Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 23 perc 57 másodperc
CentOS has updated kernel (Xen4CentOS: multiple vulnerabilities).
Fedora has updated gnupg (F18; F19: side channel attack), libgadu (F19; F20: missing ssl certificate validation), openstack-glance (F20: information leak), openstack-keystone (F20: unintentional role granting), perl-Proc-Daemon (F20; F19; F18: writes pidfile with mode 666), and seamonkey (F20; F18; F19: multiple vulnerabilities).
Gentoo has updated xfig (code execution from 2010).
openSUSE has updated openjdk (11.4: multiple vulnerabilities).
SUSE has updated acroread (end of life).
Version 2.6.0 of the GnuCash accounting system has been released. New features include a reworked reports subsystem, the ability to attach external files (receipts, for example) to transactions, a number of new business features, a year-2038 fix, and a relicensing to GPLv2+. See the GnuCash 2.6.0 release tour page for more information.
Some of the members of the Debian Technical Committee are starting to post their conclusions regarding which init system the distribution should use in the future. In particular, Ian Jackson has come out in favor of upstart: "Firstly, unlike the systemd maintainers, I think portability to non-Linux systems is important. It may be that our existing non-Linux ports are not very widely used, undermaintained, and/or not of production quality. However, I think it is important for us to keep those options open."
Russ Allbery, meanwhile, is in favor of systemd. "There are two separate conceptual areas in which I think systemd offers substantial advantages over upstart, each of which I would consider sufficient to choose systemd on its own. Together, they make a compelling case for systemd."
In both cases, the authors have extensively documented their reasons for their decisions; reading the full messages is recommended.
The 3.13-rc6 prepatch is out for testing. "Nothing you'd normally even notice, just 81 fairly small commits."
Worth a read: this posting by Andrew "bunnie" Huang on loading new firmware into a MicroSD card. "From the security perspective, our findings indicate that even though memory cards look inert, they run a body of code that can be modified to perform a class of MITM attacks that could be difficult to detect; there is no standard protocol or method to inspect and attest to the contents of the code running on the memory card’s microcontroller. Those in high-risk, high-sensitivity situations should assume that a 'secure-erase' of a card is insufficient to guarantee the complete erasure of sensitive data."
The kernel.org administrators have announced that they will no longer be adding bzip2-compressed files to the archives, though all existing files will remain available. Going forward, kernel patches and tarballs, along with non-kernel-related files, will be compressed with gzip or xz.
The GNUnet secure peer-to-peer networking framework has released version 0.10.0. "This release represents a major overhaul of the cryptographic primitives used by the system. GNUnet used RSA 2048 since its inception in 2001, but as of GNUnet 0.10.0, we are "powered by Curve25519". Naturally, changing cryptographic primitives like this breaks backwards compatibility entirely. We have used this opportunity to implement protocol improvements all over the system." GNUnet provides four applications: anonymous censorship-resistant file-sharing, a virtual private network (VPN) service, the GNU name system (GNS) a fully-decentralized and censorship resistant replacement for DNS, and GNUnet Conversation that allows voice calls to be made over GNUnet.
Mandriva has updated pixman (BS1, ES5: denial of service).
openSUSE has updated aaa_base (13.1: incorrect /etc/shadow permissions), apache2-mod_nss (13.1: access prevention bypass), php5 (11.4; 12.2, 12.3, 13.1: three vulnerabilities), thunderbird (12.2; 12.3; 13.1: multiple vulnerabilities), v8 (12.3; 13.1: three vulnerabilities), webyast (12.2; 12.3; 13.1: privilege escalation), xen (12.3: multiple vulnerabilities), and xorg-x11-server (12.2, 12.3, 13.1: code execution).
Scientific Linux has updated nss (certificate update).
The 2014 Linux Storage, Filesystem, and Memory Management Summit will be held March 24-25 in Napa Valley, California. The call for proposals is out now for those who would like to participate; the deadline is January 31, but those who need visas to attend should get theirs in earlier. For those unfamiliar with this event, see LWN's coverage of the 2013 Summit for an overview of the type of discussion held there.
Debian has updated libcommons-fileupload-java (overwrites content).
Fedora has updated firefox (F18: multiple vulnerabilities), libjpeg-turbo (F20: information leak), openttd (F20; F19; F18: denial of service), samba (F20: multiple vulnerabilities), v8 (F19; F18; F20: multiple vulnerabilities), and xulrunner (F18: multiple vulnerabilities).
Gentoo has updated tinyproxy (denial of service).
openSUSE has updated kernel (11.4: multiple vulnerabilities).
LinuxDevices founder Rick Lehrbaum has announced the return of a great deal of historical embedded Linux content to the web. "The LinuxDevices Archive is searchable and also available from a calendar interface, so you can click on any month of any year between 1999 and 2012 and see what pops up. Although some stories did not survive the various transitions between content management systems, the Archive includes over 14,000 LinuxDevices posts, most with images intact, including news, product showcases, and special articles and editorials. So far, just about everything we’ve searched for has emerged in good shape."
There's a new major release of Enlightenment available, DR 0.18.0. This version includes Wayland client support, and much more. See the full release announcement for details.
Debian has updated denyhosts (denial of service).
Fedora has updated ca-certificates (F19; F20: update certificates), devscripts (F20: command execution), gnupg (F20: side channel attack), hdapsd (F20: unspecified vulnerability), kernel (F19; F20: multiple vulnerabilities), libreswan (F18; F19; F20: denial of service), nss (F18; F20: denial of service), nss-softokn (F18: denial of service), nss-util (F18: denial of service), openssl (F18; F20; F19: denial of service), and xen (F20: denial of service/privilege escalation).
Mageia has updated apache-mod_nss (access with invalid client certificate), asterisk (denial of service), chromium-browser-stable (multiple vulnerabilities), gnupg (side channel attack), and libkdcraw (denial of service).
openSUSE has updated chromium (12.3; 12.2: multiple vulnerabilities), openttd (13.1, 12.x: denial of service), quassel (13.1: information leak), rubygem-actionmailer-3_2 (13.1, 12.x: denial of service), rubygem-activesupport-3_2 (13.1, 12.x: denial of service), and rubygem-i18n, (13.1, 12.x: cross-site scripting).
Slackware has updated gnupg (side channel attack).
Ubuntu has updated nss (updated certificates).
The fifth 3.13 prepatch is out for testing. "Christmas is almost upon us, and -rc5 is the last rc before most of us gorge ourselves into insensibility. Or cry into our lonely beers. Or go out for Chinese food. Or whatever you happen to do." Linus notes that things are calming down nicely, but that he won't be putting out the 3.13 final release before linux.conf.au regardless since he does not want to open the merge window while he is traveling.
Just in time for the holidays, jolly ol' Greg Kroah-Hartman has released three new stable kernels: 3.12.6, 3.10.25, and 3.4.75. Each contains the usual bevy of updates and fixes; all users are encouraged to upgrade.
openSUSE has updated samba (13.1: multiple vulnerabilities).
Red Hat has updated ca-certificates (RHEL6: bad intermediate certificate), kernel (RHEL5: information leak), nss (bad intermediate certificate), pixman (denial of service), and xorg-x11-server (code execution).
LinuxGizmos.com has a survey of crowdfunded Linux-based device projects launched in 2013. "Of the 19 such products listed below, five were never successfully crowdfunded. Of these unfunded devices, all but one appear to be moving forward with alternative funding. In fact, one — CrystalFontz America’s CFA10036 module — has already shipped. That leaves Canonical’s doomed, yet history making Ubuntu Edge smartphone as the only 'failure.'"
Cyanogen Inc. has announced another round of venture funding, said to be on the order of $22 million. "What does this mean for you as a CM user? Not much yet, except that you’ll see more new things from us more often. We will continue to invest in the community by way of increased resources, sponsoring more events, and of course staying open. You’ll see new apps and features from us, new services, and also more devices which run CM out of the box."
Fedora has updated davfs2 (F18, F19: privilege escalation), eucalyptus (F18: denial of service and information disclosure), rubygem-i18n (F19, F20: cross-site scripting), spice-gtk (privilege escalation), and wireshark (F18: "various security fixes").
Mageia has updated fcron (symlink vulnerability from 2010).
Ubuntu has updated GnuPG 1.4 (key disclosure).
Version 1.4.16 of the GNU Privacy Guard is out; it contains a fix for the recently disclosed acoustic cryptoanalysis attack. "A possible scenario is that the attacker places a sensor (for example a standard smartphone) in the vicinity of the targeted machine. That machine is assumed to do unattended RSA decryption of received mails, for example by using a mail client which speeds up browsing by opportunistically decrypting mails expected to be read soon. While listening to the acoustic emanations of the targeted machine, the smartphone will send new encrypted messages to that machine and re-construct the private key bit by bit. A 4096 bit RSA key used on a laptop can be revealed within an hour." Note that GnuPG 2.x is not vulnerable to this particular attack.
Also worthy of note: the GnuPG developers have launched a crowdfunding campaign to help with GnuPG 2.1 development, update the project's infrastructure, and more.
IT Services Hungary
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Legfrissebb HUP dokumentumok
Hogyan viszonyul a főnököd / munkáltatód a Linkedin-en való jelenlét(ed)hez?
Nem érdekli / nincs rá semmilyen szabályozás
Támogatja / ösztönöz rá
Esetleg szóvá teszi, ha véletlenül megtalálna, de aktívan nem vadászik Rád
a HR aktívan vadászik a saját dolgozóira és a felettesed elbeszélget veled
Azonnali elbocsátás jár érte
Összes szavazat: 191