Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 1 perc 25 másodperc
Debian has updated dovecot (denial of service).
Fedora has updated check-mk (F20; F19: file disclosure), cifs-utils (F19: code execution), cups-filters (F19: command execution), gnutls (F19: code execution), libgadu (F19: code execution), libpng (F19: denial of service), libtasn1 (F19: multiple vulnerabilities), libtiff (F19: code execution), mediawiki (F20; F19: don't parse usernames as wikitext), mingw-curl (F20; F19: multiple vulnerabilities), mingw-freetype (F20; F19: two vulnerabilities), mingw-gnutls (F20; F19: code execution), mingw-icu (F20; F19: denial of service), mingw-libgcrypt (F19: information leak), mingw-libjpeg-turbo (F20; F19: information leak), mingw-libpng (F19: multiple vulnerabilities), mingw-libtiff (F20; F19: multiple vulnerabilities), mingw-pixman (F20; F19: denial of service), mingw-readline (F20; F19: insecure temporary files), openssh (F19: two vulnerabilities), qemu (F20: multiple vulnerabilities), and qt3 (F20; F19: denial of service).
Gentoo has updated adobe-flash (multiple vulnerabilities).
Mandriva has updated curl (multiple vulnerabilities), file (denial of service), gnutls (BS 1.0; ES 5.0: code execution), libcap-ng (privilege escalation), libtasn1 (multiple vulnerabilities), openssl (ES 5.0; BS 1.0: multiple vulnerabilities), otrs (cross-site scripting), php (denial of service), python-django (ES 5.0; BS 1.0: multiple vulnerabilities), and squid (denial of service).
Slackware has updated php (multiple vulnerabilities).
Red Hat has sent out a suitably buzzword-laden press release announcing the availability of Red Hat Enterprise Linux 7. "Bare metal servers, virtual machines, Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) are converging to form a robust, powerful datacenter environment to meet constantly changing business needs. Answering the heterogeneous realities of modern enterprise IT, Red Hat Enterprise Linux 7 offers a cohesive, unified foundation that enables customers to balance modern demands while reaping the benefits of computing innovation, like Linux Containers and big data, across physical systems, virtual machines and the cloud – the open hybrid cloud."
Bradley Kuhn tells free software projects that they need not worry about contributor license agreements. "Thus, I encourage those considering a CLA to look past the 'nice assurances we'd like to have — all things being equal' and focus on the 'what legal assurances our FLOSS project actually needs to assure its thrives'. I've spent years doing that analysis; I've concluded quite simply: in this regard, all a project and its legal home actually need is a clear statement and/or assent from the contributor that they offer the contribution under the project's known FLOSS license."
The GNOME Foundation is governed by a seven-member board of directors who are elected annually. The just-completed vote had eleven people vying for those seats. Unless there is a challenge to the voting process, the new board members are: Sriram Ramkrishna, Ekaterina Gerasimova, Karen Sandler, Andrea Veri, Jeff Fortin, Tobias Mueller, and Marina Zhurakhinskaya. We looked at the question of corporate involvement in GNOME as one of the election issues being discussed in last week's edition.
Version 1.0 of the Docker application containerization system has been announced. It includes a number of new features; it is also the first version that the developers are willing to put forward as being production-ready. "Second, this milestone signifies Docker’s coming into its own as an open platform for distribution apps. In particular, the community’s use of Docker in such a wide variety of use-cases and apps in every phase of the application lifecycle confirms this. So from today you’ll hear us talk about Docker as a platform, its components being Docker Engine, the container runtime and packaging tool, and Docker Hub, a cloud-based service for collaboration, content, and workflow automation."
The CyanogenMod 11.0 M7 release is now available. Changes this time around include an overhaul of the theme chooser, a new calculator app, incorporation of ffmpeg for wider media format support, and more. "To get ahead of the inevitable questions, this release is based on Android 4.4.2. The 4.4.3 source has been merged into CM for nightlies, but given the source code was only made available last week, we chose not to rush the new code into the stable branch."
Debian has updated dpkg (two file modification via path traversal flaws).
Slackware has updated mozilla-firefox (multiple vulnerabilities).
Linus has released the 3.15 kernel after one week of overlapping development with the 3.16 merge window. Headline features in 3.15 include some significant memory management improvements, the renameat2() system call, file-private POSIX locks, a new device mapper target called dm-era, faster resume from suspend, and more.
Linus also noted that, while overlapping the 3.16 merge window with the final 3.15 stabilization worked well enough, he is not necessarily inclined to do it every time. "I also don't think it was such a wonderful experience that I'd want to necessarily do the overlap every time, without a good specific reason for doing so. It was kind of nice being productive during the last week or rc (which is usually quite boring and dead), but I think it might be a distraction when people should be worrying about the stability of the rc."
Greg Kroah-Hartman has released the latest batch of stable kernels: 3.14.6, 3.10.42, and 3.4.92. As usual, each contains fixes all over the tree and users of those kernel series should upgrade.
Libre Graphics World has an interview with Alexandre Gauthier (the developer behind the open-source video compositor Natron) as well as an overview of the most recent release. Gauthier addresses the at times controversial decision to build an interface similar to that of proprietary applications that also support the OpenFX plugin standard: "when you implement an application which will be used by professionals who potentially have a lot of background in the usage of such software, you want to make sure you don't break all their habits, otherwise they won't bother. When you have an entire keyboard layout in mind and you need to switch to another, this is a lot of pain. When you have to spend afternoons just to find how to configure the same plug-in but on another application this can be very frustrating." Among other topics, the interview also delves into the complex history behind Natron and other OpenFX applications.
CentOS has updated openssl (C5: man-in-the-middle attack).
Mageia has updated emacs (M3, M4: multiple vulnerabilities), file (M3, M4: multiple vulnerabilities), libcap-ng (M3, M4: privilege escalation), mediawiki (M3, M4: cross-site scripting), openssl (M3, M4: multiple vulnerabilities), tor (M3, M4: information disclosure), and wordpress (M3, M4: multiple vulnerabilities).
Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), kernel (10.04; 13.10; 12.04; 14.04: multiple vulnerabilities), linux-lts-quantal (12.04: privilege escalation), linux-lts-raring (12.04: multiple vulnerabilities), linux-lts-saucy (12.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).
On his blog, GNOME contributor Allan Day writes about a redesign of the GNOME 3 notification mechanisms. It includes a new Message Tray design as well as reworking the lock-screen notifications and the notification banners themselves. "The final goal is one that was at the core of the original design, and which is central to the design of GNOME 3 as a whole: that is, to be noticable and useful without being distracting. Wherever possible with GNOME 3, we have tried to produce a distraction-free experience which helps you concentrate on the task in hand. This requires a fine balancing act, which can be tricky to get right. With the new designs, we want to change that balance slightly, by making notifications a bit more noticable and by providing more effective reminders, but we still want to retain the emphasis on avoiding distraction."
Debian has updated kernel (three vulnerabilities), libav (multiple unspecified vulnerabilities), openssl (multiple vulnerabilities), python-bottle (security mechanism bypass), and python-gnupg (shell command injection).
Mageia has updated chkrootkit (privilege escalation).
Red Hat has updated kernel (RHEL6: three vulnerabilities), openssl (Extended lifecycle support products; RHEL5: man-in-the-middle attack; RHEL6: multiple vulnerabilities including one from 2010), and openssl097a and openssl098e (man-in-the-middle attack).
SUSE has updated gnutls (SLE11SP3: multiple vulnerabilities).
Ubuntu has updated openssl (multiple vulnerabilities).
The OpenSSL project has disclosed another set of vulnerabilities, including one that could enable man-in-the-middle attacks and one that could maybe lead to code execution. Expect updates from distributors soon. For the curious, Masashi Kikuchi, the discoverer of the MITM vulnerability, has posted the story of how it was found.
The LWN.net Weekly Edition for June 5, 2014 is available.
The eighth annual PostgreSQL developer conference, known as PGCon, concluded on May 24th in Ottawa, Canada. This event has stretched into five days of meetings, talks, and discussions for 230 members of the PostgreSQL core community, which consists both of contributors and database administrators. PGCon serves to focus the whole PostgreSQL development community on deciding what's going to be in next year's PostgreSQL release as well as on showing off new features that contributors have developed. This year's conference included meetings of the main PostgreSQL team as well as for the Postgres-XC team, a keynote by Dr. Richard Hipp, and new code to put VODKA in your database.
Subscribers can click below for the full report from guest author Josh Berkus.
Cupid is an exploit for the Heartbleed bug in OpenSSL that can target both servers and endpoints running Linux and Android, reports PCMagazine. "Luis Grangeia, a researcher at SysValue, created a proof-of-concept code library that he calls "Cupid." Cupid consists of two patches to existing Linux code libraries. One allows an "evil server" to exploit Heartbleed on vulnerable Linux and Android clients, while the other allows an "evil client" to attack Linux servers. Grangeia has made the source code freely available, in hopes that other researchers will join in to learn more about just what kind of attacks are possible."
Debian has updated chkrootkit (privilege escalation).
Red Hat has updated gnutls (RHEL5: multiple vulnerabilities), gnutls (RHEL6: code execution), kernel (RHEL6.3 EUS: two vulnerabilities), libtasn1 (RHEL6: multiple vulnerabilities), and squid (RHEL6: denial of service).
Ubuntu has updated chkrootkit (privilege escalation).
Ars Technica reports on a buffer overflow in GnuTLS, which is an alternative to OpenSSL for SSL/TLS support. The length checks for the session ID in the ServerHello message were not correct, which allowed the overflow. "Maliciously configured servers can exploit the bug by sending malformed data to devices as they establish encrypted HTTPS connections. Devices that rely on an unpatched version of GnuTLS can then be remotely hijacked by malicious code of the attacker's choosing, security researchers who examined the fix warned. The bug wasn't patched until Friday [May 30], with the release of GnuTLS versions 3.1.25, 3.2.15, and 3.3.4. While the patch has been available for three days, it will protect people only when the GnuTLS-dependent software they use has incorporated it. With literally hundreds of packages dependent on the library, that may take time." This analysis shows how the bug could be exploited for arbitrary code execution.
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Legfrissebb HUP dokumentumok
Ha mostanában alsókategóriás laptopot vennék, akkor a(z) .... választanám.
TOSHIBA Satelite C50D-A-139
LENOVO IdeaPad G500 59-390509
ACER Aspire E1-532 NX.MFVEU
HP 255 G1 H6R17EA
DELL Inspiron 15 3541 14799
Csak az eredmény érdekel.
Összes szavazat: 195