[$] Fedora and fallback DNS servers
One of the under-the-hood changes in the Fedora 33 release
was a switch to systemd-resolved for the handling of DNS queries. This change
should be invisible to most users unless they start using one of the new
features provided by systemd-resolved. Recently, though, the Fedora project
changed its default configuration for that service to eliminate fallback DNS
servers — a change which is indeed visible to some users who have found
themselves without domain-name resolution as a result.
Security updates for Thursday
Security updates have been issued by Arch Linux (ansible-
base, keycloak, mumble, and postgresql), Debian (firefox-esr and nodejs), Fedora
(dotnet3.1, dotnet5.0, keylime, php-horde-Horde-Text-Filter, radare2, scap-
security-guide, and wireshark), openSUSE (postgresql, postgresql13 and python-
djangorestframework), Red Hat (Ansible, firefox, and thunderbird), Scientific
Linux (firefox and thunderbird), SUSE (php7, postgresql-jdbc, python-
cryptography, rpmlint, and webkit2gtk3), and Ubuntu (dnsmasq, linux, linux-aws,
linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-
gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle,
linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe,
linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-
gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon,
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-
oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-
raspi2, linux-snapdragon, linux-oem-5.10, linux-oem-5.6, screen, and
xterm).
[$] LWN.net Weekly Edition for February 25, 2021
The LWN.net Weekly Edition for February 25, 2021 is
available.
[$] A pair of Python vulnerabilities
Two separate vulnerabilities led to the fast-tracked
release of Python 3.9.2 and 3.8.8 on February 19, though source-
only releases of 3.7.10 and 3.6.13 came a few days earlier. The
vulnerabilities may be problematic for some Python users and workloads; one
could potentially lead to remote code execution. The other is, arguably, not
exactly a flaw in the Python standard library—it simply also follows an older
standard—but it can lead to web cache poisoning attacks.
A new Debian debuginfod service
Sergio Durigan Junior has announced the availability of a
debuginfod server for Debian systems. "In a nutshell, by using a debuginfod
service you will not need to install debuginfo (a.k.a. dbgsym) files anymore;
the symbols will be served to GDB (or any other debuginfo consumer that supports
debuginfod) over the network. Ultimately, this makes the debugging experience
much smoother (I myself never remember the full URL of our debuginfo repository
when I need it)."