Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 8 perc 57 másodperc

Security advisories for Wednesday

sze, 2015-06-17 18:14

Debian-LTS has updated linux-2.6 (multiple vulnerabilities).

Red Hat has updated kernel (RHEL5.9: privilege escalation).

SUSE has updated java-1_7_0-ibm (SLE12: multiple vulnerabilities).

Ubuntu has updated aptdaemon (15.04, 14.10, 14.04, 12.04: information leak), devscripts (14.10, 14.04, 12.04: directory traversal), and wpa, wpasupplicant (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

[$] Leap-second issues, 2015 edition

sze, 2015-06-17 17:15
The leap second is an occasional ritual wherein Coordinated Universal Time (UTC) is held back for one second to account for the slowing of the Earth's rotation. The last leap second happened on June 30, 2012; the next is scheduled for June 30 of this year. Leap seconds are thus infrequent events. One might easily imagine that infrequent events involving time discontinuities would be likely to expose software problems, and, sure enough, the 2012 leap second had its share of issues. The 2015 leap second looks to be a calmer affair, but it appears that it will not be entirely problem-free.
Kategóriák: Linux

Tuesday's security advisories

k, 2015-06-16 18:02

CentOS has updated abrt (C7: multiple vulnerabilities), openssl (C7; C6: multiple vulnerabilities), and wpa_supplicant (C7: two vulnerabilities).

Debian has updated p7zip (directory traversal).

Oracle has updated openssl (OL7; OL6: multiple vulnerabilities).

Red Hat has updated openssl (RHEL6,7: multiple vulnerabilities).

Scientific Linux has updated openssl (SL6,7: multiple vulnerabilities).

SUSE has updated kernel (SLE12: multiple vulnerabilities).

Ubuntu has updated kernel (15.04; 14.10; 14.04; 12.04: privilege escalation), linux-lts-trusty (12.04: privilege escalation), linux-lts-utopic (14.04: privilege escalation), linux-lts-vivid (14.04: privilege escalation), and linux-ti-omap4 (12.04: privilege escalation).

Kategóriák: Linux

Best practices to build bridges between tech teams (Opensource.com)

k, 2015-06-16 01:16
Opensource.com has an interview with Robyn Bergeron about her current position as Operations Advocate at Elastic, and past roles (such as Fedora Project Leader). "The ELK stack (that's Elasticsearch, Logstash, and Kibana), being incredibly flexible and adaptable to many use cases, appeals to both operations folks and developers—but my love for it really has grown from seeing how fantastically it has allowed folks working in ops to not just start more rapidly identifying that "something broke," but also to be able to visually identify the patterns that lead to those broken things. Getting to a point where you're not just on fire all the time fixing technology, and instead fixing the processes that lead to fires, or implementing ways to proactively avoid fires, is not just redeeming, but frees up time to do other things besides firefighting. People love breaking that loop, and it's fabulous being an advocate for something that is literally making people's work-life balance and general happiness levels better. I've been in those fires. It's not fun. It makes me happy to see users feeling awesome."
Kategóriák: Linux

Security updates for Monday

h, 2015-06-15 18:58

Debian has updated libav (two vulnerabilities), openssl (multiple vulnerabilities), qemu (multiple vulnerabilities), qemu-kvm (two vulnerabilities), sqlite3 (denial of service), and xen (multiple vulnerabilities).

Debian-LTS has updated p7zip (directory traversal).

Fedora has updated armacycles-ad (F22; F21; F20: multiple vulnerabilities), filezilla (F22: multiple vulnerabilities), fuse (F20: privilege escalation), libreswan (F20: denial of service), nss (F20: cipher-downgrade attacks), nss-softokn (F20: cipher-downgrade attacks), nss-util (F20: cipher-downgrade attacks), ntfs-3g (F20: privilege escalation), and xen (F22; F21: multiple vulnerabilities).

openSUSE has updated flash-player (11.4: multiple vulnerabilities), coreutils (13.2: memory handling error), cups (13.2, 13.1: three vulnerabilities), dpkg (13.2, 13.1: integrity-verification bypass), and php5 (13.2, 13.1: information disclosure).

Kategóriák: Linux

Kernel prepatch 4.1-rc8

h, 2015-06-15 16:27
As promised, the 4.1-rc8 kernel prepatch is out. "So I'm on vacation, but time doesn't stop for that, and it's Sunday, so time for a hopefully final rc."
Kategóriák: Linux

TeX Live 2015 is available

szo, 2015-06-13 00:12

The 2015 edition of the TeX Live software distribution, the "easy way to get up and running with the TeX document production system," has been released. DVDs are in production for members of the TeX Users Group (TUG), though many will probably prefer the downloadable release. The changes included in this edition include the merging of several LaTeX fixes from external packages into LaTeX itself, JPEG Exif support in pdfTeX, and image-handling fixes in XeTeX.

Kategóriák: Linux

MATE 1.10 released

p, 2015-06-12 21:48

Version 1.10 of the MATE Desktop has been released. Perhaps the most notable new feature is that all MATE components can now be built with GTK+2 or GTK+3, although GTK+3 support is still labeled "experimental." Also new in this update are ePub support in the Atril document viewer and a new audio-mixing library named libmatemixer.

Kategóriák: Linux

Friday's security updates

p, 2015-06-12 17:21

Arch Linux has updated openssl (multiple vulnerabilities).

Debian-LTS has updated imagemagick (multiple vulnerabilities) and strongswan (information disclosure).

Fedora has updated qemu (F22: denial of service).

openSUSE has updated flash-player (13.1, 13.2: multiple vulnerabilities), python-setuptools (13.1: non-secure SSL hostname matching), and tidy (13.1, 13.2: buffer overflow).

Oracle has updated wpa_supplicant (O7: multiple vulnerabilities).

Red Hat has updated wpa_supplicant (RHEL7: multiple vulnerabilities).

Scientific Linux has updated wpa_supplicant (SL7: multiple vulnerabilities).

Slackware has updated openssl (multiple vulnerabilities) and php (S14: multiple vulnerabilities).

SUSE has updated cups (SLE12: multiple vulnerabilities), cups154 (SLE12: multiple vulnerabilities), flash-player (SLE12: multiple vulnerabilities), and xen (SLE11 SP3; SLE12: multiple vulnerabilities).

Ubuntu has updated openssl (multiple vulnerabilities).

Kategóriák: Linux

The hidden costs of embargoes (Red Hat Security Blog)

p, 2015-06-12 05:12
Over at the Red Hat Security Blog, Kurt Seifried looks at the costs of security embargoes. Keeping the information about security vulnerabilities quiet until distributions can coordinate their releases of a fix for it seems like it makes a lot of sense, but there are hidden costs to that. "Patch creation with an embargoed issue means only the researcher and upstream participating. The end result of this is often patches that are incomplete and do not fully address the issue. This happened with the Bash Shellshock issue (CVE-2014-6271) where the initial patch, and even subsequent patches, were incomplete resulting in several more CVEs (CVE-2014-6277, CVE-2014-6278, CVE-2014-7169). For a somewhat complete listing of such examples simply search the CVE database for 'because of an incomplete fix for'."
Kategóriák: Linux

Security advisories for Thursday

cs, 2015-06-11 17:37

CentOS has updated kernel (C6: multiple vulnerabilities) and qemu-kvm (C6: code execution).

Debian-LTS has updated wireshark (WCP dissector crash).

Fedora has updated cabal-install (F22: force digest authentication), freecad (F22: code execution), fusionforge (F22; F21: code execution), haskell-platform (F22: force digest authentication), less (F21: information leak), libreswan (F22; F21: denial of service), python-tornado (F21: TLS side-channel attack), and thermostat (F21: code execution).

openSUSE has updated proftpd (13.2, 13.1: two vulnerabilities, one from 2013), wpa_supplicant (13.2, 13.1: three vulnerabilities), and zeromq (13.2, 13.1: protocol downgrade).

Oracle has updated qemu-kvm (OL6: code execution) and kernel (OL6; OL5: three vulnerabilities).

Red Hat has updated qemu-kvm (RHEL6: code execution) and qemu-kvm-rhev (RHEL6OSP: code execution).

Scientific Linux has updated abrt (SL7: multiple vulnerabilities) and qemu-kvm (SL6: code execution).

Ubuntu has updated kernel (15.04; 14.10; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities), linux-lts-utopic (14.04: two vulnerabilities), linux-lts-vivid (14.04: three vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

Kategóriák: Linux

LinkedIn open-sources Pinot

cs, 2015-06-11 15:30
LinkedIn has announced the release of its "Pinot" analytics system under the Apache license. "We’ve been using it at LinkedIn for more than two years, and in that time, it has established itself as the de facto online analytics platform to provide valuable insights to our members and customers. At LinkedIn, we have a large deployment of Pinot storing 100’s of billions of records and ingesting over a billion records every day."
Kategóriák: Linux

LWN.net Weekly Edition for June 11, 2015

cs, 2015-06-11 03:51
The LWN.net Weekly Edition for June 11, 2015 is available.
Kategóriák: Linux

[$] Resurrecting the SuperH architecture

cs, 2015-06-11 00:00
Processor architectures are far from trivial; untold millions of dollars and many thousands of hours have likely gone into the creation and refinement of the x86 and ARM architectures that dominate the CPUs in Linux boxes today. But that does not mean that x86 and ARM are the only architectures of value, as Jeff Dionne, Rob Landley, and Shumpei Kawasaki illustrated in their LinuxCon Japan session "Turtles all the way down: running Linux on open hardware." The team has been working on breathing new life into a somewhat older architecture that offers comparable performance to many common system-on-chip (SoC) designs—and which can be produced as open hardware.

Click below (subscribers only) for the full report from LinuxCon Japan.

Kategóriák: Linux

Huston: Multipath TCP

sze, 2015-06-10 21:31
Geoff Huston has written a lengthy column on multipath TCP. "For many scenarios there is little value in being able to use multiple addresses. The conventional behavior is where each new session is directed to a particular interface, and the session is given an outbound address as determined by local policies. However, when we start to consider applications where the binding of location and identity is more fluid, and where network connections are transient, and the cost and capacity of connections differ, as is often the case in todays mobile cellular radio services and in WiFi roaming services, then having a session that has a certain amount of agility to switch across networks can be a significant factor." (See also: LWN's look at the Linux multipath TCP implementation from 2013).
Kategóriák: Linux

Inside NGINX: How We Designed for Performance & Scale

sze, 2015-06-10 21:25
The folks behind the NGINX web server have put up a highly self-congratulatory article on how the system was designed. "NGINX scales very well to support hundreds of thousands of connections per worker process. Each new connection creates another file descriptor and consumes a small amount of additional memory in the worker process. There is very little additional overhead per connection. NGINX processes can remain pinned to CPUs. Context switches are relatively infrequent and occur when there is no work to be done."
Kategóriák: Linux

Security updates for Wednesday

sze, 2015-06-10 18:14

Arch Linux has updated cups (two vulnerabilities).

Debian has updated cups (two vulnerabilities).

Debian-LTS has updated libapache-mod-jk (information disclosure) and libraw (denial of service).

Oracle has updated abrt (OL7: multiple vulnerabilities) and kernel (OL6: multiple vulnerabilities).

Red Hat has updated abrt (RHEL7: multiple vulnerabilities), flash-plugin (RHEL5,6: multiple vulnerabilities), and kernel (RHEL6; RHEL6.2: multiple vulnerabilities).

Scientific Linux has updated kernel (SL6: multiple vulnerabilities).

Ubuntu has updated cups (15.04, 14.10, 14.04, 12.04: two vulnerabilities) and qemu, qemu-kvm (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

[$] Obstacles to contribution in embedded Linux

k, 2015-06-09 22:46
Tim Bird has worked with embedded Linux for many years; during this time he has noticed an unhappy pattern: many of the companies that use and modify open-source software are not involved with the communities that develop that software. That is, he said, "a shame." In an attempt to determine what is keeping companies from contributing to the kernel in particular, the Consumer Electronics Linux Forum (a Linux Foundation workgroup) has run a survey of embedded kernel developers. The resulting picture highlights some of the forces keeping these developers from engaging with the development community and offers some ideas for improving the situation.
Kategóriák: Linux

Tuesday's security advisories

k, 2015-06-09 18:28

Debian-LTS has updated cups (two vulnerabilities).

Fedora has updated fuse (F21: privilege escalation), mbedtls (F22: code execution), python-tornado (F22: side-channel attack), and thermostat (F22: code execution).

Mageia has updated ipsec-tools (denial of service), jackrabbit (information leak), php-ZendFramework (CRLF injection), and rabbitmq-server (multiple vulnerabilities).

Ubuntu has updated strongswan (15.04, 14.10, 14.04: information disclosure).

Kategóriák: Linux

As open source code, Apple's Swift language could take flight (ITWorld)

k, 2015-06-09 00:50
ITWorld reports that Apple will release its Swift programming language under an open source license. "When Swift becomes open source later this year, programmers will be able to compile Swift programs to run on Linux as well as on OS X and iOS, said Craig Federighi, Apple’s head of software engineering, during the opening keynote of Apple’s Worldwide Developers Conference Monday in San Francisco. The source code will include the Swift compiler and standard library, and community contributions will be “accepted—and encouraged,” Apple said."
Kategóriák: Linux