Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 19 perc 13 másodperc

[$] LWN.net Weekly Edition for December 17, 2015

cs, 2015-12-17 01:19
The LWN.net Weekly Edition for December 17, 2015 is available.
Kategóriák: Linux

An authentication bypass issue in GRUB

sze, 2015-12-16 22:53
The GRUB bootloader (versions 1.98 to 2.02) has an integer underflow issue which can enable a local attacker to bypass authentication on a locked-down system. "Grub2 is the bootloader used by most Linux systems including some embedded systems. This results in an incalculable number of affected devices."
Kategóriák: Linux

[$] Ubuntu Touch, three years later

sze, 2015-12-16 20:56
Back in early 2013, your editor dedicated a sacrificial handset to the testing of the then-new Ubuntu Touch distribution. At that time, things were so unbaked that the distribution came with mocked-up data for unready apps; it even came with a set of fake tweets. Nearly three years later, it seemed time to give Ubuntu Touch another try on another sacrificial device. This distribution has certainly made some progress in those years, but, sadly, it still seems far from being a competitive offering in this space.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-12-16 18:53

Arch Linux has updated bind (denial of service) and firefox (multiple vulnerabilities).

CentOS has updated grub2 (C7: code execution).

Debian has updated bind9 (denial of service) and cups-filters (command execution).

Debian-LTS has updated pygments (shell injection).

Fedora has updated kernel (F23; F22: multiple vulnerabilities) and seamonkey (F23; F22: multiple vulnerabilities).

Oracle has updated grub2 (OL7: code execution) and kernel (OL6: multiple vulnerabilities).

Scientific Linux has updated kernel (SL6: multiple vulnerabilities), libreoffice (SL6: multiple vulnerabilities), and openssl (SL6; SL5: multiple vulnerabilities).

Slackware has updated bind (multiple vulnerabilities), libpng (two vulnerabilities), firefox (multiple vulnerabilities), and openssl (multiple vulnerabilities).

Ubuntu has updated bind9 (denial of service), firefox (multiple vulnerabilities), git (code execution), and grub2 (code execution).

Kategóriák: Linux

[$] The PhotoFlow 0.2.5 release

sze, 2015-12-16 16:30
The PhotoFlow image editor is a relative newcomer to the field of free-software photography tools. The project was started in 2014, and some people might consider it an odd choice of undertaking—given that there are, these days, quite a few capable raw-photo editors to choose from. But PhotoFlow does bring something new to the table.

Click below (subscribers only) for the full review.

Kategóriák: Linux

Firefox 43 released

k, 2015-12-15 20:47
Mozilla has released Firefox 43. This version features improvements to Private Browsing and Tracking Protection, search suggestions, improved API support for m4v video playback, and more. The release notes contain more information.
Kategóriák: Linux

AMD's 2016 Linux driver plans (AnandTech)

k, 2015-12-15 20:16
AnandTech reports on AMD's plans for Linux graphics driver support. In short: more open code, but some proprietary components will remain. "The significant change here is that by having the RTG closed source driver based around the open source driver, the company is now only maintaining a single code base, is pushing as much as possible into open source, and that the open source driver is receiving these features far sooner than it was previously. This greatly improves the quality of life for open source driver users, but it’s also reciprocal for RTG: it’s a lot easier to keep up to date with Linux kernel changes with an open source kernel mode driver than a closed source driver, and quickly integrate improvements submitted by other developers."
Kategóriák: Linux

Stable kernel updates

k, 2015-12-15 18:13
Greg KH has released stable kernels 4.3.3, 4.2.8, and 4.1.15. All of them contain important fixes. This will be the last 4.2.y kernel. Users of the 4.2 kernel should upgrade to the 4.3.y kernel series.

Update: Canonical's kernel team will pick up stable maintenance of 4.2 where Greg left off.

Kategóriák: Linux

Security updates for Tuesday

k, 2015-12-15 18:06

CentOS has updated libreoffice (C7; C6: multiple vulnerabilities) and openssl (C7; C6; C5: multiple vulnerabilities).

Debian has updated chromium-browser (multiple vulnerabilities).

Oracle has updated libreoffice (OL7; OL6: multiple vulnerabilities) and openssl (OL5: multiple vulnerabilities).

Red Hat has updated grub2 (RHEL7: code execution) and kernel (RHEL6; RHEL6.5: multiple vulnerabilities).

Kategóriák: Linux

Collabora and ownCloud release CODE for LibreOffice Online developers

k, 2015-12-15 16:56
Collabora and ownCloud have announced a partnership, and, as an opening move, have released the "Collabora Online Development Edition." This is a combined distribution consisting of LibreOffice Online and ownCloud Server. "The purpose of CODE is to give interested developers from any field an easy way to get early access to the very latest untested feature additions and updates to LibreOffice Online, in order to enable them to develop, test, and contribute." See this page for more information and screenshots.
Kategóriák: Linux

Release for CentOS Linux 7 (1511)

h, 2015-12-14 22:27
The CentOS project has announced the release of CentOS Linux 7 (1511), derived from Red Hat Enterprise Linux 7.2. "This release supersedes all previously released content for CentOS Linux 7, and therefore we highly encourage all users to upgrade their machines. Information on different upgrade strategies and how to handle stale content is included in the Release Notes."
Kategóriák: Linux

Luu: Files are hard

h, 2015-12-14 21:15
Here is a lengthy posting from Dan Luu on why it is so hard to safely write files on Unix-like systems. It comes down to a combination of POSIX semantics and filesystem bugs. "Something to note here is that while btrfs’s semantics aren’t inherently less reliable than ext3/ext4, many more applications corrupt data on top of btrfs because developers aren’t used to coding against filesystems that allow directory operations to be reordered (ext2 was the only other filesystem that allowed that reordering). We’ll probably see a similar level of bug exposure when people start using NVRAM drives that only have byte-level atomicity. People almost always just run some tests to see if things work, rather than making sure they’re coding against what’s legal in a POSIX filesystem."
Kategóriák: Linux

Security advisories for Monday

h, 2015-12-14 18:33

Debian has updated bouncycastle (invalid curve attack) and libphp-phpmailer (header injection).

Debian-LTS has updated grub2 (code execution).

Fedora has updated grub2 (F23: code execution), LibRaw (F22: two vulnerabilities), moodle (F23; F22: multiple vulnerabilities), openssl (F22: multiple vulnerabilities), pax-utils (F22: multiple vulnerabilities), pcre (F22: denial of service), proftpd (F23; F22: denial of service), qemu (F23: denial of service), and wget (F22: information leak).

openSUSE has updated libpng12 (13.2, 13.1: denial of service), libpng16 (13.2, 13.1: denial of service), libraw (13.2, 13.1: unspecified), and mbedtls (Leap42.1: code execution).

Oracle has updated openssl (OL7; OL6: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), glibc (RHEL7.1: multiple vulnerabilities), libpng (RHEL6: multiple vulnerabilities), libreoffice (RHEL6,7: multiple vulnerabilities), openshift (RHOSE3: information leak), and openssl (RHEL6,7; RHEL5: multiple vulnerabilities).

SUSE has updated java-1_7_1-ibm (SLE12: many vulnerabilities) and java-1_8_0-ibm (SLE12: many vulnerabilities).

Ubuntu has updated libxml2 (multiple vulnerabilities).

Kategóriák: Linux

Qubes OS will ship pre-installed on Purism’s security-focused Librem 13 laptop (ars technica)

h, 2015-12-14 17:12
Ars technica reports that the Purism Librem 13 laptop will be available with the virtualization-based Qubes distribution. "Qubes wants to lower the barrier of entry for new users, including security-conscious enterprise users who might want to buy a number of laptops for their staff. In addition to the Librem 13, Qubes plans to certify the larger Librem 15, plus other laptops that are 'as diverse as possible in terms of geography, cost, and availability.'" LWN looked at Qubes 3.0 back in May.
Kategóriák: Linux

Kernel prepatch 4.4-rc5

h, 2015-12-14 03:50
Linus has released the 4.4-rc5 prepatch. "If you have all your Christmas shopping done, I would heartily recommend giving rc5 a whirl in between the eggnogs and the decorations. And if you're not celebrating the holidays, you have no excuse for not testing it all out."
Kategóriák: Linux

Mozilla Open Source Support: First Awards Made

szo, 2015-12-12 00:40

Mozilla has announced the first round of projects to receive support from the organization's new “Foundational Technology” grant program. The program offers funding to open-source projects outside of Mozilla that are regarded as important building blocks for work done within Mozilla. The recipients announced are Buildbot, CodeMirror, Discourse, Read The Docs, Mercurial, Django, and Bro. The post contains further details on the specific development goals associated with each grant. More selections are yet to come, and applications are open.

Kategóriák: Linux

Friday's security updates

p, 2015-12-11 16:08

Arch Linux has updated keepassx (information disclosure).

Fedora has updated knot (F23; F22: out-of-bound read).

Mageia has updated chromium-browser-stable (M5: multiple vulnerabilities), imagemagick (M5: multiple vulnerabilities), and libraw (M5: multiple vulnerabilities).

openSUSE has updated xen (Leap 21.1; 13.2: multiple vulnerabilities).

Oracle has updated kernel (O7; O6: multiple vulnerabilities).

Ubuntu has updated oxide-qt (14.04, 15.04, 15.10: multiple vulnerabilities).

Kategóriák: Linux

Linux video editing in real time with Open Broadcast Studio (Opensource.com)

p, 2015-12-11 01:27
Over at Opensource.com, Seth Kenlon looks at realtime video editing with Open Broadcast Studio (OBS). The article describes OBS sources and scenes, compositing, filters, output options, and more. "It may be a relatively niche market, but not all video editing is done in post production. There are use cases for live, on-the-fly video editing and basic compositing. You've seen it done yourself, whether you realize it or not—news broadcasts, live webcasts, and live TV events usually use multiple-camera setups controlled by one central software suite. Open Broadcast Studio (formerly Open Broadcaster Software) is an open source central control room for live, realtime video editing. It features instant encoding using x264 (an open source h.264 encoder) and AAC and streams to services like YouTube, DailyMotion, Twitch, your own streaming server, or just to a file."
Kategóriák: Linux

Stable kernel 4.3.2

p, 2015-12-11 00:52
Greg Kroah-Hartman has released the 4.3.2 stable kernel. It fixes a problem with time validation in X.509 certificate handling that has been present since 4.3.0 (CVE-2015-5327). If you are not using those certificates, though, you don't need to upgrade from 4.3.1; others should upgrade.
Kategóriák: Linux

Security advisories for Thursday

cs, 2015-12-10 16:51

Arch Linux has updated flashplugin (many vulnerabilities) and libxml2 (multiple vulnerabilities).

Debian has updated chromium-browser (many vulnerabilities) and xen (multiple vulnerabilities).

Debian-LTS has updated arts (privilege escalation) and kdelibs (privilege escalation).

Fedora has updated pax-utils (F23: multiple vulnerabilities).

openSUSE has updated flash-player (13.2, 13.1: many vulnerabilities), gpg2 (42.1: two vulnerabilities), mariadb (13.2; 13.1: multiple vulnerabilities), mysql (many vulnerabilities), and thunderbird (13.2, 13.1: multiple vulnerabilities).

Oracle has updated libpng (OL7; OL6: two vulnerabilities) and libpng12 (OL7: two vulnerabilities).

Scientific Linux has updated libpng (SL6: three vulnerabilities).

SUSE has updated flash-player (SLE11SP4, SLE11SP3; SLE12SP1, SLE12: many vulnerabilities).

Kategóriák: Linux