[ $ ] LWN.net Weekly Edition for February 15, 2024 Posted Feb 15, 2024 0:44 UTC (Thu) The LWN.net Weekly Edition for February 15, 2024 is available. Inside this week's LWN.net Weekly Edition Front : Kernel CVE numbers; KDE and X11 in Fedora; Runc breakout; RDSEED; Dynamic linking; Gnuplot 6. Briefs : New CNAs: glibc and the kernel; DRM-CI; Fedora Atomic; LineageOS 21; RIP Gunnar Hjalmarsson; Quotes; ... Announcements : Newsletters, conferences, security updates, patches, and more. Read more [ $ ] KDE Plasma
Full Story ( comments: 8 ) [ $ ] A turning point for CVE numbers [Security] Posted Feb 14, 2024 17:05 UTC (Wed) by corbet The Common Vulnerabilities and Exposures (CVE) system was set up in 1999 as a way to refer unambiguously to known vulnerabilities in software. That system has found itself under increasing strain over the years, and numerous projects have responded by trying to assert greater control over how CVE numbers are assigned for their code. On February 13, though, a big shoe dropped when the Lin
Full Story ( comments: 9 ) [ $ ] Another runc container breakout [Security] Posted Feb 12, 2024 15:57 UTC (Mon) by jzb Once again, runc —a tool for spawning and running OCI containers—is drawing attention due to a high severity container breakout attack . This vulnerability is interesting for several reasons: its potential for widespread impact, the continued difficulty in actually containing containers, the dangers of running containers as a privileged user, and the fact that this vulnerability is made pos