News briefs for February 5, 2019.
Google yesterday released its February 2019 security bulletin for Android[1]. Source code patches should be released to the Android Open Source Project (AOSP) repository soon. The most severe vulnerability is in Framework "that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process."
Evidently the patches released for Ubuntu 18.04 last week caused other inadvertent problems, and Canonical has released a new patch to fix those issues. ZDNet quotes the Ubuntu security team:[2] "Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the meta_bg option enabled." This bug also could effect Kubuntu, Xubuntu, Lubuntu, Linux Mint 19 and Linux Mint 19.1. The new patch replaces linux-image 4.15.0-44.47 with the fixed linux-image 4.15.0-45.48 kernel.
The EU orders a recall of ENOX Safe-KID-One smartwatches due to significant security flaws that allow third parties to track and call the watches, ZDNet reports.[3] From the Rapid Alert System for Non-Food Products (RAPEX) alert[4]: "The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed." In addition, "a malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS."
To celebrate its seventh birthday next month, the Raspberry Pi Foundation is coordinating several "Jams" all over the world[5]: "Whether you're a Raspberry Pi user, club volunteer, avid forum question answerer, regular blog commenter, or brand-new community member, we want you to feel welcome! Look at the map, find a Jam near you, and meet the real-world