My thoughts on Slackware, life and everything

Tag: cve (Page 7 of 21)

November ’19 release of OpenJDK 8

icedteaToday, icedtea-3.14.0 was released. IcedTea is a software build framework which allows easy compilation of OpenJDK.

The new IcedTea release will build you the latest Java8:  OpenJDK 8u232_b09. This release syncs the OpenJDK support in IcedTea to the official October 2019 security fixes that Oracle released for Java. The release announcement in the mailing list for distro packagers has details about all the security issues and vulnerabilities that are addressed.

I have built Slackware packages for the new Java 8 Update 232 and uploaded them already. Please upgrade at your earliest convenience. Java is still widespread which makes it a popular target for vulnerability attacks.

Here is where you can download the Slackware packages for openjdk and openjre:

If you want to compile OpenJDK 8 yourself you will need apache-ant as well, but otherwise the openjdk/openjre packages have no external dependencies.

Note about usage:

My Java 7 and Java 8 packages (e.g. openjdk7 and openjdk… or openjre7 and openjre) can not co-exist on your computer because they use the same installation directory. You must install either Java 7 or Java 8.

Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

Enjoy! Eric

Chromium 78 for Slackware

This week, Google released the first 78 version in the “stable” channel of their Chromium sources – the basis of Chrome, Opera, Vivaldi and even the Edge browsers, and of course the Chromium open-source browser itself. The release notes contain a fairly long list of security issues (CVE’s) which were taken care of.

I built packages for you today, so that you can enjoy the latest&greatest Chromium browser on Slackware 14.2 or -current.

 

What’s new in Chromium 78?

  • Tab hover cards. If you have a multitude of browser tabs open, it becomes difficult to recognize which tab has what page open. From now on, if you move your mouse over a tab you will see a small ‘hover card’ showing the title and the hostname of the page you have open in there.
  • Dark mode. You can now force ‘dark mode’ on every web site, whether the web site supports it or not. The web site code is not changed at all, and Chromium will perform a smart color inversion. You can choose between several algorithms. This is an experimental feature still, so you will have to enable it via chrome://flags like so:
    chrome://flags/#enable-force-dark
  • Chrome Password Safety tool which was available as an extension since February of this year has now been folded into the core of the browser. This feature will inform you of weak, leaked or re-used passwords in your list of saved passwords. Later on, Google is going to add functionality that will warn you when you try to use a password which is leaked online – even if you do not save your passwords in the browser.
    Still an experimental feature in this version of Chromium, you will have to enable it first via chrome://flags:

    chrome://flags/#password-leak-detection
  • A new extended menu which appears if you click “customize” in the lower right corner of the ‘new tab‘ page. Decorate the ‘new tab’ with your own background image or a different theme. This is still an experimental functionality so you have to enable it explicitly via chrome://flags :
    chrome://flags/#ntp-customization-menu-v2
    chrome://flags/#chrome-colors
  • Just missed the deadline for Chrome 78:
    DNS-over-HTTPS (DoH): Google has started a field test of its newly developed technology to tunnel your DNS queries through regular HTTPs requests. This security feature will be invaluable to those of you who do not want to risk 3rd parties to sniff your DNS requests for instance on a public Wi-Fi network. It will also prevent potential DNS spoofing attacks.
    This  Google blog article about DoH explains the caveats of using their implementation and the difference with the Mozilla Firefox implementation of DoH. Firefox enables DoH by ecapsulating your DNS requests in HTTPs and sending those to a CloudFlare server, while Chrome honours your existing DNS configuration (like paternal controls and safe browsing). The Chrome browser will check if your DNS provider is among a list of DoH-compatible providers, and swiches to your DNS provider’s equivalent DoH service. If the DNS provider isn’t in the list, Chrome will keep using regular DNS requests. Therefore, you’ll have to actively check whether this feature is going to work for you.
    As said, that same blog page mentions that this feature did not make Chrome 78 at the last moment.
    Also good to know is that the field trial is only going to be enabled for a small percentage of Chrome users (and not on Linux or iOS at all) – once it gets enabled. Not sure if this is going to be available to all of us Linux Chromium users any time soon.

Enjoy the new browser release!

Eric

Chromium updated

Here is yet another update for Chromium 77.

The latest release fixes 8 vulnerabilities, several of them high-risk. You can read all about it in the Google announcement.

The packages (for Slackware 14.2 and -current) can be found on my site or any mirror (e.g. http://slackware.uk/people/alien/slackbuilds/chromium/). It’s highly advised to upgrade.

And remember to upgrade to my latest Chromium Widevine plugin package if you want to enjoy Amazon Prime, Hulu and Netflix movie streaming in your favorite browser.

Enjoy! Eric

Chromium critical security update

Earlier this week I already provided a Chromium update in my Slackware repository. That update addressed a critical security issue in the media playback plugin whereby an attacker was able to take over your computer remotely, simply by letting you load an infected page.

But then another critical vulnerability was discovered and two days ago a new Chromium source was released to take care of this security hole in the User Interface code. The new version of Chromium is 77.0.3865.90 and of the four mentioned vulnerabilities on the website, one is a remote-takeover issue.

The packages (for Slackware 14.2 and -current) can be found on my site or any mirror (e.g. http://slackware.uk/people/alien/slackbuilds/chromium/). Please update at your earliest convenience.

Enjoy! Eric

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑