Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 7 perc 16 másodperc

Tuesday's security updates

k, 2014-03-11 17:58

CentOS has updated sudo (C5: privilege escalation).

Fedora has updated mediawiki (F20; F19: ), openldap (F19: denial of service), rubygem-actionpack (F20; F19: multiple vulnerabilities), and rubygem-activerecord (F20: multiple vulnerabilities).

Mandriva has updated wireshark (multiple vulnerabilities).

Oracle has updated sudo (OL5: privilege escalation).

Red Hat has updated sudo (RHEL5: privilege escalation).

Scientific Linux has updated sudo (SL5: privilege escalation).

Slackware has updated udisks (privilege escalation).

Kategóriák: Linux

"Is parallel programming hard?", first edition

k, 2014-03-11 14:36
Paul McKenney has announced that the first edition of his 500-page book Is Parallel Programming Hard, And, If So, What Can You Do About It? is available in electronic form; a printed version will follow soon. The entire book is available under the CC-BY-SA 3.0 license.
Kategóriák: Linux

A discussion between database and kernel developers

k, 2014-03-11 02:19
On March 27, there will be a meeting between database and kernel developers at the Linux Foundation's Collaboration Summit; interested developers are invited to attend. "If there are developers attending Collaboration Summit that work in the database or kernel communities, it would be great if you could come along. Previous discussions were on the PostgreSQL list and that should be expanded in case we accidentally build postgres-only features. The intent is to identify the problems encountered by databases and where relevant, test cases that can be used to demonstrate them if they exist. While the kernel community may be aware of some of the problems, they are not always widely known or understood."
Kategóriák: Linux

Google's coding internship summer program reaches 10th year (

h, 2014-03-10 22:29
The 2014 edition of Google's Summer of Code (GSoC) marks the tenth year of the program. covers a few of this year's 190 mentoring organizations. "What is likely to remain the same this year is the overwhelming response from students from all over the world who want the chance to work on free and open source projects with mentoring organizations that Google has hand-picked. Carol Smith, Open Source Programs Manager at Google, tells us that to date GSoC students have helped generate over 50 million lines of open source code to date, from over 8,500 student developers."
Kategóriák: Linux

Security advisories for Monday

h, 2014-03-10 18:49

Debian has updated libyaml-libyaml-perl (code execution), udisks (privilege escalation), and wireshark (multiple vulnerabilities).

Fedora has updated freeradius (F20; F19: buffer overflow), imapsync (F19: information leak), kernel (F19: three vulnerabilities), php (F20: code execution), and v8 (F20; F19: incorrect handling of popular pages).

Gentoo has updated libyaml (code execution).

Mageia has updated mediawiki (multiple vulnerabilities) and wireshark (MG3; MG4: multiple vulnerabilities).

Mandriva has updated gnutls (certificate verification issue), postgresql (multiple vulnerabilities), and subversion (denial of service).

openSUSE has updated SSLCipherSuite (11.4: CRIME attack), fail2ban (13.1, 12.3: three vulnerabilities), freeradius-server (13.1, 12.3: denial of service), gnutls (11.4: two vulnerabilities), phpMyAdmin (13.1, 12.3: cross-site scripting), and postgresql92 (13.1, 12.3: multiple vulnerabilities).

Ubuntu has updated udisks, udisks2 (privilege escalation).

Kategóriák: Linux

Kernel prepatch 3.14-rc6

h, 2014-03-10 14:49
The 3.14-rc6 kernel prepatch is out. Linus says: "There haven't been any huge problems, but there's been quite a few small bumps that shouldn't happen this late in the release cycle. And rc6 is noticeably bigger than rc5 was, as well. So I'm really hoping that the upcoming week will be calmer, because otherwise I'll start thing rc8 and even rc9."
Kategóriák: Linux

Mozilla cutting support for Persona

szo, 2014-03-08 01:29
Mozilla has announced that it is "transitioning Persona to community ownership" — or, in other words, dropping development support for this identity management project. "For a variety of reasons, Persona has received less adoption than we were hoping for by this point. However, we do still believe that Persona offers a unique and useful alternative to passwords, and we intend to support it as such. Reducing the scope of Persona and stabilizing its core APIs over the last quarter has shown us that adding more features was not the way forward." (LWN reported on Persona in March 2013).
Kategóriák: Linux

New stable kernels

szo, 2014-03-08 00:25

Greg Kroah-Hartman has released kernels 3.13.6 and 3.10.33, each with the usual bevy of updates and fixes.

Kategóriák: Linux

Friday's security updates

p, 2014-03-07 17:56

Fedora has updated libssh (F20: private key leak) and rubygem-actionpack (F20: multiple vulnerabilities).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), file (code execution), net-snmp (multiple vulnerabilities), and owncloud (multiple unspecified vulnerabilities).

Ubuntu has updated imagemagick (12.04, 12.10, 13.10: multiple vulnerabilities), kernel (12.04; 12.10; 13.10: multiple vulnerabilities), linux-lts-quantal (multiple vulnerabilities), linux-lts-raring (multiple vulnerabilities), linux-lts-saucy (multiple vulnerabilities), and linux-ti-omap4 (12.04; 12.10; 13.10: multiple vulnerabilities).

Kategóriák: Linux

Linux Foundation teams up with edX to build free online Linux course

cs, 2014-03-06 23:49
The Linux Foundation has announced that it is building a massive open online course (MOOC) with edX, the non-profit learning platform created by Harvard University and Massachusetts Institute of Technology (MIT). "The Linux Foundation and edX are partnering to develop a MOOC program that will help address this issue by making basic Linux training materials available to all for free. Previously a $2,400 course, Introduction to Linux will be the first class available as a MOOC and will be free to anyone, anywhere. The Linux Foundation is among a new group of member organizations edX announced today who will contribute courses to the platform. EdX’s MOOC’s are an increasingly popular way to provide for unlimited participation and open access to learning material to people anywhere in the world via the web. These programs also provide interactive users forums where students and professors can build communities, similar to the way in which the Linux community collaborates. MOOCs have recently generated enrollments for individual classes of 60,000 or more students."
Kategóriák: Linux

Calligra 2.8 released

cs, 2014-03-06 23:00
The Calligra office suite has announced its 2.8 release. In addition to the Krita painting program's 2.8 release (which we reviewed in the March 6 edition of LWN), other components have new features and bug fixes as well. Words and Author gained support for document comments, Kexi (visual database tool) has many fixes and improvements based on user feedback, Sheets now has pivot tables, and so on. "There are also some general improvements in all apps. It is now possible to copy and paste any shape between any documents in Calligra applications. Moreover, copying and pasting of images and rich text is now more advanced."
Kategóriák: Linux

Security updates for Thursday

cs, 2014-03-06 18:02

CentOS has updated subversion (C6; C5: multiple vulnerabilities).

Fedora has updated gnutls (F20; F19: certificate validation botch) and kernel (F20: three vulnerabilities).

Mageia has updated libssh (private key leak).

openSUSE has updated gnutls (12.3: certificate validation botch), percona-toolkit, xtrabackup (13.1: code execution), rubygems (13.1, 12.3: gems not getting security updates), and subversion (12.3: denial of service).

Oracle has updated subversion (OL6; OL5: multiple vulnerabilities).

Red Hat has updated activemq (RH OpenShift Enterprise: multiple vulnerabilities) and subversion (multiple vulnerabilities).

Scientific Linux has updated subversion (multiple vulnerabilities).

Slackware has updated sudo (privilege escalation).

Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), icedtea-web (13.10, 12.10, 12.04: insecure tmpfile usage), kernel (10.04: multiple vulnerabilities), and tomcat6, tomcat7 (multiple vulnerabilities).

Kategóriák: Linux

[$] Weekly Edition for March 6, 2014

cs, 2014-03-06 03:53
The Weekly Edition for March 6, 2014 is available.
Kategóriák: Linux

[$] A thumbnail sketch of Krita 2.8

cs, 2014-03-06 00:32

Version 2.8 of the digital-painting application Krita has been released. The project recently formed its own backing foundation and has undertaken a concerted effort to fund development through (among other things) the sale of training materials, so a natural question might be whether or not this new release shows any substantial gains that could be attributed to the more formal project management. It is hard to say for sure, of course, but the change does look like a win—the new release includes a series of technical improvements as well as practical contributions from Krita-using artists.

Kategóriák: Linux

Security updates for Wednesday

sze, 2014-03-05 19:44

CentOS has updated gnutls (C6; C5: certificate verification issue) and postgresql (C5: multiple vulnerabilities).

Fedora has updated perl-CGI-Application (F20; F19: information leak).

Gentoo has updated chromium (multiple vulnerabilities).

openSUSE has updated chromium (13.1, 12.3: multiple vulnerabilities), gnutls (13.1: certificate verification issue), and pidgin (11.4: multiple vulnerabilities).

Oracle has updated postgresql (OL5: multiple vulnerabilities).

Red Hat has updated mongodb (denial of service), openstack-glance (information leak), openstack-nova (multiple vulnerabilities), openstack-packstack (insecure network connections), openstack-swift (timing side-channel attack), and postgresql (RHEL5: multiple vulnerabilities).

Scientific Linux has updated postgresql (SL5: multiple vulnerabilities).

SUSE has updated gnutls (SUSE CORE 9: certificate verification issue).

Kategóriák: Linux

[$] A longstanding GnuTLS certificate validation botch

sze, 2014-03-05 17:31

Something rather reminiscent of Apple's "goto fail;" bug has been found, but this time it hits rather closer to home for the free software community since it lives in GnuTLS. Certificate validation for SSL/TLS has been under some scrutiny lately, evidently to good effect. But this bug is arguably much worse than Apple's, as it has allowed crafted certificates to evade validation checks for all versions of GnuTLS ever released since that project got started in late 2000.

Kategóriák: Linux

Krita 2.8.0 released

sze, 2014-03-05 17:11
Version 2.8.0 of the Krita painting application is out. New features include improved tablet support, high-quality scaling, integration with the "Gemini" sketch application, a new wrap-around mode, and much more.
Kategóriák: Linux

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping (ars technica)

sze, 2014-03-05 00:50
According to this ars technica article, the GnuTLS library has a certificate validation vulnerability that looks awfully similar to the recently patched Apple hole. "This time, instead of a single misplaced 'goto fail' command, the mistakes involve errors with several 'goto cleanup' calls. The GnuTLS program, in turn, prematurely terminates code sections that are supposed to establish secure TLS connections only after the other side presents a valid X509 certificate signed by a trusted source. Attackers can exploit the error by presenting vulnerable systems with a fraudulent certificate that is never rejected, despite its failure to pass routine security checks."
Kategóriák: Linux

SUSE Labs Director Talks Live Kernel Patching with kGraft (

k, 2014-03-04 22:30
Libby Clark talks with Vojtech Pavlik, Director of SUSE Labs, about kGraft. "In this Q&A, Pavlik goes into more detail on SUSE's live kernel patching project; how the kGraft patch integrates with the Linux kernel; how it compares with other live-patching solutions; how developers will be able to use the upcoming release; and the project's interaction with the kernel community for upstream acceptance."
Kategóriák: Linux

Tuesday's security advisories

k, 2014-03-04 19:28

Debian has updated gnutls26 (certificate verification issue).

Fedora has updated easy-rsa (F20; F19: weak keys), file (F19: denial of service), and python-tahrir (F20; F19: insecure openid login).

Mageia has updated egroupware (remote code execution), gnutls (certificate verification issue), python-logilab-common (multiple unspecified temporary file vulnerabilities), and qt5 (denial of service).

Oracle has updated gnutls (OL6; OL5: multiple vulnerabilities).

Red Hat has updated activemq (multiple vulnerabilities) and gnutls (RHEL6; RHEL5: certificate verification issue).

Scientific Linux has updated gnutls (SL6; SL5: certificate verification issue).

Slackware has updated gnutls (certificate verification issue).

SUSE has updated gnutls (SLE11 SP3; SLES10 SP3 LTSS; SLES10 SP4 LTSS; SLES11 SP1 LTSS; SLES11 SP2 LTSS: certificate verification issues).

Ubuntu has updated gnutls26 (certificate verification issue), php5 (multiple vulnerabilities), and python2.6, python2.7, python3.2, python3.3 (code execution).

Kategóriák: Linux