ls -1TörténelemNépszerű témákNépszerű fórum témákHardverAjánlott böngésző FreeBSD Project News |
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Webcím: http://lwn.net
Frissült: 3 perc 21 másodperc Linux’s Creator Wants Us All to Chill Out About the Leap Second (Wired)Wired talks
with Linus Torvalds about the potential for another leap-second bug.
"Really, to the rest of us, just take the leap second as an excuse to
have a small nonsensical party for your closest friends. Wear silly hats,
get a banner printed that says 'Leap Second Doomsday Party', and get silly
drunk. You’ll blink, and it’s over, but at least you’ll have the hangover
next day to remind you of that glorious but fleeting extra second."
Kategóriák: Linux
Friday's security updatesDebian has updated curl (access restriction bypass) and file (multiple vulnerabilities). Debian-LTS has updated file and (multiple vulnerabilities) firebird2.1 (denial of service). Mandriva has updated asterisk (BS1: denial of service), file (BS1: multiple vulnerabilities), jasper (BS1: multiple vulnerabilities), krb5 (BS1: denial of service), libevent (BS1: denial of service), libjpeg (BS1: denial of service), nail (BS1: code execution), pwgen (BS1: multiple vulnerabilities), sox (BS1: code execution), unrtf (BS1: multiple vulnerabilities), unzip (BS1: multiple vulnerabilities), and znc (BS1: multiple vulnerabilities). Red Hat has updated php (RHEL 6.5: multiple vulnerabilities) and python-keystoneclient (RHEL OpenStack Platform: man-in-the-middle attack). SUSE has updated xen (SLED/SLES/SLESDK 12: multiple vulnerabilities). Ubuntu has updated cpio (multiple vulnerabilities). Kategóriák: Linux
New stable kernelsGreg Kroah-Hartman has released four new stable kernels: 3.10.64, 3.14.28, 3.17.8, and 3.18.2. Each contains important updates and fixes. The 3.17.8 release is also noteworthy because it will be the last release in the 3.17 series. 3.17 users need to move to the 3.18 series as soon as possible. Kategóriák: Linux
Thursday's security updatesCentOS has updated glibc (C6: multiple vulnerabilities). Fedora has updated mpfr (F20; F21: buffer overflow), nss (F20: information leak), nss-softokn (F20: information leak), nss-util (F20: information leak), openvas-cli (F21: SQL injection), openvas-manager (F21: SQL injection), openvas-scanner (F21: SQL injection), tcpdump (F21: code execution), and thermostat (F20; F21: privilege escalation). Mageia has updated apache (M4: access-restriction bypass), asterisk (M4: denial of service), ettercap (M4: multiple vulnerabilities), glibc (M4: multiple vulnerabilities), libsndfile (M4: multiple vulnerabilities), and libssh (M4: denial of service). Mandriva has updated mediawiki (BS1: multiple vulnerabilities). openSUSE has updated libssh (denial of service) and php5 (11.4: multiple vulnerabilities). Oracle has updated glibc (O6: multiple vulnerabilities). Red Hat has updated glibc (RHEL6: multiple vulnerabilities). Scientific Linux has updated glibc (SL6: multiple vulnerabilities). Ubuntu has updated bsd-mailx (code execution), exiv2 (14.10: denial of service), mime-support (code execution), and nss (information disclosure). Kategóriák: Linux
LWN.net Weekly Edition for January 8, 2015The LWN.net Weekly Edition for January 8, 2015 is available.
Kategóriák: Linux
[$] Dark Mail publishes its secure-email architectureThe Dark Mail Alliance has published the first description of the architecture that enables its secure-and-private alternative to the existing Internet email system. Called the Dark Internet Mail Environment (DIME), the system involves a new email message format and new protocols for email exchange and identity authentication. Nevertheless, DIME also makes an effort to be backward-compatible with existing email deployments. DIME includes several interesting ideas, but its main selling points remain its security: it not only offers end-to-end encryption, but it encrypts much of the message metadata other systems leave in cleartext, too, and it offers resistance to attacks that target servers between the sender and the recipient. Kategóriák: Linux
Security advisories for WednesdayDebian has updated mantis (multiple vulnerabilities). Mageia has updated kernel (multiple vulnerabilities), libevent (denial of service), libpng (memory overwrite), nvidia (code execution), and webmin (malicious symlinks). Kategóriák: Linux
McIntyre: Bootstrapping arm64 in DebianSteve McIntyre provides
a progress report on the status of the arm64 port for Debian 8 "Jessie".
"arm64 is officially a release architecture for Jessie, aka Debian version 8. That's taken a lot of manual porting and development effort over the last couple of years, and it's also taken a lot of CPU time - there are ~21,000 source packages in Debian Jessie! As is often the case for a brand new architecture like arm64 (or AArch64, to use ARM's own terminology), hardware can be really difficult to get hold of. In time this will cease to be an issue as hardware becomes more commoditised, but in Debian we really struggled to get hold of equipment for a very long time during the early part of the port."
Kategóriák: Linux
Tuesday's security updatesCentOS has updated libvirt (C7: information disclosure). Debian has updated libevent (denial of service). Fedora has updated bind (F21; F19: denial of service), cpio (F20: denial of service), jasper (F21; F20; F19: three code execution vulnerabilities), python-pip (F21: denial of service), python3 (F19: two vulnerabilities), and roundcubemail (F21; F20: cross-site scripting). Mageia has updated libvirt (denial of service), openvas-manager (sql injection), privoxy (two vulnerabilities), and python-yaml (denial of service). Oracle has updated libvirt (OL7: information disclosure). Red Hat has updated kernel (RHEL4: privilege escalation) and libvirt (RHEL7: information disclosure). Scientific Linux has updated libvirt (SL7: information disclosure). SUSE has updated bind (SLE11 SP3: denial of service), mutt (SLE12: denial of service), and suseRegister (SLE11 SP3: man-in-the-middle attack). Ubuntu has updated cgmanager (14.10, 14.04: information disclosure). Kategóriák: Linux
CyanogenMod CM12 nightly builds availableFor those of you who have been waiting for a CyanogenMod release based on
Android "Lollipop," the first
nightly builds are now available. "We would like to note that at
this point we consider ourselves 85% complete for our initial CM12 M
release. We’ll spend the remainder of this month bringing up additional
devices and finishing up the features you’ve come to love from CM11 –
implementing them into the new Material UI."
Kategóriák: Linux
Kernel prepatch 3.19-rc3The 3.19-rc3 prepatch is out for testing.
"It's a day delayed - not because of any particular development
issues, but simply because I was tiling a bathroom yesterday. But rc3 is
out there now, and things have stayed reasonably calm. I really hope that
implies that 3.19 is looking good, but it's equally likely that it's just
that people are still recovering from the holiday season."
Kategóriák: Linux
Cuthbertson: NixOS and Stateless DeploymentHere is a
lengthy post from Tim Cuthbertson on the virtues of building servers
with NixOS. "It should hopefully be obvious at this point why NixOS
is better than puppet: Both are declarative, but puppet is impure and
non-exhaustive - when you apply a config, puppet compares everything
specified against the current state of the system. Everything not specified
is left alone, which means you’re only specifying a very tiny subset of
your system. With NixOS, if something is not specified, it is not
present."
Kategóriák: Linux
Security advisories for MondayDebian has updated strongswan (denial of service). Debian-LTS has updated polarssl (denial of service), pyyaml (denial of service), and sox (code execution). Fedora has updated claws-mail (F19: man-in-the-middle attack), claws-mail-plugins (F19: man-in-the-middle attack), curl (F19: information leak), denyhosts (F20; F19: denial of service), ettercap (F21; F20; F19: multiple vulnerabilities), freetype (F20: buffer overflow), kernel (F19: multiple vulnerabilities), libetpan (F19: man-in-the-middle attack), libssh (F21; F20; F19: denial of service), mailx (F21; F20; F19: command execution), mingw-pcre (F21; F20; F19: information leak), openjpeg (F19: multiple vulnerabilities), python-django-horizon (F21: denial of service), pyxdg (F20: symlink attacks), subversion (F21; F20: denial of service), and unrtf (F21: code execution). Mandriva has updated c-icap (denial of service), ntp (multiple code execution vulnerabilities), pcre (information leak), php (code execution), and subversion (denial of service). Ubuntu has updated strongswan (14.10, 14.04: denial of service). Kategóriák: Linux
[$] OpenMediaVault: a distribution for NAS boxesThe Linux community has no shortage of general-purpose distributions that
can be made to serve almost any need. But many Linux deployments are not
on general-purpose machines; often the owner has a more specific objective
in mind. One such objective is to put together a network-attached storage (NAS)
box. A general-purpose distribution can easily be used in such a setting,
but there are also several specialized distributions that make the task
easier. This article, the first in a series, will look at OpenMediaVault, a Debian-based
NAS-oriented distribution.
Kategóriák: Linux
Friday's security updatesFedora has updated glpi (F19; F20, F21: SQL injection), mingw-binutils (F20; F21: multiple vulnerabilities), mingw-curl (F20; F21: multiple vulnerabilities), mingw-dbus (F20; F21: multiple vulnerabilities), mingw-freetype (F20; F21: code execution), mingw-libjpeg-turbo (F20; F21: denial of service), mingw-libxml2 (F20; F21: denial of service), mingw-openssl (F20; F21: multiple vulnerabilities), and ntp (F19; multiple vulnerabilities). openSUSE has updated libvirt (13.1: denial of service; 13.2: multiple vulnerabilities), ruby2.1 (13.2: multiple vulnerabilities), and ruby20 (13.1: multiple vulnerabilities). Kategóriák: Linux
Purism Librem 15 (Linux Journal)Linux Journal looks at
the Purism Project and the Purism Librem 15 laptop. "The Librem 15 uses the Trisquel distribution which wasn't a distribution I had heard of before now. Basically it's a Debian-based distribution that not only removes the non-free repository by default, but it has no repositories at all that provide non-free software. It was picked for the Librem 15 because it is on the list of official FSF-approved GNU/Linux distributions and since that laptop is aiming to get the FSF stamp of approval, that decision makes sense. Since it's a Debian-based distribution, the desktop environment and most of the available software shouldn't seem too different for anyone who has used a Debian-based distribution before. Of course, if you do want to use any proprietary software (like certain multimedia codecs or official Flash plugins) you will have to hunt for those on your own. Then again, the whole point of this laptop is to avoid any software like that."
Kategóriák: Linux
Ringing in 2015 with 40 Linux-friendly hacker SBCs (LinuxGizmos)For anybody looking for a single-board computer to experiment with:
LinuxGizmos has a
survey of 40 of them. "Over the last year we’ve seen some new
quad- and octa-core boards with more memory, built-in WiFi, and other
extras. Yet, most of the growth has been in the under $50 segment where the
Raspberry Pi and BeagleBone reign. Based on specs alone, standouts in
price/performance that have broken the $40 barrier include the new
Odroid-C1 and pcDuino3 Nano, but other good deals abound here as
well."
Kategóriák: Linux
Security advisories for WednesdayDebian has updated php5 (code execution). Gentoo has updated mit-krb5 (multiple vulnerabilities). Mageia has updated castor (XML injection), couchdb (cross-site scripting), cxf (two vulnerabilities), plasma-nm (man-in-the-middle attack), sox (code execution), unzip (code execution), and xml-security (denial of service). openSUSE has updated kernel (11.4: three vulnerabilities), php5 (11.4: three vulnerabilities), and python (11.4: multiple vulnerabilities). Oracle has updated docker (OL7; OL6: multiple vulnerabilities). Kategóriák: Linux
The Darkmail Internet Mail EnvironmentFrom Phillip Zimmermann and Ladar Levison (among others) comes the Darkmail Internet Mail Environment, an
attempt to replace SMTP with a more secure protocol. It has a
108-page specification [PDF] for those wanting details, and code is available on GitHub. "In
addition to the usual protection of content, a design goal for secure email
must be to limit what meta-information is disclosed so that a handling
agent only has access to the information it needs to see. The Dark
Internet Mail Environment (DIME) achieves this with a core model having
multiple layers of key management and multiple layers of message
encryption."
Kategóriák: Linux
Tuesday's security updatesDebian has updated polarssl (denial of service) and pyyaml (denial of service). Debian-LTS has updated ettercap (denial of service). Kategóriák: Linux
|
KeresésNavigációBelépésÁllásajánlatok
HWSWFriss blogbejegyzésekHUP napi hírlevélLegfrissebb HUP videókLegfrissebb Linux játékvideókLegfrissebb HUP képekSzavazásHáztartásomban ... darab TV készülék található. nulla 26% egy 42% kettő 18% három 8% négy 2% négynél több 2% Csak az eredmény érdekel. 2% Összes szavazat: 810
InformációKövess minket!Partnerünk |
Friss hozzászólások
14 másodperc
33 másodperc
59 másodperc
2 perc 10 másodperc
9 perc 55 másodperc
10 perc 36 másodperc
13 perc 34 másodperc
14 perc 53 másodperc
15 perc 35 másodperc
16 perc 43 másodperc