Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 14 perc 47 másodperc

Coming soon... Apache OpenOffice 4.1.2

h, 2015-09-28 19:18
The Apache OpenOffice blog promises that the 4.1.2 release is coming soon. "Most of the code changes for OpenOffice 4.1.2 have already been integrated. Dozens of old and new developers contributed in recent weeks. For users, improvements are expected in stability (fixes in all modules: Writer, Calc, Impress, Draw, Base), Microsoft interoperability (Sharepoint) and documents import." If "recent weeks" is taken to mean "since July 1", then six developers (0.5 dozens) 13 developers (1.08 dozens) have contributed 135 patches toward this release.
Kategóriák: Linux

Security updates for Monday

h, 2015-09-28 18:30

Arch Linux has updated chromium (information disclosure).

Debian has updated cyrus-sasl2 (denial of service from 2013).

Debian-LTS has updated eglibc (multiple vulnerabilities) and nss (two vulnerabilities).

Fedora has updated firefox (F22: multiple vulnerabilities), pdns (F22; F21: denial of service), rolekit (F22: information leak), xen (F22; F21: two vulnerabilities), and xpra (F22; F21: information disclosure).

Mageia has updated pixman (MG5: buffer overflow), rpcbind (MG5: denial of service), and unzip (MG5: two vulnerabilities).

SUSE has updated Xen (SLES10SP4: multiple vulnerabilities).

Ubuntu has updated NVIDIA graphics drivers (15.04, 14.04, 12.04: privilege escalation) and simplestreams (15.04, 14.04: regression in previous update).

Kategóriák: Linux

Kernel prepatch 4.3-rc3

v, 2015-09-27 19:53
The 4.3-rc3 prepatch is out. "So as usual, rc3 is actually bigger than rc2 (fixes are starting to trickle in), but nothing particularly alarming stands out. Everything looks normal: the bulk is drivers (all over, but gpu and networking are the biggest parts) and architecture updates. There's also networking and filesystem updates, along with documentation."
Kategóriák: Linux

Pumpiverse community update

szo, 2015-09-26 00:44

Earlier this week, creator Evan Prodromou announced that, due to budget and time pressures, he was looking to move into a community-governed project structure. "Ideally, what I'd like to do is transfer the copyrights, domains and data to a non-profit that could collect donations to keep the servers running. Budget-wise, it's about $5K/year, including servers, domain registration, and SSL certs. It'd also be great if some of the people who have been sending in pull requests could start working on the software directly. There are a lot of PRs backed up." Subsequently, interested community members met to hash out a plan, and have now reported their plans. will apply to be a member project of the Software Freedom Conservancy, and Prodromou has started granting administrative and commit privileges to several other developers. It is not yet clear how maintenance for Prodromou's current crop of servers will be handled, but the community does appear to be coalescing into a more active project.

Kategóriák: Linux

Friday's security updates

p, 2015-09-25 17:36

Arch Linux has updated rpcbind (denial of service).

Debian has updated wireshark (multiple vulnerabilities).

Debian-LTS has updated cups (code execution).

Fedora has updated php-ZendFramework2 (F22; F21: code execution) and wordpress (F22; F21: multiple vulnerabilities).

Gentoo has updated adobe-flash (multiple vulnerabilities), cacti (multiple vulnerabilities), curl (multiple vulnerabilities), git (code execution), libtasn1 (multiple vulnerabilities), networkmanager (denial of service), and ntp (multiple vulnerabilities).

openSUSE has updated mysql-community-server (13.1, 13.2: multiple vulnerabilities) and php5 (13.1, 13.2: multiple vulnerabilities).

Red Hat has updated firefox (RHEL 5, 6, 7: multiple vulnerabilities).

SUSE has updated php5 (SLE12: multiple vulnerabilities).

Ubuntu has updated qemu, qemu-kvm (12.04, 14.04, 15.04: multiple vulnerabilities), simplestreams (14.04, 15.04: denial of service), and unity-firefox-extension, webapps-greasemonkey, webaccounts-browser-extension (12.04, 14.04, 15.04: denial of service).

Kategóriák: Linux

EFF: Our Broken Patent System at Work: Patent Owner Insists the "Integers" Do Not Include the Number One

p, 2015-09-25 00:40
The Electronic Frontier Foundation (EFF) Deeplinks blog has an almost amusing account of a patent holder trying to define "integer" as a whole number greater than one. It seems that this strategy is likely to fail, but there is, of course, a cost associated with refuting such a ridiculous definition. "To be clear: the law allows patent applicants to redefine words if they want. But the law also says they have to be clear that they are doing that (and in any event, they shouldn't be able to do it years after the patent issues, in the middle of litigation). In Core Wireless' patent, there is no indication that it used the word "integer" to mean anything other than what we all learn in high school. (Importantly, the word "integer" doesn’t appear in the patent anywhere other than in the claims.) It appears that Core Wireless is attempting to redefine a word—a word the patent applicant freely chose—because presumably otherwise its lawsuit will fail."
Kategóriák: Linux

Security updates for Thursday

cs, 2015-09-24 16:03

Debian has updated iceweasel (multiple vulnerabilities) and rpcbind (denial of service).

Fedora has updated bind99 (F22: two denial of service flaws), groovy (F22: code execution), libvdpau (F22: three vulnerabilities), and libvpx (F22: denial of service).

Mageia has updated firefox (M5: multiple vulnerabilities), moodle (M5: multiple vulnerabilities), and shutter (M5: code execution).

openSUSE has updated cyrus-imapd (13.1; 13.2: largely unspecified).

Ubuntu has updated apport (privilege escalation).

Kategóriák: Linux

[$] Weekly Edition for September 24, 2015

cs, 2015-09-24 02:39
The Weekly Edition for September 24, 2015 is available.
Kategóriák: Linux

GNOME 3.18

sze, 2015-09-23 19:39
The GNOME Project has announced the release of GNOME 3.18. "This release brings significant improvements to many of our core applications, from better Google Drive integration in Files to a list view in Boxes to firmware updates in Software, and several entirely new applications: Calendar, Characters, Todo. Improvements to our platform include automatic screen brightness handling and improved typography." See the release notes for details.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-09-23 19:01

Arch Linux has updated firefox (multiple vulnerabilities).

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities) and qemu-kvm (C6: information leak).

Fedora has updated kernel (F21: privilege escalation) and unzip (F22: two vulnerabilities).

openSUSE has updated flash-player (13.2, 13.1: multiple vulnerabilities).

Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities) and qemu-kvm (OL6: information leak).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities) and qemu-kvm (RHEL6: information leak).

Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities) and qemu-kvm (SL6: information leak).

Slackware has updated firefox (multiple vulnerabilities).

SUSE has updated flash-player (SLE12; SLED11SP3,4: multiple vulnerabilities) and kernel (SLE11SP3: multiple vulnerabilities).

Ubuntu has updated firefox (15.04, 14.04, 12.04: multiple vulnerabilities) and ubufox (15.04, 14.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

Firefox 41 released

k, 2015-09-22 22:37
The release of Firefox 41 has been announced. "This release includes minor updates to personalize your Firefox Account and adds a new functionality to Firefox Hello Beta." The release notes contain more information.
Kategóriák: Linux

[$] Fuzzing with american fuzzy lop

k, 2015-09-22 19:43

In September 2014 a serious security vulnerability that became known as Shellshock was found in Bash, which is the default shell in most Linux distributions. But it quickly turned out that the initial fix for Shellshock was incomplete. Various other related bugs were found only days after the publication, amongst them two severe vulnerabilities discovered by Michał Zalewski from the Google security team. In the blog post, Zalewski mentioned that he had found these bugs with a fuzzing tool that he wrote, which almost nobody knew back then: american fuzzy lop (afl).

Subscribers can click below for the full article by guest author Hanno Böck.

Kategóriák: Linux

Announcing the release of Fedora 23 Beta

k, 2015-09-22 18:22
Fedora 23 beta has been released. "Fedora 23 includes a number of changes that will improve all of the editions. For example, Fedora 23 makes use of compiler flags to improve security by "hardening" the binaries against memory corruption vulnerabilities, buffer overflows, and so on. This is a "behind the scenes" change that most users won't notice through normal use of a Fedora edition, but will help provide additional system security." The final release is scheduled for late October.

Fedora 23 beta is also available for AARCH64 and POWER architectures.

Kategóriák: Linux

Tuesday's security updates

k, 2015-09-22 18:14

Arch Linux has updated flashplugin (multiple vulnerabilities).

Debian has updated kernel (multiple vulnerabilities).

Debian-LTS has updated linux-2.6 (multiple vulnerabilities).

Fedora has updated icedtea-web (F21: applet execution).

Mageia has updated flash-player-plugin (MG5: multiple vulnerabilities).

openSUSE has updated bind (13.2, 13.1: denial of service), criu (13.2: two vulnerabilities), icedtea-web (13.2, 13.1: multiple vulnerabilities), libgcrypt (13.2, 13.1: information disclosure), and python-django (13.1: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL5,6: multiple vulnerabilities).

SUSE has updated kernel (SLE11SP3: multiple vulnerabilities).

Kategóriák: Linux

A round of stable kernel updates

k, 2015-09-22 01:26
The 4.2.1, 4.1.8, 3.14.53, and 3.10.89 stable kernel updates have been release. Each contains a relatively large set of important fixes.
Kategóriák: Linux

[$] The kernel connection multiplexer

k, 2015-09-22 01:23
As the introduction to Tom Herbert's kernel connection multiplexer (KCM) patch set notes, TCP is often used for message-oriented communication protocols even though, as a streaming transport, it has no native support for message-oriented communications. KCM is an effort to make it easier to send and receive messages over TCP which adds a couple of other interesting features as well.

Click below (subscribers only) for the full story from this week's Kernel Page.

Kategóriák: Linux

Round tables: Open Source and Software Patent Non-Aggression, European Context

k, 2015-09-22 00:09
The Free Software Foundation Europe and Open Invention Network, with the participation of the Legal Network and the Asian Legal Network, are presenting two round table events with presentations and panel discussion of industry and community speakers, titled "Open Source and Software Patent Non-Aggression, European Context". The events will be held in Berlin, Germany on October 21 and in Warsaw, Poland on October 22.
Kategóriák: Linux

Security advisories for Monday

h, 2015-09-21 19:00

Arch Linux has updated wordpress (multiple vulnerabilities).

Debian has updated owncloud-client (man-in-the-middle attack), qemu (multiple vulnerabilities), and qemu-kvm (multiple vulnerabilities).

Debian-LTS has updated libtorrent-rasterbar (code execution) and rpcbind (denial of service).

Fedora has updated icedtea-web (F22: multiple vulnerabilities), pcs (F22; F21: privilege escalation), php-pecl-zip (F22; F21: directory traversal), and qemu (F22: code execution).

Mageia has updated owncloud (MG5: multiple vulnerabilities).

openSUSE has updated Chromium (13.2, 13.1: multiple vulnerabilities), python-Django (13.2: denial of service), and remind (13.2, 13.1: buffer overflow).

SUSE has updated openssh (SLE11SP3: multiple vulnerabilities).

Kategóriák: Linux

Kernel prepatch 4.3-rc2

h, 2015-09-21 15:49
The second 4.3 prepatch is now available for testing. "As has been the trend for a while now, rc2 tends to be reasonably small, probably because it takes a while for regression reports to start trickling in (and some people probably actively wait for rc2 to even start testing - you scaredy-cats, you)."
Kategóriák: Linux

GeoClue 2.3.0 available

p, 2015-09-18 23:44

Version 2.3.0 of the GeoClue geolocation service has been released. The most notable change in this update is support for sharing and accessing GPS devices over a network connection. A proof-of-concept implementation of this feature is available in the Geoclue Share app for Android, which lets users relay GPS data from their device to a GNOME desktop system. Other new features include support for digital compasses and updated documentation.

Kategóriák: Linux