DOCSLIB.ORG

Security: Patches, BIOS and EC Write Protection, Reproducible Builds (Diffoscope) and Coreboot

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security: Patches, BIOS and EC Write Protection, Reproducible Builds (Diffoscope) and Coreboot Published on Tux Machines (http://www.tuxmachines.org) Home > content > Security: Patches, BIOS and EC Write Protection, Reproducible Builds (DiffoScope) and Coreboot Security: Patches, BIOS and EC Write Protection, Reproducible Builds (DiffoScope) and Coreboot By Roy Schestowitz Created 25/07/2020 - 1:48am Submitted by Roy Schestowitz on Saturday 25th of July 2020 01:48:23 AM Filed under Security [1] Security updates for Friday [2] Security updates have been issued by Debian (qemu), Fedora (java-11-openjdk, mod_authnz_pam, podofo, and python27), openSUSE (cni-plugins, tomcat, and xmlgraphics- batik), Oracle (dbus and thunderbird), SUSE (freerdp, kernel, libraw, perl-YAML-LibYAML, and samba), and Ubuntu (libvncserver and openjdk-lts). Librem 14 Features BIOS and EC Write Protection [3] We have been focused on BIOS security at Purism since the beginning, starting with our initiative to replace the proprietary BIOS on our first generation laptops with the open source coreboot project. This was a great first step as it not only meant customers could avoid proprietary code in line with Purism?s social purpose, it also meant the BIOS on Purism laptops could be audited for security bugs and possible backdoors to help avoid problems like the privilege escalation bug in Lenovo?s AMI firmware. Our next goal in BIOS security was to eliminate, replace or otherwise bypass the proprietary Intel Management Engine (ME) in our firmware. We have made massive progress on this front and our Librem laptops, Librem Mini, and Librem Server all ship with an ME that?s been disabled and neutralized. After that we shifted focus to protecting the BIOS against tampering. We started by adding TPM chips to our laptops and began work on integrating the Heads tamper-evident firmware project into our overall boot security package we call PureBoot. Now customers can choose between our default coreboot BIOS or our ?PureBoot Bundle? when they place an order. The PureBoot Bundle also enabled us to enhance our anti-interdiction services and change it from a secret menu option to a drop-down choice both for customers facing stronger threats and those who just want more peace of mind. Reproducible Builds (diffoscope): diffoscope 153 released [4] The diffoscope maintainers are pleased to announce the release of diffoscope version 153. This version includes the following changes: [ Chris Lamb ] * Drop some legacy argument styles; --exclude-directory-metadata and --no-exclude-directory-metadata have been replaced with --exclude-directory-metadata={yes,no}. * Code improvements: - Make it easier to navigate the main.py entry point. - Use a relative import for get_temporary_directory in diffoscope.diff. - Rename bail_if_non_existing to exit_if_paths_do_not_exist. - Rewrite exit_if_paths_do_not_exist to not check files multiple times. * Documentation improvements: - CONTRIBUTING.md: - Add a quick note about adding/suggesting new options. - Update and expand the release process documentation. - Add a reminder to regenerate debian/tests/control. - README.rst: - Correct URL to build job on Jenkins. - Clarify and correct contributing info to point to salsa.debian.org. There's An Effort By A System76 Engineer To Bring Coreboot To Newer AMD Platforms [5] With System76 working towards offering more AMD Linux laptop options as well as continuing to expand their line-up of AMD desktop offerings, it appears their next hurdle is on bringing Coreboot to these current-generation AMD platforms. System76 principal engineer Jeremy Soller who is also known for his work on the Rust- written Redox OS has initiated the effort on porting Coreboot to AMD Matisse and Renoir platforms. [...] In any case, we are eager to see Coreboot support eventually come to these modern AMD platforms so stay tuned to Phoronix for reports on the progress. Security Source URL: http://www.tuxmachines.org/node/140260 Links: [1] http://www.tuxmachines.org/taxonomy/term/59 [2] https://lwn.net/Articles/826965/rss [3] https://puri.sm/posts/librem-14-features-bios-and-ec-write-protection/ [4] https://diffoscope.org/news/diffoscope-153-released/ [5] https://www.phoronix.com/scan.php?page=news_item&px=System76-New-Coreboot-AMD.
Load more

Recommended publications
  • Rawkit Documentation Release 0.6.0
    rawkit Documentation Release 0.6.0 Cameron Paul, Sam Whited Sep 20, 2018 Contents 1 Requirements 3 2 Installing rawkit 5 3 Getting Help 7 4 Tutorials 9 5 Architecture and Design 13 6 API Reference 15 7 Indices and tables 73 Python Module Index 75 i ii rawkit Documentation, Release 0.6.0 Note: rawkit is still alpha quality software. Until it hits 1.0, it may undergo substantial changes, including breaking API changes. rawkit is a ctypes-based set of LibRaw bindings for Python inspired by Wand. It is licensed under the MIT License. from rawkit.raw import Raw from rawkit.options import WhiteBalance with Raw(filename='some/raw/image.CR2') as raw: raw.options.white_balance= WhiteBalance(camera=False, auto=True) raw.save(filename='some/destination/image.ppm') Contents 1 rawkit Documentation, Release 0.6.0 2 Contents CHAPTER 1 Requirements • Python – CPython 2.7+ – CPython 3.4+ – PyPy 2.5+ – PyPy3 2.4+ • LibRaw – LibRaw 0.16.x (API version 10) – LibRaw 0.17.x (API version 11) 3 rawkit Documentation, Release 0.6.0 4 Chapter 1. Requirements CHAPTER 2 Installing rawkit First, you’ll need to install LibRaw: • libraw on Arch • LibRaw on Fedora 21+ • libraw10 on Ubuntu Utopic+ • libraw-bin on Debian Jessie+ Now you can fetch rawkit from PyPi: $ pip install rawkit 5 rawkit Documentation, Release 0.6.0 6 Chapter 2. Installing rawkit CHAPTER 3 Getting Help Need help? Join the #photoshell channel on Freenode. As always, don’t ask to ask (just ask) and if no one is around: be patient, if you part before we can answer there’s not much we can do.
    [Show full text]
  • The Showfoto Handbook the Showfoto Handbook
    The Showfoto Handbook The Showfoto Handbook 2 Contents 1 Introduction 13 1.1 Background . 13 1.1.1 About Showfoto . 13 1.1.2 Reporting Bugs . 13 1.1.3 Support . 13 1.1.4 Getting Involved . 13 1.2 Supported Image Formats . 14 1.2.1 Introduction . 14 1.2.2 Still Image Compression . 14 1.2.3 JPEG . 14 1.2.4 TIFF . 15 1.2.5 PNG . 15 1.2.6 PGF . 15 1.2.7 RAW . 15 2 The Showfoto sidebar 17 2.1 The Showfoto Right Sidebar . 17 2.1.1 Introduction to the Right Sidebar . 17 2.1.2 Properties . 17 2.1.3 Metadata . 18 2.1.3.1 EXIF Tags . 19 2.1.3.1.1 What is EXIF . 19 2.1.3.1.2 How to Use EXIF Viewer . 19 2.1.3.2 Makernote Tags . 20 2.1.3.2.1 What is Makernote . 20 2.1.3.2.2 How to Use Makernote Viewer . 20 2.1.3.3 IPTC Tags . 20 2.1.3.3.1 What is IPTC . 20 2.1.3.3.2 How to Use IPTC Viewer . 21 2.1.3.4 XMP Tags . 21 2.1.3.4.1 What is XMP . 21 2.1.3.4.2 How to Use XMP Viewer . 21 2.1.4 Colors . 21 The Showfoto Handbook 2.1.4.1 Histogram Viewer . 21 2.1.4.2 How To Use an Histogram . 23 2.1.5 Maps . 25 2.1.6 Captions . 26 2.1.6.1 Introduction .
    [Show full text]
  • Red Hat Enterprise Linux 7 7.8 Release Notes
    Red Hat Enterprise Linux 7 7.8 Release Notes Release Notes for Red Hat Enterprise Linux 7.8 Last Updated: 2021-03-02 Red Hat Enterprise Linux 7 7.8 Release Notes Release Notes for Red Hat Enterprise Linux 7.8 Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Red Hat Enterprise Linux 7 7.9 Release Notes
    Red Hat Enterprise Linux 7 7.9 Release Notes Release Notes for Red Hat Enterprise Linux 7.9 Last Updated: 2021-08-17 Red Hat Enterprise Linux 7 7.9 Release Notes Release Notes for Red Hat Enterprise Linux 7.9 Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Linux Box — Rev
    Linux Box | Rev Howard Gibson 2021/03/28 Contents 1 Introduction 1 1.1 Objective . 1 1.2 Copyright . 1 1.3 Why Linux? . 1 1.4 Summary . 2 1.4.1 Installation . 2 1.4.2 DVDs . 2 1.4.3 Gnome 3 . 3 1.4.4 SElinux . 4 1.4.5 MBR and GPT Formatted Disks . 4 2 Hardware 4 2.1 Motherboard . 5 2.2 CPU . 6 2.3 Memory . 6 2.4 Networking . 6 2.5 Video Card . 6 2.6 Hard Drives . 6 2.7 External Drives . 6 2.8 Interfaces . 7 2.9 Case . 7 2.10 Power Supply . 7 2.11 CD DVD and Blu-ray . 7 2.12 SATA Controller . 7 i 2.13 Sound Card . 8 2.14 Modem . 8 2.15 Keyboard and Mouse . 8 2.16 Monitor . 8 2.17 Scanner . 8 3 Installation 8 3.1 Planning . 8 3.1.1 Partitioning . 9 3.1.2 Security . 9 3.1.3 Backups . 11 3.2 /usr/local . 11 3.3 Text Editing . 11 3.4 Upgrading Fedora . 12 3.5 Root Access . 13 3.6 Installation . 13 3.7 Booting . 13 3.8 Installation . 14 3.9 Booting for the first time . 17 3.10 Logging in for the first time . 17 3.11 Updates . 18 3.12 Firewall . 18 3.13 sshd . 18 3.14 Extra Software . 19 3.15 Not Free Software . 21 3.16 /opt . 22 3.17 Interesting stuff I have selected in the past . 22 3.18 Window Managers . 23 3.18.1 Gnome 3 .
    [Show full text]
  • Cyber Intelligence Report
    05-27 Weekly Awareness Report (WAR) May 27, 2019 The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threats and other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at both business and political targets. Attack vectors include system compromise, social engineering, and even traditional espionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk. Summary Symantec ThreatCon Low: Basic network posture This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used. Sophos: last 10 Malware Last 10 PUAs * Troj/VBInj-TW * IStartSurfInstaller * Troj/Mdrop-IQG * iMyMac * Troj/Ransom-FKW * Bundlore * Troj/Inject-ECZ * VR Brothers * JS/Drop-BAK * AddDrop Bundled Installs * Troj/Inject-ECY * Genieo * Troj/DocDl-TXE * Lalaker1 Game Hacker * Troj/DocDl-TXC * DealPly Updater * Troj/Stealer-QR * 4Share Downloader * Troj/Phish-FEK * UltraDownloader Interesting News * IT threat evolution Q1 2019 Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019. * * The IWC Cyber Range is scheduled to release a new version May 1st. Ghidra and Grass Marlin are now installed along with several more Red/Blue Team tools. If you are interested, we have an active FaceBook Group and YouTube Channel.
    [Show full text]
  • Using a Virtual Machine and a X Server to (Almost) Use Siril on Windows
    Using a virtual machine and a X server to (almost) use Siril on Windows Mathieu Bertholet 23/10/2015 Rev. 00 – Initial Version Summary Overview ............................................................................................................................................3 Download the Ubuntu installation ......................................................................................................3 Install VirtualBox.................................................................................................................................4 Creating our virtual machine. ..............................................................................................................5 Installing our virtual machine ............................................................................................................ 11 Change the network parameters of your virtual machine : ........................................................ 13 Let’s install Siril in hapiness ............................................................................................................... 14 Install pre requisites ...................................................................................................................... 14 Install Siril ..................................................................................................................................... 14 MobaXterm Installation .................................................................................................................... 16 Copy
    [Show full text]
  • Mcafee Foundstone Fsl Update
    2017-SEP-28 FSL version 7.5.963 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 22461 - (APSB17-30) Vulnerabilities In Adobe ColdFusion Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-11283, CVE-2017-11284, CVE-2017-11285, CVE-2017-11286 Description Multiple vulnerabilities are present in some versions of Adobe ColdFusion. Observation Adobe ColdFusion is a web application development platform. Multiple vulnerabilities are present in some versions of Adobe ColdFusion. The flaws lie in multiple components. Successful exploitation could allow an attacker to obtain sensitive information, or execute arbitrary code. The update provided by Adobe bulletin APSB17-30 resolves these issues. The target system appears to be missing this update. 22492 - Schneider Electric InduSoft Web Studio Missing Authentication Vulnerability Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-13997 Description A vulnerability in some versions of Schneider Electric InduSoft Web Studio could lead to a remote code execution. Observation InduSoft Web Studio is a tool to build SCADA (Supervisory Control And Data Acquisition) or HMI (Human-Machine Interface) applications. A vulnerability in some versions of Schneider Electric InduSoft Web Studio could lead
    [Show full text]
  • Mcafee Foundstone Fsl Update
    2019-JAN-04 FSL version 7.6.88 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 24552 - (HPESBHF03906) HPE Intelligent Management Center Multiple Vulnerabilities Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-7114, CVE-2018-7115, CVE-2018-7116 Description Multiple vulnerabilities are present in some versions of HPE Intelligent Management Center. Observation HPE Intelligent Management Center (iMC) is an enterprise-class network management platform. Multiple vulnerabilities are present in some versions of HPE Intelligent Management Center. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a denial of service, cause buffer overflow or execute arbitrary code on the target system. 147517 - SuSE Linux 15.0 openSUSE-SU-2018:4306-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-16873, CVE-2018-16874, CVE-2018-16875, CVE-2018-7187 Description The scan detected that the host is missing the following update: openSUSE-SU-2018:4306-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2018-12/msg00154.html SuSE Linux 15.0 i586 go-1.10.4-lp150.2.7.1 go-doc-1.10.4-lp150.2.7.1
    [Show full text]
  • Piekarski-Tutorial-L
    Tutorial Notes – Building User Interfaces With Video and 3D Graphics For Fun and Profit! Building User Interfaces With Video and 3D Graphics For Fun and Profit! Tutorial Notes Linux Conf Au 2005 Canberra, ACT, Australia By Wayne Piekarski [email protected] http://www.tinmith.net/wayne Wearable Computer Lab School of Computer and Information Science The University of South Australia Wayne Piekarski – Linux Conf Au – Canberra, ACT – April 2005 1 Tutorial Notes – Building User Interfaces With Video and 3D Graphics For Fun and Profit! Abstract With the availability of cheap video capture and 3D graphics hardware on most desktop computers, we now have the ability to investigate new ways of interaction that were previously beyond the reach of the average hobbyist at home. Rather than viewing everything on a 2D desktop, what possibilities exist for viewing information in 3D? Instead of using a keyboard and mouse, what other more intuitive ways are there to interact with a 3D environment? This tutorial gives an introduction to some of the less mainstream possibilities that are available on your Linux PC running at home right now. Linux is an ideal platform for performing this type of work with, since there is a wide range of existing source code which can be extended in any way that you can imagine. The purpose of this tutorial is to encourage developers to think of new possibilities for input devices and user interfaces for their computers. In order to support this, I will also cover some of the less used and understood subsystems available under Linux, including the DRI and OpenGL 3D interfaces in XFree86, accessing video cameras using Video4Linux and the 1394 Firewire drivers, using free libraries such as ARToolkit for 3D object tracking, libraries such as OpenCV for vision recognition, and scene graph libraries for rendering 3D graphics.
    [Show full text]
  • OSSIM 1 Build Guide
    OSSIM 1 Build guide OSSIM Build Instructions Version 1.4 27 Sep 2010 RadiantBlue Technologies, Inc. 516 East New Haven Ave. Melbourne, FL 32901 www.radiantblue.com www.ossim.org OSSIM 2 Build guide Table of Contents 1 INTRODUCTION ...........................................................................................................................................................2 1.1 OBTAINING THE SOURCE...............................................................................................................................................................2 1.2 STANDARD ENVIRONMENT VARIABLES .....................................................................................................................................3 1.3 MODULES AND THEIR DEPENDENCIES........................................................................................................................................4 1.4 COMPILE VARIABLES......................................................................................................................................................................4 2 COMPILING THE LIBRARIES ....................................................................................................................................6 2.1 BUILDING ON UNIX FLAVOR SYSTEMS INCLUDING MACS......................................................................................................7 2.2 BUILDING ON WINDOWS...............................................................................................................................................................8
    [Show full text]
  • Mcafee Foundstone Fsl Update
    2020-JUL-30 FSL version 7.6.168 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 26730 - WebSphere Application Server Remote Code Execution Vulnerability (CVE-2020-4450) Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-4450 Description A vulnerability is present in some versions of IBM WebSphere Application Server. Observation IBM WebSphere Application Server is a server engine for Java EE Web applications. A vulnerability is present in some versions of IBM WebSphere Application Server. The flaw is in the handling of some specially-crafted sequence of serialized objects. Successful exploitation could allow an attacker to execute arbitrary code on the target. 26850 - Security Vulnerabilities Fixed In Firefox 78 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-12402, CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020- 12420, CVE-2020-12421, CVE-2020-12422, CVE-2020-12423, CVE-2020-12424, CVE-2020-12425, CVE-2020-12426 Description Multiple vulnerabilities are present in some versions of Mozilla Firefox. Observation Mozilla Firefox is a popular web browser. Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in several components. Successful exploitation could allow an attacker to cause a denial of service condition, disclosure of sensitive information or execute arbitrary code on the target system. 26858 - Security Vulnerabilities Fixed In Firefox ESR 68.10 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421 Description Multiple vulnerabilities are present in some versions of Mozilla Firefox ESR.
    [Show full text]