Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 14 perc 11 másodperc

Thursday's security updates

cs, 2015-06-25 17:05

CentOS has updated nss (C7; C6: cipher downgrade) and nss-util (C7; C6: cipher downgrade).

Debian has updated cacti (three vulnerabilities).

Fedora has updated xen (F20: multiple vulnerabilities).

Oracle has updated kernel 2.6.39 (OL6; OL5: two vulnerabilities), kernel 3.8.13 (OL7; OL6: two vulnerabilities), and kernel 2.6.32 (OL6; OL5: two vulnerabilities)

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), flash-plugin (RHEL5&6: code execution), nss (RHEL6&7: cipher downgrade), php55-php (RHSC2: multiple vulnerabilities), and rh-php56-php (RHSC2: multiple vulnerabilities).

Scientific Linux has updated libreswan (SL7: denial of service) and php (SL7: multiple vulnerabilities).

SUSE has updated IBM Java (SLE10SP4: multiple vulnerabilities) and Java (SLE11SP2: multiple vulnerabilities).

Ubuntu has updated python2.7, python3.2, python3.4 (14.10, 14.04, 12.04: multiple vulnerabilities, some from 2013), tomcat6 (12.04: three vulnerabilities), and tomcat7 (15.04, 14.10, 14.04: multiple vulnerabilities).

Kategóriák: Linux

LWN.net Weekly Edition for June 25, 2015

cs, 2015-06-25 02:40
The LWN.net Weekly Edition for June 25, 2015 is available.
Kategóriák: Linux

A report from PGCon 2015

sze, 2015-06-24 19:14
PGCon 2015, the PostgreSQL international developer conference, took place in Ottawa, Canada from June 16 to 20. This PGCon involved a change in format from prior editions, with a "developer unconference" in the two days before the main conference program. Both the conference and the unconference covered a wide range of topics, many of them related to horizontal or vertical scaling, or to new PostgreSQL features.

Subscribers can click below for a report from the conference from guest author Josh Berkus.

Kategóriák: Linux

Security updates for Wednesday

sze, 2015-06-24 18:58

Arch Linux has updated flashplugin (code execution).

CentOS has updated kernel (C7: multiple vulnerabilities), libreswan (C7: denial of service), mailman (C7: path traversal attack), and php (C7: multiple vulnerabilities).

Debian has updated wireshark (denial of service).

Debian-LTS has updated zendframework (regression in previous update).

Fedora has updated curl (F22: information disclosure), libwmf (F21: code execution), openssl (F21: multiple vulnerabilities), and xen (F22; F21: multiple vulnerabilities).

Mageia has updated flash-player-plugin (multiple vulnerabilities).

openSUSE has updated cacti (13.2, 13.1: SQL injection), curl (13.2, 13.1: information disclosure), and libwmf (13.2; 13.1: code execution).

Oracle has updated kernel (OL7: multiple vulnerabilities), libreswan (OL7: denial of service), mailman (OL7: path traversal attack), and php (OL7: multiple vulnerabilities).

SUSE has updated flash-player (SLED12: code execution).

Kategóriák: Linux

Red Hat Announces Winners of Women in Open Source Awards

sze, 2015-06-24 00:19
Red Hat has announced the winners of its Women in Open Source Awards. The Academic Award goes to Kesha Shah, a student at Dhirubhai Ambani Institute of Information and Communication Technology, and the Community Award goes to Sarah Sharp, embedded software architect at Intel. Opensource.com has interviews with both women.

Kesha Shah: "Last year, I was a mentor in Season of KDE and GCI again, with BRLCAD and KDE. Now, I am currently working on testing automation of Ushahidi with Systers, an Anita Borg community, as a part of GSoC. During my journey, I had seen several of my peers enter the domain, succeed, and fail in equal measure. So, I took up the challenge of mentoring newbies. One of my biggest achievements is that I have personally guided about 20-22 newbies into the world of open source through mentoring programs like GCI, SoK, Learn IT girls, and through conducting hands-on workshops and enlightening talks on open source. Those efforts converted them to regular contributors."

Sarah Sharp: "My second proudest moment is the very first round when the Linux kernel participated in the Outreach Program for Women (now called Outreachy). A lot of kernel maintainers complained about how newcomers would send them mangled patches, and grump about how the newcomers should really just RTFM and look at our patch submission guidelines. Of course, it turned out the manual was lacking or out of date, and there were a lot of steps to set up tools for Linux kernel development, so I spent a week and created a step-by-step tutorial. It was really gratifying to see those first applicants go through my tutorial and send well-formed patches. I've loved watching those interns move onto bigger projects, and even get hired to work on the Linux kernel, and I'm really proud I was able to help people get involved in Linux kernel development."

Kategóriák: Linux

Stable kernel updates

k, 2015-06-23 20:08
Greg Kroah-Hartman has released stable kernels 4.0.6, 3.14.45, and 3.10.81. All of them contain important fixes throughout the tree.
Kategóriák: Linux

Tuesday's security advisories

k, 2015-06-23 19:10

Arch Linux has updated curl (information disclosure).

Debian-LTS has updated postgresql-8.4 (denial of service).

Fedora has updated xorg-x11-server (F22: permission bypass).

Gentoo has updated chromium (multiple vulnerabilities) and gnutls (denial of service).

Red Hat has updated kernel (RHEL7: multiple vulnerabilities), kernel-rt (RHEL7; RHEMRG2.5: multiple vulnerabilities), libreswan (RHEL7: denial of service), mailman (RHEL7: path traversal attack), and php (RHEL7: multiple vulnerabilities).

SUSE has updated e2fsprogs (SLE11SP4: code execution).

Ubuntu has updated kernel (14.10; 14.04; 12.04: regression in previous update), linux-ti-omap4 (12.04: regression in previous update), linux-lts-trusty (12.04: regression in previous update), linux-lts-utopic (14.04: regression in previous update), and patch (14.10, 14.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

The Open Container Project

h, 2015-06-22 21:01
The Open Container Project has announced its existence. "Housed under the Linux Foundation, the OCP’s mission is to enable users and companies to continue to innovate and develop container-based solutions, with confidence that their pre-existing development efforts will be protected and without industry fragmentation. As part of this initiative, Docker will donate the code for its software container format and its runtime, as well as the associated specifications. The leadership of the Application Container spec (“appc”) initiative, including founding member CoreOS, will also be bringing their technical leadership and support to OCP."
Kategóriák: Linux

Security advisories for Monday

h, 2015-06-22 19:20

Debian has updated pyjwt (accepts arbitrary tokens).

Debian-LTS has updated libclamunrar (double-free error), qemu (code execution), qemu-kvm (code execution), and zendframework (multiple vulnerabilities).

Fedora has updated abrt (F22: multiple vulnerabilities), cups (F22; F21: two vulnerabilities), drupal7-views (F22; F21; F20: access bypass), gnome-abrt (F22: multiple vulnerabilities), kernel (F22; F21: privilege escalation), krb5 (F21: two vulnerabilities), libreport (F22: multiple vulnerabilities), openssl (F22: multiple vulnerabilities), postgresql (F22: multiple vulnerabilities), qemu (F21: denial of service), qpid-cpp (F21: two vulnerabilities), and satyr (F22: multiple vulnerabilities).

Gentoo has updated adobe-flash (multiple vulnerabilities) and openssl (multiple vulnerabilities).

openSUSE has updated cgit (13.2, 13.1: code execution), xen (13.2; 13.1: multiple vulnerabilities), and XWayland (13.2: permission bypass).

SUSE has updated IBM Java (SLE11SP3: multiple vulnerabilities).

Kategóriák: Linux

The long ARM of Linux: Red Hat Enterprise Linux Server for ARM Development Preview (Red Hat Blog)

h, 2015-06-22 18:51
In a post on the Red Hat Blog, the company has announced a version of Red Hat Enterprise Linux (RHEL) for ARM development. "Today, we are making the Red Hat Enterprise Linux Server for ARM Development Preview 7.1 available to all current and future members of the Red Hat ARM Partner Early Access Program as well as their end users as an unsupported development platform, providing a common standards-based operating system for existing 64-bit ARM hardware. Beyond this release, we plan to continue collaborating with our partner ISVs and OEMs, end users, and the broader open source community to enhance and refine the platform to ultimately work with the next generation of ARM-based designs." Jon Masters, who is the technical lead for the project, has a lengthy Google+ post about the project and its history over the last 4+ years.
Kategóriák: Linux

Three projects funded by CII

h, 2015-06-22 16:40
The Linux Foundation's Critical Infrastructure Initiative has announced the funding of three projects to the tune of "nearly $500,000." "CII's funds will support a new open source automated testing project, the Reproducible Builds initiative from Debian, and IT security researcher Hanno Boeck's Fuzzing Project. Additionally, The Linux Foundation is announcing Emily Ratliff is joining The Linux Foundation as senior director of infrastructure security for CII. Ratliff is a Linux, system and cloud security expert with more than 20 years' experience. Most recently she worked as a security engineer for AMD and logged nearly 15 years at IBM."
Kategóriák: Linux

Shuttleworth: Introducing the Fan

h, 2015-06-22 16:12
Mark Shuttleworth announces "the Fan", a new mechanism for directing communications between containers. "We recognised that container networking is unusual, and quite unlike true software-defined networking, in that the number of containers you want on each host is probably roughly the same. You want to run a couple hundred containers on each VM. You also don’t (in the docker case) want to live migrate them around, you just kill them and start them again elsewhere. Essentially, what you need is an address multiplier – anywhere you have one interface, it would be handy to have 250 of them instead." See this page for details on how it works.
Kategóriák: Linux

Mageia 5 released

h, 2015-06-22 15:34
The Mageia 5 release is now available. The headline feature in this long-awaited distribution release appears to be UEFI BIOS support, but there's more; see the release notes for details.
Kategóriák: Linux

The 4.1 kernel is out

h, 2015-06-22 14:47
Linus has released the 4.1 kernel. "It's not like the 4.1 release cycle was particularly painful, and let's hope that the extra week of letting it sit makes for a great release. Which wouldn't be a bad thing, considering that 4.1 will also be a LTS release." Headline features in this release include support for encrypted ext4 filesystems, the persistent memory block driver, ACPI support for the ARM64 architecture, and more.
Kategóriák: Linux

[$] Rebasing openSUSE

p, 2015-06-19 23:42
The openSUSE project has often struggled with questions of identity: what is the distribution trying to be, and for who? From the 2010 strategy search through to the 2013 development-model discussions and the 2014 release-management questions, openSUSE's developers have tried to find a development approach that is both sustainable and appealing to a wider audience. In 2015, it appears that a partial success has been achieved, but that success is driving a new and controversial change.
Kategóriák: Linux

Poettering: The new sd-bus API of systemd

p, 2015-06-19 23:40
Lennart Poettering writes about the sd-bus library with substantial digressions into how D-Bus works in general. "We believe the result of our work delivers our goals quite nicely: the library is fun to use, supports kdbus and sockets as back-end, is relatively minimal, and the performance is substantially better than both libdbus and GDBus."
Kategóriák: Linux

Announcing the Code Climate platform

p, 2015-06-19 23:24
Code Climate has announced the open-source release of its static-analysis platform. "We’re releasing the static analysis engines that power the new Code Climate Platform, and going forward, all of our static analysis code will be published under Open Source licenses. Code Climate has always provided free analysis to Open Source projects, and this continues to deepen our commitment to, and participation in, the OSS community."
Kategóriák: Linux

Bacon: Rebasing Ubuntu on Android?

p, 2015-06-19 23:21

At his blog, former Ubuntu Community Manager Jono Bacon speculates on whether or not the Ubuntu Phone project should rebase its software stack on Android. Bacon prefaces the post with a note that it is "designed purely for some intellectual fun and discussion. I am not proposing we actually do this, nor advocating for this." The central argument is that new mobile platforms invariably expend hundreds of thousands of dollars attracting well-known app vendors to the new stack. Supporting Android apps would let Ubuntu focus efforts on the user interface, scopes, and other components. "I know there has been a reluctance to support Android apps on Ubuntu as it devalues the Ubuntu app ecosystem and people would just use Android apps, but I honestly think some kind of middle-ground is needed to get into the game, otherwise I worry we won’t even make it to the subs bench no matter how awesome our technology is." Note that, whatever one makes of the idea, Bacon is speaking only about the Ubuntu Phone stack; the post does touch on how such a rebase would interfere with Ubuntu's plans for a converged software stack.

Kategóriák: Linux

Friday's security updates

p, 2015-06-19 16:45

Debian has updated cinder (file disclosure) and drupal7 (multiple vulnerabilities).

Fedora has updated mbedtls (F21: multiple vulnerabilities) and python-django14 (F20: cross-site scripting).

Mageia has updated cups (M4: multiple vulnerabilities), ffmpeg (M4: multiple vulnerabilities), openssl (M4: multiple vulnerabilities), and redis (M4: code execution).

SUSE has updated IBM Java (SLES10 SP4; SLE11: multiple vulnerabilities).

Kategóriák: Linux

The launch of WebAssembly

cs, 2015-06-18 16:51
Luke Wagner of Mozilla has announced the existence of the WebAssembly project. The purpose is to define a low-level language to run in web browsers; it will then serve as a compilation target for higher-level languages. Developers from most of the major browser engines are working on the project. "For existing Emscripten/asm.js users, targeting WebAssembly will be as easy as flipping a flag. Thus, it is natural to view WebAssembly as the next evolutionary step of asm.js (a step many have requested and anticipated)."
Kategóriák: Linux