GalliumOS 3.0 to be Released

 GalliumOS is a Linux distribution for devices shipped with ChromeOS
02 July 2019   248

Presented the release of the distribution GalliumOS 3.0, designed to be installed on Chromebooks and Chromebox devices full-fledged Linux-environment instead of the standard operating system ChromeOS. The distribution is based on the Xubuntu 18.04 package base and supports installation on most of the devices originally shipped with ChromeOS. Installation distributives are separately prepared for devices based on Intel Haswell, Broadwell, Bay Trail, Braswell Sandy / Ivy Bridge and Sky / Apollo / Kaby Lake chips, and are specially optimized for them. The size of the installation image of 1.2 GB, for installation requires 3 GB of free space on the drive.

It supports booting from an SD card and Flash, as well as organizing of a dual boot, in which GalliumOS coexists with ChromeOS. The battery life when using GalliumOS is comparable to ChromeOS, but on some laptops it can differ by 10-15% in one direction or another. Of the changes regarding Xubuntu, performance optimization has been noted to improve the responsiveness of the interface: the kernel includes the BFS and BFQ schedulers, Zram is used, the extra kernel subsystems are disabled, the Compton composite manager is used for rendering. To extend battery life, the pstate driver and the pooling mode in drm are disabled, the GPU frequency is lowered. To reduce load time, many optional system services are disabled.

The distribution also provides improved support for touchpads with settings that are close to the behavior of ChromeOS. The composition includes various fixes to fix problems with ChromeOS devices that are not part of the usual Linux distributions. For example, issues with power management, HDMI and multimedia buttons have been fixed, patches have been added to improve support for the hardware components of the Chromebook and Chromebox.

Get more info at official Wiki.

Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   872

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.