Mitigating the BootHole vulnerability is proving difficult for several major Linux distributions, KDE's Ark tool issues a security advisory, Cloudflare reduces perceived delays in worker process startup time, and Tor brings back its Bug Smash Fund for a second year.
- Servers at risk from “BootHole” bug - what you need to know
- There’s a Hole in the Boot - Mitigation
- [PDF] National Security Agency/Central Security Service: Mitigate the GRUB2 BootHole Vulnerability
- BootHole fixes causing boot problems across multiple Linux distros
- KDE Project Security Advisory: Ark: maliciously crafted archive can install files outside the extraction directory
- Eliminating cold starts with Cloudflare Workers
- Tor’s Bug Smash Fund: Year Two!
- Multiple Tor security issues disclosed, more to come