Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 7 perc 49 másodperc

[$] LWN.net Weekly Edition for February 25, 2016

cs, 2016-02-25 02:32
The LWN.net Weekly Edition for February 25, 2016 is available.
Kategóriák: Linux

[$] Systemd vs. Docker

sze, 2016-02-24 21:30

One of the more entertaining presentations at this year's DevConf.cz was by Dan Walsh, Red Hat's head of container engineering. He presented on one of the core conflicts in the Linux container world: systemd versus the Docker daemon. This is far from a new issue; it has been brewing since Ubuntu adopted systemd, and CoreOS introduced Rocket, a container system built around systemd.

Subscribers can click below for a look at the talk by guest author Josh Berkus.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2016-02-24 18:57

Arch Linux has updated libssh (insecure ssh sessions).

Debian has updated libssh (multiple vulnerabilities), lighttpd (padding-oracle attack), and websvn (cross-site scripting).

Debian-LTS has updated nss (cryptographic weakness) and websvn (cross-site scripting).

Fedora has updated botan (F23: three vulnerabilities), code-editor (F23: three vulnerabilities), gdl (F22: out-of-bounds read flaw), GraphicsMagick (F22: out-of-bounds read flaw), monotone (F23: three vulnerabilities), octave (F22: out-of-bounds read flaw), postgresql (F23: denial of service), qca (F23: three vulnerabilities), qt-creator (F23: three vulnerabilities), vdr-skinenigmang (F22: out-of-bounds read flaw), vdr-skinnopacity (F22: out-of-bounds read flaw), and vdr-tvguide (F22: out-of-bounds read flaw).

openSUSE has updated firefox (13.1: same-origin restriction bypass).

Red Hat has updated rh-ror41 (RHSCL: multiple vulnerabilities).

Slackware has updated bind (denial of service), glibc (code execution), libgcrypt (two vulnerabilities), and ntp (multiple vulnerabilities).

SUSE has updated firefox (SLE12-SP1: denial of service) and postgresql94 (SLE12-SP1: three vulnerabilities, one from 2007).

Kategóriák: Linux

Upcoming features in GCC 6

k, 2016-02-23 23:14
The Red Hat developer blog looks at what's coming in version 6 of the GNU Compiler Collection. "The x86/x86_64 is a segmented memory architecture, yet GCC has largely ignored this aspect of the Intel architecture and relied on implicit segment registers. Low level code such as the Linux kernel & glibc often have to be aware of the segmented architecture and have traditionally resorted to asm statements to use explicit segment registers for memory accesses. Starting with GCC 6, variables may be declared as being relative to a particular segment. Explicit segment registers will then be used to access those variables in memory." The GCC 6 release can be expected sometime around April.
Kategóriák: Linux

Tuesday's security advisories

k, 2016-02-23 19:19

Debian has updated libssh2 (insecure ssh sessions).

Debian-LTS has updated didiwiki (unintended access), krb5 (two vulnerabilities), libssh (insecure ssh sessions), and libssh2 (insecure ssh sessions).

Fedora has updated nghttp2 (F22: denial of service) and nodejs (F22: two vulnerabilities).

Mageia has updated 389-ds-base (denial of service).

Red Hat has updated chromium-browser (RHEL6: code execution).

Ubuntu has updated cpio (two vulnerabilities), kernel (15.10; 14.04; 12.04: multiple vulnerabilities), libssh (two vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: three vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), linux-lts-wily (14.04: multiple vulnerabilities), linux-raspi2 (15.10: multiple vulnerabilities), linux-ti-omap4 (12.04: denial of service), oxide-qt (15.10, 14.04: code execution), and nss (12.04: regression in previous update).

Kategóriák: Linux

Kaminsky: A Skeleton Key of Unknown Strength

k, 2016-02-23 01:50
Dan Kaminsky looks at the Glibc DNS bug (CVE-2015-7547). "We’ve investigated the DNS lookup path, which requires the glibc exploit to survive traversing one of the millions of DNS caches dotted across the Internet. We’ve found that it is neither trivial to squeeze the glibc flaw through common name servers, nor is it trivial to prove such a feat is impossible. The vast majority of potentially affected systems require this attack path to function, and we just don’t know yet if it can. Our belief is that we’re likely to end up with attacks that work sometimes, and we’re probably going to end up hardening DNS caches against them with intent rather than accident. We’re likely not going to apply network level DNS length limits because that breaks things in catastrophic and hard to predict ways."
Kategóriák: Linux

Security advisories for Monday

h, 2016-02-22 20:06

Arch Linux has updated chromium (code execution) and thunderbird (multiple vulnerabilities).

Debian has updated chromium-browser (multiple vulnerabilities), didiwiki (unintended access), and xdelta3 (code execution).

Debian-LTS has updated openssl (man-in-the-middle attacks) and python-imaging (denial of service).

Fedora has updated graphite2 (F23: multiple vulnerabilities), kscreenlocker (F23; F22: restriction bypass), mariadb (F23: multiple vulnerabilities), nettle (F22: improper cryptographic calculations), ntp (F22: multiple vulnerabilities), php-horde-horde (F23; F22: cross-site scripting), poco (F23; F22: SSL server spoofing), python-pillow (F22: denial of service), qemu (F23: multiple vulnerabilities), and thunderbird (F23: multiple vulnerabilities).

openSUSE has updated chromium (13.1: multiple vulnerabilities), chromium (13.1: code execution), erlang (13.2: man-in-the-middle attack), ffmpeg (Leap42.1: denial of service), obs-service-download_files, (Leap42.1, 13.2: code injection), postgresql93 (Leap42.1, 13.2: multiple vulnerabilities, one from 2007), qemu (Leap42.1: two vulnerabilities), chromium (SPH for SLE12; Leap42.1, 13.2: code execution), kernel (13.2: two vulnerabilities), and xdelta3 (13.2; 13.1: code execution).

SUSE has updated postgresql93 (SLE12: multiple vulnerabilities, one from 2007).

Kategóriák: Linux

GNU C Library 2.23 released

h, 2016-02-22 15:49
Version 2.23 of the GNU C Library (glibc) has been released. The headline feature this time around seems to be Unicode 8.0.0 support; there are a number of API changes, performance improvements and security fixes as well.
Kategóriák: Linux

Linux Mint downloads (briefly) compromised

v, 2016-02-21 06:11
The Linux Mint blog announces that the project's web site was compromised and made to point to a backdoored version of the distribution. "As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition. If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either. Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th."

Update: it appears that the Linux Mint forums were compromised too; users should assume that their passwords have been exposed.

Kategóriák: Linux

Kernel prepatch 4.5-rc5

v, 2016-02-21 01:12
The 4.5-rc5 kernel prepatch is out, one day ahead of the usual schedule. "Things continue to look normal, and things have been fairly calm. Yes, the VM THP cleanup seems to still be problematic on s390, but other than that I don't see anything particularly worrisome."
Kategóriák: Linux

Two new stable kernels

szo, 2016-02-20 01:16

Greg Kroah-Hartman has announced the release of stable kernels 4.3.6 and 3.10.97. Both contain important updates throughout the tree. In addition, 4.3.6 is the last release for the now end-of-life 4.3 kernel branch; users will need to migrate to the 4.4 series.

Kategóriák: Linux

Ardour 4.7 released

p, 2016-02-19 22:56

Version 4.7 of the Ardour digital-audio workstation has been released. The update includes two key new features: a dialog that displays detailed spectral and waveform analysis for exported files, and substantially improved support for Mackie Control brand hardware control consoles. Many other improvements are listed in the announcement, including preliminary support for importing work from ProTools 10 and 11.

Kategóriák: Linux

Friday's security updates

p, 2016-02-19 17:20

CentOS has updated thunderbird (C7; C6; C5: multiple vulnerabilities).

Debian has updated cpio (denial of service).

Debian-LTS has updated libmatroska (code execution).

Mageia has updated glibc (M5: multiple vulnerabilities) and nodejs (M5: multiple vulnerabilities).

openSUSE has updated glibc (13.2: multiple vulnerabilities; 11.4, 13.1: code execution).

Oracle has updated kernel (O7; O6: privilege escalation) and thunderbird (O7; O6: multiple vulnerabilities).

Red Hat has updated openstack-heat (RHEL7: denial of service) and thunderbird (RHEL 5,6,7: multiple vulnerabilities).

Scientific Linux has updated thunderbird (SL 5,6,7: multiple vulnerabilities).

Ubuntu has updated oxide-qt (14.04, 15.10: multiple vulnerabilities).

Kategóriák: Linux

Kirkland: ZFS licensing and Linux

p, 2016-02-19 00:45
Dustin Kirkland justifies Ubuntu's plans to ship the ZFS filesystem kernel module. "And zfs.ko, as a self-contained file system module, is clearly not a derivative work of the Linux kernel but rather quite obviously a derivative work of OpenZFS and OpenSolaris. Equivalent exceptions have existed for many years, for various other stand alone, self-contained, non-GPL and even proprietary (hi, nvidia.ko) kernel modules."
Kategóriák: Linux

Open source Zephyr Project aims to deliver an RTOS

cs, 2016-02-18 21:09
The Linux Foundation has announced the Zephyr Project, which is aimed at building a real-time operating system (RTOS) for the Internet of Things (IoT). "Modularity and security are key considerations when building systems for embedded IoT devices. The Zephyr Project prioritizes these features by providing the freedom to use the RTOS as is or to tailor a solution. The project’s focus on security includes plans for a dedicated security working group and a delegated security maintainer. Broad communications and networking support is also addressed and will initially include Bluetooth, Bluetooth Low Energy and IEEE 802.15.4, with plans to expand communications and networking support over time." The Zephyr Kernel v1.0.0 Release Notes provide more details.
Kategóriák: Linux

Security updates for Thursday

cs, 2016-02-18 18:41

Arch Linux has updated lib32-glibc (multiple vulnerabilities).

Debian has updated libreoffice (two code execution flaws).

Fedora has updated hamster-time-tracker (F23: two denial of service flaws).

Mageia has updated cacti (authentication bypass), claws-mail (two vulnerabilities), cpio (code execution), eog (code execution from 2013), eom (code execution from 2013), gambas3 (code execution from 2013), gnome-photos (code execution from 2013), graphite2/firefox (multiple vulnerabilities), gtk+2.0 (code execution from 2013), libgcrypt (key leak), libxmp (multiple vulnerabilities), nginx (three vulnerabilities), pinpoint (code execution from 2013), python-pillow (two code execution flaws), thunar (code execution from 2013), and thunderbird (multiple vulnerabilities).

Ubuntu has updated nss (15.10, 14.04, 12.04: cryptographic weakness).

Kategóriák: Linux

[$] LWN.net Weekly Edition for February 18, 2016

cs, 2016-02-18 05:56
The LWN.net Weekly Edition for February 18, 2016 is available.
Kategóriák: Linux

Stable kernel updates

sze, 2016-02-17 23:52
Greg Kroah-Hartman has released stable kernels 4.4.2 and 3.14.61. Both of them contain important fixes.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2016-02-17 21:09

Arch Linux has updated glibc (multiple vulnerabilities).

CentOS has updated 389-ds-base (C7: denial of service), firefox (C7; C6; C5: three vulnerabilities), glibc (C7: two vulnerabilities), glibc (C6: code execution), kernel (C7: two vulnerabilities), polkit (C7: privilege escalation), and sos (C7: information disclosure).

Debian-LTS has updated eglibc (two vulnerabilities), gtk+2.0 (code execution), and wordpress (two vulnerabilities).

Fedora has updated asterisk (F23; F22: file descriptor exhaustion), ecryptfs-utils (F23; F22: privilege escalation), firefox (F22: multiple vulnerabilities), glibc (F23: code execution), glibc (F22: multiple vulnerabilities), mingw-curl (F23; F22: authentication bypass), mingw-libpng (F23; F22: denial of service), mingw-libxml2 (F23; F22: multiple vulnerabilities), mingw-pcre (F23; F22: multiple vulnerabilities), nghttp2 (F23: denial of service), and springframework-social (F23: cross-site request forgery).

Gentoo has updated glibc (multiple vulnerabilities).

openSUSE has updated Chromium (SPH for SLE12: multiple vulnerabilities), claws-mail (Leap42.1, 13.2; 13.1: code execution), firefox (Leap42.1, 13.2: same-origin restriction bypass), glibc (Leap42.1: multiple vulnerabilities), libnettle (Leap42.1; 13.2; 13.1: improper cryptographic calculations), socat (Leap42.1, 13.2; 13.1: cipher-downgrade attacks), thunderbird (Leap42.1, 13.2: code execution), thunderbird (13.1: multiple vulnerabilities), and vlc (Leap42.1: code execution).

Oracle has updated 389-ds-base (OL7: denial of service), firefox (OL7; OL6; OL5: three vulnerabilities), glibc (OL7: two vulnerabilities), glibc (OL6: code execution), kernel (OL7: multiple vulnerabilities), polkit (OL7: privilege escalation), and sos (OL7: information disclosure).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), glibc (RHEL6.2, 6.4, 6.5, 6.6, 7.1: code execution), glibc (RHEL7: two vulnerabilities), glibc (RHEL6: code execution), and kernel-rt (RHEMRG2.5: two vulnerabilities).

Scientific Linux has updated 389-ds-base (SL7: denial of service), firefox (SL5,6,7: three vulnerabilities), glibc (SL7: two vulnerabilities), glibc (SL6: code execution), kernel (SL7: two vulnerabilities), polkit (SL7: privilege escalation), and sos (SL7: information disclosure).

SUSE has updated glibc (SLE12-SP1; SLE12; SLE11-SP3,SP4; SLE11-SP2: multiple vulnerabilities).

Ubuntu has updated eglibc, glibc (code execution), graphite2 (15.10, 14.04: multiple vulnerabilities), libreoffice (code execution), and xdelta3 (15.10, 14.04: code execution).

Kategóriák: Linux

Announcing Vulkan 1.0

k, 2016-02-16 20:33
Vulkan is a new graphics API specification, seemingly meant to supersede OpenGL. Collabora has announced the availability of the 1.0 specification — and that the Wayland compositor already supports it. "To provide the best possible base for fluid modern user interfaces, Collabora have worked extensively on the Wayland window system, the underlying Kernel Mode Setting drivers and atomic modesetting, and also the EGL specifications and implementations. We are proud to continue this work with Vulkan." Intel has announced an open-source Vulkan driver for its hardware as well.
Kategóriák: Linux