The kernel vulnerability could be used by a local attacker to run programs as an administrator, and it looks like it also affects all supported Ubuntu releases, including Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin), as well as all of their official or unofficial derivatives running the same kernel builds.
Russian antivirus vendor Dr.Web discovered this new trojan in October. The company’s malware analysts say the trojan is spread in the form of an archived PDF, Microsoft Office, or OpenOffice file.
Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW’. This follows a warning from open source software vendor Red Hat that the flaw is being exploited in the wild. Phil Oester, the Linux security researcher who uncovered the flaw, explained to V3 that the exploit is easy to execute and will almost certainly become more widely used. “The exploit in the wild is trivial to execute, never fails and has probably been around for years – the version I obtained was compiled with gcc 4.8,” he said. “As Linus [Torvalds] notes in his commit, this is an ancient bug and impacts kernels going back many years. All Linux users need to take this bug very seriously, and patch their systems ASAP.” Oester said that he uncovered the exploit for the bug, which has been around since 2007, while examining a server that appeared to have been attacked.
At the last OpenStack Design Summit in Austin, TX we showed you a preview of deploying your physical server and network infrastructure from the top-of-rack switch, which included OpenStack with your choice of SDN solution.
This was made possible by disaggregating the network stack functionality (the “N” in Network Operating System) to run on general purpose, devices-centric, operating systems. In the world of the Open Compute Project and whitebox switches, a switch can be more than just a switch. Switches are no longer closed systems where you can only see the command line of the network operating system. Whitebox switches are produced by marrying common server components with high powered switching ASICs, loading a Linux OS, and running a network operating system (NOS) functionality as an application.
The user has the ability to not only choose hardware from multiple providers, they can chose the Linux distribution, and the NOS that best matches their environment. Commands can be issued from the Linux prompt or the NOS prompt and most importantly, other applications can be securely installed alongside the NOS. This new switch design opens up the ability to architect secure distributed data center networks with higher scale and more efficient utilization of existing resources in each rack.
Since the last ODS we have witnessed a continued trend for whitebox switches to provide more server like and general purpose functionality from increases in CPU, memory, storage, internal bandwidth between the CPU and ASIC, to power-management (BMC), and secure boot options (UEFI+PXE). This month Mellanox announced the availability of their standard Linux kernel driver included in Ubuntu Core 16 (and classic Ubuntu) for their Open Ethernet Spectrum switch platforms. More recently Facebook announced the acceptance of the Wedge 100 into OCP that includes Facebook’s OpenBMC and their continued effort to disaggregate the stack.
At this OpenStack Design Summit we are also going to show you the latest integration with MAAS, how you can use snaps as a universal way to install across Linux distributions (including non-Ubuntu non-Debian based distributions), and deploying WiFi-based solutions, like OpenWrt, as a snap.
Solus 1.2.1 is the last fixed point released offered by the Solus Project. Other than the default Budgie Desktop, the Linux distro also comes with MATE 1.16 desktop. In the MATE edition, improvements have been made to the Software Center which allows installation via a third party repository. The Linux kernel has been updated to 4.8.2.
We are delighted to announce the availability of a new service for Ubuntu which any user can enable on their current installations – the Canonical Livepatch Service.
This new live kernel patching service can be used on any Ubuntu 16.04 LTS system (using the generic Linux 4.4 kernel) to minimise unplanned downtime and maintain the highest levels of security.
First a bit of background…
Since the release of the Linux 4.0 kernel about 18 months ago, users have been able to patch and update their kernel packages without rebooting. However, until now, no other Linux distribution has offered this feature for free to their users. That changes today with the release of the Canonical Livepatch Service:
Beyond securing your desktop, server, IoT device or virtual guest, the Canonical Livepatch Service is particularly useful in container environments since every container will share the same kernel.
“Kernel live patching enables runtime correction of critical security issues in your kernel without rebooting. It’s the best way to ensure that machines are safe at the kernel level, while guaranteeing uptime, especially for container hosts where a single machine may be running thousands of different workloads,” says Dustin Kirkland, Ubuntu Product and Strategy for Canonical.
Here’s how to enable the Canonical Livepatch Service today
First, go to the Canonical Livepatch Service portal and retrieve your livepatch token.
Next, install the livepatch ‘Snap’ using the first command below, and then enable your account using the token obtained in the second command below:
That’s it! You’ve just enabled kernel live patching for your Ubuntu system, and you can do that, for free, on two more installations! However, if you want to enable the Canonical Livepatch Service on more than three systems you’ll need to purchase an Ubuntu Advantage support package from as little as $12 per month.
Need a bit more help?
Here’s a quick video to guide you through the steps in less than a minute:
For further details on the Canonical Livepatch Service please read Dustin Kirkland’s useful list of FAQs.
DataArt to deploy Juju for “Big Software” collaboration and faster project delivery
NEW YORK and LONDON, U.K. Oct 19th, Canonical and DataArt announced today that DataArt will use Juju for the model and management of “Big Software” implementations such as Network Function Virtualization (NFV) solutions for Telcos and Enterprise.
DataArt, a global network of independent technology consulting and software services firms, also becomes a Charm Author Partner and Systems Integrator. By providing charms to the Juju Charm ecosystem and creating a new NFV Telco bundle DataArt empowers clients deploying the new charms to scale telco infrastructure both horizontally and vertically, a true service on demand to its customers.
“Juju is one of the most extensible ways to deploy cloud applications efficiently and seamlessly”, said Michael Lazar, Vice President of Telecom at DataArt. “Working with Canonical over the past few years, designing NFV solutions and developing charms within the ecosystem proves the model is effective in allowing telecoms and enterprises to deliver new services quicker and with less friction.”
Customer demand has forced Telecoms to fundamentally change their business models, becoming more like “over the top” and cloud service providers than traditional telecom operators. NFV has become the go-to solution to address these new realities and DataArt’s services will enable telcos to rapidly shift legacy platforms and infrastructure and deploy revenue generating services at scale.
“Cloud, software as a service, open source, big data, scale-out, containers, and microservices, while these terms and technologies represent a new world of opportunity, they also bring complexity that most IT departments are ill-equipped to pursue,” said Stefan Johansson, Director of Global Software Alliances, Canonical. “IT departments need to model and automate infrastructure and software operations – that is what Juju was created to do.”
Juju Charms have become an established ecosystem of best-in-class applications which use shared, open source operations code for common components, so CIOs can focus precious resources on creating software that is unique to their business. Whether companies want to spin up an OpenStack cloud or manage a big data cluster, or if they are interested in container orchestration or machine learning, the Juju charm store includes open source and enterprise software solutions that dramatically simplify operations for those classes of big software.
If you are attending OpenStack Barcelona next week, Canonical and DataArt will be demoing solutions at booth B24. Please stop by to learn more.
DataArt is a global network of independent technology consulting and software services firms that create end-to-end solutions, from concept and strategy, to design, implementation and support. We help global clients in the finance, healthcare & life sciences, travel & hospitality, media, telecom, and IoT sectors achieve important business outcomes. Rooted in deep domain knowledge and technology expertise, DataArt designs new products, modernizes enterprise systems and provides managed services delivered by outstanding development teams in the U.S., UK, Central and Eastern Europe, and Latin America. As a recognized leader in business and technology services, DataArt has earned the trust of some of the world’s leading brands and most discerning clients, including Nasdaq, S&P, Coller Capital, BankingUp, Ocado, artnet, Betfair, Skyscanner, Collette Vacations, Booker and Charles River Laboratories.
Internet of Things (IoT) devices running on the open-source Linux OS are under attack from NyaDrop.
Canonical and Ubuntu founder Mark Shuttleworth announced the codename of the next major release of the popular Ubuntu Linux operating system.
Canonical and ARM collaborate to offer commercial availability of Ubuntu OpenStack and Ceph for 64-bit ARM-based servers
CAMBRIDGE and LONDON, U.K. Oct 17, Canonical, the company behind Ubuntu, the leading platform and operating system for container, cloud and scale-out computing, and ARM, the industry’s leading semiconductor IP company, announced today that Ubuntu OpenStack and Ceph are now commercially available and supported on processors and servers based on 64-bit ARM® v8-A architecture.
Corporations deploying OpenStack and Ceph are actively searching for more choice and innovation in the data center. This expanded partnership will make Ubuntu OpenStack and Ceph Storage solutions, including Ubuntu Advantage support, available to address growing demand in enterprise and telco markets for ARMv8-A based enterprise solutions.
The focus will be on direct customer use cases, driving scale out computing solutions in the server and cloud ecosystem. ARM and Canonical will actively work with Ubuntu certified System on Chip (SoC) partners, original design manufacturers (ODMs) and original equipment manufacturers (OEMs) to ensure production grade server systems, storage platforms, and networking solutions are available in the market with Ubuntu Advantage support.
“With the growth in scale-out computing and storage, we wanted to ensure we had the best OpenStack and Ceph storage solutions and enterprise grade support available,” said Lakshmi Mandyam, senior marketing director of server programs, ARM. “The commercial availability of Ubuntu OpenStack and Ceph is another milestone that demonstrates open source software on ARM is ready for deployment now. The ARM and Canonical ecosystems can now simply write once and deploy anywhere on ARM-based servers.”
The ARM ecosystem has invested heavily in maturing the 64-bit ARMv-8-A architecture, and server-grade chips are now available from multiple sources. Canonical has built a solid ecosystem program which ensures that enterprises can confidently deploy ARM-based systems from a variety of vendors all covered by Canonical’s professional services and support.
“We have seen our Telecom and Enterprise customers start to radically depart from traditional server design to innovative platform architectures for scale-out compute and storage. In partnering with ARM we bring more innovation and platform choice to the marketplace,”, said Mark Baker, Product Manager, OpenStack, Canonical. “The next generation of scale-out applications are causing our customers to completely revisit compute and storage architectures with a focus on scale and automation. The ARM and Canonical ecosystems offer more choice in data center solutions with a range of products that can be optimized to run standard server software and the next generation of applications.”
Independent analysis in June by the OpenStack user survey again showed that more than 55 percent of the world’s largest production OpenStack deployments run Ubuntu OpenStack, more than all other vendor solutions combined. From AWS to OpenStack, Ubuntu has become the most popular operating system for the cloud with over two million Ubuntu Linux instances launched in the cloud in 2015.
Ubuntu OpenStack underpins some of the most exciting cloud projects happening today in areas such as telco (NFV), Retail, Finance, Media with large cloud customers such as Deutsche Telekom, Tele2, Sky, AT&T, Cisco, Bloomberg and Time Warner Cable choosing Ubuntu.
If you are attending OpenStack Barcelona later this month, please stop by the ARM booth (B29) or the Canonical booth (B24) to learn more and see a demo. Please do stop by to see it in action.
“As part of our long standing relationship, AppliedMicro has worked jointly with Canonical and ARM to implement and productize OpenStack on our X-Gene family of 64-bit ARMv8-A SoCs,” said Kumar Sankaran, associate vice president, software and platform engineering at AppliedMicro. “OpenStack and CEPH provide the right framework for rapid deployment and customization of work-loads in a variety of applications. The availability of a commercially supported OpenStack solution with Ubuntu goes a long way in providing a production and stable solution to end users and we are excited to be a part of this key development.”
“Today’s announcement is a continuation of the collaboration between Canonical and Cavium on bringing innovative technology and solutions to the ARMv8-A server market in key areas such as dual socket cache coherency, application optimized accelerator support and fully integrated I/O,” said Larry Wikelius, Vice President Software Ecosystem and Solutions Group at Cavium. “With Cavium’s ThunderX® leading the way as the only ARMv8-A certified SoC for Ubuntu 16.04 LTS Canonical is aggressively enabling our customers and partners to deploy production systems at scale with the assurance of the Ubuntu Advantage support model.”
“ARM, Canonical and Qualcomm have been collaborating closely in upstream enablement of various open source projects for ARM servers,” said Ram Peddibhotla, senior director, product management, Qualcomm Datacenter Technologies. “OpenStack and Ceph are critical ingredients in enterprise cloud deployments and commercial availability and support from Canonical underscore the continued momentum of enterprise-class, ARM-based solutions for the cloud.”
“Penguin’s Valkre family of systems, built on the latest ARMv8-A based silicon in conventional and Open Compute Project (OCP) form factors, is now available with Canonical’s Ubuntu and OpenStack software, delivered and supported worldwide by Penguin and Canonical,” said Jussi Kukkonen, Vice President of Advanced Solutions at Penguin. “ARM is our valued partner as we pursue our mission of enabling and delivering the efficient, virtualized, ‘Software Defined’ data center of the future.”
ARM technology is at the heart of a computing and connectivity revolution that is transforming the way people live and businesses operate. From the unmissable to the invisible; our advanced, energy-efficient processor designs are enabling the intelligence in 86 billion silicon chips and securely powering products from the sensor to the smartphone to the supercomputer. With more than 1,000 technology partners including the world’s most famous business and consumer brands, we are driving ARM innovation into all areas compute is happening inside the chip, the network and the cloud.
All information is provided “as is” and without warranty or representation. This document may be shared freely, attributed and unmodified. ARM is a registered trademark or registered trademarks of ARM Limited (or its subsidiaries). All other brands or product names are the property of their respective holders. © 1995-2016 ARM Group.