Népszerű fórum témák
FreeBSD Project News
Ars Technica reports that a security researcher has found what he calls a "catastrophic failure" in the Linux version of LibreSSL. "The failure results in cases where the same 16-bit PID is used to designate two or more processes. Linux ensures that a process can never have the same ID as the child process it spawned, but it remains possible for a process to have the same PID as its grandparent process. The condition appears to be an edge case, but it's one that may be possible if the Linux fork_rand program forks enough times to produce identical PIDs. OpenSSL, the open-source program LibreSSL aims to replace, has ways to recover from such cases. LibreSSL does not, at least not on Linux."
Update: This issue has been fixed in LibreSSL 2.0.2.
KDE has announced the release of Plasma 5.0. "Plasma 5.0 introduces a new major version of KDE's workspace offering. The new Breeze artwork concept introduces cleaner visuals and improved readability. Central work-flows have been streamlined, while well-known overarching interaction patterns are left intact. Plasma 5.0 improves support for high-DPI displays and ships a converged shell, able to switch between user experiences for different target devices. Changes under the hood include the migration to a new, fully hardware-accelerated graphics stack centered around an OpenGL(ES) scenegraph. Plasma is built using Qt 5 and Frameworks 5."
SUSE has updated flash-player (SLED11SP3: multiple vulnerabilities).
Google's newly announced Project Zero is focused on making the net as a whole safer from attackers. "We're not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers. We'll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment." Their policy of only reporting bugs to the vendor looks like it could result in the burying of inconvenient vulnerabilities, but presumably they have thought about that.
In the first article in this series, we briefly looked at the original Linux filesystem notification API, dnotify, and noted a number of its limitations. We then turned our attention to its successor, inotify, and saw how the design of the newer API addressed various problems with the dnotify API while providing a number of other benefits as well. At first glance, inotify seems to provide a complete solution for the task of creating an application that reliably monitors the state of a filesystem. However, we are about to see that this isn't quite the case.
Subscribers can check out the next article in guest author Michael Kerrisk's series by clicking below.
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Legfrissebb HUP dokumentumok
Felesleges, nem érdekel.
Jó lenne, de a kedvenc gyártóm nem foglalkozik vele, emiatt viszont nem váltok más gyártó termékére.
Nem rossz szolgáltatás, ha adják OK, de extra pénzt nem fizetnék érte.
Ha lehet, dual-SIM-es készüléket veszek, de nem fő szempont.
Kizárólag dual-SIM-es készüléket veszek, más szóba sem jöhet.
Csak az eredmény érdekel.
Összes szavazat: 202