Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 9 perc 33 másodperc
CentOS has updated libuser (C7: multiple vulnerabilities).
Debian has updated chromium-browser (multiple vulnerabilities).
Gentoo has updated e2fsprogs (code execution).
Oracle has updated libuser (O7: multiple vulnerabilities).
Scientific Linux has updated libuser (SL7: multiple vulnerabilities).
Ubuntu has updated kernel (12.04; 14.04; 14.10; 15.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).
At his blog, Allan Day announces the first major update to the GNOME Human Interface Guidelines since the first GNOME 3 version (released in 2014). Day notes that the GNOME 3 HIG is structured around design patterns, in the hopes that it can be updated regularly to reflect current practices. "These new guidelines are the direct result of design work that has happened in the past year. They attempt to distill everything we’ve learned through our own process of trial and error." Furthermore, "the HIG now links to the relevant GTK+ API reference documentation for each design component. This is nice for knowing which widget does what; and makes the design guidelines a more effective accompaniment to the toolkit."
Debian has updated kernel (multiple vulnerabilities).
Gentoo has updated libXfont (multiple vulnerabilities).
Ubuntu has updated nbd (multiple vulnerabilities).
The LWN.net Weekly Edition for July 23, 2015 is available.
Though it got a bit of a late start due to some registration woes, the first day of EuroPython 2015 began with an engaging and well-received keynote. It recounted the history of a project that got its start just a year ago when the first Django Girls workshop was held at EuroPython 2014 in Berlin. The two women who started the project, Ola Sitarska and Ola Sendecka, spoke about how the workshop to teach women about Python and the Django web framework all came together—and the amazing progress that has been made by the organization in its first year.
Red Hat has announced the general availability of RHEL 6.7. "As the basis for large, complex IT deployments, Red Hat Enterprise Linux 6.7 offers enterprise IT teams new capabilities to bolster system security, proactively identify and resolve business-critical IT issues, and confidently embrace some of the latest open source technologies, such as Linux containers, without sacrificing operational stability." The release notes contain details.
Arch Linux has updated jre7-openjdk (multiple vulnerabilities).
Debian has updated cacti (SQL injection).
Debian-LTS has updated python-tornado (side-channel attack).
openSUSE has updated ansible (13.2: two vulnerabilities), libressl (13.2: multiple vulnerabilities), pdns (13.2, 13.1: denial of service), and rubygem-activesupport-3_2 (13.2, 13.1: denial of service).
Red Hat has updated autofs (RHEL6: privilege escalation), bind (RHEL6: denial of service), curl (RHEL6: multiple vulnerabilities), freeradius (RHEL6: buffer overflow), gnutls (RHEL6: multiple vulnerabilities), grep (RHEL6: two vulnerabilities), hivex (RHEL6: code execution), httpd (RHEL6: access restriction bypass), ipa (RHEL6: cross-site scripting), kernel (RHEL6: multiple vulnerabilities), libreoffice (RHEL6: code execution), libxml2 (RHEL6: denial of service), mailman (RHEL6: two vulnerabilities), net-snmp (RHEL6: denial of service), ntp (RHEL6: multiple vulnerabilities), pacemaker (RHEL6: privilege escalation), pki-core (RHEL6: cross-site scripting), ppc64-diag (RHEL6: two vulnerabilities), python (RHEL6: multiple vulnerabilities), sudo (RHEL6: information disclosure), wireshark (RHEL6: multiple vulnerabilities), and wpa_supplicant (RHEL6: denial of service).
The 4.1.3 and 4.0.9 stable kernel releases are available with the usual set of important fixes. Note that 4.0.9 is the last in the 4.0.x series.
One of the many approaches to improving system security consists of reducing the attack surface of a given program by restricting the range of system calls available to it. If an application has no need for access to the network, say, then removing its ability to use the socket() system call should cause no loss in functionality while reducing the scope of the mischief that can be made should that application be compromised. In the Linux world, this kind of sandboxing can be done using a security module or the seccomp() system call. OpenBSD has lacked this capability so far, but it may soon gain it via a somewhat different approach than has been seen in Linux.
The Linux Foundation has announced the Cloud Native Computing Foundation. "This new organization aims to advance the state-of-the-art for building cloud native applications and services, allowing developers to take full advantage of existing and to-be-developed open source technologies. Cloud native refers to applications or services that are container-packaged, dynamically scheduled and micro services-oriented. Founding organizations include AT&T, Box, Cisco, Cloud Foundry Foundation, CoreOS, Cycle Computing, Docker, eBay, Goldman Sachs, Google, Huawei, IBM, Intel, Joyent, Kismatic, Mesosphere, Red Hat, Switch SUPERNAP, Twitter, Univa, VMware and Weaveworks. Other organizations are encouraged to participate as founding members in the coming weeks, as the organization establishes its governance model."
Fedora has updated asterisk (F22: SSL server spoofing), bind (F21: denial of service), httpd (F22: multiple vulnerabilities), java-1.8.0-openjdk (F22; F21: multiple vulnerabilities), libunwind (F22: buffer overflow), php-horde-Horde-Auth (F22; F21: multiple vulnerabilities), php-horde-Horde-Core (F22; F21: multiple vulnerabilities), php-horde-Horde-Form (F22; F21: multiple vulnerabilities), php-horde-Horde-Icalendar (F22; F21: multiple vulnerabilities), polkit (F21: multiple vulnerabilities), and squashfs-tools (F21: two vulnerabilities).
SUSE has updated mariadb (SLE12: multiple vulnerabilities).
Ubuntu has updated thunderbird (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).
Mel Gorman introduces SUSE's kernel performance-testing system. "Marvin is a system that continually runs performance-related tests and is named after another robot doomed with repetitive tasks. When tests are complete it generates a performance comparison report that is publicly available but rarely linked. The primary responsibility of this system is to check SUSE Linux for Enterprise kernels for performance regressions but it is also configured to run tests against mainline releases."
Arch Linux has updated apache (multiple vulnerabilities).
Fedora has updated bind (F22: denial of service), condor (F21: code execution), cups-filters (F21: code execution), drupal7-migrate (F22; F21: cross-site scripting), drupal7-views_bulk_operations (F22; F21: permission bypass), openstack-cinder (F21: file disclosure), pcre (F21: two vulnerabilities), python-keystonemiddleware (F22: certificate verification botch), rawstudio (F22; F21: two vulnerabilities), redis (F22; F21: code execution), squashfs-tools (F22: two vulnerabilities), thunderbird (F22; F21: multiple vulnerabilities), webkitgtk4 (F22: denial of service), and xen (F22; F21: privilege escalation).
Gentoo has updated postgresql (multiple vulnerabilities).
openSUSE has updated flash-player (11.4: two vulnerabilities), libcryptopp (13.2, 13.1: information disclosure), libidn (13.2, 13.1: information disclosure), firefox, thunderbird (11.4: multiple vulnerabilities), rubygem-jquery-rails (13.2, 13.1: CSRF vulnerability), rubygem-rack (13.2, 13.1: denial of service), rubygem-rack-1_3 (13.2, 13.1: denial of service), and rubygem-rack-1_4 (13.2, 13.1: denial of service).
Ian Jackson has announced the availability of dgit 1.0. "dgit allows you to treat the Debian archive as if it were a git repository, and get a git view of any package. If you have the appropriate access rights you can do builds and uploads from git, and other dgit users will see your git history."
The third 4.2 kernel prepatch is out for testing. Linus says: "Normal Sunday release schedule, and a fairly normal rc release. There was some fallout from the x86 FPU cleanups, but that only hit CPU's with the xsaves instruction, and it should be all good now."
At the Mozilla Blog, Julien Vehent announces that Mozilla will be conducting a second round of its "Winter of Security" mentoring program. Aimed at college students, the program allows participants to work on security-related free software for university credit, with guidance provided by Mozilla project members. This year's targeted project list includes some high-profile projects like Let's Encrypt and Mozilla's digital forensics tool MiG. Applications are due August 15.
Mageia has updated flash-player-plugin (M4, M5: multiple vulnerabilities).
Oracle has updated java-1.7.0-openjdk (O5: multiple vulnerabilities).
Red Hat has updated flash-plugin (RHEL 5, 6: multiple vulnerabilities), java-1.6.0-sun (RHEL 5, 6, 7: multiple vulnerabilities), java-1.7.0-oracle (RHEL 5, 6, 7: multiple vulnerabilities), and java-1.8.0-oracle (RHEL 5, 6, 7: multiple vulnerabilities).
The idea of a truck or bus factor (or number) has been—morbidly, perhaps—bandied about in development projects for many years. It is a rough measure of how many developers would have to be lost (e.g. hit by a bus) to effectively halt the project. A new paper [PDF] outlines a method to try to calculate this number for various GitHub projects. Naturally, it has its own GitHub project with a description of the methodology used and some of the results. It was found that 46% of the projects looked at had a truck factor of 1, while 28% were at 2. Linux scored the second highest at 90, while the Mac OS X Homebrew package manager had the highest truck factor at 159.
Debian-LTS has updated python-django (three vulnerabilities).
Oracle has updated java-1.7.0-openjdk (OL7; OL6: unspecified), java-1.8.0-openjdk (OL7; OL6: unspecified), kernel 3.8.13 (OL7; OL6: two vulnerabilities), kernel 2.6.39 (OL6; OL5: two vulnerabilities), and kernel 2.6.32 (OL6; OL5: denial of service).
Version 0.7.0 of the rkt container runtime system is available. "This release includes new subcommands for a rkt image to manipulate images from the local store, a new build system based on autotools and integration with SELinux. These new capabilities improve the user experience, make it easier to build future features and improve security isolation between containers."
HUP napi hírlevél
Legfrissebb HUP képek
Használsz intelligens személyi asszisztenst (Siri, Cortana, Google Now ...)?
Összes szavazat: 518