ls -1TörténelemNépszerű témákNépszerű fórum témákHardverAjánlott böngésző FreeBSD Project NewsOpenBSD Journal |
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Webcím: http://lwn.net
Frissült: 29 perc 36 másodperc Stable kernels 3.14.5 and 3.10.41Greg Kroah-Hartman has announced the release of the 3.14.5 and 3.10.41 stable kernels. As is the norm, they
contain important fixes throughout the tree and users should upgrade.
Kategóriák: Linux
[$] Questioning corporate involvement in GNOME developmentIt is a rare free software project that feels it has too many developers;
indeed, most could benefit from more development help. One way to get that
help is to have a company pay developers to work on a project; the presence
of paid developers is often one of the first signs that a particular
project is gaining traction. But paid developers often bring with them
worries that the company footing the bill will seek to drive the project in
undesirable directions. The GNOME project, which is conducting its annual
election for its board of directors until June 8, has an opportunity to say
that corporate involvement in development has gone too far — or not.
Kategóriák: Linux
Mozilla to build WebRTC chat into FirefoxAt the Mozilla "Future Releases" blog, Chad Weiner announces a new feature just added to the latest Firefox Nightly builds: WebRTC-powered audio/video chat functionality. The feature "aims to connect everyone with a WebRTC-enabled browser. And that’s all you will need. No plug-ins, no downloads. If you have a browser, a camera and a mic, you’ll be able to make audio and video calls to anyone else with an enabled browser. It will eventually work across all of your devices and operating systems. And we’ll be adding lots more features in the future as we roll it out to more users." Cross-browser multimedia chat has been demonstrated with WebRTC before, of course, but the functionality has not been built in. Firefox will evidently use OpenTok, a WebRTC application platform, in its implementation. Kategóriák: Linux
Friday's security updatesFedora has updated emacs (F20: multiple vulnerabilities) and moodle (F19; F20: multiple vulnerabilities). Mageia has updated libgadu (code execution) and mumble (multiple vulnerabilities). openSUSE has updated policycoreutils (12.3, 13.1: privilege escalation) and python-lxml (12.3, 13.1: code injection). Red Hat has updated openstack-foreman-installer (RHEL OSP4: insecure defaults), openstack-heat-templates (RHEL OSP4: multiple vulnerabilities), openstack-keystone (RHEL OSP4: restriction bypass), openstack-neutron (RHEL OSP4: multiple vulnerabilities), openstack-nova (RHEL OSP4: information leak), and python-django-horizon (RHEL OSP4: cross-site scripting). SUSE has updated IBM Java 6 (SLES10 SP3,4; SLES11 SP2: multiple vulnerabilities) and IBM Java 7 (SLES11 SP2: multiple vulnerabilities). Kategóriák: Linux
[$] LWN.net Weekly Edition for May 30, 2014The LWN.net Weekly Edition for May 30, 2014 is available.
Kategóriák: Linux
[$] PyPI, pip, and external repositoriesA debate about Python modules—and where and how they are hosted—raged in early May on two separate Python mailing lists. There are a number of interrelated issues that make up the debate, but the core question seems to be: should the now-default pip package manager treat the "official" module repository differently than other repositories? Some see "external modules"—those not hosted at the Python Package Index (PyPI)—as a potential reliability problem, while others don't see much difference between external and PyPI-hosted modules. Subscribers can click below for a look at the discussion from this week's edition. Kategóriák: Linux
Security advisories for ThursdayFedora has updated libpng (F20: two denial of service flaws), libtiff (F20: code execution), openstack-neutron (F20: access restriction bypass), and php-ZendFramework2 (F20; F19: multiple vulnerabilities). Mageia has updated cifs-utils (code execution), libvirt (two vulnerabilities), mono (M3: denial of service from 2012), qt4 (M3: denial of service), and qt4 and qtbase5 (M4: denial of service). openSUSE has updated libgadu (two vulnerabilities). SUSE has updated firefox (SLE10SP4; SLE10SP3: multiple vulnerabilities) and IBM Java 6 (SLE11SP2: multiple vulnerabilities). Kategóriák: Linux
A Core Infrastructure Initiative announcementThe Linux Foundation has put out a
press release describing the evolution of its new "Core Infrastructure
Initiative," which directs funding to developers of projects deemed to be
both critical and short of resources. The first projects to be funded will
be OpenSSL, OpenSSH, and the network time protocol (NTP) implementation.
The steering committee for the initiative has been picked; it includes Alan
Cox, Eben Moglen, Bruce Schneier, and Ted Ts'o. And a few more companies
(Adobe, Bloomberg, HP, Huawei and salesforce.com) have added their support
to the program.
Kategóriák: Linux
Git 2.0.0 releasedVersion 2.0.0 of the Git source code management system is available. See
What to expect in Git 2.0 for an overview
of new features; there is also an extensive set of release notes in the
announcement.
Kategóriák: Linux
"TrueCrypt is not secure," official SourceForge page abruptly warns (Ars Technica)Ars Technica reports that the SourceForge-hosted web page for the TrueCrypt encryption program suddenly changed to carry a prominent security warning. It indicates that the program may "contain unfixed security issues" and "is not secure". A new version of TrueCrypt, 7.2, has been released, but with some major differences:
"The SourceForge page, which was delivered to people trying to view truecrypt.org pages, contained a new version of the program that, according to this "diff" analysis [.diff.gz], appears to contain changes warning that the program isn't safe to use. Curiously, the new release also appeared to let users decrypt encrypted data but not create new volumes.
Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank."
Kategóriák: Linux
This week's edition will be published on May 30Just a reminder to those expecting the LWN Weekly Edition in the next few
hours: due to the Memorial Day holiday this week, we are operating on our
one-day delay schedule. So this week's edition will be published on the
30th, rather than the 29th.
Kategóriák: Linux
Wednesday's security advisoriesCentOS has updated curl (C6: two vulnerabilities) and libvirt (C6: information disclosure/denial of service). Fedora has updated mumble (F20; F19: multiple vulnerabilities) and seamonkey (F20; F19: multiple vulnerabilities). Gentoo has updated xmonad-contrib (command injection). openSUSE has updated rubygem-actionpack-3_2 (13.1; 12.3: information leak) and tor (13.1, 12.3: information disclosure). Oracle has updated curl (OL6: two vulnerabilities) and libvirt (OL6: information disclosure/denial of service). Red Hat has updated curl (RHEL6: two vulnerabilities), kernel-rt (RHE MRG 2.5: multiple vulnerabilities), and libvirt (RHEL6: information disclosure/denial of service). Scientific Linux has updated curl (SL6: two vulnerabilities) and libvirt (SL6: information disclosure/denial of service). Kategóriák: Linux
Exim 4.82.1 security releaseThe developers of the Exim mail transport agent have issued an urgent
security release fixing a remote code execution vulnerability. Most users
are probably not vulnerable, though: to be affected, a site must
(1) be running the 4.82 release, and (2) have enabled the
non-default EXPERIMENTAL_DMARC feature. Sites meeting those criteria
should update immediately; everybody else can probably wait.
Kategóriák: Linux
PHP next generation — or notMany sites have linked to this PHP.net
post describing plans for the incorporation of a just-in-time compiler
into the next major release of PHP. Interestingly, it seems that much of
the PHP development community is unhappy with
this posting and is discussing changing or simply deleting it. There
may be a JIT in a future PHP release, but it seems it was a bit early to
proclaim it to the world.
Kategóriák: Linux
Security advisories for TuesdayDebian has updated mod-wsgi (two vulnerabilities). Fedora has updated python-django (F20; F19: two vulnerabilities), python-django14 (F20: two vulnerabilities), and python-django15 (F20: two vulnerabilities). openSUSE has updated libxml2, (13.1, 12.3: fixes a regression in a previous update) and PostfixAdmin (13.1, 12.3: SQL command execution). Ubuntu has updated kernel (14.04 LTS; 13.10: multiple vulnerabilities), linux-lts-quantal (12.04 LTS: multiple vulnerabilities), linux-lts-raring (12.04 LTS: multiple vulnerabilities), linux-lts-saucy (12.04 LTS: multiple vulnerabilities), and linux-ti-omap4 (12.04 LTS: multiple vulnerabilities). Kategóriák: Linux
Claws Mail 3.10.0 releasedVersion 3.10.0 of the Claws Mail email client is available. New features
include improved SSL certificate management, automatic email account
configuration, a number of new configuration options, and more.
Kategóriák: Linux
Perl 5.20.0 releasedThe Perl 5.20.0 release is out. "Perl 5.20.0 represents
approximately 12 months of development since Perl 5.18.0 and contains
approximately 470,000 lines of changes across 2,900 files from 124
authors." Significant changes include subroutine signatures,
improved random number generation, a new slice syntax, postfix
dereferencing, improved 64-bit support, various performance improvements,
and more; see the
changelog for lots of details.
Kategóriák: Linux
AOSP Debugging and Performance Analysis course materials availableOn Google+, Opersys CEO Karim Yaghmour has announced the availability of the course materials (slides and exercises) for the company's Android Open Source Project (AOSP) Debugging and Performance Analysis class. The materials are available under the CC-BY-SA (Attribution-ShareAlike) license. "I've been helping people use Android in all sorts of devices for quite a few years now and one of the top requests I get is for information on how to debug the AOSP's internals. As with many things related to Android's internals, such information has been hard to come by. Until now ... [...] The material is built around the Inforce IFC6410 board because it was one of the only dev boards I could find that actually has both Android running on it while still having full performance counter support in perf --- sidenote, perf support on ARM SoCs, especially in combination with Android, tends to be partial at best."
Kategóriák: Linux
Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass (Ars Technica)Ars Technica is reporting on a WordPress bug that allows attackers to use a captured, unencrypted cookie to break into an account. "[Electronic Frontier Foundation staff technologist Yan] Zhu snagged a cookie for her own account the same way a malicious hacker might and then pasted it into a fresh browser profile. When she visited WordPress she was immediately logged in—without having to enter her credentials and even though she had enabled two-factor authentication. She was then able to publish blog posts, read private posts and blog stats, and post comments that were attributed to her account. As if that wasn't enough, she was able to use the cookie to change the e-mail address assigned to the account and, if two-factor authentication wasn't already in place, set up the feature. That means a hacker exploiting the vulnerability could lock out a vulnerable user. When the legitimate user tried to access the account, the attempt would fail, since the one-time passcode would be sent to a number controlled by the attacker. Remarkably, the pilfered cookie will remain valid for three years, even if the victim logs out of the account before then."
Kategóriák: Linux
Monday's security updatesFedora has updated libvirt (F20: information disclosure/denial of service), mutt (F19: code execution), perl-LWP-Protocol-https (F19: SSL certificate verification botch), qt (F19: denial of service), rubygem-actionpack (F20; F19: information leak), and zabbix (F20; F19: access restriction bypass). Mageia has updated kernel-linus (M3: multiple vulnerabilities), kernel-rt (M3: multiple vulnerabilities), kernel-tmb (M4; M3: multiple vulnerabilities), kernel-vserver (M3: multiple vulnerabilities), and mariadb (multiple unspecified vulnerabilities). Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), kernel (12.04; 10.04: multiple vulnerabilities), and mod-wsgi (14.04, 13.10, 12.04: two vulnerabilities). Kategóriák: Linux
|
KeresésNavigációBelépésHupWikiÁllásajánlatokHWSWFriss blogbejegyzésekHUP napi hírlevélLegfrissebb HUP videókLegfrissebb Linux játékvideókLegfrissebb HUP képekLegfrissebb HUP dokumentumokSzavazásVezetéknélküli billentyűzetet ... sosem használnék, mert nem biztonságos (lehallgatható). 3% használnék/használok, de zavar, hogy nem biztonságos. 6% használnék/használok és szerintem éppen elég biztonságos. 8% használnék/használok és nem izgat a biztonságuk. 32% nem érdekel a vezetéknélküli billentyűzet, akár biztonságos akár nem. 43% Egyéb, lent leírom. 3% Csak az eredmény érdekel. 4% Összes szavazat: 464
InformációKövess minket!Partnerünk |
Friss hozzászólások
2 perc 5 másodperc
9 perc 40 másodperc
12 perc 35 másodperc
14 perc 48 másodperc
20 perc 50 másodperc
22 perc 44 másodperc
23 perc 13 másodperc
27 perc 45 másodperc
38 perc 11 másodperc
41 perc 37 másodperc