Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 2 hét 4 nap

The FSF seeks nominations for the annual Free Software Awards

k, 2016-10-11 20:37
The Free Software Foundation and the GNU Project are asking for nominations for the 19th annual Free Software Awards. The Award for the Advancement of Free Software will be presented to "an individual who has made a great contribution to the progress and development of free software, through activities that accord with the spirit of free software" and the Award for Projects of Social Benefit will be presented to "the project or team responsible for applying free software, or the ideas of the free software movement, in a project that intentionally and significantly benefits society in other aspects of life." The deadline for nominations is November 6.
Kategóriák: Linux

Security updates for Tuesday

k, 2016-10-11 17:33

Debian has updated icedove (multiple vulnerabilities).

Debian-LTS has updated graphicsmagick (multiple vulnerabilities), qemu (three vulnerabilities), and qemu-kvm (three vulnerabilities).

Fedora has updated c-ares (F23: code execution), irssi (F24; F23: three vulnerabilities), mujs (F24; F23: two vulnerabilities), nodejs (F24: improper validation), python-django (F24; F23: cross-site request forgery), and zathura-pdf-mupdf (F24; F23: two vulnerabilities).

Gentoo has updated mysql (multiple unspecified vulnerabilities) and subversion (multiple vulnerabilities).

openSUSE has updated thunderbird (Leap42.1, 13.2; SPH for SLE12: multiple vulnerabilities).

Oracle has updated kernel (OL7: stack corruption), tomcat (OL7: two vulnerabilities), and tomcat6 (OL6: multiple vulnerabilities).

Red Hat has updated kernel (RHEL7: stack corruption), tomcat (RHEL7: multiple vulnerabilities), and tomcat6 (RHEL6: multiple vulnerabilities).

Ubuntu has updated kernel (16.04; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-xenial (14.04: multiple vulnerabilities), linux-raspi2 (16.04: multiple vulnerabilities), and linux-snapdragon (16.04: multiple vulnerabilities).

Kategóriák: Linux

FreeBSD 11

h, 2016-10-10 21:09
FreeBSD 11.0 has been released. This version features new architecture support, performance improvements, toolchain enhancements, and support for contemporary wireless chipsets. See the release notes for more information.
Kategóriák: Linux

Here's Why Software Patents Are in Peril (Fortune)

h, 2016-10-10 20:13
Fortune covers a ruling [PDF] by the U.S. Court of Appeals for the Federal Circuit that invalidates three patents asserted against anti-virus companies Symantec and Trend Micro. "The most important part of the decision, which has created a stir among the patent bar, is a concurrence by Circuit Judge Haldane Mayer. In striking down a key claim from U.S. Patent 5987610, which claims a monopoly on using anti-virus tools within a phone network, Mayer says it is time to acknowledge that a famous Supreme Court 2014 decision known as “Alice” basically ended software patents altogether."
Kategóriák: Linux

Security advisories for Monday

h, 2016-10-10 18:00

Arch Linux has updated imagemagick (two vulnerabilities), kcoreaddons (HTML injection), messagelib (two vulnerabilities), and wpa_supplicant (two vulnerabilities).

Debian has updated php5 (multiple vulnerabilities).

Debian-LTS has updated mat (information leak).

Fedora has updated libdwarf (F24: two vulnerabilities), libXfixes (F24: integer overflow), libXi (F24: insufficient validation), libXrandr (F24: insufficient validation), libXrender (F24: insufficient validation), libXtst (F24: insufficient validation), libXv (F24: insufficient validation), libXvMC (F24: insufficient validation), mingw-c-ares (F24; F23: code execution), mingw-openjpeg2 (F24; F23: denial of service), openjpeg2 (F23: denial of service), php-ZendFramework (F24; F23: SQL injection), and python-pillow (F24: memory disclosure).

Gentoo has updated libgcrypt (multiple vulnerabilities) and quagga (code execution).

Mageia has updated graphicsmagick (multiple vulnerabilities).

Red Hat has updated python-django (RHELOSP7 for RHEL7; RHELOSP6 for RHEL7; RHELOSP5 for RHEL7; RHELOSP5 for RHEL6: cross-site request forgery).

SUSE has updated php5 (SLE12-SP1: multiple vulnerabilities) and systemd (SLE12-SP1; SLE12: denial of service).

Kategóriák: Linux

[$] Supporting UEFI secure boot in Debian

h, 2016-10-10 15:57
The Debian project can be accused of many things, but jumping too quickly on leading-edge technology is not one of them. That can be seen in, among other things, the fact that there is still not a version of the distribution that supports the UEFI secure boot mechanism. But, as Ben Hutchings explained during his 2016 Kernel Recipes talk, such support is in the works, and it will be implemented in a uniquely Debian-like manner.
Kategóriák: Linux

GDB 7.12 released

h, 2016-10-10 14:19
Version 7.12 of the GDB debugger is out. The biggest changes this time around appear to be support for the Andes NDS32 architecture and the ability to debug programs written in the Rust language.
Kategóriák: Linux

FSF: Tim Berners-Lee just gave us an opening to stop DRM in Web standards

p, 2016-10-07 20:31
The Free Software Foundation's Defective By Design campaign reports that Tim Berners-Lee decided not to exercise his power to extend the development timeline for the Encrypted Media Extensions (EME) Web technology standard. "Berners-Lee made his surprising decision on Tuesday, as explained in an email announcement by W3C representative Philippe Le Hégaret. Instead of granting a time extension — as he has already done once — Berners-Lee delegated the decision to the W3C's general decision-making body, the Advisory Committee. The Advisory Committee includes diverse entities from universities to companies to nonprofits, and it is divided as to whether EME should be part of Web standards. It is entirely possible that the Advisory Committee will reject the time extension and terminate EME development, marking an important victory for the free Web."
Kategóriák: Linux

Stable kernel updates

p, 2016-10-07 17:41
Greg Kroah-Hartman has released stable kernels 4.8.1, 4.7.7, and 4.4.24. All contain important fixes.
Kategóriák: Linux

Security advisories for Friday

p, 2016-10-07 17:18

Debian-LTS has updated c-ares (code execution) and python-django (cross-site request forgery).

Fedora has updated mongodb (F24: information leak).

Gentoo has updated apache (multiple vulnerabilities) and groovy (code execution).

Mageia has updated thunderbird (code execution).

Oracle has updated kernel 4.1.12 (OL7; OL6: two vulnerabilities), kernel 3.8.13 (OL7; OL6: two vulnerabilities), kernel 2.6.39 (OL6; OL5: two vulnerabilities).

SUSE has updated compat-openssl098 (SLE12-SP1: multiple vulnerabilities), nodejs4 (SLEM12: multiple vulnerabilities), openssl1 (SLES11-SECURITY: multiple vulnerabilities), and xen (SLE12-SP1: multiple vulnerabilities).

Ubuntu has updated oxide-qt (16.04, 14.04: multiple vulnerabilities).

Kategóriák: Linux

[$] OpenSSL after Heartbleed

cs, 2016-10-06 22:56
Rich Salz and Tim Hudson started off their LinuxCon Europe 2016 talk by stating that April 3, 2014 shall forever be known as the "re-key the Internet date." That, of course, was the day that the Heartbleed vulnerability in the OpenSSL library was disclosed. A lot has happened with OpenSSL since that day, to the point that, Salz said, this should be the last talk he gives that ever mentions that particular vulnerability. In the last two years, the project has recovered from Heartbleed and is now more vital than ever before.
Kategóriák: Linux

Bassi: Who wrote GTK+ 3.22

cs, 2016-10-06 22:52
On the GTK+ Development Blog, Emmanuele Bassi looks at some statistics on the development of GTK+ 3.22 and GLib contributions during the same cycle (that resulted in GLib 2.50.0). He looks at which developers contributed the most change sets and changed lines of code, as well as how many change sets and hackers there are for each component by company affiliation. "During the 3.22 development cycle, GLib saw a total of 14119 lines added, 2031 removed, for a net gain of 12088 lines [...] GTK+, instead, saw a total of 46581 lines added, 19163 removed, for a net gain of 27418 lines". Those numbers do not include the translation work that was done for 3.22.
Kategóriák: Linux

Thursday's security advisories

cs, 2016-10-06 16:21

Debian has updated nspr (code execution) and nss (multiple vulnerabilities, some from 2015).

Debian-LTS has updated bind9 (two denial of service flaws), freeimage (code execution), and zendframework (SQL injection).

Fedora has updated c-ares (F24: code execution).

openSUSE has updated ffmpeg (42.1: not well specified), postgresql94 (42.1: two vulnerabilities), and python-Jinja2 (13.2: privilege escalation from 2014).

Scientific Linux has updated kernel (SL6: two vulnerabilities).

SUSE has updated openssl (SLE11: multiple vulnerabilities), php53 (SLE11SP4; SLE11SP2: multiple vulnerabilities), and php7 (SLE12: multiple vulnerabilities).

Ubuntu has updated ntp (16.04, 14.04, 12.04: multiple vulnerabilities, many from 2015).

Kategóriák: Linux

[$] Weekly Edition for October 6, 2016

cs, 2016-10-06 01:00
The Weekly Edition for October 6, 2016 is available.
Kategóriák: Linux

FontForge release

sze, 2016-10-05 21:48
There's a new release of FontForge available. "This release introduces a new icon set, new functionality for custom icon selection graphics, support for GlyphOrderAndAliasDB files, and support for Unicode 9.0."
Kategóriák: Linux

Security advisories for Wednesday

sze, 2016-10-05 17:06

CentOS has updated kernel (C6: two vulnerabilities).

Debian has updated icedove (multiple vulnerabilities) and libav (multiple vulnerabilities).

Debian-LTS has updated libav (multiple vulnerabilities).

Fedora has updated gd (F23: denial of service) and links (F24; F23: anonymity leak).

openSUSE has updated flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso (Leap42.1: buffer overflow), mariadb (Leap42.1: SQL injection/privilege escalation), and php5 (Leap42.1: multiple vulnerabilities).

Oracle has updated kernel (OL6: three vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and kernel (RHEL6: two vulnerabilities).

Scientific Linux has updated thunderbird (SL5,6,7: multiple vulnerabilities).

Ubuntu has updated php5, php7.0 (multiple vulnerabilities).

Kategóriák: Linux

MOSS supports four more open source projects

k, 2016-10-04 22:35
The Mozilla Open Source Support (MOSS) program has awarded $300,000 to four projects this quarter. "On the Foundational Technology track, we awarded $100,000 to Redash, a tool for building visualizations of data for better decision-making within organizations, and $50,000 to Review Board, software for doing web-based source code review. Both of these pieces of software are in heavy use at Mozilla. We also awarded $100,000 to Kea, the successor to the venerable ISC DHCP codebase, which deals with allocation of IP addresses on a network. Mozilla uses ISC DHCP, which makes funding its replacement a natural move even though we haven’t deployed it yet. On the Mission Partners track, we awarded $56,000 to Speech Rule Engine, a code library which converts mathematical markup into vocalised form (speech) for the sight-impaired, allowing them to fully appreciate mathematical and scientific content on the web." (Thanks to Paul Wise)
Kategóriák: Linux

Plasma 5.8 LTS is out

k, 2016-10-04 21:24
KDE has released Plasma 5.8. "This marks the point where the developers and designers are happy to recommend Plasma for the widest possible audience be they enterprise or non-techy home users. If you tried a KDE desktop previously and have moved away, now is the time to re-assess, Plasma is simple by default, powerful when needed." Plasma 5.8 is KDE's first Long Term Support release. The changelog has the details.
Kategóriák: Linux

Mageia thanks long time contributor and friend

k, 2016-10-04 17:35
The Mageia project remembers Thomas Spuhler who died in September. "Thomas had been contributing to Mageia, and Mandriva before that, since 2009 as a packager, and much earlier already partaking in email discussions and bug reports. His packaging interests were mostly web and server-related components, for which his contributions were invaluable. He had to step back from his Mageia responsibilities in early August due to his health condition."
Kategóriák: Linux

Tuesday's security advisories

k, 2016-10-04 16:58

Arch Linux has updated hostapd (two vulnerabilities) and systemd (denial of service).

CentOS has updated thunderbird (C7; C6; C5: code execution).

Debian has updated libdbd-mysql-perl (denial of service).

Fedora has updated bind99 (F24: denial of service), mariadb (F23: SQL injection/privilege escalation), and mongodb (F23: information disclosure).

Mageia has updated bind (denial of service), chromium-browser-stable (multiple vulnerabilities), freerdp (denial of service), libcryptopp (information disclosure), and python-django (cross-site request forgery).

openSUSE has updated chromium (Leap42.1, 13.2; SPH for SLE12: multiple vulnerabilities), glibc (13.2: denial of service), and php5 (13.2: multiple vulnerabilities).

Oracle has updated thunderbird (OL7; OL6: code execution).

Red Hat has updated thunderbird (RHEL5,6,7: code execution).

SUSE has updated firefox (SLE12-SP1; SLE11-SP2: multiple vulnerabilities).

Kategóriák: Linux