Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 22 perc 19 másodperc

[$] LWN.net Weekly Edition for February 19, 2015

cs, 2015-02-19 03:22
The LWN.net Weekly Edition for February 19, 2015 is available.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-02-18 18:54

Fedora has updated file (F21: multiple vulnerabilities).

Gentoo has updated chromium (multiple vulnerabilities).

Mageia has updated dbus (denial of service), glibc (two vulnerabilities), kernel (multiple vulnerabilities), patch (multiple vulnerabilities), postgresql (multiple vulnerabilities), and x11-server (information leak/denial of service).

openSUSE has updated mdadm (13.2: command injection).

Ubuntu has updated php5 (14.10, 14.04, 12.04: multiple vulnerabilities) and unzip (14.10, 14.04, 12.04: code execution).

Kategóriák: Linux

FreeBSD random number generator broken for last 4 months

sze, 2015-02-18 16:28
As several LWN readers have pointed out, John-Mark Gurney posted a message to the freebsd-current mailing list on February 17 noting that the random number generator (RNG) in the FreeBSD "current" kernel has been broken for the last four months. "If you are running a current kernel r273872 or later, please upgrade your kernel to r278907 or later immediately and regenerate keys. I discovered an issue where the new framework code was not calling randomdev_init_reader, which means that read_random(9) was not returning good random data. read_random(9) is used by arc4random(9) which is the primary method that arc4random(3) is seeded from. This means most/all keys generated may be predictable and must be regenerated. This includes, but not limited to, ssh keys and keys generated by openssl. This is purely a kernel issue, and a simple kernel upgrade w/ the patch is sufficient to fix the issue."
Kategóriák: Linux

Where do we stand 30 years after the founding of the Free Software Foundation? (Opensource.com)

k, 2015-02-17 22:06
Opensource.com has an interview with John Sullivan, Executive Director of FSF. "I stay involved because I think it's one of the most important social movements in existence, and it needs help—a lot of help. As more and more of the world's social, cultural, economic, and political interactions are mediated by technology, control over the technology becomes incredibly important for the exercise of any basic individual freedoms. I love the people I meet in this work, and the enormity of the challenge."
Kategóriák: Linux

Security updates for Tuesday

k, 2015-02-17 19:06

Fedora has updated libvirt (F20: two vulnerabilities) and qemu (F20: privilege escalation).

openSUSE has updated dbus-1, (13.2, 13.1: denial of service).

Slackware has updated patch (symlink attack), seamonkey (multiple vulnerabilities), and sudo (information disclosure).

SUSE has updated bind (SLES11 SP2: denial of service), clamav (SLES11 SP1,2,3, SLES10 SP4: multiple vulnerabilities), java-1_6_0-ibm (SLEM LS12: two unspecified vulnerabilities), java-1_7_1-ibm (SLE12: two unspecified vulnerabilities), and ntp (SLES11 SP1: multiple vulnerabilities).

Ubuntu has updated xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic (14.10, 14.04, 12.04: two vulnerabilities).

Kategóriák: Linux

Wayland 1.7.0

k, 2015-02-17 00:20
Bryce Harrington has announced the release of Wayland 1.7.0. "The Wayland protocol may be considered "done" but that doesn't mean there's not work to be done. This release focused on major improvements to Wayland's documentation, minor improvements to the testsuite, and some scattered bugfixes to the code itself."
Kategóriák: Linux

Security advisories for Monday

h, 2015-02-16 19:59

Debian-LTS has updated e2fsprogs (code execution) and nss (two vulnerabilities).

Fedora has updated android-tools (F21: code execution), bugzilla (F21; F20: command injection), community-mysql (F20: multiple unspecified vulnerabilities), dbus (F21: denial of service), libvirt (F21: multiple vulnerabilities), moodle (F21: multiple vulnerabilities), mutt (F21; F20: denial of service), ntp (F21; F20: two vulnerabilities), perl-Gtk2 (F21; F20: code execution), pigz (F21; F20: directory traversal), postgresql (F20: multiple vulnerabilities), puppetlabs-stdlib (F21; F20: privilege escalation), roundcubemail (F21; F20: cross-site scripting), rubygem-actionpack (F21: two information leaks), rubygem-sprockets (F21; F20: directory traversal), unzip (F21: multiple vulnerabilities), and virt-who (F21: information leak).

Gentoo has updated cpio (two vulnerabilities), libpng (memory overwrite), and oracle-jre-bin (multiple vulnerabilities).

Mageia has updated cups (buffer overflow), krb5 (multiple vulnerabilities), and rsync (denial of service).

SUSE has updated krb5 (SLE12; SLE12: multiple vulnerabilities) and ntp (SLES11 SP2: multiple vulnerabilities).

Kategóriák: Linux

deb.haskell.org compromised

h, 2015-02-16 18:20
The Haskell.org site is currently reporting that its Debian package repository, deb.haskell.org, has been compromised. "`deb.haskell.org` was already offline and suspended shortly after these traffic changes were detected by the host monitoring system, meaning the window for package compromise was very very small. We're continuing to investigate the breach and the extent to which it might have spread."
Kategóriák: Linux

[$] Scalar typing in the PHP world

szo, 2015-02-14 01:07
When one thinks about the PHP language, terms like "strong typing" and "strict checking" do not normally come to mind. But, as the project works toward its next major release (to be called PHP 7), it has become embroiled in a fierce debate over the proposed addition of some simple typing features to the language. To some, PHP is growing up into a safer, better-defined language, while others see the changes as possibly destroying the character of a historically freewheeling language.

Click below (subscribers only) for the full article.

Kategóriák: Linux

Help Linus decide what to call the next kernel

p, 2015-02-13 20:08
Do you have an opinion on whether the next kernel release should be called 3.20 or 4.0? Linus is currently running a poll on Google+ to get a sense for what people would prefer. "So - continue with v3.20, because bigger numbers are sexy, or just move to v4.0 and reset the numbers to something smaller?" As of this writing, the 4.0 option appears to be winning.
Kategóriák: Linux

Friday's security updates

p, 2015-02-13 17:29

openSUSE has updated clamav (13.1, 13.2: multiple vulnerabilities), roundcubemail (13.1, 13.2: cross-site scripting), and tcpdump (13.1, 13.2: multiple vulnerabilities).

SUSE has updated ntp (SLES/SLED12: multiple vulnerabilities).

Ubuntu has updated clamav (10.04: code execution).

Kategóriák: Linux

Linux for Astronomers (Linux Journal)

p, 2015-02-13 00:15
Over at Linux Journal, Joey Bernard looks at Distro Astro, which is a Linux distribution for astronomy. It collects programs of interest to those running telescopes and planetariums, including various image collection and processing applications. "After aiming your telescope, you need to collect some images or do some astrophotography. While you can do some of this with software like KStars, you have software specifically designed to do image capture. Some, like wxAstroCapture, are specifically written for use in astronomy. With it, you can set up automatic guiding and batch image collection. You then can go have a nice hot cup of coffee while your telescope collects your data. To help you keep track of all of these observations, you can use the Observation Manager, a logging program to maintain your records."
Kategóriák: Linux

Security advisories for Thursday

cs, 2015-02-12 17:42

Debian has updated dbus (denial of service) and xorg-server (information leak/denial of service).

Debian-LTS has updated postgresql-8.4 (multiple vulnerabilities).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), e2fsprogs (code execution), hivex (privilege escalation), ntp (two vulnerabilities), owasp-esapi-java (crypto botch from 2013), perl-Gtk2 (code execution), and xdg-utils (code execution).

Mandriva has updated e2fsprogs (code execution), elfutils (privilege escalation), ntp (two vulnerabilities), perl-Gtk2 (code execution), and postgresql (multiple vulnerabilities).

openSUSE has updated jython (13.2, 13.1: code execution from 2013).

Oracle has updated kernel (OL5: two vulnerabilities) and kernel (OL5: unspecified vulnerabilities).

Scientific Linux has updated subversion (SL7: three vulnerabilities).

SUSE has updated krb5 (SLE11SP3: multiple vulnerabilities) and ntp (SLE11SP3: multiple vulnerabilities).

Ubuntu has updated postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.4 (multiple vulnerabilities).

Kategóriák: Linux

LWN.net Weekly Edition for February 12, 2015

cs, 2015-02-12 04:34
The LWN.net Weekly Edition for February 12, 2015 is available.
Kategóriák: Linux

Matrix: a new specification for federated realtime chat

sze, 2015-02-11 23:38
The free-software community has frequently advocated the development of new decentralized, federated network services—for example, promoting XMPP as an alternative to AOL Instant Messenger, StatusNet as an alternative to Twitter, or Diaspora as an alternative to Facebook. The recently launched Matrix project takes on a different service: IRC-like multi-user chat.
Kategóriák: Linux

Stable kernel updates

sze, 2015-02-11 19:29
Greg KH has released another batch of stable kernels: 3.18.7, 3.14.33, and 3.10.69. All contain the usual set of important updates.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-02-11 19:22

CentOS has updated kernel (C5: denial of service) and subversion (C7; C6: multiple vulnerabilities).

Debian has updated ruby1.8 (denial of service).

openSUSE has updated krb5 (13.2: multiple vulnerabilities) and xen (13.2: multiple vulnerabilities).

Oracle has updated subversion (OL7; OL6: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6 Supplementary: multiple vulnerabilities), kernel (RHEL5: denial of service), and subversion (RHEL7; RHEL6: multiple vulnerabilities).

Scientific Linux has updated kernel (SL5: denial of service), shim (SL7: multiple vulnerabilities), and subversion (SL6: two vulnerabilities).

Ubuntu has updated krb5 (multiple vulnerabilities) and oxide-qt (14.10, 14.04: multiple vulnerabilities).

Kategóriák: Linux

GCC 5 in Fedora (Red Hat developer blog)

k, 2015-02-10 21:02
Last week the Red Hat developer blog looked at some changes coming with GCC5. This week's article covers how those changes will be handled in Fedora. "One consequence of this decision will be that Fedora 22 and Fedora 23 will both have GCC 5, but they’ll be fundamentally different. The C++ library (libstdc++.so) will be compatible between F22 and F23 (in fact, it will be almost exactly the same, modulo some extra patches from upstream that might be pulled into the later F23 build). The difference will be all the other DSOs that link to it. That’s important for Fedora developers to note. Specifically, FESCo’s decision means the C++ standard library headers installed by the libstdc++-devel RPM will have a different default value for the _GLIBCXX_USE_CXX11_ABI macro (0 in F22 and 1 in F23) but the libstdc++.so library will be largely the same in F22 and F23, because that library contains all the symbol definitions for both the old ABI and the new ABI, so that the same library works for both cases."
Kategóriák: Linux

Tuesday's security updates

k, 2015-02-10 19:08

Debian has updated ruby1.9.1 (multiple vulnerabilities) and unrtf (code execution).

Mageia has updated clamav (heap overflow), moodle (information disclosure), and polarssl (code execution).

Mandriva has updated cabextract (denial of service), clamav (heap overflow), glibc (code execution), otrs (privilege escalation), and zarafa (denial of service).

openSUSE has updated curl (13.2, 13.1: two vulnerabilities), grep (13.2: heap buffer overrun), llvm (13.1: insecure temporary files), openvas-manager (13.2: sql injection), and rsync (13.2, 13.1: code execution).

Ubuntu has updated binutils (multiple vulnerabilities) and ntp (two vulnerabilities).

Kategóriák: Linux

ownCloud Server 8 released

h, 2015-02-09 22:03
Version 8 of the ownCloud server is available. "This new release brings improved sharing and collaboration between clouds and introduces faster ways of getting at your files with favorites and improved search." See the feature page for details.
Kategóriák: Linux