Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 29 perc 36 másodperc
Greg Kroah-Hartman has announced the release of the 3.14.5 and 3.10.41 stable kernels. As is the norm, they contain important fixes throughout the tree and users should upgrade.
It is a rare free software project that feels it has too many developers; indeed, most could benefit from more development help. One way to get that help is to have a company pay developers to work on a project; the presence of paid developers is often one of the first signs that a particular project is gaining traction. But paid developers often bring with them worries that the company footing the bill will seek to drive the project in undesirable directions. The GNOME project, which is conducting its annual election for its board of directors until June 8, has an opportunity to say that corporate involvement in development has gone too far — or not.
At the Mozilla "Future Releases" blog, Chad Weiner announces a new feature just added to the latest Firefox Nightly builds: WebRTC-powered audio/video chat functionality. The feature "aims to connect everyone with a WebRTC-enabled browser. And that’s all you will need. No plug-ins, no downloads. If you have a browser, a camera and a mic, you’ll be able to make audio and video calls to anyone else with an enabled browser. It will eventually work across all of your devices and operating systems. And we’ll be adding lots more features in the future as we roll it out to more users." Cross-browser multimedia chat has been demonstrated with WebRTC before, of course, but the functionality has not been built in. Firefox will evidently use OpenTok, a WebRTC application platform, in its implementation.
Red Hat has updated openstack-foreman-installer (RHEL OSP4: insecure defaults), openstack-heat-templates (RHEL OSP4: multiple vulnerabilities), openstack-keystone (RHEL OSP4: restriction bypass), openstack-neutron (RHEL OSP4: multiple vulnerabilities), openstack-nova (RHEL OSP4: information leak), and python-django-horizon (RHEL OSP4: cross-site scripting).
The LWN.net Weekly Edition for May 30, 2014 is available.
A debate about Python modules—and where and how they are hosted—raged in early May on two separate Python mailing lists. There are a number of interrelated issues that make up the debate, but the core question seems to be: should the now-default pip package manager treat the "official" module repository differently than other repositories? Some see "external modules"—those not hosted at the Python Package Index (PyPI)—as a potential reliability problem, while others don't see much difference between external and PyPI-hosted modules.
Subscribers can click below for a look at the discussion from this week's edition.
Fedora has updated libpng (F20: two denial of service flaws), libtiff (F20: code execution), openstack-neutron (F20: access restriction bypass), and php-ZendFramework2 (F20; F19: multiple vulnerabilities).
openSUSE has updated libgadu (two vulnerabilities).
The Linux Foundation has put out a press release describing the evolution of its new "Core Infrastructure Initiative," which directs funding to developers of projects deemed to be both critical and short of resources. The first projects to be funded will be OpenSSL, OpenSSH, and the network time protocol (NTP) implementation. The steering committee for the initiative has been picked; it includes Alan Cox, Eben Moglen, Bruce Schneier, and Ted Ts'o. And a few more companies (Adobe, Bloomberg, HP, Huawei and salesforce.com) have added their support to the program.
Version 2.0.0 of the Git source code management system is available. See What to expect in Git 2.0 for an overview of new features; there is also an extensive set of release notes in the announcement.
Ars Technica reports that the SourceForge-hosted web page for the TrueCrypt encryption program suddenly changed to carry a prominent security warning. It indicates that the program may "contain unfixed security issues" and "is not secure". A new version of TrueCrypt, 7.2, has been released, but with some major differences: "The SourceForge page, which was delivered to people trying to view truecrypt.org pages, contained a new version of the program that, according to this "diff" analysis [.diff.gz], appears to contain changes warning that the program isn't safe to use. Curiously, the new release also appeared to let users decrypt encrypted data but not create new volumes. Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, suggesting that the page warning that TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank."
Just a reminder to those expecting the LWN Weekly Edition in the next few hours: due to the Memorial Day holiday this week, we are operating on our one-day delay schedule. So this week's edition will be published on the 30th, rather than the 29th.
Gentoo has updated xmonad-contrib (command injection).
The developers of the Exim mail transport agent have issued an urgent security release fixing a remote code execution vulnerability. Most users are probably not vulnerable, though: to be affected, a site must (1) be running the 4.82 release, and (2) have enabled the non-default EXPERIMENTAL_DMARC feature. Sites meeting those criteria should update immediately; everybody else can probably wait.
Many sites have linked to this PHP.net post describing plans for the incorporation of a just-in-time compiler into the next major release of PHP. Interestingly, it seems that much of the PHP development community is unhappy with this posting and is discussing changing or simply deleting it. There may be a JIT in a future PHP release, but it seems it was a bit early to proclaim it to the world.
Debian has updated mod-wsgi (two vulnerabilities).
Ubuntu has updated kernel (14.04 LTS; 13.10: multiple vulnerabilities), linux-lts-quantal (12.04 LTS: multiple vulnerabilities), linux-lts-raring (12.04 LTS: multiple vulnerabilities), linux-lts-saucy (12.04 LTS: multiple vulnerabilities), and linux-ti-omap4 (12.04 LTS: multiple vulnerabilities).
Version 3.10.0 of the Claws Mail email client is available. New features include improved SSL certificate management, automatic email account configuration, a number of new configuration options, and more.
The Perl 5.20.0 release is out. "Perl 5.20.0 represents approximately 12 months of development since Perl 5.18.0 and contains approximately 470,000 lines of changes across 2,900 files from 124 authors." Significant changes include subroutine signatures, improved random number generation, a new slice syntax, postfix dereferencing, improved 64-bit support, various performance improvements, and more; see the changelog for lots of details.
On Google+, Opersys CEO Karim Yaghmour has announced the availability of the course materials (slides and exercises) for the company's Android Open Source Project (AOSP) Debugging and Performance Analysis class. The materials are available under the CC-BY-SA (Attribution-ShareAlike) license. "I've been helping people use Android in all sorts of devices for quite a few years now and one of the top requests I get is for information on how to debug the AOSP's internals. As with many things related to Android's internals, such information has been hard to come by. Until now ... [...] The material is built around the Inforce IFC6410 board because it was one of the only dev boards I could find that actually has both Android running on it while still having full performance counter support in perf --- sidenote, perf support on ARM SoCs, especially in combination with Android, tends to be partial at best."
Ars Technica is reporting on a WordPress bug that allows attackers to use a captured, unencrypted cookie to break into an account. "[Electronic Frontier Foundation staff technologist Yan] Zhu snagged a cookie for her own account the same way a malicious hacker might and then pasted it into a fresh browser profile. When she visited WordPress she was immediately logged in—without having to enter her credentials and even though she had enabled two-factor authentication. She was then able to publish blog posts, read private posts and blog stats, and post comments that were attributed to her account. As if that wasn't enough, she was able to use the cookie to change the e-mail address assigned to the account and, if two-factor authentication wasn't already in place, set up the feature. That means a hacker exploiting the vulnerability could lock out a vulnerable user. When the legitimate user tried to access the account, the attempt would fail, since the one-time passcode would be sent to a number controlled by the attacker. Remarkably, the pilfered cookie will remain valid for three years, even if the victim logs out of the account before then."
Fedora has updated libvirt (F20: information disclosure/denial of service), mutt (F19: code execution), perl-LWP-Protocol-https (F19: SSL certificate verification botch), qt (F19: denial of service), rubygem-actionpack (F20; F19: information leak), and zabbix (F20; F19: access restriction bypass).
Mageia has updated kernel-linus (M3: multiple vulnerabilities), kernel-rt (M3: multiple vulnerabilities), kernel-tmb (M4; M3: multiple vulnerabilities), kernel-vserver (M3: multiple vulnerabilities), and mariadb (multiple unspecified vulnerabilities).
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Legfrissebb HUP dokumentumok
Vezetéknélküli billentyűzetet ...
sosem használnék, mert nem biztonságos (lehallgatható).
használnék/használok, de zavar, hogy nem biztonságos.
használnék/használok és szerintem éppen elég biztonságos.
használnék/használok és nem izgat a biztonságuk.
nem érdekel a vezetéknélküli billentyűzet, akár biztonságos akár nem.
Egyéb, lent leírom.
Csak az eredmény érdekel.
Összes szavazat: 464