Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 3 perc 31 másodperc

Tuesday's security updates

k, 2015-02-10 19:08

Debian has updated ruby1.9.1 (multiple vulnerabilities) and unrtf (code execution).

Mageia has updated clamav (heap overflow), moodle (information disclosure), and polarssl (code execution).

Mandriva has updated cabextract (denial of service), clamav (heap overflow), glibc (code execution), otrs (privilege escalation), and zarafa (denial of service).

openSUSE has updated curl (13.2, 13.1: two vulnerabilities), grep (13.2: heap buffer overrun), llvm (13.1: insecure temporary files), openvas-manager (13.2: sql injection), and rsync (13.2, 13.1: code execution).

Ubuntu has updated binutils (multiple vulnerabilities) and ntp (two vulnerabilities).

Kategóriák: Linux

ownCloud Server 8 released

h, 2015-02-09 22:03
Version 8 of the ownCloud server is available. "This new release brings improved sharing and collaboration between clouds and introduces faster ways of getting at your files with favorites and improved search." See the feature page for details.
Kategóriák: Linux

Security advisories for Monday

h, 2015-02-09 20:38

Debian has updated liblivemedia (code execution), libxml2 (regression/incomplete fix in previous update), and ntp (incomplete fix in previous update).

Debian-LTS has updated krb5 (multiple vulnerabilities), libxml2 (regression/incomplete fix in previous update), ntp (multiple vulnerabilities), sympa (information disclosure), unzip (two vulnerabilities), and wpasupplicant (command execution).

Fedora has updated e2fsprogs (F21: code execution), jasper (F21; F20: two vulnerabilities), kernel (F20: two vulnerabilities), mantis (F21; F20: multiple vulnerabilities), maradns (F20: security hardening), postgresql (F21: multiple vulnerabilities), and websvn (F21; F20: information disclosure).

Gentoo has updated adobe-flash (multiple vulnerabilities), antiword (denial of service), bind (denial of service), libav (multiple vulnerabilities), libevent (code execution), mediawiki (multiple vulnerabilities), nginx (information disclosure), and tcpdump (multiple vulnerabilities).

Mageia has updated flash-player-plugin (multiple vulnerabilities).

openSUSE has updated flash-player (13.2, 13.1; 11.4: multiple vulnerabilities), privoxy (13.2, 13.1: multiple vulnerabilities), unzip (13.2, 13.1: code execution), virtualbox (13.2, 13.1: multiple vulnerabilities), and vorbis-tools (13.2, 13.1: denial of service).

Red Hat has updated flash-plugin (RHEL5,6: multiple vulnerabilities).

SUSE has updated flash-player (SLE12: multiple vulnerabilities) and flash-player, flash-player-gnome, flash-player-kde4 (SLE11 SP3: multiple vulnerabilities).

Kategóriák: Linux

The 3.19 kernel has been released

h, 2015-02-09 15:13
Linus has released the 3.19 kernel, saying "while I was tempted a couple of times to do an rc8, there really wasn't any reason for it." Significant changes in 3.19 include support for the Altera Nios II processor architecture, device tree overlay support, the ability to attach eBPF programs to sockets, disk scrubbing and replacement for RAID 5 and 6 in the Btrfs filesystem, the execveat() system call, and much more.
Kategóriák: Linux

GNU C library version 2.21 released

szo, 2015-02-07 17:35
Version 2.21 of the GNU C library is available. This release includes a lot of bug fixes, a wide range of architecture-specific performance and functionality improvements, and a new semaphore implementation. "Previous custom assembly implementations of semaphore were difficult to reason about or ensure that they were safe. The new version of semaphore supports machines with 64-bit or 32-bit atomic operations."
Kategóriák: Linux

Linux Plumbers Conference call for proposals

p, 2015-02-06 23:58
The calls for proposals (CFPs) for Linux Plumbers Conference microconferences and refereed track presentations are now up. The conference will be held August 19-21 in Seattle, WA, co-located (and overlapping one day) with LinuxCon North America.
Kategóriák: Linux

The first Tizen smartphone isn’t an “Android killer”—it’s a bad Android clone (ars technica)

p, 2015-02-06 22:44
Here's an extensive review of Samsung's first Tizen-based phone on ars technica. They are not overly impressed. "New OSes always have problems, usually with app selection and hardware availability, but they're supposed to make up for their ecosystem problems by bringing something new to the table. Windows Phone had a new interface style. Blackberry 10 devices have a small but vocal built-in fanbase, well-made hardware with physical keyboards, and lots of enterprise experience. But Tizen doesn't have any stand-out aspect. It's all the negatives of a new OS without any of the positives."
Kategóriák: Linux

A new batch of stable kernels

p, 2015-02-06 21:07

Greg Kroah-Hartman has released stable kernels 3.10.68, 3.14.32, and 3.18.6, each with important fixes and updates throughout the tree.

Kategóriák: Linux

Friday's security updates

p, 2015-02-06 17:59

CentOS has updated mariadb (C7: multiple vulnerabilities).

Debian has updated ntp (multiple vulnerabilities) and postgresql-9.1 (multiple vulnerabilities).

Fedora has updated kernel (F21: multiple vulnerabilities) and php (F20; F21: multiple vulnerabilities).

Gentoo has updated mpg123 (code execution).

Mageia has updated cabextract (M4: denial of service), hexchat (M4: SSL spoofing), vlc (M4: multiple vulnerabilities), vorbis-tools (M4: denial of service), and zarafa (M4: denial of service).

Mandriva has updated aircrack-ng (BS1: multiple vulnerabilities), binutils (BS1: multiple vulnerabilities), bugzilla (BS1: command injection), busybox (BS1: arbitrary module loading), jasper (BS1: multiple vulnerabilities), java-1.7.0-openjdk (BS1: multiple vulnerabilities), libvirt (BS1: information leak), php (BS1: multiple vulnerabilities), python-django (BS1: multiple vulnerabilities), and vorbis-tools (BS1: denial of service).

openSUSE has updated libvirt (13.1, 13.2: access control bypass) and xen (13.1: multiple vulnerabilities).

Red Hat has updated java-1.5.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.6.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm (RHEL5: multiple vulnerabilities), and java-1.7.1-ibm (RHEL6,7: multiple vulnerabilities).

Kategóriák: Linux

The end of CrunchBang Linux

p, 2015-02-06 16:36
The developer of the CrunchBang Linux distribution has announced that the project has come to an end. "That said, when progress happens, some things get left behind, and for me, CrunchBang is something that I need to leave behind. I’m leaving it behind because I honestly believe that it no longer holds any value, and whilst I could hold on to it for sentimental reasons, I don’t believe that would be in the best interest of its users, who would benefit from using vanilla Debian."
Kategóriák: Linux

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

p, 2015-02-06 01:28
A lot of attention has been paid to this ProPublica article describing Werner Koch's difficulties getting funding for his GnuPG work. But do note the update: "After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations have also poured into Werner Koch's website donation page to the tune of nearly $50,000 so far."
Kategóriák: Linux

GCC5 and the C++11 ABI (Red Hat developer blog)

p, 2015-02-06 00:43
A post at the Red Hat developer blog looks at some of the changes that are coming with GCC5. Support for the C++11 standard means that some standard library classes need to change their ABI, notably std::basic_string and std::list. The post looks at how the change has been handled and what programmers need to do to deal with the changes. "The last time G++ went through an ABI change, back in the 3.x period, we changed the soname of libstdc++, which was widely regarded as a mistake. Changing the soname caused a lot of pain but is not sufficient to deal with changes in symbol ABIs: if you load multiple shared objects that depend on different versions of the library, you can still get clashes between different versions of the same symbol. So the plan for this ABI change has been to leave the soname (and the existing binary interface) alone, and express the new ABI using different mangled names."
Kategóriák: Linux

Thursday's security advisories

cs, 2015-02-05 18:09

Fedora has updated maradns (F21: denial of service) and patch (F21: two vulnerabilities).

Ubuntu has updated file (three vulnerabilities) and python-django (12.04, 10.04: regression in previous security fix).

Kategóriák: Linux

[$] LWN.net Weekly Edition for February 5, 2015

cs, 2015-02-05 03:49
The LWN.net Weekly Edition for February 5, 2015 is available.
Kategóriák: Linux

Results from Fedora's FESCo election

sze, 2015-02-04 22:27
The Fedora project has announced the results from this year's election for members of its engineering steering committee (FESCo). The winning candidates are Kevin Fenzi, Adam Jackson, Tomas Hozza, Parag Nemade, and Debarshi Ray.
Kategóriák: Linux

OPW becomes Outreachy

sze, 2015-02-04 21:27
The effort formerly known as the FOSS Outreach Program for Women has just been rebranded as Outreachy and moved under the Software Freedom Conservancy's organizational umbrella. "The upcoming round of internships is open to women (cis and trans), trans men, genderqueer people, and all participants of the Ascend Project regardless of gender. We are planning to expand the program to more participants from underrepresented backgrounds in the future."
Kategóriák: Linux

[$] A look at Inkscape 0.91

sze, 2015-02-04 21:20

The Inkscape project released version 0.91 at the end of January, a release culminating more than four years of development. The new release incorporates a lengthy list of improvements from that time period: new tools, performance enhancements, and fixes to several longstanding bugs. Just as importantly, though, it also lays the groundwork for a 1.0 release that will signify an important milestone: full SVG 1.1 support. Over the years, though, Inkscape has evolved to be more than just an SVG editor—as version 0.91 demonstrates.


Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-02-04 19:24

Debian has updated krb5 (multiple vulnerabilities).

Fedora has updated privoxy (F21; F20: multiple vulnerabilities) and vorbis-tools (F20: denial of service).

Oracle has updated mariadb (OL7: multiple unspecified vulnerabilities).

Red Hat has updated kernel (RHEL6.2: multiple vulnerabilities), mariadb (RHEL7: multiple unspecified vulnerabilities), mariadb55-mariadb (RHSCL1: multiple unspecified vulnerabilities), and mysql55-mysql (RHSCL1: multiple unspecified vulnerabilities).

Scientific Linux has updated mariadb (SL7: multiple unspecified vulnerabilities).

Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), kernel (12.04; 10.04: multiple vulnerabilities), linux-ti-omap4 (12.04: multiple vulnerabilities), and unzip (14.10, 14.04, 12.04, 10.04: unspecified impact).

Kategóriák: Linux

[$] FreeNAS — network-attached storage with ZFS

sze, 2015-02-04 00:34
Thus far, this series has looked at Linux distributions that are optimized for network-attached storage (NAS) deployments. This installment will take a slightly different turn: the system under review (FreeNAS) is indeed a free distribution for NAS applications, but it is based on FreeBSD rather than Linux. In many ways it looks like the Linux-based systems reviewed previously, but there are some interesting differences.
Kategóriák: Linux

You can now petition the European Union to 'fix my document' (Opensource.com)

k, 2015-02-03 22:20
Opensource.com covers an effort, initiated by Open Forum Europe (OFE), to help the European Union (EU) institutions live up to their commitments to support open document formats when communicating with the public. "Inspired by the pothole identification and alert site and app, fixmystreet.com, OFE, through its fixmydocuments.eu, is giving a crowd-sourced voice to public frustration with software interoperability limitations that stand in the way of citizens who are seeking to communicate and interact with government. It should be noted, however, this is more than a vehicle through which to vent. Many parts of the EU are legitimately working hard to implement ODF, the open document format for office applications. Fixmydocuments.eu will help them better identify software and documents that are presenting the most pressing and immediate problems. As an added benefit, it should not go unnoticed that more fully deploying ODF and other open standards will help the EU avoid vendor lock-in."
Kategóriák: Linux