Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 26 perc 10 másodperc

Security advisories for Wednesday

sze, 2015-11-11 18:19

CentOS has updated sssd (C6: memory leak).

Debian has updated wpa (multiple vulnerabilities).

Fedora has updated php-udan11-sql-parser (F23; F21: content spoofing) and phpMyAdmin (F23; F21: content spoofing).

Mageia has updated kernel-linus (denial of service), libreoffice (multiple vulnerabilities), putty (memory corruption), python-curl (use-after-free), and sudo (privilege escalation).

Oracle has updated sssd (OL6: memory leak).

Red Hat has updated flash-plugin (RHEL6; RHEL5: multiple vulnerabilities).

SUSE has updated xen (SLE11SP2: multiple vulnerabilities).

Ubuntu has updated linux-lts-wily (14.04: denial of service) and wpa (15.10, 15.04, 14.04: multiple vulnerabilities).

Kategóriák: Linux

Linux Ransomware Debut Fails on Predictable Encryption Key (Bitdefender Labs)

sze, 2015-11-11 00:45
Bitdefender Labs takes a look at Linux.Encoder.1 ransomware. "Linux.Encoder.1 is executed on the victim’s Linux box after remote attackers leverage a flaw in the popular Magento content management system app. Once executed, the Trojan looks for the /home, /root and /var/lib/mysql folders and starts encrypting their contents. Just like Windows-based ransomware, it encrypts the contents of these files using AES (a symmetric key encryption algorithm), which provides enough strength and speed while keeping system resources usage to a minimum. The symmetric key is then encrypted with an asymmetric encryption algorithm (RSA) and is prepended to the file, along with the initialization vector used by AES." Once the files are encrypted the hackers demand a fee in exchange for the RSA private key to decrypt the AES symmetric one. However, Bitdefender researchers were able to recover the AES key without having to decrypt it with the RSA private key. One can also thwart this threat with some good backups. (Thanks to Richard Moore)
Kategóriák: Linux

Tuesday's security advisories

k, 2015-11-10 18:39

Debian has updated kernel (multiple vulnerabilities) and unzip (regression in previous update).

Fedora has updated firefox (F21: multiple vulnerabilities), icecat (F23; F22; F21: hardened build), nspr (F21: multiple vulnerabilities), nss (F21: multiple vulnerabilities), nss-softokn (F21: multiple vulnerabilities), nss-util (F21: multiple vulnerabilities), and xen (F22; F21: multiple vulnerabilities).

openSUSE has updated firefox, nspr, nss, xulrunner, seamonkey (Leap42.1, 13.2, 13.1: multiple vulnerabilities).

Red Hat has updated sssd (RHEL6: memory leak).

Scientific Linux has updated sssd (SL6: memory leak).

Ubuntu has updated kernel (15.10; 15.04; 14.04; 12.04: denial of service), linux-lts-trusty (12.04: denial of service), linux-lts-utopic (14.04: denial of service), and linux-lts-vivid (14.04: denial of service).

Kategóriák: Linux

TensorFlow released

k, 2015-11-10 17:22
Google has released its TensorFlow machine-learning library under the Apache 2.0 license. "TensorFlow is an open source software library for numerical computation using data flow graphs. Nodes in the graph represent mathematical operations, while the graph edges represent the multidimensional data arrays (tensors) communicated between them." For those who are unfamiliar with this type of programming, this basic MNIST tutorial gives a feel for how it works with TensorFlow.
Kategóriák: Linux

A set of stable kernel updates

k, 2015-11-10 14:47
The 4.2.6, 4.1.13, 3.14.57, and 3.10.93 stable kernel updates have all been released; each contains another set of important fixes.
Kategóriák: Linux

TPP has provision banning requirements to transfer or access source code (Knowledge Ecology International)

k, 2015-11-10 01:51
Knowledge Ecology International looks at Article 14.17 of the Trans-Pacific Partnership (TPP), which has a provision banning requirements to transfer or provide access to software source code. "I'm wondering how the GPL fares here, and how much money Microsoft spent lobbying to get this included in the TPP, or if the NSA has a role in this. One aspect of this provision is that governments cannot insist on source code transparency, for mass market software, even to address concerns over security or interoperability."
Kategóriák: Linux

Security updates for Monday

h, 2015-11-09 19:32

Debian has updated krb5 (multiple vulnerabilities).

Debian-LTS has updated krb5 (multiple vulnerabilities) and php5 (multiple vulnerabilities).

Fedora has updated git (F22: code execution), ipsilon (F23; F22; F21: denial of service), krb5 (F23: unspecified vulnerability), php-ZendFramework (F23; F22; F21: two vulnerabilities), rpcbind (F23: denial of service), sudo (F23; F22: privilege escalation), and xen (F23: multiple vulnerabilities).

Mageia has updated kernel (denial of service), krb5 (multiple vulnerabilities), owncloud (unspecified vulnerabilities), and roundcubemail (cross-site scripting).

openSUSE has updated krb5 (13.2, 13.1: multiple vulnerabilities), phpMyAdmin (Leap42.1; 13.2, 13.1: content spoofing), and polkit (Leap42.1: multiple vulnerabilities).

Slackware has updated firefox (multiple vulnerabilities) and nss (code execution).

Ubuntu has updated unzip (regression in previous update).

Kategóriák: Linux

Videos from systemd.conf 2015

h, 2015-11-09 15:45
The videos of the talks from the inaugural systemd.conf event have been posted. There are about two-dozen talks on the development of systemd itself and systems that use it.
Kategóriák: Linux

Trinity 1.6 released

p, 2015-11-06 19:59
Dave Jones has announced, at long last, a new release of the Trinity kernel fuzz-testing tool. "At last weeks kernel summit, a number of people expressed just how useful they find Trinity and how much they were bummed to find out I wasn’t working on it any more. With that feedback, I felt motivated to clean the decks and get 1.6 out."
Kategóriák: Linux

[$] A new Mindcraft moment?

p, 2015-11-06 19:51
It is not often that Linux kernel development attracts the attention of a mainstream newspaper like The Washington Post; lengthy features on the kernel community's approach to security are even more uncommon. So when just such a feature hit the net, it attracted a lot of attention. This article has gotten mixed reactions, with many seeing it as a direct attack on Linux. The motivations behind the article are hard to know, but history suggests that we may look back on it as having given us a much-needed push in a direction we should have been going for some time.
Kategóriák: Linux

Friday's security updates

p, 2015-11-06 18:43

Arch Linux has updated nspr (code execution) and nss (code execution).

Debian has updated libreoffice (multiple vulnerabilities).

Fedora has updated drupal7 (F22: open redirect), mediawiki (F21; F22; F23: multiple vulnerabilities), python-pycurl (F23: use-after-free vulnerability), and xscreensaver (F21; F22: denial of service).

Mageia has updated libebml (M5: multiple vulnerabilities), libtorrent-rasterbar (M5: code execution), libxml2 (M5: denial of service), libxslt (M5: denial of service), sddm (M5: denial of service), util-linux (M5: denial of service), and xscreensaver (M5: denial of service).

SUSE has updated MozillaFirefox, mozilla-nspr, mozilla-nss (SLE12: multiple vulnerabilities).

Ubuntu has updated kernel (12.04; 14.04; 15.04: multiple vulnerabilities), libreoffice (12.04, 14.04, 15.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

Kategóriák: Linux

Kernel Self Protection Project

cs, 2015-11-05 23:55
Kees Cook has announced the Kernel Self Protection Project, which is meant to be "a community of people to work on the various kernel self-protection technologies (most of which are found in PaX and Grsecurity)". This is an outgrowth of his Kernel Summit talk about incorporating hardening and self-protection features into the mainline kernel. "Between the companies that recognize the critical nature of this work, and with Linux Foundation's Core Infrastructure Initiative happy to start funding specific work in this area, I think we can really make a dent." He is looking for others who are also interested in doing some of this work.
Kategóriák: Linux

The kernel of the argument (Washington Post)

cs, 2015-11-05 22:11
Here's a lengthy Washington Post feature on the security (or lack thereof) of the Linux kernel; it features a number of familiar names. "Even many Linux enthusiasts see a problem with this from a security perspective: There is no systemic mechanism for identifying and remedying problems before hackers discover them, or for incorporating the latest advances in defensive technologies. And there is no chief security officer for the Linux kernel."
Kategóriák: Linux

Security advisories for Thursday

cs, 2015-11-05 20:30

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities), nspr (C7; C6; C5: code execution), nss (C7; C6; C5: code execution), and nss-util (C7; C6: code execution).

Debian has updated iceweasel (multiple vulnerabilities).

Fedora has updated firefox (F23; F22: multiple vulnerabilities), nspr (F23; F22: code execution), nss (F23; F22: code execution), nss-softokn (F23; F22: code execution), nss-util (F23; F22: code execution), ntp (F21: multiple vulnerabilities), php-horde-horde (F22; F21: cross-site request forgeries), php-horde-imp (F22; F21: cross-site request forgeries), php-horde-ingo (F22; F21: cross-site request forgeries), and php-horde-passwd (F22; F21: cross-site request forgeries).

Mageia has updated drupal (open redirect), firefox, nspr, and nss (multiple vulnerabilities), and springframework (open file redirect).

openSUSE has updated postgresql92 (13.1: information disclosure) and wpa_supplicant (13.1: denial of service).

Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities), kernel 2.6.32 (OL6; OL5: privilege escalation), kernel 3.8.13 (OL7; OL6: privilege escalation), kernel 2.6.39 (OL6: privilege escalation), nss and nspr (OL5: code execution), and nss, nss-util, and nspr (OL7; OL6: code execution).

Scientific Linux has updated firefox (multiple vulnerabilities), kernel (SL7: two vulnerabilities, one from 2014), libreswan (SL7: denial of service), nss and nspr (SL5: code execution), and nss, nss-util, and nspr (SL6&7: code execution).

Ubuntu has updated firefox (multiple vulnerabilities), nspr (code execution), and nss (code execution).

Kategóriák: Linux

[$] Weekly Edition for November 5, 2015

cs, 2015-11-05 02:15
The Weekly Edition for November 5, 2015 is available.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-11-04 18:55

Arch Linux has updated firefox (multiple vulnerabilities).

CentOS has updated kernel (C7: two vulnerabilities) and libreswan (C7: denial of service).

Debian has updated freeimage (integer overflow) and php-horde (cross-site request forgery).

openSUSE has updated audiofile (Leap42.1, 13.2, 13.1: buffer overflow), bouncycastle (Leap42.1, 13.2, 13.1: invalid curve attack), java-1_7_0-openjdk (13.2; 13.1: multiple vulnerabilities), java-1_8_0-openjdk (13.2: multiple vulnerabilities), postgresql93 (13.2: two vulnerabilities), potrace (Leap42.1, 13.2, 13.1: denial of service), roundcubemail (13.2, 13.1: two vulnerabilities), sudo (13.2, 13.1: information disclosure), util-linux (Leap42.1, 13.2, 13.1: denial of service), and wpa_supplicant (13.2: denial of service).

Oracle has updated kernel (OL7: two vulnerabilities) and libreswan (OL7: denial of service).

Red Hat has updated nss, nspr (RHEL5: code execution), firefox (RHEL5,6,7: multiple vulnerabilities), kernel (RHEL7: two vulnerabilities), kernel-rt (RHEL7; RHEMRG2.5: two vulnerabilities), libreswan (RHEL7: denial of service), and nss, nss-util, nspr (RHEL6,7: code execution).

SUSE has updated krb5 (SLE12; SLE11SP3,4: multiple vulnerabilities) and xen (SLE12: multiple vulnerabilities).

Ubuntu has updated xscreensaver (12.04: denial of service).

Kategóriák: Linux

OpenSUSE Leap 42.1 released

sze, 2015-11-04 17:02
The openSUSE Leap 42.1 release is now available. "Version 42.1 is the first version of openSUSE Leap that uses source from SUSE Linux Enterprise (SLE) providing a level of stability that will prove to be unmatched by other Linux distributions. Bonding community development and enterprise reliability provides more cohesion for the project and its contributor’s maintenance updates. openSUSE Leap will benefit from the enterprise maintenance effort and will have some of the same packages and updates as SLE, which is different from previous openSUSE versions that created separate maintenance streams." See this June LWN article for some background on this new approach to the openSUSE distribution.
Kategóriák: Linux

Gardiner: Remembering Telsa Gwynne

sze, 2015-11-04 16:38
Mary Gardiner has posted a memorial to Telsa Gwynne. "Telsa was also a critical inspiration to me as an activist: in the early 2000s (and still) it was hugely controversial to either believe that open source communities could still work if they were more civil (the entire LinuxChix project was partly an experiment with that), and even more so to insist that they should be. Telsa is the earliest person I can think of who stood up in an open source development community and asked it to change its norms in the direction of civility." Telsa withdrew from our community some years ago, but she will be much missed just the same.
Kategóriák: Linux

Kernel Summit tech day coverage complete

k, 2015-11-03 21:25
LWN's 2015 Kernel Summit page now has coverage from the open day of the event, which focused primarily on technical topics. Subscribers are invited to have a look. Coverage from the final day is in the works and will be posted within the next day or so.

Kategóriák: Linux

Firefox 42 is available

k, 2015-11-03 20:52
Firefox 42 has been released. This version features private browsing with tracking protection, site security and privacy controls in the Control Center, WebRTC improvements, and more. See the release notes for more information.
Kategóriák: Linux