LineageOS Team to Report on Project Updates

Since March, the number of assemblies provided by the project replaced CyanogenMode has increased to 36 devices
03 July 2019   354

The developers of the LineageOS project, which replaced CyanogenMod after abandoning the project of Cyanogen Inc, published a report on the development of the LineageOS 16 branch based on the Android 9 platform. Since March, the number of assemblies provided by the project has increased to 36 devices. Recent changes are noted:

  • AOSP’s Night Display now controls night mode (on recent devices only, such as those with a Snapgragon 820 or more recent)
  • LiveDisplay remains available for all its other features
  • The volume panel can now be expanded to control all the various volume streams
  • The volume panel can now be optionally relocated to the left
  • Expanded quick settings are back
  • Detailed views for the following tiles are available: Wi-Fi, Bluetooth, Mobile Data, Location, Profiles
  • New default wallpaper and a new wallpapers app with many new, and old, wallpapers
  • Other than the usual nature, urban and abstract themed wallpapers, monochromatic and gradients wallpapers are now available
  • Privacy Guard now supports apps in the Work Profile
  • It’s possible to add up to two LockScreen shortcuts again
  • Circle battery is back after being missing since LineageOS 13.0
  • Notification ringtone level can be unlinked from phone calls ringtone level
  • GPS battery saving mode can now be enabled from the Settings
  • Vim has been updated to version 8.1
  • Nano has been updated to version 4.2
  • Fixed issue were using certain private DNS caused devices to crash thanks to backported fix from Q
  • Support for bluetooth SBC DualChannel HD has been added (both 15.1 and 16.0)
  • Performance improvements for Eleven (music player app) (both 15.1 and 16.0)
  • Updated call recording configurations (both 15.1 and 16.0)

Additionally, developers mark the termination of the formation of assemblies LineageOS 15.1 for Google Nexus 4, Asus Zenfone Max Pro M1, Nvidia Shield Tablet, Samsung Galaxy S9, Samsung Galaxy S9 + and ZTE Axon 7.

Get more info at official website.

Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   874

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.