Sponsored Links

Canonical Patches Ancient “Dirty COW” Kernel Bug in All Supported Ubuntu OSes

The kernel vulnerability could be used by a local attacker to run programs as an administrator, and it looks like it also affects all supported Ubuntu releases, including Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin), as well as all of their official or unofficial derivatives running the same kernel builds.
Canonical urged all users to patch their systems immediately by installing linux-image-4.8.0-26 (4.8.0-26.28) for Ubuntu 16.10, linux-image-4.4.0-45 (4.4.0-45.66) for Ubuntu 16.04 LTS, linux-image-3.13.0-100 (3.13.0-100.147) for Ubuntu 14.04 LTS, and linux-image-3.2.0-113 (3.2.0-113.155) for Ubuntu 12.04 LTS, as well as linux-image-4.4.0-1029-raspi2 (4.4.0-1029.36) for Ubuntu 16.04 LTS for Raspberry Pi 2.
The Xenial HWE kernel for Ubuntu 14.04 LTS was updated as well today, to version linux-image-4.4.0-45 (4.4.0-45.66~14.04.1), and the Trusty HWE kernel for Ubuntu 12.04 LTS to version linux-image-3.13.0-100 (3.13.0-100.147~precise1).

Source: http://news.softpedia.com/news/canonical-patches-ancient-dirty-cow-kernel-bug-in-all-supported-ubuntu-oses-509507.shtml
Submitted by: Arnfried Walbrecht

FakeFile Trojan Opens Backdoors on Linux Computers, Except openSUSE

Russian antivirus vendor Dr.Web discovered this new trojan in October. The company’s malware analysts say the trojan is spread in the form of an archived PDF, Microsoft Office, or OpenOffice file.
The infection starts when users open the file. The trojan springs into action by copying itself to “/.gconf/apps/gnome-common/gnome-common” and then opens a decoy document, hence his name of “FakeFile.”
The trojan also adds a shortcut to itself in the user’s .profile and .bash_profile files, which allows it to gain boot persistence between PC reboots.
According to clues found in the trojan’s source, the trojan can perform a series of actions, such as rename or delete files, send a file or a folder’s entire content to the C&C server, send a list of files found in a folder to the C&C server, or create new files and folders.
The most worrisome part is that FakeFile doesn’t need root access for all these operations, and can work just fine with the current user’s permissions.

Source: http://news.softpedia.com/news/fakefile-trojan-opens-backdoors-on-linux-computers-except-opensuse-509526.shtml
Submitted by: Arnfried Walbrecht

Linux users urged to protect against ‘Dirty COW’ security flaw

Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW’. This follows a warning from open source software vendor Red Hat that the flaw is being exploited in the wild. Phil Oester, the Linux security researcher who uncovered the flaw, explained to V3 that the exploit is easy to execute and will almost certainly become more widely used. “The exploit in the wild is trivial to execute, never fails and has probably been around for years – the version I obtained was compiled with gcc 4.8,” he said. “As Linus [Torvalds] notes in his commit, this is an ancient bug and impacts kernels going back many years. All Linux users need to take this bug very seriously, and patch their systems ASAP.” Oester said that he uncovered the exploit for the bug, which has been around since 2007, while examining a server that appeared to have been attacked.

Source: http://www.v3.co.uk/v3-uk/news/2474845/linux-users-urged-to-protect-against-dirty-cow-security-flaw
Submitted by: Arnfried Walbrecht

Managing your physical infrastructure from the top of rack switch


At the last OpenStack Design Summit in Austin, TX we showed you a preview of deploying your physical server and network infrastructure from the top-of-rack switch, which included OpenStack with your choice of SDN solution.

This was made possible by disaggregating the network stack functionality (the “N” in Network Operating System) to run on general purpose, devices-centric, operating systems. In the world of the Open Compute Project and whitebox switches, a switch can be more than just a switch. Switches are no longer closed systems where you can only see the command line of the network operating system. Whitebox switches are produced by marrying common server components with high powered switching ASICs, loading a Linux OS, and running a network operating system (NOS) functionality as an application.


The user has the ability to not only choose hardware from multiple providers, they can chose the Linux distribution, and the NOS that best matches their environment. Commands can be issued from the Linux prompt or the NOS prompt and most importantly, other applications can be securely installed alongside the NOS. This new switch design opens up the ability to architect secure distributed data center networks with higher scale and more efficient utilization of existing resources in each rack.


Since the last ODS we have witnessed a continued trend for whitebox switches to provide more server like and general purpose functionality from increases in CPU, memory, storage, internal bandwidth between the CPU and ASIC, to power-management (BMC), and secure boot options (UEFI+PXE). This month Mellanox announced the availability of their standard Linux kernel driver included in Ubuntu Core 16 (and classic Ubuntu) for their Open Ethernet Spectrum switch platforms. More recently Facebook announced the acceptance of the Wedge 100 into OCP that includes Facebook’s OpenBMC and their continued effort to disaggregate the stack.
“We are excited to work with Facebook on next generation switch hardware, adding Facebook’s Wedge OpenBMC power driver to our physical cloud (‘Metal-As-A-Service’) MAAS 2.1, and packaging the Facebook Open Switch System (FBOSS) as a snap.” said David Duffey, Director of Technical Partnerships, Canonical. “Facebook with OCP is leading the way to modern, secure, and flexible datacenter design and management. Canonical’s MAAS and snaps give the datacenter operator free choice of network bootloader, operating system, and network stack.”

At this OpenStack Design Summit we are also going to show you the latest integration with MAAS, how you can use snaps as a universal way to install across Linux distributions (including non-Ubuntu non-Debian based distributions), and deploying WiFi-based solutions, like OpenWrt, as a snap.

Please stop by our booth and let us help you plan your transition to a fully automated, secure modern datacenter.

Solus 1.2.1 Linux Distro Released, Arrives With MATE Edition For The First Time

Solus 1.2.1 is the last fixed point released offered by the Solus Project. Other than the default Budgie Desktop, the Linux distro also comes with MATE 1.16 desktop. In the MATE edition, improvements have been made to the Software Center which allows installation via a third party repository. The Linux kernel has been updated to 4.8.2.
The Solus Project has announced a point release of its Linux distribution in the name of Solus 1.2.1 Shannon. The new release is very important to Solus Project as it is the last Solus version to be delivered as a fixed point release. After Solus 1.2.1, the Solus Project is adopting the rolling release model for its Linux Distro.
Solus has its default graphical desktop called Budgie. But with the Solus 1.2.1, the Linux distro also comes in a MATE flavor other than the regular one. Solus Project considered MATE (v1.16.0) to be a good choice as it has a soft corner for the hardware-deprived machines.

Source: https://fossbytes.com/solus-1-2-1-mate-edition-released-features-download/
Submitted by: Arnfried Walbrecht

Live kernel patching from Canonical now available for Ubuntu 16.04 LTS


We are delighted to announce the availability of a new service for Ubuntu which any user can enable on their current installations – the Canonical Livepatch Service.

This new live kernel patching service can be used on any Ubuntu 16.04 LTS system (using the generic Linux 4.4 kernel) to minimise unplanned downtime and maintain the highest levels of security.

First a bit of background…

Since the release of the Linux 4.0 kernel about 18 months ago, users have been able to patch and update their kernel packages without rebooting. However, until now, no other Linux distribution has offered this feature for free to their users. That changes today with the release of the Canonical Livepatch Service:

  • The Canonical Livepatch Service is available for free to all users up to 3 machines.
  • If you want to enable the Canonical Livepatch Service on more than three machines, please purchase an Ubuntu Advantage support package from buy.ubuntu.com or get in touch.

Beyond securing your desktop, server, IoT device or virtual guest, the Canonical Livepatch Service is particularly useful in container environments since every container will share the same kernel.

“Kernel live patching enables runtime correction of critical security issues in your kernel without rebooting. It’s the best way to ensure that machines are safe at the kernel level, while guaranteeing uptime, especially for container hosts where a single machine may be running thousands of different workloads,” says Dustin Kirkland, Ubuntu Product and Strategy for Canonical.

Here’s how to enable the Canonical Livepatch Service today

First, go to the Canonical Livepatch Service portal and retrieve your livepatch token.

Next, install the livepatch ‘Snap’ using the first command below, and then enable your account using the token obtained in the second command below:

sudo snap install canonical-livepatch sudo canonical-livepatch enable [Token]

That’s it! You’ve just enabled kernel live patching for your Ubuntu system, and you can do that, for free, on two more installations! However, if you want to enable the Canonical Livepatch Service on more than three systems you’ll need to purchase an Ubuntu Advantage support package from as little as $12 per month.

Need a bit more help?

Here’s a quick video to guide you through the steps in less than a minute:

For further details on the Canonical Livepatch Service please read Dustin Kirkland’s useful list of FAQs.

DataArt to deploy Juju for “Big Software” collaboration


DataArt to deploy Juju for “Big Software” collaboration and faster project delivery

  • Signed Charm Author partnership and SI extends partnership
  • Juju Charm Ecosystem will be used in DataArt NFV Telco and Enterprise deployments to speed up project delivery
  • DataArt will provide expertise and contribute to the development of Juju Charms

NEW YORK and LONDON, U.K. Oct 19th, Canonical and DataArt announced today that DataArt will use Juju for the model and management of “Big Software” implementations such as Network Function Virtualization (NFV) solutions for Telcos and Enterprise.

DataArt, a global network of independent technology consulting and software services firms, also becomes a Charm Author Partner and Systems Integrator. By providing charms to the Juju Charm ecosystem and creating a new NFV Telco bundle DataArt empowers clients deploying the new charms to scale telco infrastructure both horizontally and vertically, a true service on demand to its customers.

“Juju is one of the most extensible ways to deploy cloud applications efficiently and seamlessly”, said Michael Lazar, Vice President of Telecom at DataArt. “Working with Canonical over the past few years, designing NFV solutions and developing charms within the ecosystem proves the model is effective in allowing telecoms and enterprises to deliver new services quicker and with less friction.”

Customer demand has forced Telecoms to fundamentally change their business models, becoming more like “over the top” and cloud service providers than traditional telecom operators. NFV has become the go-to solution to address these new realities and DataArt’s services will enable telcos to rapidly shift legacy platforms and infrastructure and deploy revenue generating services at scale.

“Cloud, software as a service, open source, big data, scale-out, containers, and microservices, while these terms and technologies represent a new world of opportunity, they also bring complexity that most IT departments are ill-equipped to pursue,” said Stefan Johansson, Director of Global Software Alliances, Canonical. “IT departments need to model and automate infrastructure and software operations – that is what Juju was created to do.”

Juju Charms have become an established ecosystem of best-in-class applications which use shared, open source operations code for common components, so CIOs can focus precious resources on creating software that is unique to their business. Whether companies want to spin up an OpenStack cloud or manage a big data cluster, or if they are interested in container orchestration or machine learning, the Juju charm store includes open source and enterprise software solutions that dramatically simplify operations for those classes of big software.

If you are attending OpenStack Barcelona next week, Canonical and DataArt will be demoing solutions at booth B24. Please stop by to learn more.

About DataArt

DataArt is a global network of independent technology consulting and software services firms that create end-to-end solutions, from concept and strategy, to design, implementation and support. We help global clients in the finance, healthcare & life sciences, travel & hospitality, media, telecom, and IoT sectors achieve important business outcomes. Rooted in deep domain knowledge and technology expertise, DataArt designs new products, modernizes enterprise systems and provides managed services delivered by outstanding development teams in the U.S., UK, Central and Eastern Europe, and Latin America. As a recognized leader in business and technology services, DataArt has earned the trust of some of the world’s leading brands and most discerning clients, including Nasdaq, S&P, Coller Capital, BankingUp, Ocado, artnet, Betfair, Skyscanner, Collette Vacations, Booker and Charles River Laboratories.

Linux-run IoT devices under attack by NyaDrop

Internet of Things (IoT) devices running on the open-source Linux OS are under attack from NyaDrop.
The attack loads malware on IoT devices lacking appropriate security after brute forcing default login credentials, according to a report by David Bisson for Graham Cluley Security News. The code achieves this by parsing its list of archived usernames and passwords. Once authenticated, NyaDrop is installed. The lightweight binary then loads other malware onto the infected device.
Most susceptible are DVRs, CCTV cameras and similar IoT devices whose MIPS systems use a 32-bit CPU architecture. Complicating matters for security professionals, NyaDrop deletes itself each time it logs into an MIPS system and then loads updates to evade detection. Bisson pointed out that anti-virus tools have been ineffective in stopping the malware.
Users of IoT devices should change their default login credentials and set up strong usernames and passwords to prevent this attack as well as expected future threats, Bisson advised.

Source: http://www.scmagazine.com/linux-run-iot-devices-under-attack-by-nyadrop/article/561801/
Submitted by: Arnfried Walbrecht

Ubuntu 17.04 to Be Dubbed “Zesty Zapus,” Will Launch on April 2017

Canonical and Ubuntu founder Mark Shuttleworth announced the codename of the next major release of the popular Ubuntu Linux operating system.
Ubuntu 17.04 codename will be “Zesty Zapus.” pus) is scheduled for release in April 2017
According to Wikipedia, it’s a genus of North American jumping mice. This means that Ubuntu 17.04 (Zesty Zapus) should be a fast and agile GNU/Linux distribution, shipping with recent and modern technologies, as well as free software projects. Also, according to Mark Shuttleworth, it looks like Ubuntu is moving even faster to the center of the cloud and edge operations.
An official and final release schedule for the Ubuntu 17.04 operating system is yet to be unveiled, but it will launch sometime in April 2017. As usual, the development cycle will consist of two Alpha and Beta releases.

Source: http://news.softpedia.com/news/ubuntu-17-04-to-be-dubbed-zesty-zapus-will-launch-on-april-2017-509371.shtml
Submitted by: Arnfried Walbrecht

Canonical and ARM collaborate on OpenStack


Canonical and ARM collaborate to offer commercial availability of Ubuntu OpenStack and Ceph for 64-bit ARM-based servers

  • Availability of Ubuntu OpenStack and Ceph support included with Canonical’s Ubuntu Advantage enterprise-grade offering
  • Partnership extends Canonical’s support for ARM server which dates back to Ubuntu 12.04 LTS

CAMBRIDGE and LONDON, U.K. Oct 17, Canonical, the company behind Ubuntu, the leading platform and operating system for container, cloud and scale-out computing, and ARM, the industry’s leading semiconductor IP company, announced today that Ubuntu OpenStack and Ceph are now commercially available and  supported on processors and servers based on 64-bit ARM® v8-A architecture.

Corporations deploying OpenStack and Ceph are actively searching for more choice and innovation in the data center. This expanded partnership will make Ubuntu OpenStack and Ceph Storage solutions, including Ubuntu Advantage support, available to address growing demand in enterprise and telco markets for ARMv8-A based enterprise solutions.

The focus will be on direct customer use cases, driving scale out computing solutions in the server and cloud ecosystem. ARM and Canonical will actively work with Ubuntu certified System on Chip (SoC) partners, original design manufacturers (ODMs) and original equipment manufacturers (OEMs) to ensure production grade server systems, storage platforms, and networking solutions are available in the market with Ubuntu Advantage support.

“With the growth in scale-out computing and storage, we wanted to ensure we had the best OpenStack and Ceph storage solutions and enterprise grade support available,” said Lakshmi Mandyam, senior marketing director of server programs, ARM. “The commercial availability of Ubuntu OpenStack and Ceph is another milestone that demonstrates open source software on ARM is ready for deployment now. The ARM and Canonical ecosystems can now simply write once and deploy anywhere on ARM-based servers.”

The ARM ecosystem has invested heavily in maturing the 64-bit ARMv-8-A architecture, and server-grade chips are now available from multiple sources. Canonical has built a solid ecosystem program which ensures that enterprises can confidently deploy ARM-based systems from a variety of vendors all covered by Canonical’s professional services and support.

“We have seen our Telecom and Enterprise customers start to radically depart from traditional server design to innovative platform architectures for scale-out compute and storage. In partnering with ARM we bring more innovation and platform choice to the marketplace,”, said Mark Baker, Product Manager, OpenStack, Canonical. “The next generation of scale-out applications are causing our customers to completely revisit compute and storage architectures with a focus on scale and automation.  The ARM and Canonical ecosystems offer more choice in data center solutions with a range of products that can be optimized to run standard server software and the next generation of applications.”

Independent analysis in June by the OpenStack user survey again showed that more than 55 percent of the world’s largest production OpenStack deployments run Ubuntu OpenStack, more than all other vendor solutions combined. From AWS to OpenStack, Ubuntu has become the most popular operating system for the cloud with over two million Ubuntu Linux instances launched in the cloud in 2015.

Ubuntu OpenStack underpins some of the most exciting cloud projects happening today in areas such as telco (NFV), Retail, Finance, Media with large cloud customers such as Deutsche Telekom, Tele2, Sky, AT&T, Cisco, Bloomberg and Time Warner Cable choosing Ubuntu.

If you are attending OpenStack Barcelona later this month, please stop by the ARM booth (B29) or the Canonical booth (B24) to learn more and see a demo. Please do stop by to see it in action.

Supporting quotes

Applied Micro

“As part of our long standing relationship, AppliedMicro has worked jointly with Canonical and ARM to implement and productize OpenStack on our X-Gene family of 64-bit ARMv8-A SoCs,” said Kumar Sankaran, associate vice president, software and platform engineering at AppliedMicro. “OpenStack and CEPH provide the right framework for rapid deployment and customization of work-loads in a variety of applications. The availability of a commercially supported OpenStack solution with Ubuntu goes a long way in providing a production and stable solution to end users and we are excited to be a part of this key development.”


“Today’s announcement is a continuation of the collaboration between Canonical and Cavium on bringing innovative technology and solutions to the ARMv8-A server market in key areas such as dual socket cache coherency, application optimized accelerator support and fully integrated I/O,” said Larry Wikelius, Vice President Software Ecosystem and Solutions Group at Cavium.  “With Cavium’s ThunderX® leading the way as the only ARMv8-A certified SoC for Ubuntu 16.04 LTS Canonical is aggressively enabling our customers and partners to deploy production systems at scale with the assurance of the Ubuntu Advantage support model.”


“ARM, Canonical and Qualcomm have been collaborating closely in upstream enablement of various open source projects for ARM servers,” said Ram Peddibhotla, senior director, product management, Qualcomm Datacenter Technologies.  “OpenStack and Ceph are critical ingredients in enterprise cloud deployments and commercial availability and support from Canonical underscore the continued momentum of enterprise-class, ARM-based solutions for the cloud.”

Penguin Computing

“Penguin’s Valkre family of systems, built on the latest ARMv8-A based silicon in conventional and Open Compute Project (OCP) form factors, is now available with Canonical’s Ubuntu and OpenStack software, delivered and supported worldwide by Penguin and Canonical,” said Jussi Kukkonen, Vice President of Advanced Solutions at Penguin. “ARM is our valued partner as we pursue our mission of enabling and delivering the efficient, virtualized, ‘Software Defined’ data center of the future.”

About ARM

ARM technology is at the heart of a computing and connectivity revolution that is transforming the way people live and businesses operate. From the unmissable to the invisible; our advanced, energy-efficient processor designs are enabling the intelligence in 86 billion silicon chips and securely powering products from the sensor to the smartphone to the supercomputer. With more than 1,000 technology partners including the world’s most famous business and consumer brands, we are driving ARM innovation into all areas compute is happening inside the chip, the network and the cloud.

All information is provided “as is” and without warranty or representation. This document may be shared freely, attributed and unmodified. ARM is a registered trademark or registered trademarks of ARM Limited (or its subsidiaries). All other brands or product names are the property of their respective holders. © 1995-2016 ARM Group.