Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 10 perc 19 másodperc

Security updates for Thursday

cs, 2015-08-06 16:31

CentOS has updated kernel (C7: multiple vulnerabilities, one from 2014).

Fedora has updated kernel (F22: three vulnerabilities).

openSUSE has updated ghostscript (13.2, 13.1: code execution) and php5 (13.2, 13.1: two vulnerabilities).

Red Hat has updated kernel (RHEL7: multiple vulnerabilities, one from 2014) and kernel-rt (RHEL7; RHEL6: multiple vulnerabilities, one from 2014).

Scientific Linux has updated kernel (SL7: multiple vulnerabilities, one from 2014).

SUSE has updated oracle-update (Manager 2.1: multiple vulnerabilities).

Ubuntu has updated cinder (15.04: arbitrary file reads), python-keystoneclient, python-keystonemiddleware (15.04, 14.04: two vulnerabilities, one from 2014), and swift (15.04, 14.04, 12,04: two vulnerabilities, one from 2014).

Kategóriák: Linux

[$] Weekly Edition for August 6, 2015

cs, 2015-08-06 03:24
The Weekly Edition for August 6, 2015 is available.
Kategóriák: Linux

[$] "Big data" features coming in PostgreSQL 9.5

sze, 2015-08-05 20:16
PostgreSQL 9.5 Alpha 2 is due to be released on August 6. Not only does the new version support UPSERT, more JSON functionality, and other new features we looked at back in July, it also has some major enhancements for "big data" workloads. Among these are faster sorts, TABLESAMPLE, GROUPING SETS and CUBE, BRIN indexes, and Foreign Data Wrapper improvements. Taken together, these features strengthen arguments for using PostgreSQL for data warehouses, and enable users to continue using it with bigger databases.
Kategóriák: Linux

Security updates for Wednesday

sze, 2015-08-05 17:55

Debian has updated wordpress (regression in previous update).

Debian-LTS has updated ia32-libs (multiple vulnerabilities).

Red Hat has updated java-1.5.0-ibm (RHEL5,6: multiple vulnerabilities) and node.js (RHOSE2.1; RHOSE2.0: man-in-the-middle attack).

SUSE has updated java-1_6_0-ibm (SLEM12: multiple vulnerabilities).

Ubuntu has updated oxide-qt (15.04, 14.04: multiple vulnerabilities).

Kategóriák: Linux

[$] Fuzzing perf_events

sze, 2015-08-05 14:36
You might be surprised to learn that starting with Linux 2.6.31 (in 2009) it has been rather easy to crash the Linux kernel. This date marks the introduction of the perf_event subsystem. It is likely that perf_event is not any more prone to errors than any other large kernel subsystem, but it has the distinction of being subjected to intense testing from the perf_fuzzer tool, which methodically probes the interface for bugs.

Click below (subscribers only) for the full article from perf_fuzzer author Vince Weaver.

Kategóriák: Linux

LibreOffice 5.0 released

sze, 2015-08-05 13:53
The LibreOffice 5.0 release is out. "LibreOffice 5.0 sports a significantly improved user interface, with a better management of the screen space and a cleaner look. In addition, it offers better interoperability with office suites such as Microsoft Office and Apple iWork, thanks to new and improved filters to handle non standard formats." See this post from Michael Meeks for a detailed description of the work that went into this release.
Kategóriák: Linux

Coalition Announces New ‘Do Not Track’ Standard for Web Browsing

k, 2015-08-04 21:50
The Electronic Frontier Foundation (EFF), privacy company Disconnect and a coalition of Internet companies have announced a stronger “Do Not Track” (DNT) setting for Web browsing—"a new policy standard that, coupled with privacy software, will better protect users from sites that try to secretly follow and record their Internet activity, and incentivize advertisers and data collection companies to respect a user’s choice not to be tracked online."
Kategóriák: Linux

Tuesday's security advisories

k, 2015-08-04 19:00

Debian has updated squid3 (security bypass) and wordpress (multiple vulnerabilities).

Fedora has updated quassel (F21: denial of service).

Mageia has updated ipython (MG4,5: two vulnerabilities), moodle (MG5: vulnerabilities), pdns (MG4,5: denial of service), and php (MG5: multiple vulnerabilities).

openSUSE has updated gpsm (13.1: code execution from 2013).

Scientific Linux has updated autofs (SL6: privilege escalation), curl (SL6: multiple vulnerabilities), freeradius (SL6: denial of service), gnutls (SL6: multiple vulnerabilities), grep (SL6: two vulnerabilities), hivex (SL6: privilege escalation), httpd (SL6: access restriction bypass), ipa (SL6: cross-site scripting), java-1.6.0-openjdk (SL6: multiple vulnerabilities), kernel (SL6: multiple vulnerabilities), libreoffice (SL6: code execution), libxml2 (SL6: denial of service), mailman (SL6: two vulnerabilities), net-snmp (SL6: denial of service), ntp (SL6: multiple vulnerabilities), pacemaker (SL6: privilege escalation), pki-core (SL6: cross-site scripting), python (SL6: multiple vulnerabilities), sudo (SL6: information disclosure), wireshark (SL6: multiple vulnerabilities), and wpa_supplicant (SL6: denial of service).

Kategóriák: Linux

Announcing the shutdown of the Ada Initiative

k, 2015-08-04 15:53
The Ada Initiative has announced that it is shutting down in mid-October. In the four years since it was founded, the organization has accomplished a lot to help create a less hostile environment for women in open technology and open culture. "We are proud of what we accomplished with the support of many thousands of volunteers, sponsors, and donors, and we expect all of our programs to continue on in some form without the Ada Initiative." Essentially, the organization found it hard to find others with the same "experiences, skills, strengths and passions" as co-founders Valerie Aurora and Mary Gardiner when they wanted to change roles within the initiative. "The Ada Initiative will shut down in approximately mid-October after using our remaining funds to complete our current obligations and do the tasks necessary to shut down the organization properly. We have several Ally Skills Workshops booked or in the process of being booked during our remaining months of operation. (We will not be booking additional Ally Skills Workshops through the Ada Initiative, but we will refer clients to other people who are teaching the Ally Skills Workshop.) We will teach Impostor Syndrome training classes in Sydney and Oakland in August, and release the materials under the Creative Commons Attribution Sharealike license. We will do the work to keep the Ada Initiative's web content online and available after the Ada Initiative shuts down."
Kategóriák: Linux

Stable kernel updates

h, 2015-08-03 21:14
Greg Kroah-Hartman has released stable kernels 4.1.4, 3.14.49, and 3.10.85. All of them contain important fixes.
Kategóriák: Linux

Security advisories for Monday

h, 2015-08-03 19:23

Debian has updated apache2 (multiple vulnerabilities), ghostscript (code execution), icedove (multiple vulnerabilities), icu (multiple vulnerabilities), and ruby-rack (denial of service).

Fedora has updated bind (F22; F21: denial of service), bind99 (F22: denial of service), libuser (F21: multiple vulnerabilities), and openssh (F21: denial of service).

Mageia has updated bind (MG4,5: denial of service), icu (MG4,5: code execution), and remind (MG4,5: buffer overflow).

openSUSE has updated bind (13.2, 13.1: denial of service) and libuser (13.2: privilege escalation).

Oracle has updated java-1.6.0-openjdk (OL5: multiple vulnerabilities), kernel 2.6.39 (OL6; OL5: multiple vulnerabilities), kernel 2..6.32 (OL6; OL5: multiple vulnerabilities), kernel 3.8.13 (OL7; OL6: multiple vulnerabilities), and lxc (OL7; OL6: two vulnerabilities).

Scientific Linux has updated bind (SL6; SL6,7: denial of service) and libuser (SL6: two vulnerabilities).

Kategóriák: Linux

Kernel prepatch 4.2-rc5

h, 2015-08-03 13:02
The 4.2-rc5 prepatch is out, and Linus is wishing things were going a bit more smoothly. "We're getting up there to the later rc's, but it's looking like 4.2 might be one of the releases needing more than the usual seven rc releases - things aren't calming down like I would wish, and we've still had some fairly annoying issues pop up."
Kategóriák: Linux

Real-world use of Linux multipath TCP

szo, 2015-08-01 15:56
LWN looked at the Linux multipath TCP implementation back in 2013. That code remains out of tree, but it now seems that it is being used in some Samsung phones in Korea. "This service enables smartphone users to reach bandwidth of up to 1 Gbps on existing smartphones. This is probably the fastest commercially deployed mobile network. They achieve this high bandwidth by combining both fast LTE (with carrier aggregation) and fast WiFi networks on Multipath TCP enabled smartphones." (Thanks to Oliver Bonaventure).
Kategóriák: Linux

OpenSSL: License Agreements and Changes Are Coming

szo, 2015-08-01 00:10

At the OpenSSL blog, Rich Salz has announced the project's decision to migrate away from the "rather unique and idiosyncratic" OpenSSL license to the Apache 2.0 license. In order to make the change in an upcoming release, though, the project "will soon require almost every contributor to have a signed a Contributor License Agreement (CLA) on file." Individual and corporate versions of the CLA are posted; trivial patches will evidently not trigger the need for the submitter to sign and file an agreement. Salz closes by noting that more details are still to come, since "there is a lot of grunt work needed to clean up the backlog and untangle all the years of work from the time when nobody paid much attention to this sort of detail."

Kategóriák: Linux

Mozilla criticizes browser-selection change in Windows

p, 2015-07-31 23:50

Mozilla has launched a multi-pronged campaign to challenge a recent change in Windows that has the effect of overriding users' choice of Firefox as the default web browser. Mozilla CEO Chris Beard posted a blog entry outlining the problem as well as an open letter to Microsoft CEO Satya Nadella. The change apparently landed with the recent Windows 10 release and, as Beard explains it, "while it is technically possible for people to preserve their previous settings and defaults, the design of the new Windows 10 upgrade experience and user interface does not make this obvious nor easy." Mozilla has also posted tutorials and videos to help users restore Firefox as their default browser.

Kategóriák: Linux

A leadership change at FFmpeg

p, 2015-07-31 17:45
FFmpeg leader Michael Niedermayer has announced his departure from the project. "I hope my resignation will make it easier for the teams to find back together and avoid a more complete split which would otherwise be the result sooner or later as the trees diverge and merging all improvements becomes too difficult for me to do."
Kategóriák: Linux

Friday's security updates

p, 2015-07-31 17:28

CentOS has updated java-1.6.0-openjdk (C5; C7: multiple vulnerabilities).

Debian has updated openafs (multiple vulnerabilities) and xmltooling (denial of service).

Fedora has updated libuser (F22: multiple vulnerabilities), openssh (F22: authentication limits bypass; F22: improper output filtering), and xrdp (F22: denial of service).

Mageia has updated groovy (M4, M5: code execution).

openSUSE has updated bind (11.4: multiple vulnerabilities) and openldap2 (13.1, 13.2: multiple vulnerabilities).

Oracle has updated java-1.6.0-openjdk (O6; O7: multiple vulnerabilities).

Red Hat has updated java-1.6.0-openjdk (multiple vulnerabilities).

Scientific Linux has updated openafs (multiple vulnerabilities).

SUSE has updated bind (SLES 10: denial of service), java-1_7_0-openjdk (SLE 11; SLE 12: multiple vulnerabilities), java-1_7_1-ibm (SLE 11; SLE 12: multiple vulnerabilities), and kernel (SLE 12: multiple vulnerabilities).

Ubuntu has updated hplip (12.04, 14.04, 15.04: man-in-the-middle attack), kernel (14.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), and sqlite3 (12.04, 14.04, 15.04: multiple vulnerabilities).

Kategóriák: Linux

DebConf15 schedule and featured speakers announced

p, 2015-07-31 01:21
Debconf15, which will be held in Heidelberg, Germany August 15-23, has announced its schedule as well as four featured speakers: Allison Randal, President, Open Source Initiative and Distinguished Technologist, HP; Peter Eckersly, Chief Computer Scientist, Electronic Frontier Foundation; John Sullivan, Executive Director, Free Software Foundation; and Jon 'maddog' Hall, Executive Director, Linux International. "The DebConf content team is pleased to announce the schedule of DebConf15, the forthcoming Debian Developers Conference. From a total of nearly 100 talk submissions, the team selected 75 talks. Due to the high number of submissions, several talks had to be shortened to 20 minute slots, of which a total of 30 talks have made it to the schedule. In addition, around 50 meetings and discussions (BoFs) have been organized so far, as well as several other events like lightning talk sessions, live demos, a movie screening, a poetry night or stand-up comedy."
Kategóriák: Linux

Oracle Linux 6.7 released

cs, 2015-07-30 23:33
Oracle has announced the release of Oracle Linux 6.7. As usual this release features both a Red Hat compatible kernel and Oracle's enterprise kernel. Some notable features include Open Security Content Automation Protocol (OpenSCAP), including the oscap utility for enhanced security auditing and compliance, Load Balancing and High Availability with Keepalived and HAProxy, supported under Oracle Linux Premier Support subscriptions, Enhanced SSSD support for Active Directory, and more. See the release notes for details.
Kategóriák: Linux

Security updates for Thursday

cs, 2015-07-30 18:35

Debian-LTS has updated squid3 (security bypass).

Fedora has updated drupal7-path_breadcrumbs (F22; F21: cross-site scripting), ecryptfs-utils (F22; F21: password disclosure from 2014), hplip (F21: key verification botch), httpd (F21: multiple vulnerabilities), ipython (F22; F21: cross-site request forgery), libunwind (F21: code execution), libwmf (F21: two denial of service flaws), nx-libs (F22: unspecified vulnerabilities), wpa_supplicant (F21: code execution), and xrdp (F21: denial of service).

openSUSE has updated lxc (13.2; 13.1: two vulnerabilities).

Oracle has updated autofs (OL6: privilege escalation from 2014), bind (OL6; OL6: denial of service), curl (OL6: multiple vulnerabilities, some from 2014), freeradius (OL6: code execution from 2014), gnutls (OL6: two vulnerabilities), grep (OL6: code execution), hivex (OL6: code execution from 2014), ipa (OL6: cross-site scripting from 2010 and 2012), kernel (OL6: multiple vulnerabilities, some from 2014), kernel 3.8.13 (OL7; OL6: three vulnerabilities, one from 2014), libreoffice (OL6: code execution), libuser (OL6: privilege escalation), libxml2 (OL6: two vulnerabilities, one from 2014), mailman (OL6: two vulnerabilities, one from 2002), net-snmp (OL6: denial of service from 2014), ntp (OL6: three vulnerabilities), pki-core (OL6: cross-site scripting), python (OL6: two vulnerabilities from 2013 and 2014), sudo (OL6: information disclosure from 2014), wireshark (OL6: multiple vulnerabilities, some from 2014), and wpa_supplicant (OL6: denial of service).

SUSE has updated bind (SLE11SP1: denial of service).

Ubuntu has updated ghostscript (15.04, 14.04, 12.04: code execution), openjdk-7 (15.04, 14.04: multiple vulnerabilities), pcre3 (15.04, 14.04, 12.04: multiple vulnerabilities, one from 2014), and tidy (15.04, 14.04, 12.04: two vulnerabilities).

Kategóriák: Linux