ls -1TörténelemNépszerű témákNépszerű fórum témákHardverAjánlott böngésző FreeBSD Project NewsOpenBSD JournalNetBSD News
|
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Webcím: http://lwn.net
Frissült: 14 perc 51 másodperc [$] LWN.net Weekly Edition for June 5, 2014The LWN.net Weekly Edition for June 5, 2014 is available.
Kategóriák: Linux
[$] PGCon 2014: Clustering and VODKAThe eighth annual PostgreSQL developer conference, known as PGCon, concluded on May 24th in Ottawa, Canada. This event has stretched into five days of meetings, talks, and discussions for 230 members of the PostgreSQL core community, which consists both of contributors and database administrators. PGCon serves to focus the whole PostgreSQL development community on deciding what's going to be in next year's PostgreSQL release as well as on showing off new features that contributors have developed. This year's conference included meetings of the main PostgreSQL team as well as for the Postgres-XC team, a keynote by Dr. Richard Hipp, and new code to put VODKA in your database. Subscribers can click below for the full report from guest author Josh Berkus. Kategóriák: Linux
Patch All The Things! New "Cupid" Technique Exploits Heartbleed Bug (PCMagazine)Cupid is an exploit for the Heartbleed bug in OpenSSL that can target both
servers and endpoints running Linux and Android, reports
PCMagazine. "Luis Grangeia, a researcher at SysValue, created a
proof-of-concept code library that he calls "Cupid." Cupid consists of two
patches to existing Linux code libraries. One allows an "evil server" to
exploit Heartbleed on vulnerable Linux and Android clients, while the other
allows an "evil client" to attack Linux servers. Grangeia has made the source code freely available, in hopes that other researchers will join in to learn more about just what kind of attacks are possible."
Kategóriák: Linux
Security advisories for WednesdayCentOS has updated gnutls (C6: code execution), gnutls (C5: multiple vulnerabilities), libtasn1 (C6: multiple vulnerabilities), and squid (C6: denial of service). Debian has updated chkrootkit (privilege escalation). Fedora has updated gnutls (F20: code execution) and libtasn1 (F20: multiple vulnerabilities). openSUSE has updated libcap-ng (11.4: privilege escalation) and libxml2 (13.1, 12.3: revert fix for CVE-2014-0191). Oracle has updated gnutls (OL6: code execution), gnutls (OL5: multiple vulnerabilities), libtasn1 (OL6: multiple vulnerabilities), and squid (OL6: denial of service). Red Hat has updated gnutls (RHEL5: multiple vulnerabilities), gnutls (RHEL6: code execution), kernel (RHEL6.3 EUS: two vulnerabilities), libtasn1 (RHEL6: multiple vulnerabilities), and squid (RHEL6: denial of service). Scientific Linux has updated gnutls (SL5: multiple vulnerabilities), gnutls (SL6: code execution), libtasn1 (SL6: multiple vulnerabilities), and squid (SL6: denial of service). Ubuntu has updated chkrootkit (privilege escalation). Kategóriák: Linux
Critical new bug in crypto library leaves Linux, apps open to drive-by attacks (Ars Technica)Ars Technica reports on a buffer overflow in GnuTLS, which is an alternative to OpenSSL for SSL/TLS support. The length checks for the session ID in the ServerHello message were not correct, which allowed the overflow.
"Maliciously configured servers can exploit the bug by sending malformed data to devices as they establish encrypted HTTPS connections. Devices that rely on an unpatched version of GnuTLS can then be remotely hijacked by malicious code of the attacker's choosing, security researchers who examined the fix warned. The bug wasn't patched until Friday [May 30], with the release of GnuTLS versions 3.1.25, 3.2.15, and 3.3.4. While the patch has been available for three days, it will protect people only when the GnuTLS-dependent software they use has incorporated it. With literally hundreds of packages dependent on the library, that may take time." This analysis shows how the bug could be exploited for arbitrary code execution.
Kategóriák: Linux
The unexpected outcome of the Open Source Seed Initiative's licensing debate (Opensource.com)Over at Opensource.com, Jack Kloppenburg—one of the founders of the Open Source Seed Initiative (OSSI) that is trying to apply open source ideas to the genetic material in plant seeds—describes the switch from a licensing approach to that of a "pledge". "In February of 2014, OSSI made the hard but considered decision to abandon efforts to develop a legally defensible license and to shift to a pledge. This moves OSSI’s discourse and action from the legal field to the terrain of norms and ethics. We have found this shift to be stimulating, reinvigorating, and productive. The licensing approach was pulling us into a policing and bureaucratic orientation that was not congenial. Although our pledge is likely not legally binding, it is easily transmissible, it is viral, it is an uncompromising commitment to free exchange and use, and it is a very effective tool for outreach and education."
Kategóriák: Linux
Making end-to-end encryption easier to use (Google Online Security Blog)The Google Online Security Blog has announced the alpha release of an OpenPGP-compliant end-to-end encryption extension for the Chrome/Chromium browser.
"While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools.
However, you won’t find the End-to-End extension in the Chrome Web Store quite yet; we’re just sharing the code today so that the community can test and evaluate it, helping us make sure that it’s as secure as it needs to be before people start relying on it. (And we mean it: our Vulnerability Reward Program offers financial awards for finding security bugs in Google code, including End-to-End.)"
Kategóriák: Linux
Tuesday's security updatesFedora has updated smb4k (F20; F19: credential cache leak). Mageia has updated gnutls (two vulnerabilities) and libtasn1 (multiple vulnerabilities). SUSE has updated IBM Java 6 (SLE11 SP3: multiple vulnerabilities) and IBM Java 7 (SLE11 SP3: multiple vulnerabilities). Kategóriák: Linux
Bergeron: Introducing the new Fedora Project Leader, and some parting thoughts.In a lengthy message to the fedora-announce mailing list, outgoing Fedora Project Leader (FPL) Robyn Bergeron has described the role of the FPL and why turnover in that position (and other, similar leadership roles) is desirable. She also announced that the new FPL will be Matthew Miller: "Of course, Matthew is no newcomer to the Fedora Project, having been
around since the *LITERAL DAWN OF FEDORA TIME* -- he was an early
contributor to the Fedora Legacy project, and helped to organize early
FUDCons in his area of the world, at Boston University. Since joining
Red Hat in 2012, he's been responsible for the Cloud efforts in
Fedora, and as the previous wrangler for that team, I was thrilled
when he came on board and was willing and able to start driving
forward some of the initiatives and wishlist items that team was
working on. What started out small has since grown into a vision for
the future, and I'm confident in Matthew's ability to lead the Fedora
Project forward into its next 10 years of innovative thinking."
Kategóriák: Linux
Linux Mint 17 releasedThe Linux Mint project has released version 17 "Qiana" in Cinnamon and MATE editions. Qiana is a
long term support release so it will be supported until 2019. See the new
features pages for Cinnamon
and MATE
for some details. Here are the release notes for Cinnamon and MATE, where a few
known issues are listed.
Kategóriák: Linux
Security advisories for MondayDebian has updated chromium-browser (multiple vulnerabilities), gnutls26 (code execution), lxml (code injection), php5 (multiple vulnerabilities), and typo3-src (multiple vulnerabilities). Fedora has updated libgadu (F20: code execution). Gentoo has updated dbus (privilege escalation from 2012), fail2ban (multiple vulnerabilities, one from 2009), and libarchive (multiple vulnerabilities, one from 2010). openSUSE has updated libgadu (11.4: two vulnerabilities), libxml2, (11.4: regression in previous update), and sudo (11.4: privilege escalation). Slackware has updated mariadb (multiple unspecified vulnerabilities). Ubuntu has updated gnutls26 (code execution). Kategóriák: Linux
Kernel prepatch 3.15-rc8 — and the start of the 3.16 merge windowLinus has released the 3.15-rc8 prepatch
after concluding that this development cycle needed one more week of
stabilization. But has also decided to go ahead and start the 3.16 merge
window before the 3.15 release, mostly as a way of avoiding a conflict with
a planned family vacation. "So let's try to see how well that works
- the last weeks of the release tends to be me just waiting around to make
sure nothing bad is happening, so doing this kind of overlapping
development *should* work fine. Maybe it works so well that we'll end up
doing it in the future even if there *isn't* some kind of scheduling
conflict that makes me want to start the merge window before I'm 100%
comfortable doing the release for the previous version."
Kategóriák: Linux
Stable kernels 3.14.5 and 3.10.41Greg Kroah-Hartman has announced the release of the 3.14.5 and 3.10.41 stable kernels. As is the norm, they
contain important fixes throughout the tree and users should upgrade.
Kategóriák: Linux
[$] Questioning corporate involvement in GNOME developmentIt is a rare free software project that feels it has too many developers;
indeed, most could benefit from more development help. One way to get that
help is to have a company pay developers to work on a project; the presence
of paid developers is often one of the first signs that a particular
project is gaining traction. But paid developers often bring with them
worries that the company footing the bill will seek to drive the project in
undesirable directions. The GNOME project, which is conducting its annual
election for its board of directors until June 8, has an opportunity to say
that corporate involvement in development has gone too far — or not.
Kategóriák: Linux
Mozilla to build WebRTC chat into FirefoxAt the Mozilla "Future Releases" blog, Chad Weiner announces a new feature just added to the latest Firefox Nightly builds: WebRTC-powered audio/video chat functionality. The feature "aims to connect everyone with a WebRTC-enabled browser. And that’s all you will need. No plug-ins, no downloads. If you have a browser, a camera and a mic, you’ll be able to make audio and video calls to anyone else with an enabled browser. It will eventually work across all of your devices and operating systems. And we’ll be adding lots more features in the future as we roll it out to more users." Cross-browser multimedia chat has been demonstrated with WebRTC before, of course, but the functionality has not been built in. Firefox will evidently use OpenTok, a WebRTC application platform, in its implementation. Kategóriák: Linux
Friday's security updatesFedora has updated emacs (F20: multiple vulnerabilities) and moodle (F19; F20: multiple vulnerabilities). Mageia has updated libgadu (code execution) and mumble (multiple vulnerabilities). openSUSE has updated policycoreutils (12.3, 13.1: privilege escalation) and python-lxml (12.3, 13.1: code injection). Red Hat has updated openstack-foreman-installer (RHEL OSP4: insecure defaults), openstack-heat-templates (RHEL OSP4: multiple vulnerabilities), openstack-keystone (RHEL OSP4: restriction bypass), openstack-neutron (RHEL OSP4: multiple vulnerabilities), openstack-nova (RHEL OSP4: information leak), and python-django-horizon (RHEL OSP4: cross-site scripting). SUSE has updated IBM Java 6 (SLES10 SP3,4; SLES11 SP2: multiple vulnerabilities) and IBM Java 7 (SLES11 SP2: multiple vulnerabilities). Kategóriák: Linux
[$] LWN.net Weekly Edition for May 30, 2014The LWN.net Weekly Edition for May 30, 2014 is available.
Kategóriák: Linux
[$] PyPI, pip, and external repositoriesA debate about Python modules—and where and how they are hosted—raged in early May on two separate Python mailing lists. There are a number of interrelated issues that make up the debate, but the core question seems to be: should the now-default pip package manager treat the "official" module repository differently than other repositories? Some see "external modules"—those not hosted at the Python Package Index (PyPI)—as a potential reliability problem, while others don't see much difference between external and PyPI-hosted modules. Subscribers can click below for a look at the discussion from this week's edition. Kategóriák: Linux
Security advisories for ThursdayFedora has updated libpng (F20: two denial of service flaws), libtiff (F20: code execution), openstack-neutron (F20: access restriction bypass), and php-ZendFramework2 (F20; F19: multiple vulnerabilities). Mageia has updated cifs-utils (code execution), libvirt (two vulnerabilities), mono (M3: denial of service from 2012), qt4 (M3: denial of service), and qt4 and qtbase5 (M4: denial of service). openSUSE has updated libgadu (two vulnerabilities). SUSE has updated firefox (SLE10SP4; SLE10SP3: multiple vulnerabilities) and IBM Java 6 (SLE11SP2: multiple vulnerabilities). Kategóriák: Linux
A Core Infrastructure Initiative announcementThe Linux Foundation has put out a
press release describing the evolution of its new "Core Infrastructure
Initiative," which directs funding to developers of projects deemed to be
both critical and short of resources. The first projects to be funded will
be OpenSSL, OpenSSH, and the network time protocol (NTP) implementation.
The steering committee for the initiative has been picked; it includes Alan
Cox, Eben Moglen, Bruce Schneier, and Ted Ts'o. And a few more companies
(Adobe, Bloomberg, HP, Huawei and salesforce.com) have added their support
to the program.
Kategóriák: Linux
|
KeresésNavigációBelépésHupWikiÁllásajánlatokHWSWFriss blogbejegyzésekHUP napi hírlevélLegfrissebb HUP videókLegfrissebb Linux játékvideókLegfrissebb HUP képekLegfrissebb HUP dokumentumokSzavazásVan-e hiteled és / vagy megtakarításod? Van, hitelem is és megtakarításom is - a megtakarítás a több 6% Van, hitelem is és megtakarításom is - a hitel a több 17% Nincs hitelem és van megtakarításom 44% Van hitelem és nincs megtakarításom 15% Nincs se hitelem, se megtakarításom 12% Egyéb / nem nyilatkozom / csak az eredmény érdekel stb. 6% Összes szavazat: 465
InformációKövess minket!Partnerünk |
Friss hozzászólások
34 másodperc
48 másodperc
1 perc 15 másodperc
7 perc 15 másodperc
10 perc 38 másodperc
21 perc 24 másodperc
22 perc 50 másodperc
23 perc 37 másodperc
29 perc 26 másodperc
37 perc 17 másodperc