ls -1TörténelemHardverPartnerünk |
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Webcím: http://lwn.net
Frissült: 20 perc 24 másodperc Security updates for WednesdayDebian has updated apache2 (HTTP redirect). Debian-LTS has updated apache2 (HTTP redirect). Fedora has updated ecryptfs-utils (F24: two vulnerabilities), kernel (F24; F23: multiple vulnerabilities), php-doctrine-orm (F24; F23: privilege escalation), and spice (F24: two vulnerabilities). Gentoo has updated ansible (code execution), arpwatch (privilege escalation from 2012), bugzilla (multiple vulnerabilities from 2014), commons-beanutils (code execution from 2014), dropbear (information disclosure), exim (code execution from 2014), libbsd (denial of service), ntp (many vulnerabilities), and varnish (access control bypass). openSUSE has updated ImageMagick (Leap42.1: many vulnerabilities), nodejs (Leap42.1, 13.2: buffer overflow), and samba (13.2: crypto downgrade). Red Hat has updated java-1.8.0-openjdk (RHEL6,7: multiple vulnerabilities). SUSE has updated flash-player (SLE12-SP1: multiple vulnerabilities). Ubuntu has updated python-django (16.04: cross-site scripting). Kategóriák: Linux
Tor veteran Lucky Green exits, torpedos critical 'Tonga' node and relays (The Register)The Register reports
that longtime Tor contributor Lucky Green is quitting and closing down the
node and bridge authority he operates. "Practically, it's a big
deal. Bridge Authorities are part of the infrastructure that lets users get
around some ISP-level blocks on the network (not, however, defeating deep
packet inspection). They're also incorporated in the Tor code, meaning that
to remove a Bridge Authority is going to need an update." The
shutdown is scheduled for August 31. (Thanks to Nomen Nescio)
Kategóriák: Linux
The Importance of Following Community-Oriented Principles in GPL Enforcement WorkThe Software Freedom Conservancy is one of the few organizations involved
in GPL enforcement, and it has published
principles regarding enforcement practices that seek compliance and not
financial penalties. Bradley Kuhn and Karen Sandler urge
others doing GPL enforcement to follow principles set forth by the
SFC. "One impetus in drafting the Principles was our discovery of
ongoing enforcement efforts that did not fit with the GPL enforcement
community traditions and norms established for the last two
decades. Publishing the previously unwritten guidelines has quickly
separated the wheat from the chaff. Specifically, we remain aware of
multiple non-community-oriented GPL enforcement efforts, where none of
those engaged in these efforts have endorsed our principles nor pledged to
abide by them. These “GPL monetizers”, who trace their roots to nefarious
business models that seek to catch users in minor violations in order to
sell an alternative proprietary license, stand in stark contrast to the
work that Conservancy, FSF and gpl-violations.org have done for
years." The actions of one individual prompted the netfilter
project to make a statement endorsing the principles, which we covered earlier this month.
Kategóriák: Linux
Qt WebBrowser 1.0Version 1.0 of the QtWebBrowser has been released.
Qt WebBrowser is a browser for embedded devices developed using the
capabilities of Qt and Qt WebEngine. "The browser is optimized for embedded touch displays (running Linux), but you can play with it on the desktop platforms, too! Just make sure that you have Qt WebEngine, Qt Quick, and Qt VirtualKeyboard installed (version 5.7 or newer). For optimal performance on embedded devices you should plan for hardware-accelerated OpenGL, and around 1 GiByte of memory for the whole system. Anyhow, depending on your system configuration and the pages to be supported there is room for optimization."
Kategóriák: Linux
Security advisories for TuesdayCentOS has updated httpd (C7; C6; C5: HTTP redirect). Debian has updated mysql-connector-java (information disclosure) and python-django (cross-site scripting). Fedora has updated dnsmasq (F24: denial of service), gd (F23: two vulnerabilities), kernel (F22: multiple vulnerabilities), mingw-openjpeg2 (F24; F23: multiple vulnerabilities), pagure (F24: unspecified), pdfbox (F24: XML External Entity (XXE) attacks), perl (F24; F23: code execution), and tcpreplay (F24; F23: denial of service). Mageia has updated imagemagick (three vulnerabilities). openSUSE has updated apache2 (Leap42.1, 13.2: HTTP redirect). Oracle has updated httpd (OL7; OL6; OL5: HTTP redirect). Red Hat has updated httpd (RHEL7; RHEL5,6: HTTP redirect) and httpd24-httpd (RHSCL: two vulnerabilities). Scientific Linux has updated httpd (SL7; SL5,6: HTTP redirect) and kernel (SL6: privilege escalation). Ubuntu has updated apache2 (HTTP redirect) and thunderbird (two vulnerabilities). Kategóriák: Linux
How (and why) FreeDOS keeps DOS alive (ComputerWorld)ComputerWorld talks
with Jim Hall, a contributor to FreeDOS. "FreeDOS (it was originally dubbed ‘PD-DOS’ for ‘Public Domain DOS’, but the name was changed to reflect that it’s actually released under the GNU General Public License) dates back to June 1994, meaning it is just over 22 years old — a formidable lifespan compared to many open source projects.
“And if you consider the DOS platform, MS-DOS 1.0 dates back to 1981, ‘DOS’ as an operating system has been around for 35 years! That’s not too shabby,” Hall said. (Version 1.0 of MS-DOS — then marketed by IBM as PC DOS — was released in August 1981.)" (Thanks to Paul Wise)
Kategóriák: Linux
Security advisories for MondayArch Linux has updated flashplugin (multiple vulnerabilities), gimp (use-after-free), and lib32-flashplugin (multiple vulnerabilities). Debian has updated libgd2 (multiple vulnerabilities) and pidgin (multiple vulnerabilities). Debian-LTS has updated binutils (multiple vulnerabilities), phpmyadmin (multiple vulnerabilities), and ruby-eventmachine (denial of service). Fedora has updated gimp (F22: use-after-free), httpd (F23: authentication bypass), openjpeg2 (F23: multiple vulnerabilities), perl (F22: code execution), python (F23: denial of service), python3 (F23: denial of service), samba (F23: crypto downgrade), and sudo (F23; F22: race condition). Gentoo has updated cacti (multiple vulnerabilities), chromium (multiple vulnerabilities), cups (code execution), and gd (multiple vulnerabilities). Kategóriák: Linux
Ubuntu forums compromisedCanonical has disclosed
that the Ubuntu forum system has been compromised. "The attacker had
the ability to inject certain formatted SQL to the Forums database on the
Forums database servers. This gave them the ability to read from any table
but we believe they only ever read from the ‘user’ table. They used this
access to download portions of the ‘user’ table which contained usernames,
email addresses and IPs for 2 million users. No active passwords were
accessed."
Kategóriák: Linux
Notes from the fourth RISC-V workshopThe lowRISC project, which is an effort to develop a fully open-source, Linux-powered system-on-chip based on the RISC-V architecture, has published notes from the fourth RISC-V workshop. Notably, the post explains, the members of the RISC-V foundation voted to keep the RISC-V instruction-set architecture (ISA) and related standards open and license-free to all parties. There are also accounts included of the work on RISC-V interrupts, heterogeneous multicore RISC-V processors, support for non-volatile memory, and Debian's RISC-V port. Kategóriák: Linux
Friday's security updatesDebian has updated php5 (multiple vulnerabilities). Debian-LTS has updated clamav (fix for previously released update) and drupal7 (privilege escalation). Fedora has updated openjpeg2 (F24: multiple vulnerabilities) and sqlite (F24: information leak). Mageia has updated graphicsmagick (M5: multiple vulnerabilities), pdfbox (M5: XML External Entity (XEE) attack), sqlite3 (M5: information leak:), thunderbird (M5: multiple vulnerabilities), and util-linux (M5: denial of service). openSUSE has updated flash-player (13.1: multiple vulnerabilities), LibreOffice (Leap 42.1: multiple vulnerabilities), libvirt (13.2; Leap 42.1: authentication bypass), and xerces-c (13.2: multiple vulnerabilities). Red Hat has updated atomic-openshift (RHOSE 3.2: information leak). Ubuntu has updated ecryptfs-utils (15.10, 16.04: information leak), kernel (14.04; 15.10: denial of service), libarchive (12.04, 14.04, 15.10, 16.04: code execution), linux-lts-trusty (12.04: denial of service), linux-lts-utopic (14.04: denial of service), linux-lts-vivid (14.04: denial of service), linux-lts-wily (14.04: denial of service), and linux-raspi2 (15.10: denial of service). Kategóriák: Linux
Automotive Grade Linux Releases 2.0 Spec Amid Growing Support (Linux.com)Over at Linux.com, Eric Brown writes about the release of Automotive Grade Linux (AGL) Unified Code Base (UCB) 2.0 for in-vehicle infotainment (IVI) systems. "The latest version adds features like audio routing, rear seat display support, the beginnings of an app platform, and new development boards including the DragonBoard, Wandboard, and Raspberry Pi.
AGL’s Yocto Project derived UCB distro, which is also based on part on the GENIVI and Tizen automotive specs, was first released in January. UCB 1.0 followed an experimental AGL stack in 2014 and an AGL Requirements Specification in June, 2015.
UCB is scheduled for a 3.0 release in early 2017, at which point some automotive manufacturers will finally use it in production cars. Most of the IVI software will be based on UCB, but carmakers can also differentiate with their own features." We looked at AGL UCB 1.0 back in January.
Kategóriák: Linux
Security advisories for ThursdayFedora has updated gnutls (F23: certificate verification botch). Gentoo has updated flash (many vulnerabilities). openSUSE has updated flash-player (13.2: many vulnerabilities) and kernel (42.1: multiple vulnerabilities). Red Hat has updated flash-plugin (RHEL 5↦6: many vulnerabilities) and rh-nginx18-nginx (RHSC: multiple vulnerabilities). SUSE has updated MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss (SLE11: multiple vulnerabilities). Kategóriák: Linux
[$] LWN.net Weekly Edition for July 14, 2016The LWN.net Weekly Edition for July 14, 2016 is available.
Kategóriák: Linux
Tor Project Elects All-New Board of DirectorsThe Tor Project has announced a new board of directors. "As Tor's board of directors, we consider it our duty to ensure that the Tor Project has the best
possible leadership. The importance of Tor's mission requires it; the
public standing of the organization makes it possible; and we are committed
to achieve it. We had that duty in mind when we conducted an Executive
Director search last year, and appreciate the leadership Shari Steele has
brought. To support her, we further believe that it is time that we pass
the baton of board oversight as the Tor Project moves into its second
decade of operations."
Kategóriák: Linux
Security updates for WednesdayCentOS has updated kernel (C6: privilege escalation). Fedora has updated python (F24: heap corruption), python3 (F24: heap corruption), and squid (F24; F23: multiple vulnerabilities). Mageia has updated flash-player-plugin (multiple vulnerabilities). Oracle has updated kernel (OL6: privilege escalation). Red Hat has updated kernel (RHEL7: denial of service) and kernel (RHEL6: privilege escalation). Scientific Linux has updated thunderbird (SL5,6,7: code execution). Ubuntu has updated pidgin (15.10, 14.04, 12.04: multiple vulnerabilities). Kategóriák: Linux
SPI 2015 Annual ReportSoftware in the Public Interest has announced its 2015 Annual
Report (PDF), covering the 2015 calendar year. The annual report
covers SPI's finances, elections, board members, committees, associated
projects, and other significant changes throughout the year.
Kategóriák: Linux
Herman: Shipping Rust in FirefoxDave Herman reports
that with Firefox 48, Mozilla will ship its first Rust component to all
desktop platforms. "One of the first groups at Mozilla to make use
of Rust was the Media Playback team. Now, it’s certainly easy to see that
media is at the heart of the modern Web experience. What may be less
obvious to the non-paranoid is that every time a browser plays a seemingly
innocuous video (say, a chameleon popping
bubbles), it’s reading data delivered in a complex format and created
by someone you don’t know and don’t trust. And as it turns out, media
formats are known to have been used to trick decoders into exposing nasty security vulnerabilities that exploit memory management bugs in Web browsers’ implementation code.
This makes a memory-safe programming language like Rust a compelling addition to Mozilla’s tool-chest for protecting against potentially malicious media content on the Web."
Kategóriák: Linux
Tuesday's security advisoriesCentOS has updated thunderbird (C7; C6; C5: code execution). Debian-LTS has updated drupal7 (open redirect vulnerability) and graphicsmagick (two vulnerabilities). Fedora has updated expat (F22: multiple vulnerabilities), gnutls (F24: certificate verification vulnerability), gsi-openssh (F24: support GSI authentication), httpd (F24: authentication bypass), krb5 (F22: buffer overflow), mbedtls (F23: three vulnerabilities), pdfbox (F23: XML External Entity (XXE) attacks), pypy3 (F23; F22: two vulnerabilities), python (F22: startTLS stripping attack), python3 (F22: startTLS stripping attack), and samba (F24: crypto downgrade). Oracle has updated thunderbird (OL7; OL6: multiple vulnerabilities). Ubuntu has updated libgd2 (multiple vulnerabilities), nspr (denial of service), and nss (denial of service). Kategóriák: Linux
Gräßlin: Multi-screen woes in Plasma 5.7On his blog, Martin Gräßlin describes some of the multi-screen problems that users have been running into on KDE Plasma 5.7, what the causes are, and why multi-screen is a difficult problem to solve. "Many users expect that new windows open on the primary screen. Unfortunately primary screen does not imply that, it’s only a hint for the desktop shell where to put it’s panels, but does not have any meaning for normal windows.
Of course windows should be placed on a proper location. If a window opens on a turned off external TV something is broken. And KWin wouldn’t do so. KWin places new windows on the “active screen”. The active screen is the one having the active window or the mouse cursor (depending on configuration setting). Unless, unless the window adds a positioning hint. Unfortunately it looks like windows started to position themselves to incorrect values and I started to think about ignoring these hints in future. If applications are not able to place themselves correctly, we might need to do something about it.
Of course KWin allows the user to override it. With windowing specific rules one can ignore the requested geometry."
Kategóriák: Linux
Two new stable kernelsGreg Kroah-Hartman has released stable kernels 4.6.4 and 4.4.15. Both of them contain important fixes.
Kategóriák: Linux
|
KeresésNavigációBelépésÁllásajánlatokHWSWFriss blogbejegyzések
HUP napi hírlevélSzavazásTudsz-e még írásban összeadni, kivonni, szorozni, osztani? Kapásból. Bármely számrendszerben. 14% Kapásból, tízes számrendszerben. 47% Kis gondolkodás után tízes számrendszerben. 27% Már nem emlékszem. 7% Csak az eredmény érdekel. 5% Összes szavazat: 438
InformációKövess minket! |
Friss hozzászólások
14 perc 41 másodperc
59 perc 38 másodperc
1 óra 3 perc
1 óra 8 perc
1 óra 23 perc
1 óra 24 perc
1 óra 36 perc
1 óra 42 perc
1 óra 43 perc
1 óra 50 perc