News briefs for May 21, 2019.
Firefox 67.0 was released today. From the Mozilla blog: "Today's new Firefox release continues to bring fast and private together right at the crossroads of performance and security. It includes improvements that continue to keep Firefox fast while giving you more control and assurance through new features that your personal information is safe while you're online with us." You can download it from here, and see the release notes for details.
ownCloud announces its new server version 10.2, which introduces advanced sharing permissions, a secure view feature and automatic synchronization between federated clouds. From the press release: "the new server version of ownCloud focuses on more freedom and security in file distribution. The "Advanced Sharing Permissions" feature in particular provides developers with far-reaching options for implementing individual release functions at user and group level as well as providing data with special security settings."
Google has launched a "Glass Enterprise Edition 2" headset. According to Linux Gizmos, the new device has a "faster processor, longer battery life, improved camera and wireless features, and a reduced $999 price" compared with the previous Glass Enterprise Edition. It "runs Android Oreo on a faster, quad-core, 1.7GHz Snapdragon XR1 SoC with an 8MP camera, WiFi-ac, BT 5.x, a USB Type-C port, and longer battery life."
Ubuntu has expanded its Kernel Uploader Team. Phoronix reports that it's "a sign of the times with the Linux kernel being affected by an increasing number of CVEs (and particularly high profile ones at that), there are now more Ubuntu developers with upload rights for sending down new kernel upgrades." New to the Kernel Uploaders Team are Tyler Hicks, Juerg Haefliger and Khalid Elmously.
Kenna Security reports that "nearly 20% of the 1000 most popular Docker containers have no root password". Researcher Jerry Gamblin built a script to find null root Docker containers, available on GitHub that found some well known names: "govuk/governmentpaas, hashicorp, microsoft, monsanto, and mesosphere. kylemanna/openvpn is the most popular container on the list and it has over 10,000,000 pulls." He also notes that "The findings are interesting, but I don't want to be overly alarmist. Just because a container has no root password does not mean that it is automatically vulnerable. These findings could lead to configuration-based vulnerabilities in certain situations, as was the case with this the Alpine Linux vulnerability."