Tor Browser 9.0.7 to be Released

New version of browser, focused on security, has a lot of improvements, e.g., vulnerabilities at components Tor and NoScript are fixed
24 March 2020   193

A new version of Tor Browser 9.0.7 is available, aimed at ensuring anonymity, security and privacy. The browser is focused on ensuring anonymity, security and privacy, all traffic is redirected only through the Tor network. It is impossible to access directly through the regular network connection of the current system, which does not allow tracking the real IP of the user (in case of a hacked browser, attackers can gain access to the network system parameters, so products such as Whonix should be used to completely block possible leaks). Builds Tor Browser prepared for Linux, Windows, macOS and Android.

The new release updated components Tor 0.4.2.7 and NoScript 11.0.19, in which vulnerabilities were fixed. Tor eliminated the DoS vulnerability, which created too much CPU load when accessing Tor directory servers controlled by cybercriminals. NoScript resolves a problem that allows you to work around the launch of JavaScript code in the "Safest" protection mode by redirecting to the "data:" URI.

In addition, the Tor Browser developers have added additional protection and if the "Safest" mode is turned on, they automatically disable JavaScript at the javascript.enabled setting level in about: config. This change does not allow whitelisting sites in NoScript for selective cancellation of "Safest" (to return to the old behavior, you can manually change the javascript.enabled value). After the Tor developers make sure that no loopholes are accurately covered in NoScript to bypass Safest, additional protection may be removed.

Get more at the official website.

Oracle to Release Unbreakable Kernel R5U3

The update for the kernel, that can be used as alternative for Red Hat Enterprise Linux used in the Oracle Linux is based on the Linux 4.14 
25 March 2020   191

Oracle has released the third functional update for the Unbreakable Enterprise Kernel R5 kernel, positioned for use in the Oracle Linux distribution as an alternative to the regular kernel package from Red Hat Enterprise Linux. The kernel is available for x86_64 and ARM64 architectures (aarch64). Kernel sources, including breakdowns into individual patches, are published in the public Oracle Git repository.

The Unbreakable Enterprise Kernel 5 package is based on the Linux 4.14 kernel (UEK R4 was based on the 4.1 kernel), which is supplemented with new features, optimizations and fixes, as well as tested for compatibility with most applications running in RHEL and specially optimized for working with industrial software and Oracle hardware. Installation and src packages with the UEK R5U1 kernel are prepared for Oracle Linux 7 (there are no obstacles to using this kernel in similar versions of RHEL, CentOS and Scientific Linux).

Key improvements:

  • Improved support for 64-bit systems based on the ARM architecture. Updated drivers for ARM.
  • InfiniBand includes on-demand paging support, which allows you to reflect memory through a processor for accessing unallocated pages of memory (page faults), i.e. consume memory when it is actually being used.
  • In XFS, a deadlock was eliminated, which caused the locks to freeze and not free.
  • CIFS resolved an issue that could lead to POSIX lock leaks and crashes.
  • Bug fixes resolving issues with incompatibility of certain equipment with QEMU / KVM.
  • Device drivers are synchronized with the Linux kernel 4.14.35. The driver for Broadcom Emulex LightPulse Fiber Channel SCSI has been updated to version 12.2.0.13.

Get more at the official blog