.
The message in question linked to a Hacker Noon article titled "How HBO's Silicon Valley built 'Not Hotdog' with mobile TensorFlow, Keras & React Native." Later that day Dustin Kirkland, a Ubuntu Product Manager for the feature's design (and the Core Developer for its implementation) suggested the message had been mistaken for an ad, describing it on Hacker News as a "fun fact... an interesting tidbit of potpourri from the world of Ubuntu," and later saying it was intended like Google's doodles. "Last week's message actually announced an Ubuntu conference in Latin America. The week before, we linked to an article asking for feedback on Kubuntu. Before that, we announced the availability of Extended Security Maintenance updates for 12.04. And so on." He later confirmed Canonical received no money for the message, and also pointed out that the messages all come from an open source repository, and "You're welcome to propose your own messages for merging, if you have a well formatted, informative message for Ubuntu users."

Click through for a condensed version of the complete response by Dustin Kirkland, Ubuntu Product and Strategy at Canonical.

BrianFagioli writes: Not content with simply following Canonical and embracing vanilla GNOME, System76 has decided to take its future into its own hands. Today, the company releases the first alpha of an all-new Linux-based operating system called "Pop!_OS," which will eventually be the only OS pre-loaded on its computers. While it will still be based on Ubuntu and GNOME, System76 is tweaking it with its own style and included drivers. In other words, the company is better controlling the user experience, and that is smart.

"The Pop!_OS community is in its infancy. This is a fantastic time to engage with and help develop the processes and practices that will govern the future development of the operating system and its community. The team is currently opening up planning for the development roadmap, code of conduct, discussion forums, and the processes surrounding code contribution. Progress made on Pop!_OS has established an inviting, modern, and minimalist look and has improved the first-use experience including streamlining installation and user setup. Work on the first release, scheduled for October 19th, centers on appearance, stability, and overall tightness of the user experience followed by adding new features and greater customization ability," says System76. You can check out the project on GitHub here and download the alpha ISO here. For more information, the company has set up a subreddi.

Celarent Darii writes: There is a vulnerability in the latest ubuntu distributions due to the DNS resolver included in systemd. The inclusion of the dns resolver was lamented by many on the mailing list, not without cause. All are advised to update their distribution.

Linus Torvalds appeared in a new "fireside chat" with VMware Head of Open Source Dirk Hohndel. An anonymous reader writes: Linus explained what still surprises him about Linux development. "Code that I thought was stable continually gets improved. There are things we haven't touched for many years, then someone comes along and improves them or makes bug reports in something I thought no one used. We have new hardware, new features that are developed, but after 25 years, we still have old, very basic things that people care about and still improve... Our processes have not only worked for 25 years, we still have a very strong maintainer group... And as these maintainers get older and fatter, we have new people coming in."

Linus also says he's surprised by the widespread popularity of Git. "I expected it to be limited mostly to the kernel -- as it's tailored to what we do... In certain circles, Git is more well known than Linux." And he also shares advice if you want to get started as an open source developer. "I'm not sure my example is the right thing for people to follow. There are a ton of open source projects and, if you are a beginning programmer, find something you're interested in that you can follow for more than just a few weeks... If you can be part of a community and set up patches, it's not just about the coding, but about the social aspect of open source. You make connections and improve yourself as a programmer."
Linus also says that "I really like what I'm doing. I like waking up and having a job that is technically interesting and challenging without being too stressful so I can do it for long stretches; something where I feel I am making a real difference and doing something meaningful not just for me."

DeviceGuru writes: Results from LinuxGizmos.com's annual hacker-friendly single board computer survey are in, and not surprisingly, the Raspberry Pi 3 is the most desired maker SBC by a 4-to-1 margin. In other trends: x86 SBCs and Linux/Arduino hybrids have trended upwards. The site's popular hacker SBC survey polled 1,705 survey respondents and asked for their first, second, and third favorite SBCs from a curated list of 98 community oriented, Linux- and Android-capable boards. Spreadsheets comparing all 98 SBCs' specs and listing their survey vote tallies are available in freely downloadable Google Docs.
Other interesting findings:

• "A Raspberry Pi SBC has won in all four of our annual surveys, but never by such a high margin."
• The second-highest ranked board -- behind the Raspberry Pi 3 -- was the Raspberry Pi Zero W.
• "The Raspberry Pi's success came despite the fact that it offers some of the weakest open source hardware support in terms of open specifications. This, however, matches up with our survey responses about buying criteria, which ranks open source software support and community over open hardware support."
• "Despite the accelerating Raspberry Pi juggernaut, there's still plenty of experimentation going on with new board models, and to a lesser extent, new board projects."

msm1267 writes: Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root. Major Linux and open source distributors made patches available Monday, and systems running Linux, OpenBSD, NetBSD, FreeBSD or Solaris on i386 or amd64 hardware should be updated soon.

The risk presented by this flaw, CVE-2017-1000364, becomes elevated especially if attackers are already present on a vulnerable system. They would now be able to chain this vulnerability with other critical issues, including the recently addressed Sudo vulnerability, and then run arbitrary code with the highest privileges, said researchers at Qualys who discovered the vulnerability.

Phoronix is hosting a 2017 Linux Laptop Survey. From their site: While Linux laptop compatibility is much better than where it was years ago, it's still not too uncommon to run into display/hybrid issues, shorter battery life under Linux than Windows or macOS, touchpad problems, and other occasional compatibility/performance shortcomings. So we've established this Linux Laptop Survey in conjunction with Linux stakeholders to hopefully gather more feedback that will be useful to many different parties...
The survey will be online until July 6th, after which the results will be publicly available, and will determine the most popular brands, distros, screen sizes, and GPUs, as well as common pain points and popular price points. And one particularly interestng question asks respondents what they'd like to see in a "dream Linux laptop."

Linus Torvalds: What I find interesting is code that I thought was stable continually gets improved. There are things we haven't touched for many years, then someone comes along and improves them or makes bug reports in something I thought no one used. We have new hardware, new features that are developed, but after 25 years, we still have old, very basic things that people care about and still improve. I really like what I'm doing. I like waking up and having a job that is technically interesting and challenging without being too stressful so I can do it for long stretches; something where I feel I am making a real difference and doing something meaningful not just for me. I occasionally have taken breaks from my job. The 2-3 weeks I worked on Git to get that started for example. But every time I take a longer break, I get bored. When I go diving for a week, I look forward to getting back. I never had the feeling that I need to take a longer break.

Futurepower(R) writes: What is the best way to isolate a network from the internet and prevent intrusion of malware, while allowing carefully examined data transfer from internet-facing computers? An example of complete network isolation could be that each user would have two computers with a KVM switch and a monitor and keyboard, or two monitors and two keyboards. An internet-facing computer could run a very secure version of Linux. Any data to be transferred to that user's computer on the network would perhaps go through several Raspberry Pi computers running Linux; the computers could each use a different method of checking for malware. Windows computers on the isolated network could be updated using Autopatcher, so that there would never be a direct connection with the internet. Why not use virtualization? Virtualization does not provide enough separation; there is the possibility of vulnerabilities. Do you have any ideas about improving the example above?

jmv writes: The Opus audio codec, used in WebRTC and now included in all major web browsers, gets another major upgrade with the release of version 1.2. This release brings quality improvements to both speech and music, while remaining fully compatible with RFC 6716. There are also optimizations, new options, as well as many bug fixes. This Opus 1.2 demo describes a few of the upgrades that users and implementers will care about the most. It includes audio samples comparing to previous versions of the codec, as well as speed comparisons for x86 and ARM.

prisoninmate writes: Development of the Linux 4.14 kernel series did not even start, as the version that's being developed these days is Linux 4.12, which should be promoted to stable early next month, but Softpedia reports that renowned Linux kernel maintainer Greg Kroah-Hartman announced earlier this morning that the upcoming Linux 4.14 kernel series will be an LTS (Long Term Support) branch. The developer promises to support the Linux 4.14 kernel series for at least two years after its release in November 2017, probably until November 2019.

The Debian Project has been liveblogging today's release of Debian 9 (Stretch) using the Twitter hashtag #releasingstretch. Some of the announcements:

• The oldstable suite (wheezy) has now been renamed to oldoldstable
• Debian jessie now been renamed to oldstable!
• The Debian stretch suites have now been renamed to stable!
• The draft debian-devel-announce post is ready, archive docs are being cleaned up

This release is named after that purple octopus in Toy Story 3, and more tantalizing tidbits of information keep appearing on Debian's micronews site:

• At least 1436 people and 18 teams contributed to Debian in 2017
• Stretch has 25,357 source packages with 9,808,465 source files
• There were 13 different themes proposed to be the official Debian stretch theme
• Debian Stretch ships with the free mathematical software SageMath, you can install it with apt
• During the stretch development, 101 contributors became Debian Developers, and 94 more become Debian Maintainers
• Debian Stretch will ship with the first release of the Debian Astro Pure Blend [for astronomers]
• Debian Popularity Contest gathers anonymous statistics about Debian packages usage from about 195,000 reports

Reader sqorbit writes: Munich spent a lot of time (9 years) and a lot of money in shifting some 15,000 staff to a Linux-based OS. The plan now is to move to Windows 10 by 2021. Munich's Green Party is citing the WannaCry virus as a valid reason not to switch to Windows. "As with many of the biggest attacks, the computers that were mainly hit were running the Windows operating system," the Green Party said in a statement.

An anonymous reader quotes Hot Hardware: If you're a Raspberry Pi user who's never changed the default password of the "pi" user, then heed this warning: change it. A brand new piece of malware has hit the web, called "Linux.MulDrop.14", and it preys on those who haven't secured their devices properly... After scanning for RPis with an open (and default) SSH port, the "pi" user is logged into (if the password is left default), and the password is subsequently changed. After that, the malware installs ZMap and sshpass software, and then it configures itself. The ultimate goal of Linux.MulDrop.14 is to make digital money for someone else, namely the author of the malware, using your Raspberry Pi.

darthcamaro writes: Back in April, when Docker announced its LinuxKit effort, the primary focus appeared to just be [tools for] building a container-optimized Linux distribution. As it turns out, security is also a core focus -- with LinuxKit now incubating multiple efforts to help boost Linux kernel security. Among those efforts is the Wireguard next generation VPN that could one day replace IPsec. "Wireguard is a new VPN for Linux using the cryptography that is behind some of the really good secure messaging apps like Signal," said Nathan McCauley, Director of Security at Docker Inc.
According to the article, Docker also has several full-time employees looking at ways to reduce the risk of memory corruption in the kernel, and is also developing a new Linux Security Module with more flexible access control policies for processes.

An anonymous reader shares an article: Canonical is playing host to a 'fractional scaling hackfest' in its Taipei offices this week. Both GNOME developers and Ubuntu developers are in attendance, ready to wrestle with the aim: improve GNOME HiDPI support. Ubuntu's Unity desktop (I'm told, anyhow) plays fairly nice with high DPI monitors because the shell supports fractional scaling (though most apps, I believe, do not). Furthermore, users can tweak some high DPI settings to better suit their display(s). GNOME Shell also supports HiDPI monitors, but has, until now, been a little less flexible about it. "Currently, we only allow to scale windows by integral factors (typically 2). This proves somewhat limiting as there are many systems that are just in between the dpi ranges that are good for scale factor 2, or unscaled," the hackfest page explains.

An anonymous reader writes: Google has launched Chrome 59 for Windows, Mac, and Linux. Among the additions are native notifications on macOS, settings being revamped to follow Material Design, the Image Capture API, Headless Chrome, and more service worker improvements. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome.

BrianFagioli writes: Unfortunately, Kodi is not its own operating system, meaning it has to be run on top of an OS. Sure, you could use Windows 10, but that is overkill if you only want to run Kodi. Instead, a lightweight Linux distribution that only serves to run the media center is preferable. One of the most popular such distros is OpenELEC. It can run on traditional PC hardware, but also Raspberry Pi, and, my favorite — WeTek boxes. Today, version 8.0.4 achieves stable release. It is a fairly ho-hum update, focusing mostly on fixes and stability.

The team shares the following changes in the release.

- fix crash in WeTek DVB driver on WeTek Play (1st gen).
- enable Kernel NEON mode for RPi2 builds.
- enable some more SOC sound drivers for RPi/RPi2 builds.
- enable Regulator support on all builds.
- enable Extcon support on all builds.
- fix loading for some I2C sound modules on RPI/RPi2 builds.
- fix loading splash screen on systems with Nvidia GPUs.
- fix speed problems on Nvidia ION systems.
- fix problems loading dvbhdhomerun addons.
- fix using user created sleep scripts.
- build PNG support with SSE support for x86_64 builds.
- update to linux-4.9.30, mesa-17.0.7, alsa-lib-1.1.4.1, alsa-utils-1.1.4, kodi-17,3, mariadb-10.1.23, samba-4.6.4.