Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 13 perc 15 másodperc

Security advisories for Wednesday

sze, 2014-11-12 18:55

CentOS has updated gnutls (C7: code execution), kdenetwork (C7: multiple vulnerabilities), kernel (C6: multiple vulnerabilities), and libvncserver (C7; C6: multiple vulnerabilities).

Debian has updated file (out-of-bounds read flaw) and nss (code execution).

Fedora has updated deluge (F20: deluge-web is vulnerable to POODLE), mokutil (F20; F19: multiple vulnerabilities), Pound (F20: multiple vulnerabilities), shim-signed (F20; F19: multiple vulnerabilities), and tnftp (F20: command execution).

Mageia has updated apt (code execution) and php (out-of-bounds read flaw).

openSUSE has updated ImageMagick (13.2, 13.1, 12.3: multiple vulnerabilities), konversation (13.2: information disclosure), libserf (13.2, 13.1, 12.3: man-in-the-middle attack), pidgin (13.2: multiple vulnerabilities), and sssd (13.2: restriction bypass).

Oracle has updated gnutls (OL7: code execution), kdenetwork (OL7: multiple vulnerabilities), kernel (OL6: multiple vulnerabilities), and libvncserver (OL7; OL6: multiple vulnerabilities).

Red Hat has updated gnutls (RHEL7: code execution), kdenetwork (RHEL7: multiple vulnerabilities), kernel (RHEL6: multiple vulnerabilities), and libvncserver (RHEL6,7: multiple vulnerabilities).

Scientific Linux has updated gnutls (SL7: code execution), kdenetwork (SL7: multiple vulnerabilities), kernel (SL6: multiple vulnerabilities), and libvncserver (SL6,7: multiple vulnerabilities).

SUSE has updated spacewalk-branding (SUSE Manager1.7: clarify CVE audit).

Ubuntu has updated cinder (14.04: information disclosure), keystone (14.04: information disclosure), neutron (14.04: denial of service), and nova (14.04: two vulnerabilities).

Kategóriák: Linux

Microsoft open-sources the .NET core

sze, 2014-11-12 18:02
Microsoft has announced that the .NET core code is now available under an open-source (MIT) license. "As a .NET developer you were able to build & run code on more than just Windows for a while now, including Linux, MacOS, iOs and Android. The challenge is that the Windows implementation has one code base while Mono has a complete separate code base. The Mono community was essentially forced to re-implement .NET because no open source implementation was available." Amusingly, the code has been placed on GitHub; the announcement notes that code located there gets far more contributions than code on Microsoft's own "CodePlex" site.
Kategóriák: Linux

[$] High-DPI displays and Linux

sze, 2014-11-12 16:07
Your editor recently acquired a laptop with a high-DPI screen. This acquisition was partially justified, of course, as an opportunity to investigate the state of Linux support of high-DPI screens; it turns out that, while quite a bit of progress has been made, this problem has not yet been fully solved. Click below (subscribers only) for the full report.
Kategóriák: Linux

A proposed policy to remove unfixable packages from Ubuntu

sze, 2014-11-12 15:26
In response to the recent ownCloud troubles, Martin Pitt has put together a proposal allowing for the removal of problematic packages from the Ubuntu repositories in the future. "In rare cases, an universe package becomes actively detrimental in stable releases: If it is unmaintained in Ubuntu and has unfixed security issues or got broken because of changing network protocols/APIs, it is better to stop offering it in Ubuntu altogether rather than continuing to encourage users to install it." Comments are requested.
Kategóriák: Linux

Red Hat Enterprise Linux 7 Atomic Host Beta

k, 2014-11-11 20:30
Red Hat has announced the availability of the first public beta of Red Hat Enterprise Linux 7 Atomic Host. "Red Hat Enterprise Linux 7 Atomic Host Beta provides a streamlined host platform that is optimized to run application containers. The software components included in Red Hat Enterprise Linux 7 Atomic Host Beta, as well as the default system tunings, have been designed to enhance the performance, scalability and security of containers, giving you the optimal platform on which to deploy and run application containers."
Kategóriák: Linux

Tuesday's security updates

k, 2014-11-11 18:23

Fedora has updated firefox (F19: multiple vulnerabilities).

openSUSE has updated claws-mail (13.2: man-in-the-middle attack), php5 (13.2: three vulnerabilities), quassel (13.2, 13.1, 12.3: information disclosure), tnftp (13.2, 13.1: command execution), wget (13.2, 13.1, 12.3: symlink attack), and zeromq (13.1, 12.3: man-in-the-middle attack).

SUSE has updated firefox (SLE11 SP3: multiple vulnerabilities) and OpenSSL (SLES11 SP2,SP1; SLES10 SP4: multiple vulnerabilities).

Ubuntu has updated gnutls28 (14.10: code execution), kde-workspace (12.04: privilege escalation), konversation (12.04: information disclosure), and libvirt (14.10, 14.04: two vulnerabilities).

Kategóriák: Linux

GNOME gets GroupedOn

k, 2014-11-11 13:44
GroupOn, a sort of Internet sales discount coupon company has recently announced a point-of-sale tablet called "Gnome". The GNOME Foundation, by virtue of having used that name since the 1990's and having trademarked it in 2006, objects strongly to what it sees as a blatant infringement of its trademark. The organization is scrambling to file its opposition to GroupOn's new trademark filings, but that takes work — and money. So there is now a fund-raising effort in the works to help make this opposition happen. "Help us raise the funds to fight back and most of all call public attention to this terrible behavior by Groupon. Help us make sure that when people hear about GNOME software they learn about freedom and not proprietary software. Our counsel has advised us that we will need $80,000 to oppose the registration of the first set of 10 applications. If we are able to defend the mark without spending this amount, we will use the remaining funds to bolster and improve GNOME."

Update: according to Engadget, GroupOn says it wants to work things out, all the way to picking a new product name if necessary.

Another update: The GNOME Foundation reports that Groupon will abandon its pending trademarks and proceed with a name change.

Kategóriák: Linux

Baker: Mozilla and the Future of the Open Internet

k, 2014-11-11 01:34
Mitchell Baker celebrates Firefox's 10th anniversary. "The answer is: yes, Firefox did win in the desktop era. We changed the fundamental landscape by bringing a new experience and a new view of the world to hundreds of millions of people. However, there is still essential work to do as the Web still faces real threats today — and likely will again in the future. Here are details on what’s happening as part of the 10th anniversary of Firefox."
Kategóriák: Linux

Meeks: OpenGL rendering for LibreOffice 4.4

k, 2014-11-11 01:16
Michael Meeks looks at OpenGL rendering in LibreOffice. "Image scaling is another area where we currently suffer; with several open bugs - first one complains about performance, and then when you lower rendering quality to get performance, another bug complains about rendering quality. Doing high quality image interpolation of large images takes time, even when threaded. People love to whack large, high-DPI images into their documents and presentations. By moving all of the image interpolation work to the GPU we should be able to have our cake: pretty scaled images, and also eat it quickly: with fast rendering."
Kategóriák: Linux

Security advisories for Monday

h, 2014-11-10 18:38

Debian has updated kfreebsd-9 (multiple vulnerabilities).

Fedora has updated claws-mail (F20: man-in-the-middle attack), claws-mail-plugins (F20: man-in-the-middle attack), curl (F20: information leak), libetpan (F20: man-in-the-middle attack), php-ZendFramework2 (F19: multiple vulnerabilities), pidgin (F20: multiple vulnerabilities), python (F20: script execution), python3 (F20: two vulnerabilities), qemu (F20: multiple vulnerabilities), and zarafa (F20; F19: multiple vulnerabilities).

Gentoo has updated php (multiple vulnerabilities).

openSUSE has updated chromium (13.1: multiple vulnerabilities), php5 (13.1, 12.3: multiple vulnerabilities), and pidgin (13.1, 12.3: multiple vulnerabilities).

Ubuntu has updated curl (information leak) and libreoffice (12.04: embeds arbitrary data).

Kategóriák: Linux

Firefox developer edition released

h, 2014-11-10 16:12
Mozilla has announced the first release of a version of the Firefox browser aimed at web developers. "Ten years ago, we built Firefox for early adopters and developers to give them more choice and control. Firefox integrated WebAPIs and Add-ons to enable people to get the most out of the Web. Now we’re giving developers the whole browser as a hard-hat area, allowing us to bring front and center the features most relevant to them. Having a dedicated developer browser means we can tailor the browsing experience to what developers do every day."
Kategóriák: Linux

Kernel prepatch 3.18-rc4

h, 2014-11-10 02:41
The 3.18-rc4 prepatch is out for test. "Hey, things are finally calming down. In fact, it looked *really* calm until yesterday, at which point some people clearly realized 'hey, I should push my stuff to Linus so that it makes it into -rc4', and then a third of all changes came in the last day, but despite that, rc4 finally looks like things are falling into place, and we'll get to stabilize this release after all."
Kategóriák: Linux

FSF and Software Freedom Conservancy unveil

p, 2014-11-07 22:41

The Free Software Foundation (FSF) and the Software Freedom Conservancy (SFC) have announced a new site called that will play host to "useful information, tutorial material, and new policy ideas regarding all forms of copyleft licensing." The most prominent content at present is a comprehensive guide to the concept of copyleft and copyleft licenses. The announcement notes that the content is viable, among other things, as training material. "As the author, primary interpreter, and ultimate authority on the GPL, the FSF is in a unique position to provide insights into understanding free software licensing. While the guide as a living text will not automatically reflect official FSF positions, the FSF has already approved and published one version for use at its Seminar on GPL Enforcement and Legal Ethics in March 2014."

Kategóriák: Linux

Peck: New GIMP Save/Export plug-in: Saver

p, 2014-11-07 20:54

At her blog, Akkana Peck has announced a new GIMP plugin called "Saver" that is intended to replace the default Save/Export functionality introduced with the GIMP 2.8 release. GIMP 2.8 famously separated "Save"and "Export" into two separate functions, with "Save" only able to write out images to GIMP's native, multi-layer XCF format. As Peck notes, that change "has been a matter of much controversy. It's been over two years now, and people are still complaining on the gimp-users list." The new plugin is an attempt to perform the "expected" action in each circumstance. "I've been using Saver for nearly all my saving for the past year. If I'm just making a quick edit of a JPEG camera image, Ctrl-S overwrites it without questioning me. If I'm editing an elaborate multi-layer GIMP project, Ctrl-S overwrites the .xcf.gz. If I'm planning to export that image for the web, I Ctrl-Shift-S to bring up the Saver As... dialog, make sure the main filename is .xcf.gz, set a name (ending in .jpg) for the exported copy; and from then on, Ctrl-S will save both the XCF and the JPG copy.

Kategóriák: Linux

Ubuntu, ownCloud, and a hidden dark side of Linux software repositories (PC World)

p, 2014-11-07 19:25
Here's a PC World article on the old, insecure version of ownCloud shipped in Ubuntu 14.04 — and the difficulties in getting it updated or removed.

Ubuntu’s developers initially balked at this. Why, this isn’t the way the system works! The package is now locked-in for the stable release and shouldn’t have any major changes, even though it’s a fundamentally insecure piece of server software. Actually removing it would be highly unusual. They proposed that ownCloud should take over maintenance of the ownCloud packages in Ubuntu and keep them up-to-date. At the very least, it was ownCloud’s job to create an empty package and go through the bureaucratic process to push it out.

The writing is a little breathless, but there is a valid issue here; the software found in the more remote corners of distribution repositories may not be particularly well maintained.

Kategóriák: Linux

Friday's security updates

p, 2014-11-07 17:21

CentOS has updated php (C5: multiple vulnerabilities).

Debian has updated curl (information leak), konversation (denial of service), qemu (multiple vulnerabilities), and qemu-kvm (multiple vulnerabilities).

Fedora has updated hostapd (F19; F20: command execution), Pound (F19: multiple vulnerabilities), python-rhsm (F19; F20: protocol downgrade), seamonkey (F19: multiple vulnerabilities), subscription-manager (F20: protocol downgrade), webkitgtk3 (F19: protocol downgrade), wss4j (F20: authentication spoofing), and xml-security (F20: denial of service).

Oracle has updated php (O5: multiple vulnerabilities).

Red Hat has updated php (RHEL4: code execution; RHEL5: multiple vulnerabilities).

Scientific Linux has updated mod_auth_mellon (SL6: multiple vulnerabilities) and php (SL5: multiple vulnerabilities).

Kategóriák: Linux

Kügler: Diving into Plasma’s 2015

cs, 2014-11-06 20:18
On his blog, Sebastian Kügler looks at what next year holds for KDE Plasma 5. He looks at high-DPI and Wayland support as well as the plans by distributions (Kubuntu 15.04 for example) to start shipping Plasma 5 as the default desktop environment. "In terms of user demographic, we’re almost certain to see one thing happening with the new Plasma 5 UI, as distros start to ship it by default, this is what these new users are going to see. Not everybody in this group of users is interested in how cool the technology stack lines up, they just want to get their work done and certainly not feel impeded in their daily workflows. This is the target group which we’ve been focusing our work on in months since summer, since the release of Plasma 5.0. Wider group of users sounds pretty abstract, so let’s take some numbers: While Plasma 5 is run by a group of people already, the number of users who get it via Linux distributions is much larger than the group of early adopters. This means by the end of next year, Plasma 5 will be in the hands of millions of users, probably around 10 million, and increasing."
Kategóriák: Linux

Thursday's security updates

cs, 2014-11-06 16:04

Debian has updated libxml-security-java (xml signature spoofing from 2013).

Gentoo has updated mysql (multiple unspecified vulnerabilities), tigervnc (code execution), and vlc (multiple vulnerabilities from 2010-2013).

Oracle has updated mod_auth_mellon (OL6: two vulnerabilities) and shim (OL7: three vulnerabilities).

SUSE has updated flash-player (SLE11SP3: three vulnerabilities), OpenSSL (SLE11SP3: three vulnerabilities), and wget (SLE11SP3: code execution).

Ubuntu has updated libreoffice (14.10, 14.04: code execution).

Kategóriák: Linux

GnuPG 2.1.0 "modern" released

cs, 2014-11-06 14:43
Version 2.1.0 of the GNU Privacy Guard has been released; this is the first release in the new "modern" branch. Changes include elliptic curve cryptography support, better keyserver pool handling, the creation of revocation certificates by default, the removal of support for PGP2 keys, and more.
Kategóriák: Linux

[$] Weekly Edition for November 6, 2014

cs, 2014-11-06 02:37
The Weekly Edition for November 6, 2014 is available.
Kategóriák: Linux