Solus 4 & Budgie 10.5 to be Released

Solus is an independent Linux distribution that uses Budgie as the desktop environment and eopkg for managing packages
18 March 2019   491

Solus 4 Linux distribution, which is not based on packages of other distributions and developing its own desktop Budgie, installer, package manager and configurator, is now available. The code of the project’s developments is distributed under the GPLv2 license, the C and Vala languages ​​are used for development. Additionally, assemblies with GNOME, KDE Plasma and MATE desktops are provided. The size of an iso-image is 1.4 GB (x86_64).

To manage the packages, the eopkg package manager (fork PiSi from Pardus Linux) is used, which provides the usual tools for installing / removing packages, searching the repositories and managing the repositories. Packages can be allocated to thematic components, which in turn form categories and subcategories. For example, Firefox is assigned to the network.web.browser component, categorized as network applications and subcategories of applications for the Web. More than 2000 packages are offered for installation from the repository.

Budgie’s desktop is based on GNOME technologies, but uses the GNOME Shell developments, panel, applet, and notification system implementations. Budgie uses the Budgie Window Manager (BWM), which is an extended modification of the base Mutter plugin. The basis of Budgie is a panel that is close in terms of organization of work to classic desktop panels. All elements of the panel are applets, which allows you to flexibly customize the composition, change the placement and replace the implementation of the main elements of the panel to your taste. Available applets include the classic application menu, a task switching system, an area with a list of open windows, viewing virtual desktops, a power management indicator, a volume control applet, a system status indicator, and a clock.

Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   1017

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.