Thunderbird 60.5.0 Released, System76 Introduces New "Darter Pro" Linux Laptop, Kodi 18.0 "Leia" Now Available, Slax 9.7.0 Is Out and Systemd Vulnerabilities Proof of Concept Published

News briefs for January 30, 2019.

Mozilla Thunderbird 60.5.0 has been released. New features include FileLink provider WeTransfer for uploading large attachments, more search engines (DuckDuck Go and Google offered by default in some locations) and various security fixes. You can download Thunderbird from here.

System76 introduces its new "Darter Pro" Linux laptop, which provides a choice of Ubuntu or Pop!_OS. According to Beta News, the Darter Pro is 15.6", has two USB-A ports, a USB-C/Thunderbolt 3 port and is "expected to last a full work day without needing a charger". The laptop will be available starting February 5th from System76. You can sign up here to be notified when it's available. Pricing info coming soon.

Kodi 18.0 "Leia" is now available for all supported platforms. This is a major release, reflecting nearly 10,000 commits, 9,000 changed files and half a million lines of code added. This new release features support for gaming emulators, ROMs and controls; DRM decryption support; significant improvements to the music library; live TV improvements; and much more. See the changelog for more details, and go here to download.

Slax 9.7.0 was released yesterday. You can download it for free or purchase a USB drive with Slax pre-installed from slax.org. New to this version: usb-modeswitch was added, the slax activate command now copies module to RAM only if necessary, and now Slax is even smaller—255MB compared to 265MB previously.

Capsule8 yesterday posted the first of a multipart series detailing new research on exploiting two vulnerabilities in systemd-journald, which were published by Qualys on January 9, 2019. "Specifically, the vulnerabilities were: 1) a user-influenced size passed to alloca(), allowing manipulation of the stack pointer (CVE-2018-16865) and 2) a heap-based memory out-of-bounds read, yielding memory disclosure (CVE-2018-16866)." See the post for details on the two vulnerabilities—CVE-2018-16865 and CVE-2018-16866—that systemd-journald with Address Space Layout Randomization (ASLR) disabled.

Jill Franklin is an editorial professional with more than 17 years experience in technical and scientific publishing, both print and digital. As Executive Editor of Linux Journal, she wrangles writers, develops content, manages projects, meets deadlines and makes sentences sparkle. She also was Managing Editor for TUX and Embedded Linux Journal, and the book Linux in the Workplace. Before entering the Linux and open-source realm, she was Managing Editor of several scientific and scholarly journals, including Veterinary Pathology, The Journal of Mammalogy, Toxicologic Pathology and The Journal of Scientific Exploration. In a previous life, she taught English literature and composition, managed a bookstore and tended bar. When she’s not bugging writers about deadlines or editing copy, she throws pots, gardens and reads.

Load Disqus comments