ls -1TörténelemNépszerű témákNépszerű fórum témákHardverAjánlott böngésző FreeBSD Project NewsOpenBSD Journal |
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Webcím: http://lwn.net
Frissült: 25 perc 24 másodperc Security advisories for WednesdayDebian has updated lucene-solr (multiple vulnerabilities) and nspr (code execution). Fedora has updated dovecot (F19: denial of service), libfep (F20; F19: privilege escalation), lynis (F20: privilege escalation), mod_wsgi (F20; F19: two vulnerabilities), php (F20; F19: denial of service), php-doctrine-orm (F20; F19: denial of service), php-horde-Horde-Ldap (F19: check for empty passwords), php-phpunit-PHPUnit-MockObject (F20; F19: denial of service), and python-djblets (F20; F19: cross-site scripting). openSUSE has updated miniupnpc (13.1, 12.3: denial of service), rxvt-unicode (13.1, 12.3: command execution), and typo3-cms-4_5 (13.1, 12.3: multiple vulnerabilities). SUSE has updated flash-player (SLED11 SP3: multiple vulnerabilities) and kernel (SLES11 SP1 LTSS: multiple vulnerabilities). Ubuntu has updated apt (invalid source package authentication) and nova (14.04 LTS, 13.10, 12.04 LTS: multiple vulnerabilities). Kategóriák: Linux
[$] Android without the mothershipThe success of Android has brought Linux to many millions of new users and
that, in turn, has increased the development community for Linux itself.
But those who value free software and privacy can be forgiven for seeing
Android as a step backward in some ways; Android systems include
significant amounts of proprietary software, and they report vast amounts of
information back to the Google mothership. But Android is, at its heart,
an open-source system, meaning that it should be possible to cast it into a
more freedom- and privacy-respecting form. Your editor has spent some time
working on that goal; the good news is that it is indeed possible to create
a (mostly) free system on the Android platform.
Kategóriák: Linux
Poettering: Factory Reset, Stateless Systems, Reproducible Systems & Verifiable SystemsOn his blog, Lennart Poettering writes about new systemd features that will make it easier to "factory reset" systems back to their initial configuration. By handling /etc and /var differently, it will also support other use cases, such as "stateless" systems that store no persistent configuration, as well as "reproducible" and "verifiable" systems. "Booting up a system without a populated /var is relatively straight-forward. With a few lines of tmpfiles configuration it is possible to populate /var with its basic structure in a way that is sufficient to make a system boot cleanly. systemd version 214 and newer ship with support for this. Of course, support for this scheme in systemd is only a small part of the solution. While a lot of software reconstructs the directory hierarchy it needs in /var automatically, many software does not. In case like this it is necessary to ship a couple of additional tmpfiles lines that setup up at boot-time the necessary files or directories in /var to make the software operate, similar to what RPM or DEB packages would set up at installation time.
Booting up a system without a populated /etc is a more difficult task. In /etc we have a lot of configuration bits that are essential for the system to operate, for example and most importantly system user and group information in /etc/passwd and /etc/group. If the system boots up without /etc there must be a way to replicate the minimal information necessary in it, so that the system manages to boot up fully."
Kategóriák: Linux
LibreOffice bug hunting eventThe Document Foundation (TDF) has announced a LibreOffice 4.3 bug hunting
session on June 20-22. "The community has already made a large
collective effort to make LibreOffice 4.3 the best ever, based on automated
stress tests and structured tests by Quality Assurance volunteers.
Enterprise and individual LibreOffice users can now contribute to the
quality of the best free office suite ever by testing the release candidate
to identify issues in their preferred user scenario." See the wiki
page for more information about the hunt.
Kategóriák: Linux
Android Root Access Vulnerability Affecting Most Devices (Threatpost)Threatpost reports
that most Android devices are vulnerable to a privilege
escalation flaw in the kernel. "Researchers at Lacoon Mobile Security are calling the bug “TowelRoot,” because it is the very same vulnerability (CVE-2014-3153) exploited in the latest Android rooting tool developed by George Hotz (Geohot). Successful exploitation of the Linux bug within the Android operating system would give the attacker administrative access to a victim’s phone. Specifically, such access could potentially allow that same attacker to run further malicious code, retrieve files and device data, bypass third-party or enterprise security applications including containers like Samsung’s secure Knox sub-operating system, and establish backdoors for future access on victim devices."
Kategóriák: Linux
Tuesday's security updatesCentOS has updated kernel (Xen4CentOS: multiple vulnerabilities) and xen (Xen4CentOS: multiple vulnerabilities). Debian has updated icedove (multiple vulnerabilities), openssl (multiple vulnerabilities), and php5 (code execution). Fedora has updated kernel (F19: multiple vulnerabilities). Gentoo has updated adobe-flash (multiple vulnerabilities) and cups-filters (multiple vulnerabilities). openSUSE has updated sendmail (11.4; 12.3, 13.1: denial of service). SUSE has updated GnuTLS (SUSE CORE 9: multiple vulnerabilities). Ubuntu has updated libxml2 (regression in upstream update). Kategóriák: Linux
Stable kernel updatesKategóriák: Linux
Security advisories for MondayDebian has updated chromium-browser (multiple vulnerabilities). Fedora has updated firefox (F19: multiple vulnerabilities), nspr (F19: multiple vulnerabilities), thunderbird (F20: multiple vulnerabilities), and xulrunner (F19: multiple vulnerabilities). Gentoo has updated freeradius (code execution), gnutls (multiple vulnerabilities), kdirstat (command execution), libXfont (multiple vulnerabilities), lighttpd (multiple vulnerabilities), memcached (multiple vulnerabilities), and opera (multiple vulnerabilities). Mageia has updated flash-player-plugin (multiple vulnerabilities). Mandriva has updated kernel (BS1.0: multiple vulnerabilities) and nspr (BS1.0, ES5.0: code execution). openSUSE has updated flash-player (11.4; 12.3, 13.1: multiple vulnerabilities) and Mozilla (11.4: multiple vulnerabilities). SUSE has updated GnuTLS (SLES10: multiple vulnerabilities) and kernel (SLE RTE11 SP3: privilege escalation). Kategóriák: Linux
The history of Android (ars technica)Ars technica has put together a
detailed history of Android so far. "Thanks to this 'cloud rot,'
an Android retrospective won’t be possible in a few years. Early versions
of Android will be empty, broken husks that won't function without cloud
support. While it’s easy to think of this as a ways off, it's happening
right now. While writing this piece, we ran into tons of apps that no
longer function because the server support has been turned off. Early
clients for Google Maps and the Android Market, for instance, are no longer
able to communicate with Google."
Kategóriák: Linux
The 3.16 merge window has closedLinus Torvalds has released the 3.16-rc1
kernel prepatch, thus closing the merge window. In the end, Torvalds
picked up 11,364 non-merge commits for inclusion, making 3.16 the third
busiest merge window ever (after 3.15 and 3.10). "It also looks fairly usual from a statistics standpoint: about two
thirds of the changes are to drivers (and one third of *that* is to
staging), and half of the remainder is architecture updates (with arm
dominating, dts files leading - but there's mips, powerpc, x86 and
arm64 there too).
Outside of drivers and architecture updates, there's the usual mixture
of changes elsewhere: filesystems (mainly reiserfs, xfs, btrfs, nfs),
networking, "core" kernel (mm, locking, scheduler, tracing), and
tooling (perf and power, also new self-tests)."
Kategóriák: Linux
CentOS 7 Public QA ReleaseWhile stressing that it is a pre-release for testing (i.e. quality assurance or QA) purposes, the CentOS team has announced the availability of the CentOS 7 QA release. It can be downloaded from here. Packages are not GPG signed, are likely to be replaced "in place" as bugs are fixed, and upgrading from the QA release to the final release may not be possible (and will not be supported). But, unlike previous CentOS releases, it has been opened up to the community before the final release. "We appreciate any and all bug reports at http://bugs.centos.org (please also check upstream bugzilla.redhat.com and link to those bugs when filing a new CentOS issue), and assistance with the “Branding Hunt” (see http://lists.centos.org/pipermail/centos-devel/2014-June/010411.html)."
Kategóriák: Linux
Security advisories for FridayDebian has updated apt (invalid source package authentication) and mediawiki (cross-site scripting). Fedora has updated chkrootkit (F20; F19: privilege escalation), firefox (F20: multiple vulnerabilities), nspr (F20: multiple vulnerabilities), sendmail (F20: denial of service), and xulrunner (F20: multiple vulnerabilities). openSUSE has updated php5 (11.4: multiple vulnerabilities). SUSE has updated GnuTLS (SLE11SP2; SLE11SP1; SM1.7 for SLE11SP2: multiple vulnerabilities). Ubuntu has updated json-c (14.04, 13.10, 12.04: two denial of service flaws) and openssl (14.04, 13.10, 12.04: regression in previous security fix). Kategóriák: Linux
GCC wins ACM SIGPLAN Programming Languages Software AwardThe GNU Compiler Collection (GCC) has
received the ACM SIGPLAN Programming Languages
Software Award. "GCC is the product of hundreds of person-years
of work over its 27 years of existence. This award recognizes the GCC
developer community for the substantial impact it has had on the
programming language community and the larger software industry."
(Thanks to David Edelsohn)
Kategóriák: Linux
Thursday's security updatesCentOS has updated firefox (C6; C5: multiple vulnerabilities), kernel (C5: multiple vulnerabilities), python-jinja2 (C6: code execution), qemu-kvm (C6: multiple vulnerabilities), and thunderbird (C6; C5: multiple vulnerabilities). Fedora has updated kernel (F20: two vulnerabilities). Mageia has updated firefox, thunderbird (multiple vulnerabilities) and iceape (multiple vulnerabilities). openSUSE has updated apache2-mod_wsgi (13.1, 12.3: two vulnerabilities), chromium (13.1, 12.3: multiple vulnerabilities), and php5 (13.1, 12.3, 12.2: multiple vulnerabilities). Oracle has updated firefox (OL5: multiple vulnerabilities), kernel (OL5: multiple vulnerabilities), openssl (OL4: man-in-the-middle attack), and python-jinja2 (OL6: code execution). Red Hat has updated python-jinja2 (RHEL6: code execution) and python33-python-jinja2 (RHSC1: code execution). Scientific Linux has updated firefox (SL5&6: multiple vulnerabilities) and python-jinja2 (SL6: code execution). Slackware has updated thunderbird (multiple vulnerabilities). Kategóriák: Linux
LWN.net Weekly Edition for June 12, 2014The LWN.net Weekly Edition for June 12, 2014 is available.
Kategóriák: Linux
More stable kernel updatesThe 3.14.7,
3.10.43, and
3.4.93 stable kernel updates are available;
each contains another long list of important fixes.
Kategóriák: Linux
Security advisories for WednesdayDebian has updated iceweasel (multiple vulnerabilities) and icinga (multiple vulnerabilities). Mandriva has updated chkrootkit (BS1.0: privilege escalation), emacs (BS1.0, ES5.0: multiple vulnerabilities), libgadu (BS1.0: code execution), mediawiki (BS1.0: cross-site scripting), miniupnpc (BS1.0: denial of service), and tor (BS1.0: multiple vulnerabilities). Oracle has updated firefox (OL6: multiple vulnerabilities), qemu-kvm (OL6: multiple vulnerabilities), and thunderbird (OL6: multiple vulnerabilities). Red Hat has updated firefox (RHEL5, 6 & 7: multiple vulnerabilities), flash-plugin (RHEL5 & 6 Supplementary: multiple vulnerabilities), gnutls (RHEL7: two vulnerabilities), java-1.6.0-openjdk (RHEL7: multiple vulnerabilities), java-1.7.0-openjdk (RHEL7: multiple vulnerabilities), json-c (RHEL7: denial of service), kernel (RHEL7: privilege escalation), kernel (RHEL5: multiple vulnerabilities), libtasn1 (RHEL7: multiple vulnerabilities), mariadb (RHEL7: multiple vulnerabilities), openssl (RHEL7: multiple vulnerabilities), openssl098e (RHEL7: man-in-the-middle attack), qemu-kvm (RHEL7: code execution), qemu-kvm (RHEL6: multiple vulnerabilities), thunderbird (RHEL5 & 6: multiple vulnerabilities), and tomcat (RHEL7: multiple vulnerabilities). Scientific Linux has updated kernel (SL5: multiple vulnerabilities), openssl (SL5 & 6; SL5: man-in-the-middle attack), qemu-kvm (SL6: multiple vulnerabilities), and thunderbird (SL5 & 6: multiple vulnerabilities). SUSE has updated kernel (SLE11 SP3: privilege escalation). Ubuntu has updated firefox (14.04 LTS, 13.10, 12.04 LTS: multiple vulnerabilities) and libav (13.10, 12.04 LTS: code execution). Kategóriák: Linux
[$] What's in a (CentOS) version number?The CentOS project has made its reputation by doing one thing very well:
repackaging the Red Hat Enterprise Linux (RHEL) distribution into a freely
distributable
form. For users who are able to do without the support services offered by
Red Hat, CentOS has been an invaluable resource. It is perhaps not
surprising that CentOS users worry about the future of this distribution;
they are getting a lot for free and many of them know that such situations
are not always sustainable. For CentOS, keeping its user base depends on
maintaining a certain level of trust so that users know it will continue to
be available, stable, and free. The discussion around a proposal on
version numbers shows just how easy that trust could be to lose.
Kategóriák: Linux
The linux.conf.au 2015 CFP opensLinux.conf.au 2015 will be held
January 12-16 in Auckland, New Zealand.
The call for papers has just gone out; submissions will be accepted through
July 13.
Kategóriák: Linux
Firefox 30 releasedFirefox 30 is available. This
version enables faster access to social, bookmark, and history
sidebars, support for GStreamer 1.0, and an array of enhancements and bug
fixes. More details can be found in the release notes.
Kategóriák: Linux
|
KeresésNavigációBelépésHupWikiÁllásajánlatokHWSWFriss blogbejegyzésekHUP napi hírlevélLegfrissebb HUP videókLegfrissebb Linux játékvideókLegfrissebb HUP képekLegfrissebb HUP dokumentumokSzavazásVásárolnál anonym (személyes adathoz nem kötött) telefonelőfizetést? Igen 65% Nem 17% Csak az eredmény érdekel. 18% Összes szavazat: 296
InformációKövess minket!Partnerünk |
Friss hozzászólások
1 óra 23 perc
1 óra 25 perc
2 óra 20 perc
3 óra 19 perc
3 óra 25 perc
3 óra 46 perc
3 óra 52 perc
4 óra 4 perc
4 óra 5 perc
4 óra 19 perc