Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 22 perc 34 másodperc

Stable kernel updates

k, 2014-07-01 17:53
Stable kernels 3.15.3, 3.14.10, 3.10.46, and 3.4.96 have been released. All contain important fixes throughout the tree.
Kategóriák: Linux

Tuesday's security updates

k, 2014-07-01 17:43

Fedora has updated gnupg2 (F19: denial of service) and kdelibs (F20: information disclosure).

Gentoo has updated openfire (multiple vulnerabilities, two from 2009) and openldap (multiple vulnerabilities, one from 2009).

openSUSE has updated freerdp (13.1, 12.3: two vulnerabilities), kernel (12.3: multiple vulnerabilities), libreoffice (13.1: unexpected VBA macro execution), samba (13.1; 12.3: multiple vulnerabilities), seamonkey (13.1, 12.3: multiple vulnerabilities), thunderbird (13.1, 12.3: multiple vulnerabilities), and xalan-j2 (13.1, 12.3: information disclosure/code execution).

Kategóriák: Linux

Security advisories for Monday

h, 2014-06-30 19:30

Debian has updated cacti (multiple vulnerabilities) and libemail-address-perl (denial of service).

Fedora has updated gnupg2 (F20: denial of service), kernel (F20: multiple vulnerabilities), php (F20: multiple vulnerabilities), python (F20: missing boundary check), and zabbix (F20; F19: local file inclusion).

Gentoo has updated icedtea-bin (multiple vulnerabilities, some from 2009), kdelibs (multiple vulnerabilities, some from 2011), and wireshark (multiple vulnerabilities).

Kategóriák: Linux

Kernel prepatch 3.16-rc3

h, 2014-06-30 14:19
Linus has released the third 3.16 prepatch. "We're back on a Sunday release schedule, and things are looking reasonably normal."
Kategóriák: Linux

Day: In praise of Jim Hall

szo, 2014-06-28 01:31

At his blog, Allan Day points GNOME users and developers to some new usability research about GNOME 3.10 and 3.12 conducted by Jim Hall, a graduate student at the University of Minnesota. Day has started filing a number of bug reports based on Hall's findings, including problems with Nautilus bookmarking and confusion over the purpose of the GNOME Software application. The full data set is not yet available online, but Hall is scheduled to present it at GUADEC in July.

Kategóriák: Linux

Friday's security updates

p, 2014-06-27 17:50

Debian has updated gnupg2 (denial of service).

Fedora has updated gnupg (F20: denial of service), python-simplejson (F20: information disclosure), sos (F19; F20; password disclosure, and tor (F19; F20: information disclosure).

Gentoo has updated asterisk (multiple vulnerabilities), django (multiple vulnerabilities), konqueror (multiple vulnerabilities), libav (multiple vulnerabilities), polkit, Spice-Gtk, systemd, HPLIP, libvirt (privilege escalation), spice-gtk (privilege escalation), and sudo (privilege escalation).

Mageia has updated ctdb (M3, M4: insecure temporary files), gnupg, gnupg2 (M3, M4: denial of service), iodine (M3, M4: authentication bypass), and phpmyadmin (M3, M4: cross-site scripting).

Red Hat has updated kernel (RHEL 5.6; RHEL 6.2: multiple vulnerabilities).

Ubuntu has updated gnupg, gnupg2 (denial of service), kernel (12.04; 13.10: multiple vulnerabilities), linux-lts-quantal (multiple vulnerabilities), linux-lts-saucy (multiple vulnerabilities), linux-lts-trusty (multiple vulnerabilities), linux-ti-omap4 (12.04: multiple vulnerabilities), and samba (multiple vulnerabilities).

Kategóriák: Linux

Decades-Old Vulnerability Threatens 'Internet Of Things' (Dark Reading)

cs, 2014-06-26 23:17
Dark Reading writes about a newly-discovered bug that has existed for 20 years in multiple LZO compression implementations. "Patches for the integer overflow bug, which allows an attacker to cripple systems running the so-called Lempel-Ziv-Oberhumer (LZO) code with denial-of-service type attacks as well as remote code execution, were issued the past few days for the Linux kernel, as well as for various open-source media libraries. LZO handles high-speed compression and decompression of IP network traffic and files, typically images, in embedded systems. 'The most popular use is in image data, decompressing photos taken, raw images taken from a camera or video stream,' says Don Bailey, mobile and embedded systems security expert with Lab Mouse Security, who discovered the vulnerability while manually auditing the code."
Kategóriák: Linux

Stable kernels 3.15.2, 3.14.9, 3.10.45, and 3.4.95

cs, 2014-06-26 22:27
Greg Kroah-Hartman has announced the release of four stable kernels: 3.15.2, 3.14.9, 3.10.45, and 3.4.95. As usual, they contain changes throughout the tree and users of those kernel series should upgrade.
Kategóriák: Linux

Where KDE is going - Part 1 (KDE.news)

cs, 2014-06-26 18:09
Over at KDE.news, Jos Poortvliet has a look at where KDE is today and where it is going in the future. It is part one of a "mini series". This piece looks at the community, Plasma, Frameworks, design, and applications, while the next will cover governance and how the community has been changing. "Experiences in the world of mobile and web applications have shown that users are far more likely to start using features and appreciate small batches instead of large dumps. Short release cycles can bring bug fixes and improvements to our users much faster. On the other hand, most users of KDE software access their software and updates through the downstream distributions which are on slower release cycles even though they have repositories for updated software. [Therefore] this is a discussion which needs to include the distributions as much as the upstream developers."
Kategóriák: Linux

Security advisories for Thursday

cs, 2014-06-26 17:27

CentOS has updated dovecot (C6: denial of service) and mod_wsgi (C6: two vulnerabilities).

Debian has updated gnupg (denial of service).

Fedora has updated openstack-neutron (F20: denial of service), samba (F20: three vulnerabilities), and xen (F20; F19: two denial of service flaws).

Gentoo has updated denyhosts (denial of service), dnsmasq (two vulnerabilities, one from 2012), and nas (two vulnerabilities).

Oracle has updated dovecot (OL6: denial of service) and mod_wsgi (C6: two vulnerabilities).

Red Hat has updated dovecot (RHEL6&7: denial of service), mod_wsgi (RHEL6: two vulnerabilities), and python27-mod_wsgi, python33-mod_wsgi (RHSC6&7: privilege escalation).

Scientific Linux has updated dovecot (SL6: denial of service) and mod_wsgi (SL6: two vulnerabilities).

SUSE has updated novell-qtgui, novell-ui-base (SLE11SP3: privilege escalation) and openstack-keystone (?:).

Ubuntu has updated neutron (14.04, 13.10: three vulnerabilities), swift (14.04: cross-site scripting), and php5 (14.04, 13.10: regression in previous security fix).

Kategóriák: Linux

[$] LWN.net Weekly Edition for June 26, 2014

cs, 2014-06-26 03:30
The LWN.net Weekly Edition for June 26, 2014 is available.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-06-25 18:21

Fedora has updated rb_libtorrent (F19: stop UPNP from opening port 0) and wireshark (F20: denial of service).

openSUSE has updated ctdb (13.1, 12.3: insecure temporary files), kernel (13.1: multiple vulnerabilities), and php5 (13.1, 12.3: code execution).

Red Hat has updated kernel (RHEL7: multiple vulnerabilities).

Slackware has updated bind (two vulnerabilities), gnupg (denial of service), gnupg2 (denial of service), samba (multiple vulnerabilities), and seamonkey (multiple vulnerabilities).

SUSE has updated firefox (SLES11 SP2 LTSS: multiple vulnerabilities), kernel (SLES11 Unsupported Extras; SLES11 SP2 LTSS: privilege escalation), and rxvt-unicode (SLE11 SP3: command execution).

Kategóriák: Linux

No more updates for Freecode

k, 2014-06-24 21:00
The Freecode site (once known as Freshmeat), has announced that they are no longer updating entries. "Freecode has been the Web's largest index of Linux, Unix and cross-platform software, and mobile applications. Thousands of applications, which are preferably released under an open source license, were meticulously cataloged in the Freecode database, but links to new applications and releases are no longer being added. Each entry provides a description of the software, links to download it and to obtain more information, and a history of the project's releases."
Kategóriák: Linux

Tuesday's security updates

k, 2014-06-24 18:12

openSUSE has updated wireshark (13.1: denial of service).

SUSE has updated firefox (SLES11 SP1 LTSS, SLES10 SP4 LTSS: multiple vulnerabilities).

Kategóriák: Linux

Steps to diversity in your open source group (Opensource.com)

h, 2014-06-23 22:29
Opensource.com covers a talk by Coraline Ehmke about diversity in open source. "She came at the topic from the angle of diversity as a value of the culture of our groups. By now we've heard from many open source thought leaders on why we need diversity in open source—arguments mainly center around the more people of the greater population that we include in our groups, and make feel welcome to our groups, the better our results will be. Why? Coraline points to a study indicating that groupthinking is a real thing—we tend to agree with and value the things that are said and done by other people that are simply like us. So, the presence of someone different in our group increases accuracy by reducing knee-jerk agreements."
Kategóriák: Linux

[$] Questioning EXPORT_SYMBOL_GPL()

h, 2014-06-23 21:36
There have been arguments about the legality of binary-only kernel modules for almost as long as the kernel has had loadable module support. One of the key factors in this disagreement is the EXPORT_SYMBOL_GPL() directive, which is intended to keep certain kernel functions out of the reach of proprietary modules. A recent discussion about the merging of a proposed new kernel subsystem has revived some questions about the meaning and value of EXPORT_SYMBOL_GPL() — and whether it is worth bothering with at all.
Kategóriák: Linux

Security advisories for Monday

h, 2014-06-23 19:01

Debian has updated iodine (authentication bypass), samba (multiple vulnerabilities), and tiff (code execution).

Fedora has updated kernel (F19: privilege escalation), python-jinja2 (F20; F19: code execution), and rb_libtorrent (F20: stop UPNP from opening port 0).

Gentoo has updated curl (two vulnerabilities), nginx (code execution), and nss (multiple vulnerabilities).

Mageia has updated ansible (MG4: insecure evaluation function), kernel (MG3: multiple vulnerabilities), pdns (denial of service), sendmail (denial of service), and smb4k (credential cache leak).

SUSE has updated firefox (SLE11 SP3, SLES10 SP3 LTSS: multiple vulnerabilities).

Ubuntu has updated libreoffice (14.04 LTS: unexpected VBA macro execution), php5 (multiple vulnerabilities), and openssl (regression in previous update).

Kategóriák: Linux

NetworkManager 0.9.10 released

v, 2014-06-22 15:33
NetworkManager 0.9.10 is out with a long list of new features including a curses-based management interface, more modular device support, data center bridging support, many new customization options, better cooperation with other network management tools, and more. (Correction: the release is almost out, being planned for "later this week").
Kategóriák: Linux

Kernel prepatch 3.16-rc2

v, 2014-06-22 15:16
The second 3.16 prepatch is out. Linus says: "It's a day early, but tomorrow ends up being inconvenient for me due to being on the road most of the day, so here you are. These days most people send me their pull requests and patches during the week, so it's not like I expect that a Sunday release would have made much of a difference. And it's also not like I didn't have enough changes for making a rc2 release."
Kategóriák: Linux

PyPy3 2.3.1 released

szo, 2014-06-21 22:57
The PyPy3 2.3.1 release has been announced. This is the first stable release that supports version 3 of the Python language; it also has a number of performance improvements.
Kategóriák: Linux