Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 9 perc 17 másodperc

[$] LWN.net Weekly Edition for April 9, 2015

cs, 2015-04-09 01:48
The LWN.net Weekly Edition for April 9, 2015 is available.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-04-08 18:42

Arch Linux has updated ntp (two vulnerabilities).

CentOS has updated kernel (C5: multiple vulnerabilities).

Debian has updated libxml2 (denial of service).

Fedora has updated setroubleshoot (F21; F20: privilege escalation) and texlive (F21: arbitrary file removal).

openSUSE has updated Chromium (13.2, 13.1: two vulnerabilities), libgit2 (13.2, 13.1: code execution), firefox, thunderbird (13.2, 13.1: multiple vulnerabilities), php5 (13.2, 13.1: multiple vulnerabilities), potrace (13.2, 13.1: denial of service), quassel (13.2, 13.1: denial of service), and subversion (13.2, 13.1: multiple vulnerabilities).

Red Hat has updated kernel (RHEL5: multiple vulnerabilities), novnc (RHEL OSP6.0: VNC session hijacking), openstack-nova (RHEL OSP6.0: cross-site websocket hijack attack), openstack-packstack (RHEL OSP6.0: root command execution), and installer (RHEL OSP6.0: root command execution).

Scientific Linux has updated kernel (C5: multiple vulnerabilities).

SUSE has updated xorg-x11-libs (SLE11 SP3: privilege escalation).

Ubuntu has updated libtasn1-3, libtasn1-6 (14.10, 14.04, 12.04, 10.04: denial of service) and mailman (14.10, 14.04, 12.04: path traversal attack).

Kategóriák: Linux

Mourning Chris Yeoh

sze, 2015-04-08 14:39
From the OpenStack community comes the sad announcement of the passing of Chris Yeoh, a longtime free-software developer. "Chris was humble, helpful and honest. The OpenStack and broader Open Source communities are poorer for his passing." Those with memories of Chris are encouraged to contribute them to a collection being put together for his daughter.
Kategóriák: Linux

[$] An update on the freedreno graphics driver

sze, 2015-04-08 12:04
The freedreno project was started by Rob Clark to create a free-software driver for the Adreno family of GPUs, which are used by the Qualcomm Snapdragon system-on-chip (SoC) family. He presented a status report on the project, along with some history and future plans, at the Embedded Linux Conference, which was held in San Jose, CA, March 23-25.

Click below (subscribers only) for the full report from ELC 2015.

Kategóriák: Linux

Post-Cryptanalysis, TrueCrypt Alternatives Step Forward (Threat Post)

sze, 2015-04-08 01:10
Threat Post takes a look at two TrueCrypt forks, VeraCrypt and CipherShed. Although TrueCrypt development was discontinued last year, the code underwent a two phase audit and passed with a relatively clean bill of health. "VeraCrypt and CipherShed have addressed many of the shortcomings identified not only by the audit, but by others who have scrutinized the TrueCrypt code in recent years. VeraCrypt’s [Mounir] Idrassi, for example, said he replaced TrueCrypt’s lone support of the RIPEMD-160 algorithm with SHA-256 support for system encryption. He said VeraCrypt has also tried to simplify the build process, especially for Linux and Mac OS X systems, so that other less common configurations could be used." The results of the audit of TrueCrypt are available in PDF format; phase 1 was completed in February 2014, and phase 2 was completed March 2015.
Kategóriák: Linux

Tuesday's security updates

k, 2015-04-07 18:34

Arch Linux has updated tor (denial of service).

Debian has updated arj (multiple vulnerabilities), libgd2 (denial of service), mailman (path traversal attack), and tor (denial of service).

Debian-LTS has updated mailman (path traversal attack) and tor (denial of service).

Fedora has updated chicken (F21; F20: buffer overflow), kernel (F20: multiple vulnerabilities), libxml2 (F21: denial of service), and seamonkey (F21; F20: multiple vulnerabilities).

Gentoo has updated firefox (multiple vulnerabilities).

Mandriva has updated cups-filters (MBS2.0: remote command execution), libtasn1 (MBS1.0, MBS2.0: denial of service), and python-django (MBS1.0: cross-site scripting).

Red Hat has updated kernel (RHEL6.5: multiple vulnerabilities).

Ubuntu has updated firefox (14.10, 14.04, 12.04: certificate verification bypass) and oxide-qt (14.10, 14.04: multiple vulnerabilities).

Kategóriák: Linux

Kernel prepatch 4.0-rc7

k, 2015-04-07 11:25
Linus has released 4.0-rc7 after a delay of a couple of days for the holiday. "But it's still pretty small, and things are on track for 4.0 next weekend. There's a tiny chance that I'll decide to delay 4.0 by a week just because I'm traveling the week after, and I might want to avoid opening the merge window. We'll see how I feel about it next weekend."
Kategóriák: Linux

Linux Australia server breach

h, 2015-04-06 21:15
Linux Australia has reported a breach on the Conference Management (Zookeepr) hosting server. This server hosted the conference systems for linux.conf.au 2013, 2014 and 2015, and for PyCon Australia 2013 and 2014. "The database dumps which occurred during the breach include information provided during conference registration - First and Last Names, physical and email addresses, and any phone contact details provided, as well as a hashed version of the user password. As Zookeepr uses a third party credit card payment gateway for credit card processing, the database dumps do not contain any credit card or banking details."
Kategóriák: Linux

Security advisories for Monday

h, 2015-04-06 19:07

Arch Linux has updated firefox (certificate verification bypass), java-batik (information leak), and thunderbird (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities), freeipa (F21: two vulnerabilities), glpi (F21; F20: privilege escalation), lasso (F21; F20: denial of service), mingw-libzip (F21; F20: code execution), mingw-qt5-qtbase (F21; F20: denial of service), mingw-qt5-qtdeclarative (F21; F20: denial of service), mingw-qt5-qtgraphicaleffects (F21; F20: denial of service), mingw-qt5-qtimageformats (F21; F20: denial of service), mingw-qt5-qtlocation (F21; F20: denial of service), mingw-qt5-qtmultimedia (F21; F20: denial of service), mingw-qt5-qtquick1 (F21; F20: denial of service), mingw-qt5-qtscript (F21; F20: denial of service), mingw-qt5-qtsensors (F21; F20: denial of service), mingw-qt5-qtsvg (F21; F20: denial of service), mingw-qt5-qttools (F21; F20: denial of service), mingw-qt5-qttranslations (F21; F20: denial of service), mingw-qt5-qtwebkit (F21; F20: denial of service), mingw-qt5-qtwinextras (F21; F20: denial of service), moodle (F21; F20: multiple vulnerabilities), osc (F21; F20: command injection), patch (F20: multiple vulnerabilities), PyYAML (F21; F20: denial of service), rt (F21: multiple vulnerabilities), slapi-nis (F21: multiple vulnerabilities), thunderbird (F21: multiple vulnerabilities), and tor (F21; F20: denial of service).

Mageia has updated cups-filters (remote command execution), novnc (VNC session hijacking), and php, libzip (multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: two vulnerabilities).

Kategóriák: Linux

10 Years of Git: An Interview with Git Creator Linus Torvalds (Linux.com)

h, 2015-04-06 19:01
Linux.com talks with Linus Torvalds about the development of Git. "Just to pick an example: the concept of 'merging' was generally considered to be something really quite painful and hard in most SCM's. You'd plan your merges, because they were big deals. That's not acceptable to me, since I commonly do tens of merges a day when in the merge window, and even then, the biggest overhead shouldn't be the merge itself, it should be testing the result. The 'git' part of the merge is just a couple of seconds, it should take me much longer just to write the merge explanation message."
Kategóriák: Linux

Tor Summer of Privacy

szo, 2015-04-04 00:02

The Tor Project and the Electronic Frontier Foundation (EFF) have announced a mentoring program entitled the "Tor Summer of Privacy" (TorSoP). Akin to the Google Summer of Code, TorSoP will provide financial support and mentorship for a group of students to work on privacy-related free software. Three student positions are available this year; applications will be accepted through April 10. More details (including project ideas) are provided on the TorSoP page.

Kategóriák: Linux

Rust 1.0 beta released

p, 2015-04-03 22:07

The Rust team at Mozilla Research has announced the first beta release of Rust 1.0. The release notes detail a number of important changes, but the announcement adds some additional noteworthy items. "The Beta release also marks a turning point in our approach to stability. During the alpha cycle, the use of unstable APIs and language features was permitted, but triggered a warning. As of the Beta release, the use of unstable APIs will become an error (unless you are using Nightly builds or building from source)." A new continuous-integration infrastructure has also been deployed. The final release is currently expected around May 15.

Kategóriák: Linux

Friday's security updates

p, 2015-04-03 18:22

Arch Linux has updated libtasn1 (denial of service).

Debian has updated icedove (multiple vulnerabilities).

Fedora has updated drupal7-ctools (F20; F21: multiple vulnerabilities), firefox (F21: multiple vulnerabilities), icu (F21: multiple vulnerabilities), and texlive (F20: arbitrary file removal).

Mageia has updated firefox, thunderbird (M4: multiple vulnerabilities), iceape (M4: multiple vulnerabilities), libtasn1 (M4: denial of service), mercurial (M4: command injection), mongodb (M4: denial of service), and python-django (M4: multiple vulnerabilities).

Mandriva has updated icu (BS1: multiple vulnerabilities) and subversion (BS1, BS2: multiple vulnerabilities).

SUSE has updated kernel (SLE12: multiple vulnerabilities).

Ubuntu has updated thunderbird (12.04, 14.04, 14.10: multiple vulnerabilities).

Kategóriák: Linux

What to Expect When You're Expecting: PHP 7, Part 1 (Engine Yard)

p, 2015-04-03 11:16
The Engine Yard blog has an introduction to the changes coming in the PHP 7 release. "My personal favorite addition to PHP 7 is the addition of the Combined Comparison Operator, <=>,otherwise known as the spaceship operator. [...] It effectively works like strcmp(), or version_compare(), returning -1 if the left operand is smaller than the right, 0 if they are equal, and 1 if the left is greater than the right. The major difference being that it can be used on any two operands, not just strings, but also integers, floats, arrays, etc."
Kategóriák: Linux

Android security state of the union

cs, 2015-04-02 23:25
Google has announced the issuing of a lengthy report [PDF] on the state of Android security. "In 2014, the Android platform made numerous significant improvements in platform security technology, including enabling deployment of full disk encryption, expanding the use of hardware- protected cryptography, and improving the Android application sandbox with an SELinux- based Mandatory Access Control system (MAC). Developers were also provided with improved tools to detect and react to security vulnerabilities, including the nogotofail project and the SecurityProvider. We provided device manufacturers with ongoing support for fixing security vulnerabilities in devices, including development of 79 security patches, and improved the ability to respond to potential vulnerabilities in key areas, such as the updateable WebView in Android 5.0."
Kategóriák: Linux

Open Crypto Audit gives TrueCrypt a passing grade

cs, 2015-04-02 21:17

At his blog, cryptographer Matt Green announced that the Open Crypto Audit project's review of the now-abandoned TrueCrypt encryption tool is complete, and that "based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances." TrueCrypt was abruptly abandoned by its anonymous developers in 2014, leading some to suspect that a serious vulnerability had been discovered. The final Open Crypto Audit report [PDF] suggests otherwise, which is good news for users as well as for the multiple open-source projects that have subsequently developed TrueCrypt-compatibility support.

Kategóriák: Linux

Thursday's security updates

cs, 2015-04-02 16:26

Arch Linux has updated chromium (multiple vulnerabilities).

CentOS has updated thunderbird (C5: multiple vulnerabilities).

Debian has updated iceweasel (multiple vulnerabilities).

Mandriva has updated flac (BS2: multiple vulnerabilities), graphviz (BS2: format-string vulnerability), owncloud (BS1; BS2: multiple vulnerabilities), and tor (BS1: denial of service).

openSUSE has updated php5 (13.1, 13.2: multiple vulnerabilities) and python-Django (13.2: multiple vulnerabilities).

Oracle has updated firefox (O5: multiple vulnerabilities) and thunderbird (O6; O7: multiple vulnerabilities).

Scientific Linux has updated thunderbird (multiple vulnerabilities).

SUSE has updated kernel (SLES11: multiple vulnerabilities).

Ubuntu has updated tiff (regression fix for previous update).

Kategóriák: Linux

Django 1.8 released

cs, 2015-04-02 11:04
Version 1.8 of the Django web platform is out. "This version has been designated as a long-term support (LTS) release, which means that security and data loss fixes will be applied for at least the next three years." New features include support for multiple template engines, complex SQL expressions, some PostgreSQL-specific add-ons, and more; see the release notes for details.
Kategóriák: Linux

[$] LWN.net Weekly Edition for April 2, 2015

cs, 2015-04-02 02:39
The LWN.net Weekly Edition for April 2, 2015 is available.
Kategóriák: Linux

[$] XFS: There and back ... and there again?

sze, 2015-04-01 20:43
In a thought-provoking—and characteristically amusing—talk at the Vault conference, Dave Chinner looked at the history of XFS, its current status, and where the filesystem may be heading. In keeping with the title of the talk (shared by this article), he sees parallels in what drove the original development of XFS and what will be driving new filesystems. Chinner's vision of the future for today's filesystems, and not just of XFS, may be a bit surprising or controversial—possibly both.
Kategóriák: Linux