Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 3 perc 1 másodperc
Debian has updated ruby-actionpack-3.2 (multiple vulnerabilities).
Gentoo has updated clamav (multiple vulnerabilities).
Mandriva has updated couchdb (BS1: denial of service), cups (BS1: cross-site scripting; ES5: multiple vulnerabilities), dovecot (BS1, ES5: denial of service), java-1.7.0-openjdk (BS1: multiple vulnerabilities), libvirt (BS1: multiple vulnerabilities), mariadb (BS1: multiple vulnerabilities), nagios (BS1, ES5: denial of service), openssl (BS1: denial of service), owncloud (BS1: multiple unspecified vulnerabilities), python-jinja2 (BS1: code execution), rawtherapee (BS1: denial of service), rxvt-unicode (BS1: denial of service), and struts (BS1, ES5: code execution).
While the title might make it seem like another comment on the Mozilla/DRM issue, the article by Giorgio Venturi on the Canonical Design blog is actually about redesigning the browser interface for mobile phones. "If content is our king, then recency should be our queen. [...] Similarly, bookmarks are often a meaningless list of webpages, as their value was linked to the specific time when they were taken. For example, let’s imagine we are planning our next holiday and we start bookmarking a few interesting places. We may even create a new ‘holidays’ folder and add the bookmarks to it. However, once the holiday is the bookmarks are still there, they don’t expire once they have lost their value. This happens pretty much every time; old bookmarks and folders will eventually start cluttering our screen and make it difficult to find the information we need. Therefore we redesigned tabs, history and bookmarks to display the most recent information first. Consequently, the display and the retrieval of information is simplified."
The US Federal Communications Commission (FCC) has voted for the so-called "Internet fast lanes", as Ars Technica reports. "In response to earlier complaints, FCC Chairman Tom Wheeler expanded the requests for comment in the NPRM [Notice of Proposed Rulemaking]. For example, the FCC will ask the public whether it should bar paid prioritization completely. It will ask whether the rules should apply to cellular service in addition to fixed broadband, whereas the prior rules mostly applied just to fixed broadband. The NPRM will also ask the public whether the FCC should reclassify broadband as a telecommunications service. This will likely dominate debate over the next few months. Classifying broadband as a telecommunications service would open it up to stricter “common carrier” rules under Title II of the Communications Act. The US has long applied common carrier status to the telephone network, providing justification for universal service obligations that guarantee affordable phone service to all Americans and other rules that promote competition and consumer choice."
Debian has updated linux-2.6 (three privilege escalation flaws).
Gentoo has updated xorg-server (many vulnerabilities).
Mageia has updated flash-player-plugin (multiple vulnerabilities), nrpe (code execution), php (privilege escalation), python-lxml (code execution), python3 (privilege escalation), and struts (code execution).
Red Hat has updated flash-plugin (multiple vulnerabilities).
Ubuntu has updated python-django (information disclosure).
The LWN.net Weekly Edition for May 15, 2014 is available.
Andreas Gal describes why and how Mozilla will be implementing the W3C Encrypted Media Extension in Firefox. "Firefox should help users get access to the content they want to enjoy, even if Mozilla philosophically opposes the restrictions certain content owners attach to their content. As a result we have decided to implement the W3C EME specification in our products, starting with Firefox for Desktop. This is a difficult and uncomfortable step for us given our vision of a completely open Web, but it also gives us the opportunity to actually shape the DRM space and be an advocate for our users and their rights in this debate." This implementation will include a closed-source "content decryption module" supplied by Adobe. It will be interesting to see whether distributions will be able to strip this stuff out and still use the "Firefox" name.
The CyanogenMod 11.0 M6 release was made available on May 4. CyanogenMod, of course, is an Android-based distribution for handsets and tablets. Your editor, in a grumpier than usual mood, decided that this would be a prime opportunity to inflict pain on a helpless handset and see what CyanogenMod has been up to since the 11.0 M1 review published late last year. Since then, Cyanogen (the company) has received another $23 million in venture funding; it is natural to wonder what visible effects all that money has had.
Debian has updated libxfont (multiple vulnerabilities).
Fedora has updated abrt (F20: prevents server usage), mingw-qt (F20; F19: denial of service), mingw-qt5-qtbase (F20; F19: denial of service), and owncloud (F20: remote users can mount the local file system).
openSUSE has updated thunderbird (13.1, 12.3: multiple vulnerabilities).
Red Hat has updated java-1.7.0-ibm (RHEL5&6 Supplementary: multiple vulnerabilities).
Ubuntu has updated libxfont (all: multiple vulnerabilities).
The Internet Engineering Task Force has adopted RFC 7258, titled "Pervasive monitoring is an attack." It commits the IETF to work against pervasive monitoring (PM) in the design of its protocols going forward. "In particular, architectural decisions, including which existing technology is reused, may significantly impact the vulnerability of a protocol to PM. Those developing IETF specifications therefore need to consider mitigating PM when making architectural decisions. Getting adequate, early review of architectural decisions including whether appropriate mitigation of PM can be made is important. Revisiting these architectural decisions late in the process is very costly."
Debian has updated kernel (multiple vulnerabilities).
Ars Technica takes a look at serious bug in the Linux kernel that was introduced in 2009. "The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device." This flaw has been identified as CVE-2014-0196. The LWN vulnerability report is here.
Gentoo has updated openssh (multiple vulnerabilities, one from 2008).
openSUSE has updated seamonkey (13.1, 12.3: multiple vulnerabilities).
Slackware has updated seamonkey (multiple vulnerabilities).
The PyPy project has released version 2.3 of its high-performance implementation of the Python language. Along with a number of fixes, this release includes support for several new modules, the ability to embed the interpreter within hosting applications, OpenBSD support, and more.
Matthew Garrett takes Oracle to task for using shim functions to gain access to GPL-only kernel functions in its GPL-incompatible DTrace module. "Of course, as copyright holders of DTrace, Oracle could solve the problem by dual-licensing DTrace under the GPL as well as the CDDL. The fact that they haven't implies that they think there's enough value in keeping it under an incompatible license to risk losing a copyright infringement suit. This might be just the kind of recklessness that Oracle accused Google of back in their last case."
The 3.15-rc5 prepatch is out, a little earlier than usual as Linus prepares for a bunch of travel. "And while rc5 may be bigger than rc3/4 were, it's not like it is worrying. This merge window was bigger than most, and the fact that rc5 is then slightly bigger than most isn't something that worries me overmuch. And since rc4 was smaller than usual, it all evens out. But I really *will* be entirely unreachable all next week, so get your testing in, because the -git tree will be very quiet."
Ars Technica is reporting that the appeals court has overturned US District Judge William Alsup's ruling that the Java API was not copyrightable. "'Because we conclude that the declaring code and the structure, sequence, and organization of the API packages are entitled to copyright protection, we reverse the district court’s copyrightability determination with instructions to reinstate the jury’s infringement finding as to the 37 Java packages,' the US Appeals Court for the Federal Circuit ruled [PDF] Friday."
CentOS has updated kernel (C6: multiple vulnerabilities).
Debian has updated rxvt-unicode (code execution).
Mageia has updated kernel (M4: multiple vulnerabilities), kernel-linus (M4: multiple vulnerabilities), kernel-rt (M4: multiple vulnerabilities), owncloud (M3, M4: multiple vulnerabilities), and postgresql (M4: multiple vulnerabilities).
Scientific Linux has updated kernel (SL6: multiple vulnerabilities).
SUSE has updated kvm (SLES/SLED 11: multiple vulnerabilities).
Ubuntu has updated cups-filters (14.04: multiple vulnerabilities).
Six years after its last release, GoboLinux is back, with the 015 release of the distribution that is best-known for a total rearrangement of the traditional Linux filesystem hierarchy. More information about the distribution is available, as are release notes for 015. After an hiatus of 6 years, we have returned with an updated set of packages and some infrastructure changes that have come for better. Some of the major points of this release are:
[Update: The project has asked that people consider using the official mirror at http://adv1.calica.com/gobolinux/ to reduce load on the primary server.]
Over at the Red Hat Security Blog, Florian Weimer looks at timing oracles in memory comparison functions and how to stop them. Timing oracles can allow attackers to extract keys or other secret data by timing code that compares input data to the secret. "Of course, there are other architectures (and x86 implementations), so we will have to perform further research to see if we can remove the timing oracle from their implementations at acceptable (read: zero) cost. For architectures where super-scalar, pipelined implementations are common, this is likely the case. But the GNU C library will probably not be a in a position to commit to an oracle-free memcmp by default (after all, future architectures might have different requirements). But I hope that we can promise that in -D_FORTIFY_SOURCE=2 mode, memcmp is oracle-free."
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Legfrissebb HUP dokumentumok
Ma ... között lerohad a felvi.hu.
20:00 - 20:29
20:30 - 20:59
21:00 - 21:29
21:30 - 21:59
22:00 - 22:29
22:30 - 22:59
23:00 - 23:29
23:30 - 23:29
23:30 - 23:39
Nem rohad le.
Csak az eredmény érdekel.
Összes szavazat: 85