Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 25 perc 52 másodperc

An Indiegogo campaign for the Ottawa Linux Symposium

h, 2014-07-28 23:06
Andrew Hutton, the organizer of the Ottawa Linux Symposium, has put together an Indiegogo campaign to try to raise funds for this event, which has fallen on hard times in recent years. "When I admitted that this year would likely be the last OLS many people expressed a desire to do something to help. This crowdfunding campaign is the best way I could think of to reach out and offer the community a way to help."
Kategóriák: Linux

Chris Beard Named CEO of Mozilla

h, 2014-07-28 22:11
Mitchell Baker announced that Chris Beard has been appointed CEO of Mozilla Corp. "Over the years, Chris has led many of Mozilla’s most innovative projects. We have relied on his judgment and advice for nearly a decade. Chris has a clear vision of how to take Mozilla’s mission and turn it into industry-changing products and ideas."
Kategóriák: Linux

Stable kernel updates

h, 2014-07-28 20:11
Greg KH has released stable kernels 3.15.7, 3.14.14, 3.10.50, and 3.4.100. All contain important fixes throughout the tree.
Kategóriák: Linux

Security advisories for Monday

h, 2014-07-28 18:39

Debian has updated cups (privilege escalation) and modsecurity-apache (rules bypass).

Fedora has updated audacious-plugins (F20: denial of service), cinnamon (F20: denial of service), cinnamon-control-center (F20: denial of service), cinnamon-settings-daemon (F20: denial of service), cobbler (F20; F19: path traversal), control-center (F20: denial of service), empathy (F20: denial of service), ffgtk (F20: denial of service), firefox (F19: multiple vulnerabilities), fldigi (F20: denial of service), fluidsynth (F20: denial of service), gnome-settings-daemon (F20: denial of service), gnome-shell (F20: denial of service), gqrx (F20: denial of service), gstreamer1-plugins-good (F20: denial of service), guacamole-server (F20: denial of service), java-1.7.0-openjdk (F20: denial of service), libmikmod (F20: denial of service), minimodem (F20: denial of service), mumble (F20: denial of service), paprefs (F20: denial of service), phonon (F20: denial of service), pulseaudio (F20: denial of service), qemu (F20: denial of service), qmmp (F20: denial of service), qt (F20: denial of service), qt-mobility (F20: denial of service), qt5-qtmultimedia (F20: denial of service), sidplayfp (F20: denial of service), speech-dispatcher (F20: denial of service), sphinxtrain (F20: denial of service), spice-gtk (F20: denial of service), thunderbird (F20: multiple vulnerabilities), xmp (F20: denial of service), and zarafa (F20; F19: information disclosure).

Gentoo has updated openssl (multiple vulnerabilities).

Mageia has updated asterisk (multiple vulnerabilities), avidemux (undisclosed vulnerabilities), cacti (MG4: multiple vulnerabilities), dbus (two denial of service flaws), java-1.7.0-openjdk (multiple vulnerabilities), live555, vlc, mplayer (code execution), mariadb (unidentified vulnerabilities), nss, firefox, thunderbird (multiple vulnerabilities), owncloud (undisclosed vulnerability), pidgin (code execution), ruby-actionpack (MG4: two vulnerabilities), and transmission (code execution).

Oracle has updated kernel (OL5: two vulnerabilities).

Kategóriák: Linux

Kernel prepatch 3.16-rc7

h, 2014-07-28 00:42
Linus has released 3.16-rc7. "We obviously *do* have various real fixes in here, but none of them look all that special or worrisome. And rc7 is finally noticeably smaller than previous rc's, so we clearly are calming down. So unlike my early worries, this might well be the last rc, we'll see how next week looks/feels."
Kategóriák: Linux

The first stable CoreOS release

p, 2014-07-25 20:52
The CoreOS developers have announced the release of version 367.1.0 of the CoreOS distribution; this is the first version deemed to be stable and ready for production. "Please note: The stable release is not including etcd and fleet as stable, this release is only targeted at the base OS and Docker 1.0. etcd/fleet stable support will be in subsequent releases." LWN looked at CoreOS last April.
Kategóriák: Linux

Interview with Nathan Willis, GUADEC Keynote Speaker (GNOME News)

p, 2014-07-25 19:42
LWN editor Nathan Willis is giving a keynote talk at the upcoming GUADEC (GNOME Users and Developers European Conference) and was interviewed by GNOME News. Willis's talk is titled "Should We Teach The Robot To Kill" and will look at free software and the automotive industry. "And, finally, my ultimate goal would be to persuade some people that the free-software community can — and should — take up the challenge and view the car as a first-rate environment where free software belongs. Because there will naturally be lots of little gaps where the different corporate projects don’t quite have every angle covered. But we don’t have to wait for other giant companies to come along and finish the job. We can get involved now, and if we do, then the next generation of automotive software will be stronger for it, both in terms of features and in terms of free-software ideals." GUADEC is being held in Strasbourg, France July 26–August 1.
Kategóriák: Linux

Kügler: Plasma’s Road to Wayland

p, 2014-07-25 17:34
On his blog, Sebastian Kügler looks at what's left to be done for KDE's Plasma desktop to support Wayland. He discusses why the project cares about Wayland, what it means to support Wayland, the current status, the strategy for further work, and how interested folks can get involved. "One of the important topics which we have (kind of) excluded from Plasma’s recent 5.0 release is support for Wayland. The reason is that much of the work that has gone into renovating our graphics stack was also needed in preparation for Wayland support in Plasma. In order to support Wayland systems properly, we needed to lift the software stack to Qt5, make X11 dependencies in our underlying libraries, Frameworks 5 optional. This part is pretty much done. We now need to ready support for non-X11 systems in our workspace components, the window manager and compositor, and the workspace shell."
Kategóriák: Linux

Security updates for Friday

p, 2014-07-25 16:45

CentOS has updated kernel (C7; C6; C5: two vulnerabilities) and qemu-kvm (C7: many vulnerabilities).

Debian has updated apache2 (three vulnerabilities) and transmission (code execution).

Fedora has updated httpd (F20: multiple vulnerabilities), ipython (F20; F19: code execution), java-1.7.0-openjdk (F19: multiple vulnerabilities), java-1.8.0-openjdk (F20; F19: multiple vulnerabilities), and kernel (F19: multiple vulnerabilities).

Oracle has updated enterprise kernel (OL7: three vulnerabilities) and kernel (OL5: two vulnerabilities).

Red Hat has updated openstack-nova (OSP5.0: information disclosure), openstack-swift (OSP5.0: cross-site scripting), python-django-horizon (OSP5.0: three vulnerabilities), and qemu-kvm-rhev (OSP4.0, OSP3.0: multiple vulnerabilities).

Kategóriák: Linux

Fedora 21 delayed three weeks

p, 2014-07-25 01:25
At yesterday's Fedora Engineering Steering Committee (FESCo) meeting, the release of Fedora 21 was delayed by three weeks (FESCo ticket), with the final release now scheduled for November 4. There are some problems with "test composes" of the release (creating test ISO images) that mean the deadline for the alpha release would be missed. The original plan was to delay for two weeks, but that put the freeze just before the Flock conference, so it was decided to push out an additional week.
Kategóriák: Linux

An Interview with Karen Sandler (Model View Culture)

cs, 2014-07-24 20:19
Over at Model View Culture, Adam Saunders interviews Karen Sandler, executive director of the Software Freedom Conservancy (SFC) and formerly the executive director of the GNOME Foundation. Sandler talks about SFC, the Outreach Program for Women, as well as being a cyborg: "I was diagnosed with a heart condition and needed a pacemaker/defibrillator, and none of the device manufacturers would let me see the source code that was to be literally sewn into my body and connected to my heart. My life relies on the proper functioning of software every day, and I have no confidence that it will. The FDA generally doesn't review the source code of medical devices nor can the public. But multiple researchers have shown that these devices can be maliciously hacked, with fatal consequences. Once you start considering medical devices, you quickly start to realize that it's all kinds of software that is life and society-critical - cars, voting machines, stock markets... It's essential that our software be safe, and the only way we can realistically expect that to be the case over time is by ensuring that our software is free and open. If there's catastrophic failure at Medtronic (the makers of my defibrillator), for example, I wouldn't be able to fix a bug in my own medical device."
Kategóriák: Linux

Security updates for Thursday

cs, 2014-07-24 18:41

CentOS has updated httpd (C7; C6; C5: multiple vulnerabilities).

Debian has updated iceweasel (multiple vulnerabilities) and openjdk-7 (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities).

Oracle has updated dovecot (OL7: denial of service), firefox (OL7; OL7; OL5: multiple vulnerabilities), gnutls (OL7: two vulnerabilities), httpd (OL7; OL6; OL5: multiple vulnerabilities), java-1.6.0-openjdk (OL7; OL7: multiple vulnerabilities), java-1.7.0-openjdk (OL7; OL7: multiple vulnerabilities), json-c (OL7: two denial of service flaws), kernel (OL7; OL6: two privilege escalations), kernel (OL7: multiple vulnerabilities), kernel (OL7:privilege escalation), libtasn1 (OL7: three vulnerabilities), libvirt (OL7: information disclosure/denial of service), lzo (OL7: denial of service/possible code execution), mariadb (OL7: multiple unspecified vulnerabilities), nss, nspr (OL7: code execution), openssl (OL7: multiple vulnerabilities), openssl098e (OL7: man-in-the-middle attack), qemu-kvm (OL7: many vulnerabilities), qemu-kvm (OL7: code execution), samba (?:), (tomcat (OL7: three vulnerabilities), and tomcat (OL7: three vulnerabilities).

Red Hat has updated kernel (RHEL7; RHEL6.4; RHEL6; RHEL5: two privilege escalations) and qemu-kvm (RHEL7: many vulnerabilities).

Scientific Linux has updated kernel (SL6; SL5: two privilege escalations).

Slackware has updated httpd (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and firefox (multiple vulnerabilities).

SUSE has updated libtasn1 (SLE11SP3: three vulnerabilities) and ppc64-diag (SLE11SP3: two vulnerabilities).

Ubuntu has updated apache2 (14.04, 12.04, 10.04: multiple vulnerabilities), jinja2 (12.04: code execution), lzo2 (14.04, 12.04: denial of service/possible code execution), and oxide-qt (14.04: multiple vulnerabilities).

Kategóriák: Linux

Oracle Linux 7 released

cs, 2014-07-24 15:54
Another of the Red Hat Enterprise Linux (RHEL) rebuilds has released its version of RHEL 7: Oracle Linux 7 for x86_64 is now available. It does add some features, including DTrace, Ksplice, and Xen. More information can be found in the release notes.
Kategóriák: Linux

[$] LWN.net Weekly Edition for July 24, 2014

cs, 2014-07-24 03:44
The LWN.net Weekly Edition for July 24, 2014 is available.
Kategóriák: Linux

[$] Browser tracking through "canvas fingerprinting"

sze, 2014-07-23 20:27

Recently, public attention has been called to a new online user-tracking method that is purported to be nearly impossible to block. Called "canvas fingerprinting," the technique relies on forcing the browser to generate an image on the client side of the connection—an image that is unique enough to serve as a fingerprint for the browser that created it. In fact, the basis for this fingerprinting approach is several years old, but it does now seem to be in use in the wild. Whether or not it truly amounts to an insurmountable blocking challenge, however, remains to be seen.

Kategóriák: Linux

ownCloud 7 released

sze, 2014-07-23 19:59
The ownCloud 7 release has been announced. The headline feature this time around appears to be server-to-server sharing, but it also has mobile web browser support, file activity notifications, and an improved management interface.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-07-23 19:48

CentOS has updated firefox (C6; C5: multiple vulnerabilities), firefox, xulrunner (C7: multiple vulnerabilities), libvirt (C7: information disclosure/denial of service), nss, nspr (C7: code execution), nss (C5; C6: code execution), nss-util (C6: code execution), nspr (C6; C5: code execution), and thunderbird (C5; C6: multiple vulnerabilities).

Debian has updated acpi-support (privilege escalation) and mysql-5.5 (unidentified vulnerabilities).

Fedora has updated libXfont (F19: multiple vulnerabilities), python-simplejson (F19: information disclosure), and readline (F20: insecure temporary files).

Oracle has updated firefox (OL6: multiple vulnerabilities), nss, nspr (OL6; OL5: code execution), and thunderbird (OL6: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), httpd (RHEL5,6; RHEL7: multiple vulnerabilities), httpd24-httpd (RHSC1: multiple vulnerabilities), kernel-rt (RHE MRG2.5: multiple vulnerabilities), libvirt (RHEL7: information disclosure/denial of service), nss (RHEL5.6,5.9,6.2,6.4: code execution), nss, nspr (RHEL5,7: code execution), nss, nspr (RHEL6: multiple vulnerabilities), and thunderbird (RHEL5,6: multiple vulnerabilities).

Scientific Linux has updated firefox (SL5,6: multiple vulnerabilities), httpd (SL5,6: multiple vulnerabilities), nss and nspr (SL6; SL5: code execution), and thunderbird (SL5,6: multiple vulnerabilities).

Ubuntu has updated acpi-support (12.04 LTS: privilege escalation), firefox (14.04 LTS, 12.04 LTS: multiple vulnerabilities), libtasn1-3, libtasn1-6 (14.04 LTS, 12.04 LTS, 10.04 LTS: multiple vulnerabilities), and thunderbird (14.04 LTS, 12.04 LTS: multiple vulnerabilities).

Kategóriák: Linux

Firefox 31 released

sze, 2014-07-23 00:21
Firefox 31 has been released. This version adds a search field to the new tab page, adds support of Prefer:Safe http header for parental control, and it will block malware from downloaded files. See the release notes for more information.
Kategóriák: Linux

Spencer: The Community Team

k, 2014-07-22 21:44
Rick Spencer introduces Ubuntu's community team. "First, we created the role Community Team Manager. Notice the important inclusion of the word “Team”. This person’s job is not to “manage the community”, but rather to organize and lead the rest of the community team members. This includes things like project planning, HR responsibilities, strategic planning and everything else entailed in being a good line manager. After a rather competitive interview process, with some strong candidates, one person clearly rose to the top as the best candidate. So, I would like formally introduce David Planella as the Community Team Manager!" Michael Hall, Daniel Holbach, and Nicholas Skaggs are the other members of the team.
Kategóriák: Linux

Docker security with SELinux (Opensource.com)

k, 2014-07-22 20:51
Dan Walsh looks at container security, on Opensource.com. "I hear and read about a lot of people assuming that Docker containers actually sandbox applications—meaning they can run random applications on their system as root with Docker. They believe Docker containers will actually protect their host system [...] Stop assuming that Docker and the Linux kernel protect you from malware."
Kategóriák: Linux