Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 2 perc 36 másodperc

Stable kernel updates

sze, 2015-05-13 20:46
Greg Kroah-Hartman has released stable kernels 4.0.3, 3.14.42, and 3.10.78. All of them contain important fixes.
Kategóriák: Linux

[$] CoreOS Fest and the world of containers, part 1

sze, 2015-05-13 20:26

It's been a Linux container bonanza in San Francisco recently, and that includes a series of events and announcements from multiple startups and cloud hosts. It seems like everyone is fighting for a piece of what they hope will be a new multi-billion-dollar market. This included Container Camp on April 17 and CoreOS Fest on May 5th and 6th, with DockerCon to come near the end of June. While there is a lot of hype, the current container gold rush has yielded more than a few benefits for users — and caused technological development so rapid it is hard to keep up with.

Subscribers can click below for a report by guest author Josh Berkus from this week's edition.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-05-13 19:25

Arch Linux has updated firefox (multiple vulnerabilities) and tomcat6 (denial of service).

CentOS has updated firefox (C7; C6: multiple vulnerabilities), kexec-tools (C7: file overwrites), pcs (C7; C6: privilege escalation), tomcat (C7: HTTP request smuggling), and tomcat6 (C6: HTTP request smuggling).

Debian has updated quassel (SQL injection).

Fedora has updated clamav (F20: multiple vulnerabilities), dpkg (F21; F20: two vulnerabilities), kernel (F21: two vulnerabilities), texlive (F21: predictable filenames), and wpa_supplicant (F20: code execution).

Gentoo has updated ettercap (multiple vulnerabilities).

Mageia has updated dnsmasq (information disclosure), flash-player-plugin (multiple vulnerabilities), hostapd (denial of service), netcf (denial of service), pam (two vulnerabilities), and testdisk (multiple vulnerabilities).

Oracle has updated firefox (OL7; OL5: multiple vulnerabilities), kernel (OL7: two vulnerabilities), kexec-tools (OL7: file overwrites), tomcat (OL7: HTTP request smuggling), and tomcat6 (OL6: HTTP request smuggling).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), flash-plugin (RHEL5,6: multiple vulnerabilities), java-1.6.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm (RHEL5: multiple vulnerabilities), kernel (RHEL7: privilege escalation), kernel-rt (RHEL7; RHEMRG2.5: privilege escalation), kexec-tools (RHEL7: file overwrites), kvm (RHEL5: code execution), pcs (RHEL7; RHEL6: privilege escalation), qemu-kvm (RHEL7; RHEL6: code execution), qemu-kvm-rhev (RHEL7, RHEL6, RHEL OSP4,5,6: code execution), tomcat (RHEL7: HTTP request smuggling), tomcat6 (RHEL6: HTTP request smuggling), and xen (RHEL5: code execution).

Scientific Linux has updated kvm (SL5: code execution) and xen (SL5: code execution).

Slackware has updated mozilla (multiple vulnerabilities).

SUSE has updated php5 (SLE12: multiple vulnerabilities).

Kategóriák: Linux

[$] Trading off safety and performance in the kernel

k, 2015-05-12 22:04
The kernel community ordinarily tries to avoid letting users get into a position where the integrity of their data might be compromised. There are exceptions, though; consider, for example, the ability to explicitly flush important data to disk (or more importantly, to avoid flushing at any given time). Buffering I/O in this manner can significantly improve disk write I/O throughput, but if application developers are careless, the result can be data loss should the system go down at an inopportune time. Recently there have been a couple of proposed performance-oriented changes that have tested the community's willingness to let users put themselves into danger.

Click below (subscribers only) for the full story from this week's Kernel Page.

Kategóriák: Linux

Firefox 38.0

k, 2015-05-12 21:00
Mozilla has released Firefox 38.0. This version features new tab-based preferences and Ruby annotation support. Also, it will be the base for the next ESR release. The release notes contain more information.
Kategóriák: Linux

Tuesday's security updates

k, 2015-05-12 18:28

Debian has updated mercurial (two vulnerabilities).

Mageia has updated async-http-client (two vulnerabilities), glpi (privilege escalation), kernel (multiple vulnerabilities), libarchive (denial of service), libssh (denial of service), mailman (path traversal attack), pnp4nagios (cross-site scripting), postgis (multiple vulnerabilities), ruby-redcarpet (cross-site scripting), and springframework (information disclosure).

openSUSE has updated Chromium (13.2, 13.1: two vulnerabilities), curl (13.2, 13.1: information leak), dnsmasq (13.2, 13.1: information disclosure), gnu_parallel (13.2, 13.1: file overwrite), libreoffice (13.2: code execution), libssh (13.2, 13.1: denial of service), libtasn1 (13.2, 13.1: denial of service), pcre (13.2, 13.1: multiple vulnerabilities), and php5 (13.2, 13.1: multiple vulnerabilities).

Slackware has updated mariadb (multiple unspecified vulnerabilities), mysql (multiple unspecified vulnerabilities), and wpa_supplicant (code execution).

Ubuntu has updated libmodule-signature-perl (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities) and openssl (12.04: re-enable TLSv1.2 by default).

Kategóriák: Linux

The Foresight Linux Project shuts down

k, 2015-05-12 15:06
The development of the Foresight Linux distribution has come to an end. "The Foresight Linux Council has determined that there has been insufficient volunteer activity to sustain meaningful new development of Foresight Linux. Faced with the need either to update the project's physical infrastructure or cease operations, we find no compelling reason to update the infrastructure."
Kategóriák: Linux

The last stable 3.19.x kernel

h, 2015-05-11 19:56
Greg Kroah-Hartman has released stable kernel 3.19.8. This is the last kernel in the 3.19.x series and users should upgrade to 4.0.x.
Kategóriák: Linux

Security advisories for Monday

h, 2015-05-11 18:38

Arch Linux has updated docker (multiple vulnerabilities).

Debian has updated libtasn1-6 (denial of service), suricata (denial of service), and zeromq3 (security bypass).

Fedora has updated firefox (F20: multiple vulnerabilities), libreoffice (F20: code execution), netcf (F21; F20: denial of service), perl-XML-LibXML (F21; F20: information disclosure), proftpd (F21: unauthenticated copying of files), prosody (F20: denial of service), thunderbird (F20: multiple vulnerabilities), and xulrunner (F20: multiple vulnerabilities).

Mageia has updated wordpress (cross-site scripting).

Ubuntu has updated icu (15.04, 14.10, 14.04: code execution), kernel (14.10, 14.04: regression in previous update), libtasn1-3, libtasn1-6 (15.04, 14.10, 14.04, 12.04: denial of service), linux-lts-utopic (14.04: regression in previous update), and linux-lts-trusty (12.04: regression in previous update).

Kategóriák: Linux

Kernel prepatch 4.1-rc3

h, 2015-05-11 14:29
The 4.1 development cycle continues with the release of 4.1-rc3. "Go out and test. By -rc3, things really should be pretty non-threatening and this would be a good time to just make sure everything is running smoothly if you haven't tried one of the earlier development kernels already."
Kategóriák: Linux

Testable Examples in Go

p, 2015-05-08 23:24

At the Go Blog, Andrew Gerrand provides a look at the language's approach to combining example code and documentation. "Godoc examples are snippets of Go code that are displayed as package documentation and that are verified by running them as tests. They can also be run by a user visiting the godoc web page for the package and clicking the associated "Run" button. Having executable documentation for a package guarantees that the information will not go out of date as the API changes." Each package's examples are compiled as part of the package test suite; examples can also (optionally) be executed in order to capture failures with the testing framework.

Kategóriák: Linux

Friday's security updates

p, 2015-05-08 18:28

Arch Linux has updated libtasn1 (code execution), mariadb (multiple vulnerabilites), and mariadb-clients (denial of service).

Debian has updated dnsmasq (regression fix for previous advisory) and pound (multiple vulnerabilites).

Fedora has updated async-http-client (F20: multiple vulnerabilites), realmd (F21: unsanitized input), springframework (F20: information disclosure), testdisk (F20: multiple vulnerabilities), and v8 (F20; F21: denial of service).

Mandriva has updated libtasn1 (BS1,2: code execution).

SUSE has updated DirectFB (SLE12: multiple vulnerabilities), java-1_7_0-openjdk (SLED 11.3: multiple vulnerabilities), and kernel (SLE12 Live Patching: denial of service).

Kategóriák: Linux

Stable kernels 3.10.77, 3.14.41, 3.19.7, and 4.0.2

p, 2015-05-08 01:35
Greg Kroah-Hartman has released the latest batch of stable kernels: 3.10.77, 3.14.41, 3.19.7, and 4.0.2. As usual, they contain fixes all over the tree and users should upgrade.
Kategóriák: Linux

How OpenStack gets translated (Opensource.com)

cs, 2015-05-07 23:28
Over at Opensource.com, one of the translators for OpenStack, Łukasz Jernaś, is interviewed about the process of translating a large project like OpenStack. "How does OpenStack's release cycle play into the translation process? Is it manageable to get translations done on a six-month release cycle? Most of the work gets done after the string freeze period, which happens around a month before the release, with a lot of it being completed after getting the first release candidate out of the window. Documentation is translated during the entire cycle, as many parts are common between releases and can be deployed independently to the releases. So we don't have to focus that much about deadlines, as it's available online all the time and not prepackaged and pushed out to users and distributions. Of course, having a month to do the translations can be cumbersome, depending on the team doing the translation (some do that part time, some people in their spare time), and how many developers push out new strings during the string freeze."
Kategóriák: Linux

Security advisories for Thursday

cs, 2015-05-07 16:43

Debian has updated sqlite3 (three vulnerabilities).

Mageia has updated dpkg (integrity verification bypass), libtasn1 (denial of service), perl-XML-LibXML (information disclosure), qt3, qt4, and qtbase5 (three vulnerabilities), and tcl-tcllib (cross-site scripting).

Mandriva has updated perl-XML-LibXML (BS1,2: information disclosure).

Kategóriák: Linux

[$] LWN.net Weekly Edition for May 7, 2015

cs, 2015-05-07 04:06
The LWN.net Weekly Edition for May 7, 2015 is available.
Kategóriák: Linux

[$] Video editing and free software

sze, 2015-05-06 23:50

Two talks at the 2015 Libre Graphics Meeting in Toronto came from video-editing projects. One was an update from Natron, a relatively young project that deals with video compositing, while the other was a reflection on ten years' worth of development on the general-purpose non-linear editor (NLE) Pitivi. Both are active projects, but they take two markedly different approaches: one aims to support an existing industry standard, while the other must build its core functionality from the ground up.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-05-06 18:13

Debian has updated dnsmasq (information disclosure).

Mageia has updated erlang (man-in-the-middle attack), glibc (multiple vulnerabilities), mariadb (multiple unspecified vulnerabilities), qtwebkit (denial of service), and x11-server (two vulnerabilities).

Mandriva has updated net-snmp (MBS2.0, MBS1.0: code execution), nodejs (MBS2.0: privilege escalation), and squid (MBS2.0: certificate validation bypass).

Red Hat has updated openstack-glance (RHELOSP6.0: denial of service).

Ubuntu has updated clamav (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities), kernel (15.04; 14.10; 14.04; 12.04: privilege escalation), linux-lts-trusty (12.04: privilege escalation), linux-lts-utopic (14.04: privilege escalation), oxide-qt (15.04, 14.10, 14.04: multiple vulnerabilities), and ppp (14.10, 14.04, 12.04: denial of service).

Kategóriák: Linux

International Day Against DRM

sze, 2015-05-06 01:41
This year the International Day Against DRM will be held on May 6. The Free Software Foundation focuses on community with a wide variety of community groups, activist organizations, and businesses all taking part in the ninth International Day Against DRM.

The FSF's DefectiveByDesign campaign looks at how DRM affects people with disabilities. "DRM is especially bad for those of us that face additional hurdles using computers. It's beastly for blind people, who are dependent on an audiobook market heavily laden with DRM."

Kategóriák: Linux

Git code hosting beta (launchpadblog)

sze, 2015-05-06 00:53
Early support for hosting Git repositories directly on Launchpad has been announced. "This has been by far the single most commonly requested feature from Launchpad code hosting for a long time; we’ve been working hard on it for several months now, and we’re very happy to be able to release it for general use. This is distinct from the facility to import code from Git (and some other systems) into Bazaar that Launchpad has included for many years."
Kategóriák: Linux