Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 6 perc 38 másodperc

Friday's security updates

p, 2014-12-05 17:44

CentOS has updated kernel (C5: privilege escalation).

Mageia has updated mutt (M4: denial of service), yaml, perl-YAML-LibYAML (M4: denial of service), phpmyadmin (M4: denial of service), and tcpdump (M4: code execution).

openSUSE has updated clamav (12.3, 13.1, 13.2: multiple vulnerabilities), flash-player: code execution), and phpMyAdmin (12.3, 13.1, 13.2: multiple vulnerabilities).

Oracle has updated kernel (O5: privilege escalation; O6; O7: multiple vulnerabilities).

Red Hat has updated kernel (RHEL5: privilege escalation).

Ubuntu has updated MAAS (12.04, 14.04, 14.10: privilege escalation).

Kategóriák: Linux

Hutterer: pointer acceleration in libinput - building a DPI database for mice

p, 2014-12-05 15:54
Peter Hutterer describes a new mechanism aimed at providing consistent acceleration behavior across mice. "For us, useless and unpredictable is bad, especially in the use-case of everyday desktops. To work around that, libinput 0.7 now incorporates the physical resolution into pointer acceleration. And to do that we need a database, which will be provided by udev as of systemd 218 (unreleased at the time of writing). This database incorporates the various devices and their physical resolution, together with their sampling rate. udev sets the resolution as the MOUSE_DPI property that we can read in libinput and use as reference point in the pointer accel code." The developers are looking for help to populate this new database.
Kategóriák: Linux

The first CentOS Linux Rolling media release

p, 2014-12-05 15:23
The CentOS project has announced the availability of the first in a series of monthly rolling releases. "CentOS Linux rolling builds are point in time snapshot media rebuild from original release time, to include all updates pushed to's repositories. This includes all security, bugfix, enhancement and general updates for CentOS Linux. Machines installed from this media will have all these updates pre-included and will look no different when compared with machines installed with older media that have been yum updated to the same point in time."
Kategóriák: Linux

A new set of Docker tools

cs, 2014-12-04 19:24
Docker has announced a new set of container management tools: Machine (for system provisioning), Swarm (native clustering for Dockerized applications), and Compose (assembly of multi-container applications). "Finally, Docker Swarm has a pluggable architecture and ships 'batteries included' with a default scheduler. Stay tuned for the public API in the first half of 2015 which will allow swapping-in a scheduler implemented by an ecosystem partner or even your own custom implementation. Nevertheless, regardless of the underlying scheduler implementation, the interface to the app remains consistent, meaning that the app remains 100% portable."
Kategóriák: Linux

Thursday's security updates

cs, 2014-12-04 19:20

CentOS has updated firefox (C5; C6; C7: multiple vulnerabilities), nss (C5; C6; C7: protocol downgrade), thunderbird (C5; C6: multiple vulnerabilities), and wpa_supplicant (C7: command execution).

Debian has updated iceweasel (multiple vulnerabilities), jasper (code execution), qemu (privilege escalation), qemu-kvm (privilege escalation), and tcpdump (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities), tcpdump (F19: multiple vulnerabilities), teeworlds (F19; F20: denial of service), thunderbird (F20: multiple vulnerabilities), util-linux (F20: command injection), and wireshark (F20: multiple vulnerabilities).

Mageia has updated firefox, thunderbird (M4: multiple vulnerabilities), libreoffice (M4: code execution), mediawiki (M4: multiple vulnerabilities), and sddm (M4: multiple vulnerabilities).

Oracle has updated firefox (O5; O6: multiple vulnerabilities) and wpa_supplicant (O7: command execution).

Red Hat has updated wget (RHEL6.5: code execution) and wpa_supplicant (RHEL7: command execution).

Scientific Linux has updated firefox (multiple vulnerabilities), nss, nss-util, nss-softokn (protocol downgrade), thunderbird (SL6: multiple vulnerabilities), and wpa_supplicant (SL7: command execution).

Ubuntu has updated eglibc, glibc (10.04, 12.04, 14.04, 14.10: multiple vulnerabilities), tcpdump (10.04, 12.04, 14.04, 14.10: multiple vulnerabilities), and thunderbird (12.04, 14.04, 14.10: multiple vulnerabilities).

Kategóriák: Linux

[$] Weekly Edition for December 4, 2014

cs, 2014-12-04 02:21
The Weekly Edition for December 4, 2014 is available.
Kategóriák: Linux

[$] Moving some of Python to GitHub?

sze, 2014-12-03 19:06
Over the years, Python's source repositories have moved a number of times, from CVS on SourceForge to Subversion at and, eventually, to Mercurial (aka hg), still on Python Software Foundation (PSF) infrastructure. But the new site code lives at GitHub (thus in a Git repository) and it looks like more pieces of Python's source may be moving in that direction. While some are concerned about moving away from a Python-based DVCS (i.e. Mercurial) into a closed-source web service, there is a strong pragmatic streak in the Python community that may be winning out.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-12-03 18:46

Debian has updated wordpress (multiple vulnerabilities).

Fedora has updated drupal6 (F20; F19: two vulnerabilities), drupal7 (F20; F19: denial of service), lsyncd (F20; F19: command injection), mariadb-galera (F20: multiple vulnerabilities), and wordpress (F20; F19: multiple vulnerabilities).

Oracle has updated firefox (OL7: multiple vulnerabilities), nss (OL7; OL6; OL5: man-in-the-middle attack), and thunderbird (OL6: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), kernel-rt (RHE MRG: multiple vulnerabilities), mariadb-galera (RHEL OSP for RHEL7; RHEL OSP for RHEL6: multiple vulnerabilities), nss (RHEL5,6,7: man-in-the-middle attack), openstack-neutron (RHEL OSP for RHEL7; RHEL OSP for RHEL6: denial of service), openstack-trove (RHEL OSP for RHEL7: information disclosure), qemu-kvm-rhev (RHEL OSP for RHEL7: information leak), and thunderbird (RHEL5,6,7: multiple vulnerabilities).

Slackware has updated mozilla (multiple vulnerabilities).

SUSE has updated flash-player (SLED11 SP3: code execution), IBM Java (SLE11 SP2: multiple vulnerabilities), and java-1_7_1-ibm (SLE12: multiple vulnerabilities).

Ubuntu has updated firefox (14.10, 14.04, 12.04: multiple vulnerabilities) and mod-wsgi (14.10, 14.04, 12.04: privilege escalation).

Kategóriák: Linux

Announcing netdev 0.1

k, 2014-12-02 22:19
"Netdev" is a new conference aimed at networking developers; it will be held February 14 to 17 in balmy Ottawa, Canada. The call for papers is open now, with a submission deadline of January 10. "Netdev 0.1 (year 0, conference 1) is a community-driven conference geared towards Linux netheads. Linux kernel networking and user space utilization of the interfaces to the Linux kernel networking subsystem are the focus. If you are using Linux as a boot system for proprietary networking, then this conference may not be for you."

Update: the conference organizers have posted more information on the CFP and the types of proposals they are looking for.

Kategóriák: Linux

The Impact of the Linux Philosophy (

k, 2014-12-02 22:04
Starting with the premise that all operating systems have a philosophy, this article on looks at the Linux philosophy and how it differs from other operating systems. "Imagine for a moment the chaos and frustration that would result from attempting to use a nail gun that asked you if you really wanted to shoot that nail and would not allow you to pull the trigger until you said the word “yes” aloud. Linux allows you to use the nail gun as you choose. Other operating systems let you know that you can use nails but don't tell you what tool is used to insert the nails let alone allow you to put your own finger on the trigger."
Kategóriák: Linux

LCA 2015 and InternetNZ Diversity Program

k, 2014-12-02 21:44
LCA 2015 and InternetNZ are supporting diversity at "The InternetNZ Diversity Programme is one of the many ways we ensure that the LCA 2015 continues to be an open and welcoming conference for everyone. Together with InternetNZ this program has been created to assist under-represented delegates who contribute to the Open Source community but, without financial assistance, would not be able to attend LCA 2015."
Kategóriák: Linux

Security updates for Tuesday

k, 2014-12-02 19:03

Debian has updated openvpn (denial of service).

Fedora has updated curl (F20: information leak), erlang (F20: command injection), phpMyAdmin (F20; F19: multiple vulnerabilities), python-django14 (F20; F19: multiple vulnerabilities), python-eyed3 (F20; F19: insecure tmpfile use), wget (F19: symlink attack), and xen (F20; F19: multiple vulnerabilities).

Mageia has updated gnome-shell (lock screen bypass), tcpdump (two vulnerabilities), and teeworlds (information leak).

Scientific Linux has updated ruby (SL7; SL6: multiple vulnerabilities).

Ubuntu has updated openvpn (14.10, 14.04, 12.04: denial of service).

Kategóriák: Linux

New features in Git 2.2.0

k, 2014-12-02 15:15
The "Atlassian Developers" site has a summary of interesting features in the recent Git 2.2.0 release, including signed pushes. "This is an important step in preventing man-in-the-middle attacks and any other unauthorized updates to your repository's refs. git push has learnt the --signed flag which applies your GPG signature to a "push certificate" sent over the wire during the push invocation. On the server-side, git receive-pack (the command that handles incoming git pushes) has learnt to verify GPG-signed push certificates. Failed verifications can be used to reject pushes and those that succeed can be logged in a file to provide an audit log of when and who pushed particular ref updates or objects to your git server."
Kategóriák: Linux

Firefox 34 released

h, 2014-12-01 21:00
Mozilla has released Firefox 34. This version changes the default search engine, includes the Firefox Hello real-time communication client, implements HTTP/2 (draft14) and ALPN, disables SSLv3, and more. See the release notes for details.
Kategóriák: Linux

Rocket, a new container runtime from CoreOS

h, 2014-12-01 20:02
CoreOS has announced that it is moving away from Docker and toward "Rocket," a new container runtime that it has developed. "Unfortunately, a simple re-usable component is not how things are playing out. Docker now is building tools for launching cloud servers, systems for clustering, and a wide range of functions: building images, running images, uploading, downloading, and eventually even overlay networking, all compiled into one monolithic binary running primarily as root on your server. The standard container manifesto was removed. We should stop talking about Docker containers, and start talking about the Docker Platform. It is not becoming the simple composable building block we had envisioned."
Kategóriák: Linux

[$] A preview of darktable 1.6

h, 2014-12-01 19:43

The darktable project recently announced the first release-candidate (RC) builds for its upcoming version 1.6 release. The new version will add a slideshow presentation tool to darktable's primary photo-editing features, plus several new image operations and support for new digital cameras. This time, several of the additions add to darktable's automatic adjustment capabilities, making the application a bit more friendly for users who are new to high-end photo editing.

Kategóriák: Linux

Security advisories for Monday

h, 2014-12-01 18:37

CentOS has updated ruby (C7; C6: multiple vulnerabilities).

Debian has updated flac (multiple vulnerabilities), libvncserver (multiple vulnerabilities), mutt (denial of service), openjdk-7 (multiple vulnerabilities), and ppp (privilege escalation).

Mageia has updated flac (multiple vulnerabilities) and geary (TLS certificate issues).

SUSE has updated IBM Java (SLE11 SP3: multiple vulnerabilities).

Ubuntu has updated ppp (privilege escalation).

Kategóriák: Linux

Kernel prepatch 3.18-rc7

h, 2014-12-01 14:13
The 3.18-rc7 prepatch is out. Linus seems happy enough, despite the persistent lockup problem that has defied all debugging attempts so far. "At the same time, with the holidays coming up, and the problem _not_ being a regression, I suspect that what will happen is that I'll release 3.18 on time in a week, because delaying it will either mess up the merge window and the holiday season, or I'd have to delay it a *lot*."
Kategóriák: Linux

LSF/MM 2015 Call For Proposals

szo, 2014-11-29 20:09
The 2015 Linux Storage, Filesystem, and Memory Management summit will be held March 9 and 10 in Boston. The call for agenda proposals has gone out, with a deadline of January 16. Attendance will be capped to facilitate discussions, so developers who are interested in attending this event might want to get their proposals in soon.
Kategóriák: Linux

Touring the hidden corners of LWN

szo, 2014-11-29 20:00
One of the more surprising outcomes (to us) of the recent systemd "debates" in our comments section was finding out that some subscribers did not know of our comment filtering feature. Subscribers have been able to filter out specific commenters since 2010, but knowledge of that feature seems to have dissipated over time. We certainly could do a better job of documenting all of our features, but we thought it might be a good time to both introduce a couple of new features while refreshing people's memories of some of the features we already offer.
Kategóriák: Linux