Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 23 perc 27 másodperc

[$] Reconsidering ffmpeg in Debian

k, 2014-08-05 18:46
For better or for worse, forks are a part of the free software landscape. Often a fork will result in a reinvigorated development community and the removal of unneeded roadblocks. But not all forks work out well. What is a distributor to do if, at some point, it concludes that it chose wrongly when it followed a fork of an important project? Going back to the original may not always be an easy thing to do, even if there appears to be a consensus for that move. The presence of security concerns can make such a change even harder to contemplate. The recent discussion on welcoming ffmpeg back into Debian illustrates the potential hazards nicely.
Kategóriák: Linux

Tuesday's security updates

k, 2014-08-05 18:03

CentOS has updated yum-updatesd (C5: bypass RPM package signing restriction).

Debian has updated icedove (multiple vulnerabilities).

Red Hat has updated yum-updatesd (RHEL5: bypass RPM package signing restriction).

Scientific Linux has updated yum-updatesd (SL5: bypass RPM package signing restriction).

SUSE has updated openjdk (SLED11 SP3: multiple vulnerabilities).

Ubuntu has updated eglibc (multiple vulnerabilities).

Kategóriák: Linux

CyanogenMod 11.0 M9 Released

h, 2014-08-04 21:54
CyanogenMod 11.0 M9 has been released. "This release marks the first ever (non-nightly) release for the Xperia Z2 ‘sirius’, Xperia Z2 Tablets ‘castor’ and the HTC One ‘m8′ – kudos to their maintainers and all the other maintainers that bring you these releases every month!"
Kategóriák: Linux

Security advisories for Monday

h, 2014-08-04 17:59

Debian has updated lzo2 (code execution).

Fedora has updated exim (F19; F20: code execution).

Gentoo has updated ZendFramework (SQL injection).

Mageia has updated gcc (code execution).

Slackware has updated dhcpcd (denial of service) and samba (remote code execution/privilege escalation).

SUSE has updated firefox (multiple vulnerabilities).

Ubuntu has updated samba (14.04 LTS: remote code execution/privilege escalation).

Kategóriák: Linux

Mozilla leaks developers email, password hashes

h, 2014-08-04 14:18
Mozilla has just disclosed a problem with its Mozilla Developer Network database sanitization system. "The issue came to light ten days ago when one of our web developers discovered that, starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server."
Kategóriák: Linux

The 3.16 kernel has been released

h, 2014-08-04 03:54
Linus has released the 3.16 kernel, right on schedule. This release includes the unified control group hierarchy work, many improvements to the multiqueue block layer, and, as always, lots of new drivers and internal improvements.
Kategóriák: Linux

XBMC Is Getting a New Name – Introducing Kodi 14

p, 2014-08-01 22:24
The XBMC media center will be renamed Kodi. "Six years have passed since the Xbox Media Center became XBMC, and simply put, “XBMC” fits less now than it did even in 2008. The software only barely runs on the original Xbox, and then only because some clever developers are still hacking on that platform. It has never run on the Xbox 360 or Xbox One." Trademarks were another reason for name change. The project was unable to trademark XBMC, leading to issues with hacked and broken implementations of the software being sold as "XBMC". Kodi is now a registered trademark of the XBMC Foundation.
Kategóriák: Linux

Samba 4.1.11 and 4.0.21 Security Releases Available

p, 2014-08-01 19:03
The Samba Team has put out an important-looking set of releases. "All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon. A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon. It may be possible to use this to generate a remote code execution vulnerability as the superuser (root)."
Kategóriák: Linux

Security advisories for Friday

p, 2014-08-01 18:25

CentOS has updated kernel (C6: multiple vulnerabilities).

Fedora has updated bugzilla (F20: cross-site request forgery), kernel (F20: multiple vulnerabilities), openstack-neutron (F20: denial of service), and sdcc (F20; F19: remote denial of service).

openSUSE has updated kernel (12.3: multiple vulnerabilities).

SUSE has updated lzo (SLES11&10: denial of service/possible code execution).

Kategóriák: Linux

Stable kernel updates

p, 2014-08-01 01:10
Stable kernels 3.15.8, 3.14.15, 3.10.51, and 3.4.101 have been released. All contain important fixes.
Kategóriák: Linux

This thumbdrive hacks computers. (Ars Technica)

cs, 2014-07-31 20:53
Ars Technica takes a look at an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms. "Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices."
Kategóriák: Linux

Thursday's security updates

cs, 2014-07-31 18:43

Debian has updated nss (multiple vulnerabilities) and tor (traffic confirmation attack).

Fedora has updated cups (F20: privilege escalation).

Mandriva has updated dbus (BS1.0: two denial of service flaws), file (BS1.0: denial of service), live (BS1.0: code execution), php-ZendFramework (BS1.0: SQL injection), and sendmail (BS1.0: denial of service).

openSUSE has updated apache2-mod_wsgi (13.1: off-by-one error), firefox (13.1, 12.3: multiple vulnerabilities), gpg2 (11.4: denial of service), memcached (11.4: multiple vulnerabilities), Mozilla (11.4: multiple vulnerabilities), ntp (13.1, 12.3: denial of service), php5 (13.1, 12.3: multiple vulnerabilities), ppc64-diag (13.1; 12.3: two vulnerabilities), pulseaudio (13.1, 12.3: denial of service), samba (11.4: two vulnerabilities), php5 (11.4: code execution), and xalan-j2 (11.4: information disclosure/code execution).

Red Hat has updated openstack-keystone (RHELOS3&4: privilege escalation).

Ubuntu has updated kde4libs (14.04 LTS, 12.04 LTS: ), tomcat6, tomcat7 (14.04 LTS, 12.04 LTS, 10.04 LTS: multiple vulnerabilities), and unity (14.04 LTS: command execution).

Kategóriák: Linux

[$] LWN.net Weekly Edition for July 31, 2014

cs, 2014-07-31 02:54
The LWN.net Weekly Edition for July 31, 2014 is available.
Kategóriák: Linux

Akademy 2014 Keynotes: Sascha Meinrath and Cornelius Schumacher

sze, 2014-07-30 19:58
KDE.News looks at Akademy keynote speakers Sascha Meinrath and Cornelius Schumacher. "Akademy 2014 will kick off on September 6 in Brno, Czech Republic; our keynote speakers will be opening the first two days. Continuing a tradition, the first keynote speaker is from outside the KDE community, while the second is somebody you all know. On Saturday, Sascha Meinrath will speak about the dangerous waters he sees our society sailing into, and what is being done to help us steer clear of the cliffs. Outgoing KDE e.V. Board President, Cornelius Schumacher, will open Sunday's sessions with a talk about what it is to be KDE and why it matters."
Kategóriák: Linux

[$] Wayland in GNOME: two progress reports

sze, 2014-07-30 19:28
The X11 replacement protocol Wayland has been in development since 2010. Compared to X11 itself, it is still a relatively new project, but the enthusiasm with which distributions and large software projects announced their intent to support Wayland makes it at least understandable that users would ask how much longer they need to wait before Wayland is made available to them. At GUADEC 2014 in Strasbourg, France, a pair of talks presented the latest status of Wayland support in various GNOME desktop components.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-07-30 18:02

Fedora has updated moodle (F20; F19: multiple vulnerabilities) and phpMyAdmin (F20; F19: multiple vulnerabilities).

Mageia has updated apache (MG4; MG3: multiple vulnerabilities).

Mandriva has updated apache (BS1.0: multiple vulnerabilities), java-1.7.0-openjdk (BS1.0: multiple vulnerabilities), owncloud (BS1.0: undisclosed vulnerability), and phpmyadmin (BS1.0: multiple vulnerabilities).

Oracle has updated kernel (OL6: multiple vulnerabilities).

Red Hat has updated kernel (RHEL6: multiple vulnerabilities).

Scientific Linux has updated kernel (SL6: multiple vulnerabilities).

Kategóriák: Linux

GDB 7.8 released

sze, 2014-07-30 15:42
Version 7.8 of the GDB debugger is out. New features include support for scripting in the Guile language, better Python scripting, support for debugging on little-endian PowerPC64 systems, handling of C99 variable-length arrays, and more.
Kategóriák: Linux

LibreOffice 4.3 released

sze, 2014-07-30 14:17
The LibreOffice 4.3 release is available. New features include improved document interoperability, better comment management, "intuitive spreadsheet handling," 3D models in Impress, and more. See the release notes for details. "LibreOffice 4.3 also supports 'monster' paragraphs exceeding 65,000 characters (an example of an 11 years old bug solved thanks to the modernization of the OOo source code, which is an exclusive function of LibreOffice)."
Kategóriák: Linux

[$] The EFF launches a router project

k, 2014-07-29 18:12
The Electronic Frontier Foundation is probably best known for its work in the political arena. But the EFF also occasionally tries to make change happen more directly by releasing interesting technologies of its own. The organization's July 20 announcement of the Open Wireless Router project is an example of this type of initiative. Your editor has long been concerned about the state of home (and small business) router software, so it made sense to take a look. What was revealed is a project with some interesting potential — but that potential may take more resources than are currently available to realize.
Kategóriák: Linux

openSUSE Factory becomes a rolling-release distribution

k, 2014-07-29 18:06
The openSUSE project has announced that the "Factory" development distribution has been reworked into an independent distribution using a rolling-release model. "With a daily fresh Factory distribution making it easier for those who want to preview and test, we hope to see more users and contributors, leading to faster fixes and even higher quality. Factory is critical as it provides the base technology for openSUSE and SUSE Linux Enterprise, which is used by tens of thousands of organizations around the world."
Kategóriák: Linux