Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 27 perc 30 másodperc

Security updates for Tuesday

k, 2015-12-08 17:58

CentOS has updated libxml2 (C6: multiple vulnerabilities).

Debian-LTS has updated bouncycastle (invalid curve attack) and linux-2.6 (multiple vulnerabilities).

Fedora has updated audiofile (F22: buffer overflow), LibRaw (F23: two vulnerabilities), and python-django (F23: information disclosure).

openSUSE has updated thunderbird (Leap42.1: multiple vulnerabilities).

Oracle has updated libxml2 (OL7; OL6: multiple vulnerabilities).

Red Hat has updated git (RHEL7: code execution) and kernel (RHEL7: denial of service).

SUSE has updated java-1_7_0-ibm (SLE11SP3: many vulnerabilities).

Ubuntu has updated libsndfile (multiple vulnerabilities).

Kategóriák: Linux

NetHack 3.6.0 released

k, 2015-12-08 14:53
Version 3.6.0 of the NetHack dungeon adventure game has been released. This is the first official release in over ten years. "Unlike previous releases, which focused on the general game fixes, this release consists of a series of foundational changes in the team, underlying infrastructure and changes to the approach to game development. Those of you expecting a huge raft of new features will probably be disappointed. Although we have included a number of new features, the focus of this release was to get the foundation established so that we can build on it going forward." There has been enough change, though, that old save files will not work with this version.
Kategóriák: Linux

It’s actually open source software that’s eating the world (VentureBeat)

k, 2015-12-08 01:12
For a far-outside view, it's hard to beat this VentureBeat article, wherein a venture capitalist talks about how "open-source companies" are taking over. "The OSS companies that will be pillars of IT in the future are the companies that leverage a successful OSS project for sales, marketing, and engineering prioritization but have a product and business strategy that includes some proprietary enhancements. They’ve figured out that customers are more than happy to pay for an enterprise-grade version of the complete product, which may have security, management, or integration enhancements and come with support. And they also understand that keeping this type of functionality proprietary won’t alienate the community supporting the project the way something such as a performance enhancement would."
Kategóriák: Linux

Apple releases Swift

k, 2015-12-08 00:07
Apple has released its Swift programming language under the Apache 2.0 license, and it's available for Linux. The code can be found on GitHub. "Swift makes it easy to write software that is incredibly fast and safe by design. Now that Swift is open source, you can help make the best general purpose programming language available everywhere."
Kategóriák: Linux

Linux Mint 17.3 "Rosa" Cinnamon released

h, 2015-12-07 22:41
Version 17.3 of the Ubuntu-based Linux Mint Cinnamon distribution has been released. This is a long-term support release, with support planned until 2019. There is a long list of new features for this release, many of which come with the Cinnamon 2.8 desktop environment.
Kategóriák: Linux

Security advisories for Monday

h, 2015-12-07 18:24

Fedora has updated lxdm (F23: two vulnerabilities), openssl (F23: multiple vulnerabilities), p7zip (F23: directory traversal), php-symfony (F23; F22: two vulnerabilities), php-twig (F23; F22: two vulnerabilities), and rubygem-flexmock (F23: unspecified vulnerability).

Red Hat has updated libxml2 (RHEL7; RHEL6: multiple vulnerabilities).

Scientific Linux has updated libxml2 (SL6: multiple vulnerabilities).

Ubuntu has updated cups-filters (15.10, 15.04, 14.04: code execution), foomatic-filters (12.04: code execution), and openssl (multiple vulnerabilities).

Kategóriák: Linux

Unicode, Perl 6, and You

h, 2015-12-07 17:49
Day 7 in the ongoing Perl 6 advent calendar is concerned with how the language handles Unicode. "However, Perl 6 does this work for you, keeping track of these collections of codepoints internally, so that you just have to think in terms of what you would see the characters as. If you’ve ever had to dance around with substring operations to make sure you didn’t split between a letter and a diacritic, this will be your happiest day in programming."
Kategóriák: Linux

Kernel prepatch 4.4-rc4

h, 2015-12-07 01:52
The 4.4-rc4 prepatch is out. "Another week, another rc. We had a few more commits than last week (mostly due to the networking fixes merge), but on the whole it's been pretty calm."
Kategóriák: Linux

A few weekend security updates

v, 2015-12-06 00:55
Arch has updated nodejs (two denial-of-service vulnerabilities), openssl (four CVEs), and python-django (information disclosure).

Mageia has updated cups-filters (code execution), moodle (nine CVEs), openssl (four CVEs), and python-django (information disclosure).

Ubuntu has updated kernel (two denial-of-service vulnerabilities) and linux-lts-vivid (ditto).

Kategóriák: Linux

Several OpenSSL security issues fixed

p, 2015-12-04 17:25
The OpenSSL project has released versions 0.9.8zh, 1.0.0t, 1.0.1q, and 1.0.2e with fixes for a number of "moderate" security issues. The announcement also notes that this will be the last update for the 0.9.8 and 1.0.0 branches, so users of those versions are advised to upgrade.
Kategóriák: Linux

GnuPG 2.1.10 released

p, 2015-12-04 17:15
Version 2.1.10 of the GNU Privacy Guard is out. There are a number of new features in this release; they include a trust-on-first-use key acceptance mechanism and the ability to fetch public keys anonymously via Tor.
Kategóriák: Linux

Friday's security updates

p, 2015-12-04 17:05

Debian has updated openssl (multiple vulnerabilities) and redis (denial of service).

Debian-LTS has updated openssl (memory leak).

openSUSE has updated cyrus-imapd (13.1: integer overflow), LibVNCServer (Leap 42.1: multiple vulnerabilities), and python-django (13.2, 13.1: information leak).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and openshift (RHOSE 3.0, 3.1: information leak).

SUSE has updated java-1_6_0-ibm (SLE12: multiple vulnerabilities), java-1_7_1-ibm (SLE11: multiple vulnerabilities), and kernel (SLE12: multiple vulnerabilities).

Kategóriák: Linux

Rogaway: The Moral Character of Cryptographic Work

p, 2015-12-04 00:57
This lengthy paper from Phillip Rogaway tries to describe the moral responsibilities of the cryptographic community — responsibilities that, he believes, that community has failed to live up to. Worth a read. "We need to erect a much expanded commons on the Internet. We need to realize popular services in a secure, distributed, and decentralized way, powered by free software and free/open hardware. We need to build systems beyond the reach of super-sized companies and spy agencies. Such services must be based on strong cryptography. Emphasizing that prerequisite, we need to expand our cryptographic commons."
Kategóriák: Linux

Rintel: NetworkManager and privacy in the IPv6 internet

cs, 2015-12-03 23:44
On his blog, Lubomir Rintel discusses IPv6 privacy issues and how they are being handled by NetworkManager. "Creation of a privacy stable address relies on a pseudo-random key that’s only known the the host itself and never revealed to other hosts in the network. This key is then hashed using a cryptographically secure algorithm along with values specific for a particular network connection. It includes an identifier of the network interface, the network prefix and possibly other values specific to the network such as the wireless SSID. The use of the secret key makes it impossible to predict the resulting address for the other hosts while the network-specific data causes it to be different when entering a different network. This also solves the duplicate address problem nicely. The random key makes collisions unlikely. If, in spite of this, a collision occurs then the hash can be salted with a DAD failure counter and a different address can be generated instead of failing the network connectivity. Now that’s clever."
Kategóriák: Linux

PHP 7 has been released

cs, 2015-12-03 23:32
PHP 7 has been released. Along with some new language features, the biggest change is said to be much better performance and reduced memory use. "PHP 7.0 brings you unprecedented levels of real-world performance and throughput by utilizing the new and advanced Zend Engine 3.0, designed and refactored for speed and reduced memory consumption. This translates to real-world benefits: greatly decreased response times, superior user experiences, and the ability to serve more users with fewer servers to maximize the power of your PHP 7.0 deployment." We looked at the new features in PHP 7 in an article in this week's edition.
Kategóriák: Linux

Let's encrypt starts public beta testing

cs, 2015-12-03 19:52
The Electronic Frontier Foundation has announced the public beta test of the Let's Encrypt initiative, which aims to make encrypted web traffic the norm. "There are a number of flaws in the CA system, but when it comes to encrypting the Web, two in particular stand out: cost and difficulty. Most CAs today charge for certificates. While some are very cheap, every dollar of expense means a large swath of people who can't afford to host a secure website. The larger barrier, though, is difficulty. Once someone has purchased a certificate, they need to install it on their website, a time consuming and error-prone process that requires significant technical skill, which is a cost in itself. Let's Encrypt is not only free but also automated, in order to make HTTPS encryption more accessible than ever."
Kategóriák: Linux

Security updates for Thursday

cs, 2015-12-03 16:39

CentOS has updated jakarta-commons-collections (C6: code execution) and libreport (C6: information leak).

Debian has updated cups-filters (code execution).

Fedora has updated keepass (F22: password locking options removed) and thunderbird (F23: multiple vulnerabilities).

Slackware has updated libpng (two vulnerabilities) and mozilla (multiple vulnerabilities).

Ubuntu has updated linux-lts-trusty (12.04: two vulnerabilities), openjdk-6 (12.04: multiple vulnerabilities), and qemu (multiple vulnerabilities).

Kategóriák: Linux

[$] LWN.net Weekly Edition for December 3, 2015

cs, 2015-12-03 02:50
The LWN.net Weekly Edition for December 3, 2015 is available.
Kategóriák: Linux

[$] Upheaval in the Debian Live project

sze, 2015-12-02 19:24
While the event had a certain amount of drama surrounding it, the announcement of the end for the Debian Live project seems likely to have less of an impact than it first appeared. The loss of the lead developer will certainly be felt—and the treatment he and the project received seems rather baffling—but the project looks like it will continue in some form. So Debian will still have tools to create live CDs and other media going forward, but what appears to be a long-simmering dispute between project founder and leader Daniel Baumann and the Debian CD and installer teams has been "resolved", albeit in an unfortunate fashion.

Subscribers can click below for the full story from this week's Distributions page.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-12-02 18:50

Arch Linux has updated chromium (multiple vulnerabilities).

Debian has updated gnutls26 (padding oracle attack), icedove (multiple vulnerabilities), and putty (memory corruption).

Fedora has updated putty (F23; F22: memory corruption).

openSUSE has updated dracut (Leap42.1: multiple issues) and znc (SPH for SLE12; Leap42.1: denial of service).

SUSE has updated dhcpcd (SLE11SP2,3,4: multiple vulnerabilities), java-1_6_0-ibm (SLE11SP3: multiple vulnerabilities), and java-1_7_1-ibm (SLE12: multiple vulnerabilities).

Ubuntu has updated kernel (14.04: denial of service) and linux-lts-utopic (14.04: denial of service).

Kategóriák: Linux