Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 12 perc 18 másodperc
Fedora has updated kernel (F20: privilege escalation).
Gentoo has updated rxvt-unicode (code execution).
Aurelien Jarmo reports that the Debian Project is switching back to the GNU C Library and will no longer ship the EGLIBC fork. The reason is simple: the changes in the Glibc project mean that EGLIBC is no longer needed and is no longer under development. "This has resulted in a much more friendly development based on team work with good cooperation. The development is now based on peer review, which results in less buggy code (humans do make mistakes). It has also resulted in things that were clearly impossible before, like using the same repository for all architectures, and even getting rid of the ports/ directory."
The X.Org Foundation reminds us that the first announcement for the X Window System came out on June 19, 1984. "The X developers have pushed the boundaries and moved X from a system originally written to run on the CPU of a VAX VS100 to one that runs the GUI on today's laptops with 3D rendering capabilities. Indeed, X predates the concept of a Graphics Processing Unit (GPU) as we currently know it, and even the company that popularized this term in 1999, Nvidia." Congratulations to one of the oldest and most successful free software projects out there.
The LWN.net Weekly Edition for June 19, 2014 is available.
Fedora has updated dovecot (F19: denial of service), libfep (F20; F19: privilege escalation), lynis (F20: privilege escalation), mod_wsgi (F20; F19: two vulnerabilities), php (F20; F19: denial of service), php-doctrine-orm (F20; F19: denial of service), php-horde-Horde-Ldap (F19: check for empty passwords), php-phpunit-PHPUnit-MockObject (F20; F19: denial of service), and python-djblets (F20; F19: cross-site scripting).
The success of Android has brought Linux to many millions of new users and that, in turn, has increased the development community for Linux itself. But those who value free software and privacy can be forgiven for seeing Android as a step backward in some ways; Android systems include significant amounts of proprietary software, and they report vast amounts of information back to the Google mothership. But Android is, at its heart, an open-source system, meaning that it should be possible to cast it into a more freedom- and privacy-respecting form. Your editor has spent some time working on that goal; the good news is that it is indeed possible to create a (mostly) free system on the Android platform.
On his blog, Lennart Poettering writes about new systemd features that will make it easier to "factory reset" systems back to their initial configuration. By handling /etc and /var differently, it will also support other use cases, such as "stateless" systems that store no persistent configuration, as well as "reproducible" and "verifiable" systems. "Booting up a system without a populated /var is relatively straight-forward. With a few lines of tmpfiles configuration it is possible to populate /var with its basic structure in a way that is sufficient to make a system boot cleanly. systemd version 214 and newer ship with support for this. Of course, support for this scheme in systemd is only a small part of the solution. While a lot of software reconstructs the directory hierarchy it needs in /var automatically, many software does not. In case like this it is necessary to ship a couple of additional tmpfiles lines that setup up at boot-time the necessary files or directories in /var to make the software operate, similar to what RPM or DEB packages would set up at installation time. Booting up a system without a populated /etc is a more difficult task. In /etc we have a lot of configuration bits that are essential for the system to operate, for example and most importantly system user and group information in /etc/passwd and /etc/group. If the system boots up without /etc there must be a way to replicate the minimal information necessary in it, so that the system manages to boot up fully."
The Document Foundation (TDF) has announced a LibreOffice 4.3 bug hunting session on June 20-22. "The community has already made a large collective effort to make LibreOffice 4.3 the best ever, based on automated stress tests and structured tests by Quality Assurance volunteers. Enterprise and individual LibreOffice users can now contribute to the quality of the best free office suite ever by testing the release candidate to identify issues in their preferred user scenario." See the wiki page for more information about the hunt.
Threatpost reports that most Android devices are vulnerable to a privilege escalation flaw in the kernel. "Researchers at Lacoon Mobile Security are calling the bug “TowelRoot,” because it is the very same vulnerability (CVE-2014-3153) exploited in the latest Android rooting tool developed by George Hotz (Geohot). Successful exploitation of the Linux bug within the Android operating system would give the attacker administrative access to a victim’s phone. Specifically, such access could potentially allow that same attacker to run further malicious code, retrieve files and device data, bypass third-party or enterprise security applications including containers like Samsung’s secure Knox sub-operating system, and establish backdoors for future access on victim devices."
Fedora has updated kernel (F19: multiple vulnerabilities).
SUSE has updated GnuTLS (SUSE CORE 9: multiple vulnerabilities).
Ubuntu has updated libxml2 (regression in upstream update).
Debian has updated chromium-browser (multiple vulnerabilities).
Gentoo has updated freeradius (code execution), gnutls (multiple vulnerabilities), kdirstat (command execution), libXfont (multiple vulnerabilities), lighttpd (multiple vulnerabilities), memcached (multiple vulnerabilities), and opera (multiple vulnerabilities).
Mageia has updated flash-player-plugin (multiple vulnerabilities).
Ars technica has put together a detailed history of Android so far. "Thanks to this 'cloud rot,' an Android retrospective won’t be possible in a few years. Early versions of Android will be empty, broken husks that won't function without cloud support. While it’s easy to think of this as a ways off, it's happening right now. While writing this piece, we ran into tons of apps that no longer function because the server support has been turned off. Early clients for Google Maps and the Android Market, for instance, are no longer able to communicate with Google."
Linus Torvalds has released the 3.16-rc1 kernel prepatch, thus closing the merge window. In the end, Torvalds picked up 11,364 non-merge commits for inclusion, making 3.16 the third busiest merge window ever (after 3.15 and 3.10). "It also looks fairly usual from a statistics standpoint: about two thirds of the changes are to drivers (and one third of *that* is to staging), and half of the remainder is architecture updates (with arm dominating, dts files leading - but there's mips, powerpc, x86 and arm64 there too). Outside of drivers and architecture updates, there's the usual mixture of changes elsewhere: filesystems (mainly reiserfs, xfs, btrfs, nfs), networking, "core" kernel (mm, locking, scheduler, tracing), and tooling (perf and power, also new self-tests)."
While stressing that it is a pre-release for testing (i.e. quality assurance or QA) purposes, the CentOS team has announced the availability of the CentOS 7 QA release. It can be downloaded from here. Packages are not GPG signed, are likely to be replaced "in place" as bugs are fixed, and upgrading from the QA release to the final release may not be possible (and will not be supported). But, unlike previous CentOS releases, it has been opened up to the community before the final release. "We appreciate any and all bug reports at http://bugs.centos.org (please also check upstream bugzilla.redhat.com and link to those bugs when filing a new CentOS issue), and assistance with the “Branding Hunt” (see http://lists.centos.org/pipermail/centos-devel/2014-June/010411.html)."
Fedora has updated chkrootkit (F20; F19: privilege escalation), firefox (F20: multiple vulnerabilities), nspr (F20: multiple vulnerabilities), sendmail (F20: denial of service), and xulrunner (F20: multiple vulnerabilities).
openSUSE has updated php5 (11.4: multiple vulnerabilities).
The GNU Compiler Collection (GCC) has received the ACM SIGPLAN Programming Languages Software Award. "GCC is the product of hundreds of person-years of work over its 27 years of existence. This award recognizes the GCC developer community for the substantial impact it has had on the programming language community and the larger software industry." (Thanks to David Edelsohn)
CentOS has updated firefox (C6; C5: multiple vulnerabilities), kernel (C5: multiple vulnerabilities), python-jinja2 (C6: code execution), qemu-kvm (C6: multiple vulnerabilities), and thunderbird (C6; C5: multiple vulnerabilities).
Fedora has updated kernel (F20: two vulnerabilities).
Slackware has updated thunderbird (multiple vulnerabilities).
The LWN.net Weekly Edition for June 12, 2014 is available.
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Legfrissebb HUP dokumentumok
Vezetéknélküli billentyűzetet ...
sosem használnék, mert nem biztonságos (lehallgatható).
használnék/használok, de zavar, hogy nem biztonságos.
használnék/használok és szerintem éppen elég biztonságos.
használnék/használok és nem izgat a biztonságuk.
nem érdekel a vezetéknélküli billentyűzet, akár biztonságos akár nem.
Egyéb, lent leírom.
Csak az eredmény érdekel.
Összes szavazat: 230