ls -1TörténelemHardverPartnerünk |
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Webcím: http://lwn.net
Frissült: 22 perc 10 másodperc LWN.net Weekly Edition for August 11, 2016The LWN.net Weekly Edition for August 11, 2016 is available.
Kategóriák: Linux
[$] The TCP "challenge ACK" side channelSide-channel attacks against various kinds of protocols (typically
networking or cryptographic) are both dangerous and often hard for
developers and reviewers to spot.
They are generally passive attacks, which makes them hard to detect as well. A
recent paper
[PDF] describes in detail one such attack against the kernel's TCP
networking
stack; the bug (CVE-2016-5696)
has existed since Linux 3.6, which was released in 2012.
Ironically, the bug was introduced because Linux has implemented
a countermeasure against another type of attack.
Kategóriák: Linux
Stable kernel updatesThe 4.6.6,
4.4.17, and
3.14.75
stable kernel updates have been released. Each contains the usual set of
fixes and updates.
Kategóriák: Linux
The first public Kirigami releaseThe KDE project has announced
the first public release of the Kirigami interface framework. "Now,
with KDE’s focus expanding beyond desktop and laptop computers into the
mobile and embedded sector, our QWidgets-based components alone are not
sufficient anymore. In order to allow developers to easily create Qt-based
applications that run on any major mobile or desktop operating system
(including our very own existing Plasma Desktop and upcoming Plasma Mobile,
of course), we have created a framework that extends Qt Quick Controls:
Welcome Kirigami!"
Kategóriák: Linux
Security advisories for WednesdayCentOS has updated qemu-kvm (C6: denial of service). Debian-LTS has updated fontconfig (privilege escalation) and mongodb (problem in previous update). Fedora has updated lighttpd (F24; F23: man-in-the-middle attacks) and openssh (F24: denial of service). Oracle has updated qemu-kvm (OL6: multiple vulnerabilities). Red Hat has updated qemu-kvm (RHEL6: denial of service). SUSE has updated java-1_7_0-openjdk (SLE12-SP1: multiple vulnerabilities), java-1_8_0-openjdk (SLE12-SP1: multiple vulnerabilities), php53 (SLE11-SP4: multiple vulnerabilities), squid3 (SLE11-SP4: multiple vulnerabilities), and kernel (SLE11-SP4: three vulnerabilities). Ubuntu has updated kernel (16.04; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), linux-lts-xenial (14.04: multiple vulnerabilities), linux-raspi2 (16.04: multiple vulnerabilities), linux-snapdragon (16.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities). Kategóriák: Linux
EFF Announces 2016 Pioneer Award WinnersThe Electronic Frontier Foundation (EFF) has announced
the winners of the 2016 Pioneer Awards: "Malkia Cyril of the Center for Media Justice, data protection activist Max Schrems, the authors of the “Keys Under Doormats” report that counters calls to break encryption, and the lawmakers behind CalECPA—a groundbreaking computer privacy law for Californians."
Kategóriák: Linux
Study Highlights Serious Security Threat to Many Internet Users (UCR Today)UCR Today reports that
researchers at the University of California, Riverside have identified a
weakness in the Transmission Control Protocol (TCP) in Linux that enables
attackers to hijack users’ internet communications remotely. "The
UCR researchers didn’t rely on chance, though. Instead, they identified a
subtle flaw (in the form of ‘side channels’) in the Linux software that
enables attackers to infer the TCP sequence numbers associated with a
particular connection with no more information than the IP address of the
communicating parties. This means that given any two arbitrary machines on
the internet, a remote blind attacker, without being able to eavesdrop on
the communication, can track users’ online activity, terminate connections
with others and inject false material into their communications."
Kategóriák: Linux
The People’s Code (White House blog)US Chief Information Officer Tony Scott introduces
the Federal Source Code Policy,
on the White House blog. "By making source code available for
sharing and re-use across Federal agencies, we can avoid duplicative custom
software purchases and promote innovation and collaboration across Federal
agencies. By opening more of our code to the brightest minds inside and
outside of government, we can enable them to work together to ensure that
the code is reliable and effective in furthering our national
objectives. And we can do all of this while remaining consistent with the
Federal Government’s long-standing policy of technology neutrality, through
which we seek to ensure that Federal investments in IT are merit-based,
improve the performance of our government, and create value for the
American people." (Thanks to David A. Wheeler)
Kategóriák: Linux
Security advisories for TuesdayArch Linux has updated curl (three vulnerabilities). Debian has updated chromium-browser (multiple vulnerabilities) and fontconfig (privilege escalation). Debian-LTS has updated libreoffice (code execution) and python-django (rebase to 1.4.x). Fedora has updated bind99 (F23: denial of service), ca-certificates (F23: certificate update), dhcp (F23: denial of service), dnsmasq (F23: denial of service), flex (F24: buffer overflow), fontconfig (F24: privilege escalation), kernel (F24; F23: two vulnerabilities), libidn (F23: multiple vulnerabilities), libreswan (F23: unspecified), nodejs-tough-cookie (F24: denial of service), pdns (F24: denial of service), perl-CGI-Emulate-PSGI (F24; F23: HTTP redirect), perl-Module-Load-Conditional (F24; F23: privilege escalation), v8 (F24; F23: denial of service), and xen (F23: multiple vulnerabilities). Mageia has updated chromium-browser-stable (multiple vulnerabilities), firefox (multiple vulnerabilities), and openntpd/busybox (denial of service). Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), kernel (RHEL6.4: privilege escalation), nodejs010-nodejs-minimatch (RHSCL: denial of service), and rh-nodejs4-nodejs-minimatch (RHSCL: denial of service). SUSE has updated kernel (SLE11-SP4: multiple vulnerabilities). Ubuntu has updated curl (three vulnerabilities). Kategóriák: Linux
Christoph Hellwig's case against VMware dismissedThe GPL-infringement case brought against VMware by Christoph Hellwig in
Germany has been dismissed by the court; the ruling is available in German
and English.
The decision seems to be based entirely on uncertainty over where his
copyrights actually lie and not on the infringement claims.
"Nonetheless, these questions (on which the legal interest of the
parties and their counsel presumably focus) can and must remain
unanswered. This is because the very first requirement for conducting an
examination, namely that code possibly protected for the Plaintiff as a
holder of adapter’s copyright has been used in the Defendant’s product,
cannot be established. " The ruling will be
appealed.
Kategóriák: Linux
Vice-President’s Report — The State of the GNOME FoundationJeff Fortin Tam reports
on the state of the GNOME Foundation. "Generally speaking, this year
was a bit less intense than the one before it (we didn’t have to worry
about a legal battle with a giant corporation this time around!) although
we did end up touching a fair amount of legal matters, such as trademark
agreements. One big item we got cleared was the Ubuntu GNOME trademark
agreement. We also welcomed businesses that wanted to sell GNOME-related
merchandise, you can find them listed here—supporting them by purchasing
GNOME-related items also supports the Foundation with a small percentage
shared as royalties." (Thanks to Paul Wise)
Kategóriák: Linux
Lumina Desktop 1.0.0 releasedVersion
1.0.0 of the Lumina Desktop Environment has been released.
"After roughly four years of development, I am pleased to announce
the first official release of the Lumina desktop environment! This release
is an incredible realization of the initial idea of Lumina – a simple and
unobtrusive desktop environment meant for users to configure to match their
individual needs." Lumina is a from-scratch, BSD-licensed desktop
system.
Kategóriák: Linux
Security updates for MondayArch Linux has updated glibc (two denial of service vulnerabilities), lib32-glibc (two denial of service vulnerabilities), and libupnp (unauthenticated access). Debian has updated kde4libs (command execution) and lighttpd (man-in-the-middle attacks). Debian-LTS has updated mongodb (two vulnerabilities), mupdf (denial of service), and openjdk-7 (multiple vulnerabilities). Fedora has updated curl (F24: three vulnerabilities), firefox (F23: multiple vulnerabilities), libgcrypt (F23: key leak), and xen (F24: multiple vulnerabilities). Mageia has updated ruby-eventmachine (denial of service). openSUSE has updated bsdiff (Leap42.1, 13.2: denial of service), Chromium (Leap42.1, 13.2; SPH for SLE12: multiple vulnerabilities), java-1_8_0-openjdk (13.2: multiple vulnerabilities), libvirt (Leap42.1: authentication bypass), redis (Leap42.1, 13.2; SPH for SLE12: information leak), and wireshark (Leap42.1, 13.2: multiple vulnerabilities). Slackware has updated curl (three vulnerabilities), firefox (multiple vulnerabilities), openssh (two vulnerabilities), and stunnel (two vulnerabilities). Kategóriák: Linux
Check Point's "QuadRooter" vulnerabilitiesCheck Point has discovered four local-root vulnerabilities in
Qualcomm-based Android devices and is hyping the result as "QuadRooter".
"QuadRooter is a set of four vulnerabilities affecting Android
devices built using Qualcomm chipsets. Qualcomm is the world’s leading
designer of LTE chipsets with a 65% share of the LTE modem baseband
market. If any one of the four vulnerabilities is exploited, an attacker
can trigger privilege escalations for the purpose of gaining root access to
a device." Actually getting the report requires registration. All
four vulnerabilities are in Android-specific code; three of them are in
out-of-tree modules (kgsl and ipc_router); the fourth is
in the "ashmem" code in the staging tree.
Kategóriák: Linux
Kernel prepatch 4.8-rc1Linus has released the 4.8-rc1 prepatch and
closed the merge window for this development cycle — sort of. "I
actually still have a few pull requests pending in my inbox that I just
wanted to take another look at before merging, but the large bulk of the
merge window material has been merged, and I wanted to make sure there
aren't any new ones coming in." A total of 11,618 non-merge
changesets were pulled during the merge window.
Kategóriák: Linux
Let's Encrypt will be trusted by Firefox 50The Let's Encrypt project, which provides a free SSL/TLS certificate authority (CA), has announced that Mozilla has accepted the project's root key into the Mozilla root program and will be trusted by default as of Firefox 50. This is a step forward from Let's Encrypt's earlier status. "In order to start issuing widely trusted certificates as soon as possible, we partnered with another CA, IdenTrust, which has a number of existing trusted roots. As part of that partnership, an IdenTrust root 'vouches for' the certificates that we issue, thus making our certificates trusted. We’re incredibly grateful to IdenTrust for helping us to start carrying out our mission as soon as possible. However, our plan has always been to operate as an independently trusted CA. Having our root trusted directly by the Mozilla root program represents significant progress towards that independence." The project has also applied for inclusion the CA trust roots maintained by Apple, Microsoft, Google, Oracle, and Blackberry. News on those programs is still pending. Kategóriák: Linux
Friday's security updatesArch Linux has updated firefox (multiple vulnerabilities), jdk7-openjdk (multiple vulnerabilities), jre7-openjdk (multiple vulnerabilities), and jre7-openjdk-headless (multiple vulnerabilities). Debian has updated openjdk-7 (multiple vulnerabilities). Debian-LTS has updated curl (multiple vulnerabilities) and mysql-5.5 (multiple vulnerabilities). Fedora has updated collectd (F23; F24: code execution), dietlibc (F23; F24: insecure default PATH), perl (F24: privilege escalation), perl-DBD-MySQL (F24: code execution), and python-autobahn (F24: insecure origin validation). openSUSE has updated MozillaFirefox, mozilla-nss (13.2, Leap 42.1: multiple vulnerabilities). Oracle has updated kernel (O7; O6: multiple vulnerabilities; O7; O6; O6; O5: privilege escalation) and squid (O6: code execution). Scientific Linux has updated squid (SL6: code execution). SUSE has updated kernel (SLE12-LP: multiple vulnerabilities). Ubuntu has updated firefox (12.04, 14.04, 16.04: multiple vulnerabilities), libreoffice (12.04: code execution), oxide-qt (14.04, 16.04: multiple vulnerabilities), and qemu, qemu-kvm (12.04, 14.04, 16.04: multiple vulnerabilities). Kategóriák: Linux
The GNU C Library version 2.24 is now availableThe 2.24 version of the GNU C Library (glibc) has been released. It comes
with lots of bug fixes, including five for security vulnerabilities (four
stack overflows and a memory leak). Some deprecated features have
been removed, as well as deprecating the readdir_r() and
readdir64_r() functions in favor of readdir() and
readdir64(). There are also additions to the math library
(nextup*() and nextdown*()) to return the next
representable value toward either positive or negative infinity.
Kategóriák: Linux
Breaking through censorship barriers, even when Tor is blocked (Tor Blog)The Tor Blog looks at using Pluggable Transports to avoid country-level Tor blocking. There are some new easy-to-follow graphical directions for using the transports.
"Many repressive governments and authorities benefit from blocking their users from having free and open access to the internet. They can simply get the list of Tor relays and block them. This bars millions of people from access to free information, often including those who need it most. We at Tor care about freedom of access to information and strongly oppose censorship. This is why we've developed methods to connect to the network and bypass censorship. These methods are called Pluggable Transports (PTs).
Pluggable Transports are a type of bridge to the Tor network. They take advantage of various transports and make encrypted traffic to Tor look like not-interesting or garbage traffic. Unlike normal relays, bridge information is kept secret and distributed between users via BridgeDB."
Kategóriák: Linux
Security updates for ThursdayCentOS has updated firefox (C5: multiple vulnerabilities) and squid (C6: code execution). Debian has updated firefox-esr (multiple vulnerabilities) and wordpress (multiple vulnerabilities). Debian-LTS has updated collectd (regression in previous security update), firefox-esr (multiple vulnerabilities), and libsys-syslog-perl (privilege escalation). Fedora has updated firefox (F24: multiple vulnerabilities) and pbuilder (F24; F23: file overwrite). Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities). Red Hat has updated squid (RHEL6: code execution). Scientific Linux has updated firefox (multiple vulnerabilities), golang (SL7: denial of service), kernel (SL7: three vulnerabilities, one from 2015), and libtiff (SL7: multiple vulnerabilities, including some from 2014 and 2015). SUSE has updated hawk2 (SLE12: clickjacking prevention). Kategóriák: Linux
|
KeresésNavigációBelépésÁllásajánlatokHWSWFriss blogbejegyzések
HUP napi hírlevélSzavazásTudsz-e még írásban összeadni, kivonni, szorozni, osztani? Kapásból. Bármely számrendszerben. 14% Kapásból, tízes számrendszerben. 47% Kis gondolkodás után tízes számrendszerben. 27% Már nem emlékszem. 7% Csak az eredmény érdekel. 5% Összes szavazat: 432
InformációKövess minket! |
Friss hozzászólások
1 óra 13 perc
1 óra 49 perc
2 óra 2 perc
2 óra 3 perc
2 óra 7 perc
2 óra 29 perc
2 óra 43 perc
2 óra 44 perc
2 óra 45 perc
2 óra 59 perc