Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 3 perc 20 másodperc
Fedora has updated ansible (F19, F20: code execution), bugzilla (F19: information disclosure), chicken (F19, F20: denial of service and possible code execution), dpkg (F19: multiple vulnerabilities), kernel (F19: general-principles update to 3.14.15), krb5 (F19, F20: multiple vulnerabilities), mosquitto (F19, F20: unknown vulnerability), openstack-keystone (F20: privilege escalation), pixman (F20: integer underflow), Samba (F20: remote code execution), trafficserver (F20: mysterious vulnerability), v8 (F20: denial of service), and wireshark (F20: more dissector vulnerabilities).
openSUSE has updated apache (multiple vulnerabilities, with a mod_security filter bypass fix tossed in as well).
Red Hat has updated 389-ds-base (RHEL6-7: information disclosure), java-1.5.0-ibm (RLEL5-6: seven "important" vulnerabilities), java-1.6.0-ibm (RHEL5-6: nine "critical" vulnerabilities), and tomcat (RHEL7: XML parser injection).
Scientific Linux has updated 389-ds-base (SL6: information disclosure).
Ubuntu has updated openssl (multiple vulnerabilities).
Google has announced that it is starting to look favorably on sites that use HTTPS. "We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."
CentOS has updated php (C5: multiple vulnerabilities) and kernel (C7: multiple vulnerabilities).
Debian has updated OpenSSL (nine CVE numbers).
Mandriva has updated cups (symbolic link vulnerability), glibc (multiple vulnerabilities), mediawiki (JSONP injection, cross-site scripting, and clickjacking vulnerabilities), readline (temporary file vulnerability), and kernel (multiple vulnerabilities).
SUSE has updated apache (SLES11: multiple vulnerabilities).
The LWN.net Weekly Edition for August 7, 2014 is available.
CentOS has updated php (C7: multiple vulnerabilities), php53 (C6: multiple vulnerabilities), resteasy-base (C7: XML eXternal Entity (XXE) attacks), samba (C7: remote code execution/privilege escalation), and samba4 (C6: remote code execution/privilege escalation).
Debian has updated reportbug (code execution).
Mageia has updated cups (privilege escalation), eet (denial of service), file (denial of service), glibc (multiple vulnerabilities), ipython (code execution), kernel (MG4; MG3: multiple vulnerabilities), mediawiki (multiple vulnerabilities), moodle (multiple vulnerabilities), ocsinventory (cross-site scripting), php-ZendFramework (SQL injection), phpmyadmin (multiple vulnerabilities), polarssl (denial of service), readline (insecure temporary files), and tor (traffic confirmation attack).
Oracle has updated resteasy-base (OL7: XML eXternal Entity (XXE) attacks), samba (OL7: remote code execution/privilege escalation), samba4 (OL6: multiple vulnerabilities), and yum-updatesd (OL5: bypass RPM package signing restriction).
Red Hat has updated php (RHEL7: multiple vulnerabilities), php53 (RHEL5&6: multiple vulnerabilities), resteasy-base (RHEL7: XML eXternal Entity (XXE) attacks), samba (RHEL7: remote code execution/privilege escalation), and samba4 (RHEL6: remote code execution/privilege escalation).
Digia, the current owner of the Qt toolkit, has announced that Qt will be split off into a separate company that will be able to focus more on commercial licensing. "The importance of Digia’s commercial business for securing the future of Qt cannot be underestimated as it drives Qt’s foundation and everyday operations. A look into the commit statistics shows that around 75% of all code submissions to qt-project.org come from Digia employees. In addition, Digia manages the release process and the CI and testing infrastructure, thus covering more than 85% of the costs of developing Qt."
Opensource.com is running an interview with Michael Tiemann. "Make no mistake: For Tiemann, open source is not simply a business model. It's not just a method of developing software. It isn't an ethic. It's a Platonic form—perhaps something like a force, a tendency. Throughout history, many people have tried to glimpse it, if only for a moment. Tiemann knows he is but one of them: the programmer, the hacker, attempting to articulate, through code, this thing that abides. Failure to recognize the magnitude of what makes open source businesses successful, Tiemann says, is what has led so many to misunderstand them."
For better or for worse, forks are a part of the free software landscape. Often a fork will result in a reinvigorated development community and the removal of unneeded roadblocks. But not all forks work out well. What is a distributor to do if, at some point, it concludes that it chose wrongly when it followed a fork of an important project? Going back to the original may not always be an easy thing to do, even if there appears to be a consensus for that move. The presence of security concerns can make such a change even harder to contemplate. The recent discussion on welcoming ffmpeg back into Debian illustrates the potential hazards nicely.
CentOS has updated yum-updatesd (C5: bypass RPM package signing restriction).
Debian has updated icedove (multiple vulnerabilities).
Red Hat has updated yum-updatesd (RHEL5: bypass RPM package signing restriction).
Scientific Linux has updated yum-updatesd (SL5: bypass RPM package signing restriction).
SUSE has updated openjdk (SLED11 SP3: multiple vulnerabilities).
Ubuntu has updated eglibc (multiple vulnerabilities).
CyanogenMod 11.0 M9 has been released. "This release marks the first ever (non-nightly) release for the Xperia Z2 ‘sirius’, Xperia Z2 Tablets ‘castor’ and the HTC One ‘m8′ – kudos to their maintainers and all the other maintainers that bring you these releases every month!"
Debian has updated lzo2 (code execution).
Gentoo has updated ZendFramework (SQL injection).
Mageia has updated gcc (code execution).
SUSE has updated firefox (multiple vulnerabilities).
Ubuntu has updated samba (14.04 LTS: remote code execution/privilege escalation).
Mozilla has just disclosed a problem with its Mozilla Developer Network database sanitization system. "The issue came to light ten days ago when one of our web developers discovered that, starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server."
Linus has released the 3.16 kernel, right on schedule. This release includes the unified control group hierarchy work, many improvements to the multiqueue block layer, and, as always, lots of new drivers and internal improvements.
The XBMC media center will be renamed Kodi. "Six years have passed since the Xbox Media Center became XBMC, and simply put, “XBMC” fits less now than it did even in 2008. The software only barely runs on the original Xbox, and then only because some clever developers are still hacking on that platform. It has never run on the Xbox 360 or Xbox One." Trademarks were another reason for name change. The project was unable to trademark XBMC, leading to issues with hacked and broken implementations of the software being sold as "XBMC". Kodi is now a registered trademark of the XBMC Foundation.
The Samba Team has put out an important-looking set of releases. "All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon. A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon. It may be possible to use this to generate a remote code execution vulnerability as the superuser (root)."
CentOS has updated kernel (C6: multiple vulnerabilities).
openSUSE has updated kernel (12.3: multiple vulnerabilities).
SUSE has updated lzo (SLES11&10: denial of service/possible code execution).
Stable kernels 3.15.8, 3.14.15, 3.10.51, and 3.4.101 have been released. All contain important fixes.
Ars Technica takes a look at an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms. "Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices."
Fedora has updated cups (F20: privilege escalation).
Mandriva has updated dbus (BS1.0: two denial of service flaws), file (BS1.0: denial of service), live (BS1.0: code execution), php-ZendFramework (BS1.0: SQL injection), and sendmail (BS1.0: denial of service).
openSUSE has updated apache2-mod_wsgi (13.1: off-by-one error), firefox (13.1, 12.3: multiple vulnerabilities), gpg2 (11.4: denial of service), memcached (11.4: multiple vulnerabilities), Mozilla (11.4: multiple vulnerabilities), ntp (13.1, 12.3: denial of service), php5 (13.1, 12.3: multiple vulnerabilities), ppc64-diag (13.1; 12.3: two vulnerabilities), pulseaudio (13.1, 12.3: denial of service), samba (11.4: two vulnerabilities), php5 (11.4: code execution), and xalan-j2 (11.4: information disclosure/code execution).
Red Hat has updated openstack-keystone (RHELOS3&4: privilege escalation).
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP dokumentumok
Cégeteknél használjátok az Alfresco rendszert?
Nem, más nyíltforrású rendszert használunk (válaszban leírom).
Nem, más zártforrású rendszert használunk.
Nem használunk dokumentumkezelő rendszert.
Összes szavazat: 143