Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 22 perc 1 másodperc

Some stable kernel releases

v, 2015-09-13 19:41
The 4.1.7, 3.14.52, and 3.10.88 stable kernel updates have been released. Each contains the usual collection of important fixes.
Kategóriák: Linux

Python 3.5.0 released

v, 2015-09-13 18:29
The Python 3.5.0 release is out. "Python 3.5.0 is the newest version of the Python language, and it contains many exciting new features and optimizations." See the what's new page and this LWN article for details on the new features in this release.
Kategóriák: Linux

Kernel prepatch 4.3-rc1

v, 2015-09-13 01:13
Linus has released 4.3-rc1 and closed the 4.3 merge window one day ahead of the usual schedule. "I decided that I'm not interested in catering to anything that comes in tomorrow, and I might as well just close the merge window and do the -rc1 release." In the end, 10,756 non-merge changesets were pulled during this merge window.
Kategóriák: Linux

Library Suspends Tor Node After DHS Intimidation (EFF DeepLinks)

p, 2015-09-11 22:55

The Electronic Frontier Foundation (EFF) is running a story on its DeepLinks blog that the Kilton Public Library in Lebanon, New Hampshire has suspended its Tor node deployment—at least temporarily—due to criticism by the local police department (we covered the launch of the Kilton library's Tor node in August). The EFF post says that the criticism originated when "a regional Department of Homeland Security office contacted the local police to spread fear, uncertainty, and doubt about Tor. The police got in touch with the library board, who suspended the program until they could vote on it on September 15." The EFF has set up a page at which interested parties can sign a petition showing support for the library, and has written its own letter of support to the Lebanon library board. The Library Freedom Project, which is handling the details of running Kilton's Tor node, has also written about the incident and promises further updates after the library board meeting.

Kategóriák: Linux

Friday's security updates

p, 2015-09-11 16:23

Debian-LTS has updated libvdpau (multiple vulnerabilities).

Fedora has updated onionshare (F21; F22: denial of service).

openSUSE has updated libvdpau (13.1, 13.2: multiple vulnerabilities) and squid (13.1, 13.2: certificate validation bypass).

Red Hat has updated libunwind (RHEL7 OSP; RHEL6 OSP: buffer overflow) and python-django (RHEL7 OSP; RHEL6 OSP: multiple vulnerabilities).

SUSE has updated MozillaFirefox, mozilla-nss (SLE11: multiple vulnerabilities).

Ubuntu has updated freetype (12.04, 14.04, 15.04: multiple vulnerabilities).

Kategóriák: Linux

OpenWrt "Chaos Calmer" 15.05 released

p, 2015-09-11 14:46
The OpenWrt 15.05 release is out. This release includes a number of new features, including improved package signing, support for hardened builds and jails, a lot of new hardware support, and much more. (See also: LWN's review of the 15.05 release from July).
Kategóriák: Linux Weekly Edition for September 11, 2015

p, 2015-09-11 02:12
The Weekly Edition for September 11, 2015 is available.
Kategóriák: Linux

Shah: QEMU Maintainers on the 2.4 Release

cs, 2015-09-10 16:33
On his blog, QEMU developer Amit Shah gathered up information on the recent QEMU 2.4 release from the maintainers. It takes the form of a video made at KVM Forum, as well as some email comments from those who were not present. "Many contributors to the QEMU and KVM projects meet at the annual KVM Forum conference to talk about new features, new developments, what changed since the last conference, etc. The QEMU project released version 2.4 just a week before the 2015 edition of KVM Forum. I thought that was a good opportunity to gather a few developers and maintainers, and get them on video where we can see them speak about the improvements they made in the 2.4 release, and what we can expect in the 2.5 release."
Kategóriák: Linux

Security updates for Thursday

cs, 2015-09-10 16:14

Debian has updated libvdpau (three vulnerabilities).

Debian-LTS has updated bind9 (denial of service).

Fedora has updated bind (F22: denial of service).

SUSE has updated qemu (SLE12: two vulnerabilities).

Kategóriák: Linux

[$] Easier Python string formatting

cs, 2015-09-10 14:08
Some languages pride themselves on providing many ways to accomplish any given task. Python, instead, tends to focus on providing a single solution to most problems. There are exceptions, though; the creation of formatted strings would appear to be one of them. Despite the fact that there are (at least) three mechanisms available now, Python's developers have just adopted a plan to add a fourth. With luck, this new formatting mechanism (slated for Python 3.6) will improve the traditionally cumbersome string-formatting facilities available in Python.
Kategóriák: Linux

A closer look at the world's first open digital cinema camera (

sze, 2015-09-09 21:22 takes a look at the AXIOM Beta camera, a new professional digital image capturing platform. "The goal of the AXIOM camera, and the global-community-driven apertus° project, is to create a variety of powerful, affordable, open source licensed and sustainable digital cinema tools. The apertus° project was started by filmmakers who felt limited by the available proprietary tools. AXIOM Beta will provide full and open documentation, the ability to add new features and change the behavior of existing features, and the option to add custom accessories." AXIOM Beta is intended primarily for software and hardware developers.
Kategóriák: Linux

Wednesday's security advisories

sze, 2015-09-09 17:30

CentOS has updated haproxy (C7; C6: information leak) and subversion (C7: multiple vulnerabilities).

Debian has updated spice (code execution).

Mageia has updated chromium-browser (MG4,5: multiple vulnerabilities), libidn (MG5: information disclosure), libxml2 (MG4,5: denial of service), ntp (MG4,5: multiple vulnerabilities), pcre (MG4,5: multiple vulnerabilities), php (MG5: multiple vulnerabilities), pure-ftpd (MG4,5: denial of service), ruby-rack (MG4,5: denial of service), ruby-RubyGems (MG4,5: DNS hijacking), screen (MG4,5: denial of service), squid (MG5: security bypass), struts (MG4,5: input validation bypass), util-linux (MG5: file name collision), vorbis-tools (MG4,5: buffer overread), webmin (MG4,5: cross-site scripting), and xmltooling (MG4,5: denial of service).

Oracle has updated haproxy (OL7: information leak) and subversion (OL7: multiple vulnerabilities).

Scientific Linux has updated haproxy (SL6,7: information leak) and subversion (SL7: multiple vulnerabilities).

Ubuntu has updated kernel (15.04: privilege escalation), linux-lts-vivid (14.04: privilege escalation), and oxide-qt (15.04, 14.04: multiple vulnerabilities).

Kategóriák: Linux

Samba 4.3.0 released

sze, 2015-09-09 14:48
Samba 4.3.0 is out. This release has a lot of new features, including a reworked logging system, a new FileChangeNotify subsystem, better trusted domains support, SMB 3.1.1 support, and more.
Kategóriák: Linux

The Free Software Foundation: 30 years in (

k, 2015-09-08 21:01
Jono Bacon interviews John Sullivan, executive director of the FSF, at "What we have been focusing on now are the challenges I highlighted in the first question. We are in desperate need of hardware in several different areas that fully supports free software. We have been talking a lot at the FSF about what we can do to address this, and I expect us to be making some significant moves to both increase our support for some of the projects already out there—as we having been doing to some extent through our Respects Your Freedom certification program—and possibly to launch some projects of our own. The same goes for the network service problem. I think we need to tackle them together, because having full control over the mobile components has great potential for changing how we relate to services, and decentralizing more and more services will in turn shape the mobile components."
Kategóriák: Linux

[$] The LPC Android microconference, part 1

k, 2015-09-08 18:07
The Linux Plumbers Android microconference was held in Seattle on August 20th and looked at a number of topics needing coordination between various players in the Android ecosystem. It was split up into two separate sessions; this summary covers the first three-hour session. Topics covered the state of the staging tree, USB gadgets and ConfigFS, running mainline on consumer devices, partitions and customization, a single binary image for multiple devices, Project Ara, and kdbus.

Click below (subscribers only) for the full report from LPC 2015.

Kategóriák: Linux

Security advisories for Tuesday

k, 2015-09-08 17:43

Arch Linux has updated powerdns (denial of service).

Debian has updated openslp-dfsg (denial of service).

Debian-LTS has updated php5 (multiple vulnerabilities) and screen (denial of service).

Fedora has updated drupal6 (F22; F21: multiple vulnerabilities), drupal6-ctools (F22; F21: multiple vulnerabilities), drupal6-views_bulk_operations (F22; F21: access bypass), drupal7 (F22; F21: multiple vulnerabilities), gdk-pixbuf2 (F22; F21: code execution), mingw-gdk-pixbuf (F22; F21: code execution), and php-twig (F21: code execution).

Mageia has updated bind (MG4,5: denial of service), freeimage (MG4,5: integer overflow), hplip (MG4,5: man-in-the-middle attack), iceape (MG4,5: multiple vulnerabilities), jsoup (MG5: cross-site scripting), lighttpd (MG4,5: log injection), openafs (MG4,5: multiple vulnerabilities), and squashfs-tools (MG4,5: two vulnerabilities).

openSUSE has updated gdk-pixbuf (13.2: code execution), gnutls (13.2, 13.1: denial of service), net-snmp (13.2, 13.1: code execution), perl-XML-LibXML (13.2, 13.1: information disclosure), libgcrypt (13.2, 13.1: two vulnerabilities), and tor (13.2, 13.1: respect SafeLogging).

Red Hat has updated haproxy (RHEL6,7: information leak) and subversion (RHEL7: multiple vulnerabilities).

SUSE has updated bind (SLE11SP1: denial of service), firefox (SLE11SP2,SP1: two vulnerabilities), and java-1_6_0-ibm (SLE11SP3,SP2,SP1: multiple vulnerabilities).

Ubuntu has updated spice (15.04, 14.04: code execution).

Kategóriák: Linux

Linux Plumbers Conference 2016 call for organizers

szo, 2015-09-05 15:20
It's time to figure out who will be organizing the Linux Plumbers Conference in 2016, which is planned to be held in Santa Fe, New Mexico, at the beginning of November, alongside the Kernel Summit. Interested organizers should put together a bid and submit it to the Linux Foundation's Technical Advisory Board by October 5; see this page for details on how the process works. "This is your chance to put your stamp on one of our community's most important gatherings in a year when we will be celebrating 25 years of the Linux kernel."
Kategóriák: Linux

Mozilla: Improving Security for Bugzilla

p, 2015-09-04 23:03

The Mozilla blog has disclosed that the official Mozilla instance of Bugzilla was recently compromised by an attacker who stole "security-sensitive information" related to unannounced vulnerabilities in Firefox—in particular, the PDF Viewer exploit discovered on August 5. The blog post explains that Mozilla has now taken several steps to reduce the risk of future attacks using Bugzilla as a stepping stone. "As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication. We are reducing the number of users with privileged access and limiting what each privileged user can do. In other words, we are making it harder for an attacker to break in, providing fewer opportunities to break in, and reducing the amount of information an attacker can get by breaking in."

Kategóriák: Linux

Friday's security updates

p, 2015-09-04 16:28

CentOS has updated spice (C7: code execution) and spice-server (C6: code execution).

Debian has updated chromium-browser (multiple vulnerabilities) and screen (denial of service).

Fedora has updated mediawiki (F21; F22: multiple vulnerabilities) and struts (F22: input validation bypass).

openSUSE has updated firefox (13.1, 13.2: multiple vulnerabilities).

Oracle has updated bind (O7; O6; O5: denial of service), bind97 (O5: multiple vulnerabilities), libXfont (O7; O6: multiple vulnerabilities), spice (O7: code execution), and spice-server (O6: code execution).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), openshift (RHOSE3: denial of service), openstack-nova (RHELOSP7: denial of service), qemu-kvm-rhev (RHELOSP7: information leak), spice (RHEL7: code execution), and spice-server (RHEL6: code execution).

Scientific Linux has updated spice-server (SL7; SL6: code execution).

Slackware has updated seamonkey (multiple vulnerabilities).

SUSE has updated kernel (SLELP12 3.12.43; 3.12.39; 3.12.38; 3.12.36; 3.12.32: multiple vulnerabilities).

Ubuntu has updated kernel (12.04: information leak; 14.04: code execution), libvdpau (12.04, 14.04, 15.04: multiple vulnerabilities), linux-lts-trusty (12.04: code execution), linux-ti-omap4 (12.04: information leak), and openslp-dfsg (12.04, 14.04, 15.04: denial of service).

Kategóriák: Linux

The Linux Test Project has been released for September 2015

p, 2015-09-04 00:38
The Linux Test Project (LTP) has made a stable release for September 2015. The previous release was in April. This release has a number of new test cases including ones for user namespaces, virtual network interfaces, umount2(), getrandom(), and more. In addition, the network namespace test cases were rewritten and regression tests have been added for inotify, cpuset, futex_wake(), and recvmsg(). We looked at writing LTP test cases back in January.
Kategóriák: Linux