Thunderbird 60.5.0 Released, System76 Introduces New "Darter Pro" Linux Laptop, Kodi 18.0 "Leia" Now Available, Slax 9.7.0 Is Out and Systemd Vulnerabilities Proof of Concept Published
News briefs for January 30, 2019.
Mozilla Thunderbird 60.5.0 has been released. New features include FileLink provider WeTransfer for uploading large attachments, more search engines (DuckDuck Go and Google offered by default in some locations) and various security fixes. You can download Thunderbird from here.
System76 introduces its new "Darter Pro" Linux laptop, which provides a choice of Ubuntu or Pop!_OS. According to Beta News, the Darter Pro is 15.6", has two USB-A ports, a USB-C/Thunderbolt 3 port and is "expected to last a full work day without needing a charger". The laptop will be available starting February 5th from System76. You can sign up here to be notified when it's available. Pricing info coming soon.
Kodi 18.0 "Leia" is now available for all supported platforms. This is a major release, reflecting nearly 10,000 commits, 9,000 changed files and half a million lines of code added. This new release features support for gaming emulators, ROMs and controls; DRM decryption support; significant improvements to the music library; live TV improvements; and much more. See the changelog for more details, and go here to download.
Slax 9.7.0 was released yesterday. You can download it for free or purchase
a USB drive with Slax pre-installed from slax.org. New to this version: usb-modeswitch
was added, the slax activate
command now copies module to RAM only if
necessary, and now Slax is even smaller—255MB compared to 265MB
previously.
Capsule8 yesterday posted the first of a multipart series detailing new research on exploiting two vulnerabilities in systemd-journald, which were published by Qualys on January 9, 2019. "Specifically, the vulnerabilities were: 1) a user-influenced size passed to alloca(), allowing manipulation of the stack pointer (CVE-2018-16865) and 2) a heap-based memory out-of-bounds read, yielding memory disclosure (CVE-2018-16866)." See the post for details on the two vulnerabilities—CVE-2018-16865 and CVE-2018-16866—that systemd-journald with Address Space Layout Randomization (ASLR) disabled.