Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 8 perc 5 másodperc
It seems that Red Hat, too, has a project working on patching running kernels. "kpatch allows you to patch a Linux kernel without rebooting or restarting any processes. This enables sysadmins to apply critical security patches to the kernel immediately, without having to wait for long-running tasks to complete, users to log off, or scheduled reboot windows. It gives more control over uptime without sacrificing security or stability." It looks closer to ksplice than to SUSE's kGraft in that it patches out entire functions at a time.
The Free Software Foundation has joined forces with the Software Freedom Law Center and the Open Source Initiative in filing an amicus brief in software patent case *Alice Corp. v. CLS Bank* before the United States Supreme Court. "The jointly filed brief argues that the "machine or transformation" inquiry employed by the Court in *Bilski v. Kappos* is the correct, and exclusive, bright line test for patent eligibility of computer-implemented inventions. It says that not only do software idea patents fail established tests for patentability; they also violate the First Amendment."
The second vote by the Debian technical committee addressed init system coupling. Bdale Garbee has announced the results of that vote. "With all 8 votes cast, this CFV on the init system coupling issue has ended in a tie between options "L" and "N". Given my vote on this issue, it should be no surprise that I use my casting vote to declare option "N" is the winner." (Thanks to Josh Triplett)
Option N: "The TC chooses to not pass a resolution at the current time about whether software may require specific init systems."
Xmodulo presents a brief overview of ten video editing applications available for Linux. "I will not cover subjective merits such as usability or interface design, but instead highlight notable features of each video editor."
Debian has updated php5 (denial of service).
Fedora has updated drupal6-filefield (F20; F19: access bypass), drupal6-image_resize_filter (F20; F19: denial of service), drupal7-ctools (F20; F19: access bypass), kernel (F20; F19: denial of service), libvirt (F20: unsafe usage of paths under /proc/$PID/root), thunderbird (F19: multiple vulnerabilities), and xen (F20; F19: multiple vulnerabilities).
openSUSE has updated vlc (13.1: unspecified vulnerability).
The 3.14-rc5 kernel prepatch is out right on schedule. Linus says: "Not a lot. Which is just how I like it. Go verify that it all works for you."
Broadcom has announced the release of the source and documentation for its VideoCore IV graphics subsystem. This subsystem is found in the Raspberry Pi processor, among others. "The trend over the last decade has leaned towards greater openness in desktop graphics, and the same is happening in the mobile space. Broadcom — a long-time leader in graphics processors — is a frontrunner in this movement and aims to contribute to its momentum."
The first beta release for the upcoming Ubuntu 14.04 long-term support release is available for testing in a number of flavors: "This beta features images for Edubuntu, Kubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu Studio, Xubuntu and the Ubuntu Cloud images."
openSUSE has updated icedtea-web (12.3, 13.1: insecure temporary file use), mupdf (13.1: denial of service), python-logilab-common (12.3, 13.1: multiple vulnerabilities), and subversion (13.1: denial of service).
Slackware has updated subversion (multiple vulnerabilities).
Ubuntu has updated openjdk-6 (10.04, 12.04: multiple vulnerabilities).
On his blog, Simon Josefsson describes the process of updating Replicant, the free-software-only Android-based mobile phone firmware project, from version 4.0 to 4.2. "I spent some time researching how to get the various non-free components running. This is of course sub-optimal, and the Replicant project does not endorse non-free software. Alas there aren’t any devices out there that meets my requirements and use only free software. Personally, I feel using a free core OS like Replicant and then adding some non-free components back is a better approach than using CyanogenMod directly, or (horror) the stock ROM. Even better is of course to not add these components back, but you have to decide for yourselves which trade-offs you want to make."
Christian Svensson has announced a version of Debian for the OpenRISC open-source processor. "Some people know that I've been working on porting Glibc and doing some toolchain work. My evil master plan was to make a Debian port, and today I'm a happy hacker indeed! Below is a link to a screencast of me installing Debian for OpenRISC, installing python2.7 via apt-get (which you shouldn't do in or1ksim, it takes ages! (but it works!)) and running a small Python script. http://asciinema.org/a/7362" (Thanks to Paul Wise.)
Ubuntu has updated file (10.04; 12.04; 12.10; 13.10: two vulnerabilities, one from 2012).
The LWN.net Weekly Edition for February 27, 2014 is available.
At SCALE12x in Los Angeles, Harvard law professor Lawrence Lessig delivered an opening keynote that challenged the free software community to do something it does not normally attempt: engage with the political system. Lessig is perhaps best known as a public advocate for reform in the US government's patent and copyright systems and for his activism in intellectual property issues (such as founding Creative Commons), but in recent years he has focused his attention on the more fundamental problems of how campaign financing skews the political system, severely hindering the chances for real reform in many public policy areas. As he explained to the SCALE crowd, however, those affected public policy areas include some key technology issues—and Lessig's own commitment to the cause he credits directly to his friendship with developer Aaron Swartz.
Gentoo has updated pidgin-knotify (command execution).
Mageia has updated oath-toolkit (replays one time passwords), openswan (denial of service), otrs (two vulnerabilities), perl-CGI-Application (information leak), perl-Module-Metadata (code execution), phpseclib (cross-site scripting), springframework (multiple vulnerabilities), xstream (code execution), and zabbix (multiple vulnerabilities).
Red Hat has updated postgresql84 and postgresql (RHEL5&6: multiple vulnerabilities).
Scientific Linux has updated postgresql84 and postgresql (SL5&6: multiple vulnerabilities).
SUSE has updated flash-player (multiple vulnerabilities).
Ars technica provides some details on the security focused Blackphone. "While Geeksphone is handling the hardware, Silent Circle is handling the software. The Blackphone runs a Google-less version of Android called "PrivatOS." Besides removing the user-tracking Google parts, most of the Blackphone's security and privacy advantages seem to come from the integration of Silent Circle apps. The suite of apps mentioned at the event were the existing Silent Phone and Silent Text apps, and a new product called "Silent Contacts." Silent Phone and Silent Text encrypt your phone calls, text messages, and file transfers to other users of the apps."
Here's a ZDNet article looking at Mozilla's "Servo" project, an attempt to make web browsers perform better and more securely on multi-core systems. "Servo takes a different approach to current browsers. It splits the work to compute the layout, render content and execute scripts on a web page into three tasks, each of which it can carry out in parallel. The browser's ability to carry out these tasks at the same time stems from the nature of the Servo's underlying programming language, Rust, which has been developed by Mozilla for several years and is nearing version 1.0."
Fedora has updated openstack-nova (F20: insecure directory permissions).
Oracle has updated openldap (OL5: denial of service).
Scientific Linux has updated openldap (SL5: denial of service).
SUSE has updated IBM Java 6 (multiple vulnerabilities).
Videos of the talks at DevConf.cz are available on YouTube. DevConf.cz took place February 7-9 in Brno, Czech Republic. The conference was aimed at developers, administrators and users of Red Hat, JBoss and Fedora.
Fedora has updated drupal6-ctools (F20; F19: access bypass), file (F20: denial of service), gnutls (F19: certificate verification error), ibus-chewing (F19: password disclosure), libgadu (F19: code execution), lighttpd (F20; F19: multiple vulnerabilities), mingw-gnutls (F20; F19: certificate verification error), numpy (F19: insecure temp files), oath-toolkit (F19: replays one time passwords), perl-Capture-Tiny (F20; F19: insecure tmpfile use), postgresql (F20: multiple vulnerabilities), python-gnupg (F20; F19: shell injection), seamonkey (F20; F19: multiple vulnerabilities), and xstream (F20; F19: code execution).
Gentoo has updated gnupg (multiple vulnerabilities), kvirc (multiple vulnerabilities from 2010), libssh (code execution from 2012), libXfont (multiple vulnerabilities, one from 2011), openssl (denial of service), tcptrack (code execution from 2011), and tiff (multiple vulnerabilities, some from 2012).
Mageia has updated file (denial of service), flash-player-plugin (multiple vulnerabilities), freeradius (buffer overflow), gnome-chemistry-utils, gnumeric, goffice (MG3: denial of service), imagemagick: code execution), libtar (directory traversal), and python-numpy (insecure temp files).
openSUSE has updated curl (13.1, 12.3; 11.4: information disclosure), flash-player (13.1, 12.3; 11.4: multiple vulnerabilities), icinga (13.1, 12.3: cross-site request forgery), libvirt (13.1; 12.3: multiple vulnerabilities), libyaml (13.1, 12.3; 11.4: code execution), and mumble (13.1, 12.3: multiple vulnerabilities).
Ubuntu has updated postgresql-8.4, postgresql-9.1 (multiple vulnerabilities).
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP dokumentumok
Cégünknél a normál dolgozóknak a desktop gépük operációs rendszerére local rendszergazdai joga ...
sajnos van, ha rajtam múlna nem lenne.
szerencsére van, engem ne zaklassanak a hülyeségeikkel.
csak egy szűkebb körnek van, a többségnek nincs.
egy szűkebb körnek nincs, a többségnek van.
Csak az eredmény érdekel
Összes szavazat: 166