Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 15 perc 49 másodperc

Tuesday's security advisories

k, 2014-09-09 18:07

CentOS has updated jakarta-commons-httpclient (C7; C6; C5: SSL server spoofing).

Debian has updated file (multiple vulnerabilities).

Mageia has updated gtk+3.0 (MG4: screen lock bypass).

openSUSE has updated firefox (13.1, 12.3: multiple vulnerabilities) and thunderbird (13.1, 12.3: multiple vulnerabilities).

Oracle has updated jakarta-commons-httpclient (OL7; OL6; OL5: SSL server spoofing).

Red Hat has updated jakarta-commons-httpclient (RHEL5,6,7: SSL server spoofing).

Scientific Linux has updated jakarta-commons-httpclient (SL5,6: SSL server spoofing).

Ubuntu has updated nss (code execution) and qemu, qemu-kvm (multiple vulnerabilities).

Kategóriák: Linux

FSF and Debian join forces to help free software users find the hardware they need

h, 2014-09-08 21:54
The Free Software Foundation and the Debian Project have announced cooperation to expand and enhance h-node, a database to help users learn and share information about computers that work with free software operating systems. "While other databases list hardware that is technically compatible with GNU/Linux, h-node lists hardware as compatible only if it does not require any proprietary software or firmware. Information about hardware that flunks this test is also included, so users know what to avoid. The database lists individual components, like WiFi and video cards, as well as complete notebook systems." Compatibility information comes from users testing on FSF endorsed free software distributions. The FSF has acknowledged that Debian qualifies as a free software distribution as long as only the main repository is enabled.
Kategóriák: Linux

Security advisories for Monday

h, 2014-09-08 18:13

Fedora has updated squid (F20: denial of service).

Mageia has updated procmail (code execution).

openSUSE has updated enigmail (13.1, 12.3: information leak).

Red Hat has updated nss (RHEL4 ELCS: code execution).

Ubuntu has updated cups (privilege escalation) and eglibc (10.04: regression in previous update).

Kategóriák: Linux

Kernel prepatch 3.17-rc4

h, 2014-09-08 16:36
The 3.17-rc4 prepatch is out. "For a short while there, this week was really nice and calm, but that was mostly because the 'linux-foundation.org' entry fell off the DNS universe, and my mailbox got very quiet for a few hours. The rest of the week looked pretty normal."
Kategóriák: Linux

Glibc 2.20 released

h, 2014-09-08 15:07
Version 2.20 of the GNU C Library is now available. Significant changes include support for file-private POSIX locks, removal of support for the _BSD_SOURCE and _SVID_SOURCE feature test macros (see this article for more information), various performance improvements, and more.
Kategóriák: Linux

The OpenSSL security policy

h, 2014-09-08 14:21
The OpenSSL project has posted a policy document describing how it intends to respond to security incidents. "There are actually not a large number of serious vulnerabilities in OpenSSL which make it worth spending significant time keeping our own list of vendors we trust, or signing framework agreements, or dealing with changes, and policing the policy. This is a significant amount of effort per issue that is better spent on other things."
Kategóriák: Linux

Linus 3.17-rc4

h, 2014-09-08 13:55
Kategóriák: Linux

Video from the GNU Tools Cauldron

szo, 2014-09-06 14:01
Videos from the 2014 GNU Tools Cauldron (July 18-20, Cambridge, UK) have now been posted. Topics covered vary from ABI compatibility checking, GCC/LLVM collaboration, and just-in-time compilation to performance testing and debugging issues.
Kategóriák: Linux

Stable kernels 3.16.2, 3.14.18, and 3.10.54

szo, 2014-09-06 03:45
Greg Kroah-Hartman has announced the latest batch of stable kernels: 3.16.2, 3.14.18, and 3.10.54. As usual, these new kernels contain fixes throughout the tree; users of these series should upgrade.
Kategóriák: Linux

Call for organizers: 2015 Linux Plumbers Conference

p, 2014-09-05 20:22
Each year, the Linux Foundation's Technical Advisory Board seeks an organizing committee for the annual Linux Plumbers Conference. That process has now begun for the 2015 event, which will be held during the week of August 17-21 in Seattle, Washington, alongside the LinuxCon North America event. This is your chance to put your stamp on one of our community's most important gatherings.
Kategóriák: Linux

Friday's security updates

p, 2014-09-05 17:15

Debian has updated procmail (code execution).

Mageia has updated firefox, thunderbird (multiple vulnerabilities), graphicsmagick (denial of service), libgcrypt (key extraction), libtorrent-rasterbar (information leak), net-snmp (denial of service), php (multiple vulnerabilities), ppp (privilege escalation), python-django (multiple vulnerabilities), and squid (denial of service).

Mandriva has updated apache (BS1: access restriction bypass), glibc (BS1: multiple vulnerabilities), libgcrypt (BS1: key extraction), ppp (BS1: privilege escalation), python-django (BS1: multiple vulnerabilities), and squid (BS1: multiple vulnerabilities).

Oracle has updated firefox (O5; O7: multiple vulnerabilities) and kernel (O5, denial of service; O5, unspecified vulnerabilities).

Scientific Linux has updated firefox (multiple vulnerabilities), kernel (SL5: denial of service), squid (multiple vulnerabilities), and thunderbird (multiple vulnerabilities).

Slackware has updated mozilla-firefox (multiple vulnerabilities), mozilla-thunderbird (multiple vulnerabilities), and php (multiple vulnerabilities).

Ubuntu has updated procmail (10.04, 12.04, 14.04: code execution).

Kategóriák: Linux

LLVM 3.5 released

p, 2014-09-05 14:15
Version 3.5 of the LLVM compiler system is out. There is support for a number of new architecture versions and more. "Clang makes a considerable jump forward as well, including new warnings and better support for new standards: in addition to full support for the recently completed C++’14 standard, it includes initial support for 'C++1z' features. Additionally, it now supports generating “remarks” to indicate when optimizations like vectorization and inlining occur, allowing you to tune your programs more effectively." See the release notes for more information.
Kategóriák: Linux

[$] LWN.net Weekly Edition for September 5, 2014

p, 2014-09-05 02:35
The LWN.net Weekly Edition for September 5, 2014 is available.
Kategóriák: Linux

Thursday's security advisories

cs, 2014-09-04 16:54

CentOS has updated xulrunner (C7: two vulnerabilities), firefox (C7; C6; C5: two vulnerabilities), httpcomponents-client (C7: SSL server spoofing), kernel (C5: denial of service), squid (C6; C5: two denial of service flaws, one from 2013), squid (C7: denial of service), and thunderbird (C6; C5: two vulnerabilities).

Gentoo has updated dhcpcd (denial of service) and mysql (many vulnerabilities, mostly unspecified, some from 2013).

Oracle has updated firefox (OL6: two vulnerabilities), httpcomponents-client (OL7: SSL server spoofing), squid (OL6; OL5: two denial of service flaws, one from 2013), squid (OL7: denial of service), and thunderbird (OL6: two vulnerabilities).

Red Hat has updated firefox (two vulnerabilities), httpcomponents-client (RHEL7: SSL server spoofing), kernel (RHEL5: denial of service), squid (RHEL5&6: two denial of service flaws, one from 2013), squid (RHEL7: denial of service), and thunderbird (RHEL5&6: two vulnerabilities).

Ubuntu has updated gnupg (12.04, 10.04: key disclosure) and libgcrypt11 (14.04, 12.04, 10.04: key disclosure).

Kategóriák: Linux

[$] LuneOS tries to keep webOS alive

cs, 2014-09-04 00:23
Even the most dedicated watchers of mobile operating systems may have been surprised recently when a distribution called "LuneOS" announced its first release (code-named "Affogato"). LuneOS, it turns out, is a version of webOS, a mobile operating system originally created by Palm. WebOS has had a bit of a troubled history, but it still has a dedicated following of users and developers. LuneOS is another attempt to turn webOS into a useful system for those users. The effort is a noble one, but the LuneOS developers have a lot of ground to cover yet.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-09-03 19:03

Debian has updated iceweasel (multiple vulnerabilities) and php-cas (security constraints bypass).

Mandriva has updated busybox (denial of service/possible code execution) and php (multiple vulnerabilities).

openSUSE has updated enigmail (11.4: information leak).

Red Hat has updated devtoolset-2-axis (RHDT2: incorrect certificate validation), glibc (RHEL5.6, 5.9, 6.2, 6.4: code execution), openstack-keystone (RHEL OSP5.0 for RHEL7; RHEL OSP5.0 for RHEL6: multiple vulnerabilities), and openstack-neutron (RHEL OSP5.0 for RHEL7; RHEL OSP5.0 for RHEL6: denial of service).

SUSE has updated apache2 (SLES11 SP2; SLES11 SP1; SLES10: multiple vulnerabilities).

Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), firefox (14.04, 12.04: multiple vulnerabilities), kernel (14.04; 12.04; 10.04: multiple vulnerabilities), libreoffice (14.04: command injection), linux-lts-trusty (12.04: multiple vulnerabilities), linux-ti-omap4 (12.04: multiple vulnerabilities), lua5.1 (14.04, 12.04: code execution), and oxide-qt (14.04: multiple vulnerabilities).

Kategóriák: Linux

Django 1.7 released

sze, 2014-09-03 13:07
Version 1.7 of the Django web framework has been released. New features include a mechanism for migrating between database schemas, a separation of applications from models, a new system checking framework, and more; see the release notes for details.
Kategóriák: Linux

Firefox 32

k, 2014-09-02 21:33
Firefox 32 has been released. This version adds a new HTTP cache for improved performance and crash recovery, public key pinning support has been enabled, and much more. See the release notes for details.
Kategóriák: Linux

[$] Supporting filesystems in persistent memory

k, 2014-09-02 21:12
For a few years now, we have been told that upcoming non-volatile memory (NVM) devices are going to change how we use our systems. These devices provide large amounts (possibly terabytes) of memory that is persistent and that can be accessed at RAM speeds. Just what we will do with so much persistent memory is not entirely clear, but it is starting to come into focus. It seems that we'll run ordinary filesystems on it — but those filesystems will have to be tweaked to allow users to get full performance from NVM.

Click below (subscribers only) for the full article from this week's Kernel Page.

Kategóriák: Linux

The GNOME Foundation's 2013 annual report

k, 2014-09-02 21:11
The GNOME Foundation has put out its annual report for 2013 as a 24-page PDF file. "As you will see when you read this annual report, there have been a lot of great things that have happened for the GNOME Foundation during this period. Two new companies joined our advisory board, the Linux Foundation and Private Internet Access. The work funded by our accessibility campaign was completed and we ran a successful campaign for privacy. During this period, there was a fantastic Board of Directors, a dedicated Engagement team (who worked so hard to put this report together), and the conference teams (GNOME.Asia, GUADEC and the Montreal Summit) knocked it out of the park. Most importantly, we’ve had an influx of contributors, more so than I’ve seen in some time."
Kategóriák: Linux