NetworkManager 1.18 to be Available

Also, plug-ins with support of VPN, OpenConnect, PPTP, OpenVPN and OpenSWAN are developed in their own development cycles
22 April 2019   441

NetworkManager 1.18, an interface to simplify network configuration, is out. Plug-ins with support for VPN, OpenConnect, PPTP, OpenVPN and OpenSWAN are developed as part of own development cycles.

Main innovations of NetworkManager 1.18:

  • Added support for routing rules at the source address (policy routing), the need for which has matured after adding support for VPN WireGuard in the past release (needed to simplify the configuration of separate forward traffic forwarding to the VPN connection point address);
  • Added the ability to filter VLANs in network bridges;
  • Added support for TLV-structures LLDP (Link Layer Discovery Protocol) defined in the IEEE 802.1 and IEEE 802.3 standards for the exchange of information about the parameters of equipment in the local network;
  • The infiniband / IPoIB profiles provide the possibility of using large MTU values;
  • In the nmcli utility, the processing of lists of options with connection parameters has been improved.

Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   954

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.