ls -1TörténelemNépszerű témákNépszerű fórum témákHardverAjánlott böngésző FreeBSD Project NewsOpenBSD JournalNetBSD News
|
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Webcím: http://lwn.net
Frissült: 3 perc 1 másodperc Friday's security updatesDebian has updated ruby-actionpack-3.2 (multiple vulnerabilities). Fedora has updated kernel (F20: multiple vulnerabilities), mariadb-galera (F20: multiple vulnerabilities), and qemu (F20: multiple vulnerabilities). Gentoo has updated clamav (multiple vulnerabilities). Mandriva has updated couchdb (BS1: denial of service), cups (BS1: cross-site scripting; ES5: multiple vulnerabilities), dovecot (BS1, ES5: denial of service), java-1.7.0-openjdk (BS1: multiple vulnerabilities), libvirt (BS1: multiple vulnerabilities), mariadb (BS1: multiple vulnerabilities), nagios (BS1, ES5: denial of service), openssl (BS1: denial of service), owncloud (BS1: multiple unspecified vulnerabilities), python-jinja2 (BS1: code execution), rawtherapee (BS1: denial of service), rxvt-unicode (BS1: denial of service), and struts (BS1, ES5: code execution). openSUSE has updated chromium (12.3; 13.1: multiple vulnerabilities). Red Hat has updated java-1.5.0-ibm (multiple vulnerabilities), java-1.6.0-ibm (multiple vulnerabilities), and ruby193-rubygem-actionpack (RHSC1: information leak). SUSE has updated Linux Kernel (multiple vulnerabilities) and Mozilla Firefox (SLES11 SP1; SLES11 SP2: multiple vulnerabilities). Ubuntu has updated dovecot (denial of service) and libxml2 (denial of service). Kategóriák: Linux
Venturi: The browser is dead. Long live the browser!While the title might make it seem like another comment on the Mozilla/DRM issue, the article by Giorgio Venturi on the Canonical Design blog is actually about redesigning the browser interface for mobile phones. "If content is our king, then recency should be our queen. [...] Similarly, bookmarks are often a meaningless list of webpages, as their value was linked to the specific time when they were taken. For example, let’s imagine we are planning our next holiday and we start bookmarking a few interesting places. We may even create a new ‘holidays’ folder and add the bookmarks to it. However, once the holiday is the bookmarks are still there, they don’t expire once they have lost their value. This happens pretty much every time; old bookmarks and folders will eventually start cluttering our screen and make it difficult to find the information we need.
Therefore we redesigned tabs, history and bookmarks to display the most recent information first. Consequently, the display and the retrieval of information is simplified."
Kategóriák: Linux
FCC votes for Internet “fast lanes” but could change its mind later (Ars Technica)The US Federal Communications Commission (FCC) has voted for the so-called "Internet fast lanes", as Ars Technica reports. "In response to earlier complaints, FCC Chairman Tom Wheeler expanded the requests for comment in the NPRM [Notice of Proposed Rulemaking]. For example, the FCC will ask the public whether it should bar paid prioritization completely. It will ask whether the rules should apply to cellular service in addition to fixed broadband, whereas the prior rules mostly applied just to fixed broadband.
The NPRM will also ask the public whether the FCC should reclassify broadband as a telecommunications service. This will likely dominate debate over the next few months. Classifying broadband as a telecommunications service would open it up to stricter “common carrier” rules under Title II of the Communications Act. The US has long applied common carrier status to the telephone network, providing justification for universal service obligations that guarantee affordable phone service to all Americans and other rules that promote competition and consumer choice."
Kategóriák: Linux
Thursday's security updatesDebian has updated linux-2.6 (three privilege escalation flaws). Fedora has updated cifs-utils (F20: code execution) and srm (F19: unspecified). Gentoo has updated xorg-server (many vulnerabilities). Mageia has updated flash-player-plugin (multiple vulnerabilities), nrpe (code execution), php (privilege escalation), python-lxml (code execution), python3 (privilege escalation), and struts (code execution). Mandriva has updated php (BS1.0: privilege escalation) and python-lxml (BS1.0, ES5.0: code execution). openSUSE has updated libvirt (12.3: information disclosure/denial of service) and libxml2 (denial of service). Red Hat has updated flash-plugin (multiple vulnerabilities). Ubuntu has updated python-django (information disclosure). Kategóriák: Linux
[$] LWN.net Weekly Edition for May 15, 2014The LWN.net Weekly Edition for May 15, 2014 is available.
Kategóriák: Linux
Firefox gets closed-source DRMAndreas Gal describes
why and how Mozilla will be implementing the W3C Encrypted Media
Extension in Firefox. "Firefox should help users get access to the
content they want to enjoy, even if Mozilla philosophically opposes the
restrictions certain content owners attach to their content. As a result
we have decided to implement the W3C EME specification in our products,
starting with Firefox for Desktop. This is a difficult and uncomfortable
step for us given our vision of a completely open Web, but it also gives us
the opportunity to actually shape the DRM space and be an advocate for our
users and their rights in this debate." This implementation will
include a closed-source "content decryption module" supplied by Adobe.
It will be interesting to see whether distributions will be able to strip
this stuff out and still use the "Firefox" name.
Kategóriák: Linux
[$] A CyanogenMod 11.0 M6 test driveThe CyanogenMod
11.0 M6 release was made available on May 4. CyanogenMod, of
course, is an Android-based distribution for handsets and tablets. Your
editor, in a grumpier than usual mood, decided that this would be a prime
opportunity to inflict pain on a helpless handset and see what CyanogenMod
has been up to since the 11.0 M1 review
published late last year. Since then, Cyanogen (the company) has received
another $23 million in venture funding; it is natural to wonder what
visible effects all that money has had.
Kategóriák: Linux
Security advisories for WednesdayDebian has updated libxfont (multiple vulnerabilities). Fedora has updated abrt (F20: prevents server usage), mingw-qt (F20; F19: denial of service), mingw-qt5-qtbase (F20; F19: denial of service), and owncloud (F20: remote users can mount the local file system). openSUSE has updated thunderbird (13.1, 12.3: multiple vulnerabilities). Red Hat has updated java-1.7.0-ibm (RHEL5&6 Supplementary: multiple vulnerabilities). SUSE has updated firefox (SLE 11 SP3: multiple vulnerabilities) and OpenJDK (SLED 11 SP3: multiple vulnerabilities). Ubuntu has updated libxfont (all: multiple vulnerabilities). Kategóriák: Linux
RFC 7258The Internet Engineering Task Force has adopted RFC 7258, titled
"Pervasive monitoring is an attack." It commits the IETF to work against
pervasive monitoring (PM) in the design of its protocols going forward.
"In particular, architectural decisions, including which existing
technology is reused, may significantly impact the vulnerability of a
protocol to PM. Those developing IETF specifications therefore need to
consider mitigating PM when making architectural decisions. Getting
adequate, early review of architectural decisions including whether
appropriate mitigation of PM can be made is important. Revisiting these
architectural decisions late in the process is very costly."
Kategóriák: Linux
Stable kernel updatesKategóriák: Linux
Tuesday's security updatesDebian has updated kernel (multiple vulnerabilities). Fedora has updated 0ad (F19: denial of service), megaglest (F19: denial of service), miniupnpc (F19: denial of service), and openstack-glance (F20: command execution). openSUSE has updated android-tools (12.3; 13.1: code execution) and openssl (12.3; 13.1: denial of service). Kategóriák: Linux
Linux gets fix for code-execution flaw (Ars Technica)Ars Technica takes
a look at serious bug in the Linux kernel that was introduced in 2009.
"The memory-corruption vulnerability, which was introduced in version
2.6.31-rc3, released no later than 2009, allows unprivileged users to
crash or execute malicious code on vulnerable systems, according to the
notes accompanying proof-of-concept code
available here. The flaw resides in the n_tty_write function
controlling the Linux pseudo tty
device." This flaw has been identified as CVE-2014-0196.
The LWN vulnerability report is here.
Kategóriák: Linux
Security advisories for MondayFedora has updated kernel (F20: multiple vulnerabilities), php (F19: privilege escalation), rxvt-unicode (F20; F19: command execution), and xen (F20; F19: code execution). Gentoo has updated openssh (multiple vulnerabilities, one from 2008). Mageia has updated chromium-browser-stable (multiple vulnerabilities), ldns (information disclosure), libpng (MG4; MG3: multiple vulnerabilities), and libxml2 (denial of service). Mandriva has updated ldns (information disclosure), libpng (multiple vulnerabilities), and libxml2 (denial of service). openSUSE has updated seamonkey (13.1, 12.3: multiple vulnerabilities). Slackware has updated seamonkey (multiple vulnerabilities). Kategóriák: Linux
PyPy 2.3 releasedThe PyPy project has released version 2.3 of
its high-performance implementation of the Python language. Along with a
number of fixes, this release includes support for several new modules,
the ability to embed the interpreter within hosting applications, OpenBSD
support, and more.
Kategóriák: Linux
Garrett: Oracle continue to circumvent EXPORT_SYMBOL_GPL()Matthew Garrett takes
Oracle to task for using shim functions to gain access to GPL-only kernel
functions in its GPL-incompatible DTrace module. "Of course, as
copyright holders of DTrace, Oracle could solve the problem by
dual-licensing DTrace under the GPL as well as the CDDL. The fact that they
haven't implies that they think there's enough value in keeping it under an
incompatible license to risk losing a copyright infringement suit. This
might be just the kind of recklessness that Oracle accused Google of back
in their last case."
Kategóriák: Linux
Kernel prepatch 3.15-rc5The 3.15-rc5 prepatch is out, a little
earlier than usual as Linus prepares for a bunch of travel. "And while rc5 may be bigger than rc3/4 were, it's not like it is
worrying. This merge window was bigger than most, and the fact that
rc5 is then slightly bigger than most isn't something that worries me
overmuch. And since rc4 was smaller than usual, it all evens out.
But I really *will* be entirely unreachable all next week, so get your
testing in, because the -git tree will be very quiet."
Kategóriák: Linux
Oracle’s Java API code protected by copyright, appeals court rules (Ars Technica)Ars Technica is reporting that the appeals court has overturned US District Judge William Alsup's ruling that the Java API was not copyrightable. "'Because we conclude that the declaring code and the structure, sequence, and organization of the API packages are entitled to copyright protection, we reverse the district court’s copyrightability determination with instructions to reinstate the jury’s infringement finding as to the 37 Java packages,' the US Appeals Court for the Federal Circuit ruled [PDF] Friday."
Kategóriák: Linux
Friday's security updatesCentOS has updated kernel (C6: multiple vulnerabilities). Debian has updated rxvt-unicode (code execution). Mageia has updated kernel (M4: multiple vulnerabilities), kernel-linus (M4: multiple vulnerabilities), kernel-rt (M4: multiple vulnerabilities), owncloud (M3, M4: multiple vulnerabilities), and postgresql (M4: multiple vulnerabilities). Mandriva has updated apache-mod_security (BS1, ES5: rules bypass), mediawiki (BS1: multiple vulnerabilities), openssl (BS1: denial of service), and python-imaging (BS1: multiple vulnerabilities). Scientific Linux has updated kernel (SL6: multiple vulnerabilities). SUSE has updated kvm (SLES/SLED 11: multiple vulnerabilities). Ubuntu has updated cups-filters (14.04: multiple vulnerabilities). Kategóriák: Linux
GoboLinux 015Six years after its last release, GoboLinux is back, with the 015 release of the distribution that is best-known for a total rearrangement of the traditional Linux filesystem hierarchy. More information about the distribution is available, as are release notes for 015.
After an hiatus of 6 years, we have returned with an updated set of
packages and some infrastructure changes that have come for better. Some of
the major points of this release are:
[Update: The project has asked that people consider using the official mirror at http://adv1.calica.com/gobolinux/ to reduce load on the primary server.] Kategóriák: Linux
Defeating memory comparison timing oracles (Red Hat Security Blog)Over at the Red Hat Security Blog, Florian Weimer looks at timing oracles in memory comparison functions and how to stop them. Timing oracles can allow attackers to extract keys or other secret data by timing code that compares input data to the secret. "Of course, there are other architectures (and x86 implementations), so we will have to perform further research to see if we can remove the timing oracle from their implementations at acceptable (read: zero) cost. For architectures where super-scalar, pipelined implementations are common, this is likely the case. But the GNU C library will probably not be a in a position to commit to an oracle-free memcmp by default (after all, future architectures might have different requirements). But I hope that we can promise that in -D_FORTIFY_SOURCE=2 mode, memcmp is oracle-free."
Kategóriák: Linux
|
KeresésNavigációBelépésHupWikiÁllásajánlatokHWSWFriss blogbejegyzésekHUP napi hírlevélLegfrissebb HUP videókLegfrissebb Linux játékvideókLegfrissebb HUP képekLegfrissebb HUP dokumentumokSzavazásMa ... között lerohad a felvi.hu. - 19:59 6% 20:00 - 20:29 13% 20:30 - 20:59 8% 21:00 - 21:29 7% 21:30 - 21:59 2% 22:00 - 22:29 2% 22:30 - 22:59 1% 23:00 - 23:29 2% 23:30 - 23:29 0% 23:30 - 23:39 0% 0:00 - 5% Nem rohad le. 18% Csak az eredmény érdekel. 35% Összes szavazat: 85
InformációKövess minket!Partnerünk |
Friss hozzászólások
9 perc 58 másodperc
13 perc 49 másodperc
16 perc 50 másodperc
17 perc 56 másodperc
24 perc 21 másodperc
27 perc 20 másodperc
28 perc 55 másodperc
30 perc 1 másodperc
24 perc 35 másodperc
30 perc 58 másodperc