Patch Tuesday coming, NTP DDoS here, Ruby 1.9.3 going – Security Snippets


  • Next Tuesday, Patch Tuesday: A friendly reminder that next Tuesday sees 147 Oracle patches (Java (CVSS 10),VirtualBox (6.8), MySQL(10)), 5 Microsoft Bulletins and Adobe Reader and Acrobat priority 1 fixes all rolling out on the same day. The 2014 patch season is open for business.

  • NTP DDoS Mitigation: It seems DNS reflection attacks (getting DNS servers to send unsolicited data at an IP address) are out and the new reflection is NTP reflection. This abuses the Network Time Protocol’s monlist command which sends a list of the last 600 machines an NTP server has talked to to a particular address. Prod enough NTP servers sends that list to a victim and you have your DDoS attack. Cloudflare’s blog has a post on how to mitigate these attacks – It’s worth checking out as over Christmas it seems some big game sites got slapped with the NTP reflection hammer.

  • Ruby 1.9.3 gets a dead date: Pencil February 23 2015 in as the date Ruby 1.9.3 shufffles off its mortal coil. More imminently, February 23 2014 is when Ruby 1.9.3 goes into security fix only mode so get your Ruby 2.x migration plans in order now.

Mint 16, Oracle 6.5, CentOS 6.5, Tiny Core 5.1 – Linux Snippets – Update


  • Linux Mint 16 Refreshes: Linux Mint 16 has landed in both Cinnamon and MATE flavours. Codenamed “Petra”, Mint 16’s lead Cinnamon variant comes with the new Cinnamon 2.0 (now with sound effects, improved user management and edge tiling, edge snapping and other enhancements), enhanced login screen, USB stick formatter, refined software manager and more, all built upon an Ubuntu 13.10 foundation. The MATE variant has all the non-Cinnamon related improvements, whilst sticking with the GNOME 2 desktop fork.

  • Oracle Linux 6.5: Red Hat released RHEL 6.5 a week ago and Oracle made the announcement of Oracle Linux 6.5, its Linux-based-on-RHEL offering, on Novemember 27 though it took a little longer for DVD ISOs to become available for download.

  • CentOS 6.5: CentOS, the community based RHEL clone, also has been building CentOS 6.5 since the Red Hat announcement, and was being rsynced to mirrors as of yesterday so expect the official release announcement soon – for example, the UK Mirror Service is already updated with the 6.5 release if you really really can’t wait. Update: CentOS 6.5 is now officially available from all mirrors to download along with release notes.

  • Tiny Core 5.1: At the other end of the scale, Tiny Core, the x86 Linux which takes only 10MB of space and miniscule amounts of RAM, has been updated to version 5.1. The update moves the kernel to 3.8.13, to fix a specific bug, from September’s 5.0 release which came with a 3.8.10 kernel glibc 2.16, gcc 4.7.2 and other more up to date libraries and apps.