Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 7 perc 16 másodperc
CentOS has updated sudo (C5: privilege escalation).
Mandriva has updated wireshark (multiple vulnerabilities).
Oracle has updated sudo (OL5: privilege escalation).
Red Hat has updated sudo (RHEL5: privilege escalation).
Scientific Linux has updated sudo (SL5: privilege escalation).
Slackware has updated udisks (privilege escalation).
Paul McKenney has announced that the first edition of his 500-page book Is Parallel Programming Hard, And, If So, What Can You Do About It? is available in electronic form; a printed version will follow soon. The entire book is available under the CC-BY-SA 3.0 license.
On March 27, there will be a meeting between database and kernel developers at the Linux Foundation's Collaboration Summit; interested developers are invited to attend. "If there are developers attending Collaboration Summit that work in the database or kernel communities, it would be great if you could come along. Previous discussions were on the PostgreSQL list and that should be expanded in case we accidentally build postgres-only features. The intent is to identify the problems encountered by databases and where relevant, test cases that can be used to demonstrate them if they exist. While the kernel community may be aware of some of the problems, they are not always widely known or understood."
The 2014 edition of Google's Summer of Code (GSoC) marks the tenth year of the program. Opensource.com covers a few of this year's 190 mentoring organizations. "What is likely to remain the same this year is the overwhelming response from students from all over the world who want the chance to work on free and open source projects with mentoring organizations that Google has hand-picked. Carol Smith, Open Source Programs Manager at Google, tells us that to date GSoC students have helped generate over 50 million lines of open source code to date, from over 8,500 student developers."
Fedora has updated freeradius (F20; F19: buffer overflow), imapsync (F19: information leak), kernel (F19: three vulnerabilities), php (F20: code execution), and v8 (F20; F19: incorrect handling of popular pages).
Gentoo has updated libyaml (code execution).
openSUSE has updated SSLCipherSuite (11.4: CRIME attack), fail2ban (13.1, 12.3: three vulnerabilities), freeradius-server (13.1, 12.3: denial of service), gnutls (11.4: two vulnerabilities), phpMyAdmin (13.1, 12.3: cross-site scripting), and postgresql92 (13.1, 12.3: multiple vulnerabilities).
Ubuntu has updated udisks, udisks2 (privilege escalation).
The 3.14-rc6 kernel prepatch is out. Linus says: "There haven't been any huge problems, but there's been quite a few small bumps that shouldn't happen this late in the release cycle. And rc6 is noticeably bigger than rc5 was, as well. So I'm really hoping that the upcoming week will be calmer, because otherwise I'll start thing rc8 and even rc9."
Mozilla has announced that it is "transitioning Persona to community ownership" — or, in other words, dropping development support for this identity management project. "For a variety of reasons, Persona has received less adoption than we were hoping for by this point. However, we do still believe that Persona offers a unique and useful alternative to passwords, and we intend to support it as such. Reducing the scope of Persona and stabilizing its core APIs over the last quarter has shown us that adding more features was not the way forward." (LWN reported on Persona in March 2013).
Ubuntu has updated imagemagick (12.04, 12.10, 13.10: multiple vulnerabilities), kernel (12.04; 12.10; 13.10: multiple vulnerabilities), linux-lts-quantal (multiple vulnerabilities), linux-lts-raring (multiple vulnerabilities), linux-lts-saucy (multiple vulnerabilities), and linux-ti-omap4 (12.04; 12.10; 13.10: multiple vulnerabilities).
The Linux Foundation has announced that it is building a massive open online course (MOOC) with edX, the non-profit learning platform created by Harvard University and Massachusetts Institute of Technology (MIT). "The Linux Foundation and edX are partnering to develop a MOOC program that will help address this issue by making basic Linux training materials available to all for free. Previously a $2,400 course, Introduction to Linux will be the first class available as a MOOC and will be free to anyone, anywhere. The Linux Foundation is among a new group of member organizations edX announced today who will contribute courses to the platform. EdX’s MOOC’s are an increasingly popular way to provide for unlimited participation and open access to learning material to people anywhere in the world via the web. These programs also provide interactive users forums where students and professors can build communities, similar to the way in which the Linux community collaborates. MOOCs have recently generated enrollments for individual classes of 60,000 or more students."
The Calligra office suite has announced its 2.8 release. In addition to the Krita painting program's 2.8 release (which we reviewed in the March 6 edition of LWN), other components have new features and bug fixes as well. Words and Author gained support for document comments, Kexi (visual database tool) has many fixes and improvements based on user feedback, Sheets now has pivot tables, and so on. "There are also some general improvements in all apps. It is now possible to copy and paste any shape between any documents in Calligra applications. Moreover, copying and pasting of images and rich text is now more advanced."
Mageia has updated libssh (private key leak).
openSUSE has updated gnutls (12.3: certificate validation botch), percona-toolkit, xtrabackup (13.1: code execution), rubygems (13.1, 12.3: gems not getting security updates), and subversion (12.3: denial of service).
Scientific Linux has updated subversion (multiple vulnerabilities).
Slackware has updated sudo (privilege escalation).
Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), icedtea-web (13.10, 12.10, 12.04: insecure tmpfile usage), kernel (10.04: multiple vulnerabilities), and tomcat6, tomcat7 (multiple vulnerabilities).
The LWN.net Weekly Edition for March 6, 2014 is available.
Version 2.8 of the digital-painting application Krita has been released. The project recently formed its own backing foundation and has undertaken a concerted effort to fund development through (among other things) the sale of training materials, so a natural question might be whether or not this new release shows any substantial gains that could be attributed to the more formal project management. It is hard to say for sure, of course, but the change does look like a win—the new release includes a series of technical improvements as well as practical contributions from Krita-using artists.
Gentoo has updated chromium (multiple vulnerabilities).
Oracle has updated postgresql (OL5: multiple vulnerabilities).
Red Hat has updated mongodb (denial of service), openstack-glance (information leak), openstack-nova (multiple vulnerabilities), openstack-packstack (insecure network connections), openstack-swift (timing side-channel attack), and postgresql (RHEL5: multiple vulnerabilities).
Scientific Linux has updated postgresql (SL5: multiple vulnerabilities).
SUSE has updated gnutls (SUSE CORE 9: certificate verification issue).
Something rather reminiscent of Apple's "goto fail;" bug has been found, but this time it hits rather closer to home for the free software community since it lives in GnuTLS. Certificate validation for SSL/TLS has been under some scrutiny lately, evidently to good effect. But this bug is arguably much worse than Apple's, as it has allowed crafted certificates to evade validation checks for all versions of GnuTLS ever released since that project got started in late 2000.
Version 2.8.0 of the Krita painting application is out. New features include improved tablet support, high-quality scaling, integration with the "Gemini" sketch application, a new wrap-around mode, and much more.
According to this ars technica article, the GnuTLS library has a certificate validation vulnerability that looks awfully similar to the recently patched Apple hole. "This time, instead of a single misplaced 'goto fail' command, the mistakes involve errors with several 'goto cleanup' calls. The GnuTLS program, in turn, prematurely terminates code sections that are supposed to establish secure TLS connections only after the other side presents a valid X509 certificate signed by a trusted source. Attackers can exploit the error by presenting vulnerable systems with a fraudulent certificate that is never rejected, despite its failure to pass routine security checks."
Libby Clark talks with Vojtech Pavlik, Director of SUSE Labs, about kGraft. "In this Q&A, Pavlik goes into more detail on SUSE's live kernel patching project; how the kGraft patch integrates with the Linux kernel; how it compares with other live-patching solutions; how developers will be able to use the upcoming release; and the project's interaction with the kernel community for upstream acceptance."
Debian has updated gnutls26 (certificate verification issue).
Mageia has updated egroupware (remote code execution), gnutls (certificate verification issue), python-logilab-common (multiple unspecified temporary file vulnerabilities), and qt5 (denial of service).
Slackware has updated gnutls (certificate verification issue).
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP dokumentumok
Hallottál már a FidoNetről?
Valami dereng, de nem tudnám megmondani mi az
Igen, használtam is
Igen, üzemeltettem ilyen infrastruktúrát
Igen, de nem használtam
Összes szavazat: 486