Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 1 perc 59 másodperc

Security updates for Thursday

cs, 2015-04-16 17:01

Debian has updated gst-plugins-bad0.10 (code execution), inspircd (code execution from 2012), movabletype-opensource (code execution), and ppp (denial of service).

Debian-LTS has updated ruby1.9.1 (three vulnerabilities).

Mageia has updated java-1.7.0-openjdk (multiple vulnerabilities), mono (three SSL/TLS vulnerabilities), and python-dulwich (two code execution flaws).

openSUSE has updated flash-player (11.4: 45 vulnerabilities) and rubygem-rest-client (13.2, 13.1: plaintext password logging).

Oracle has updated java-1.6.0-openjdk (OL5: unspecified vulnerabilities) and java-1.7.0-openjdk (OL5: unspecified vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), java-1.6.0-openjdk (RHEL5,6&7: multiple vulnerabilities), java-1.7.0-openjdk (RHEL5; RHEL6&7: multiple vulnerabilities), and java-1.8.0-openjdk (RHEL6&7: multiple vulnerabilities).

Scientific Linux has updated java-1.6.0-openjdk (SL5,6&7: multiple vulnerabilities), java-1.7.0-openjdk (SL5; SL6&7: multiple vulnerabilities), and java-1.8.0-openjdk (SL6&7: multiple vulnerabilities).

SUSE has updated flash-player (SLE11SP3: 22 vulnerabilities).

Kategóriák: Linux

[$] LWN.net Weekly Edition for April 16, 2015

cs, 2015-04-16 02:48
The LWN.net Weekly Edition for April 16, 2015 is available.
Kategóriák: Linux

[$] Plotting tools for networks, part I

sze, 2015-04-15 23:50

In the first two installments in this series on plotting tools (which covered gnuplot and matplotlib), we introduced tools for creating plots and graphs, and used the terms interchangeably to refer to the typical scientific plot relating one set of quantities to another. In this article we use the term "graph" in its mathematical, graph-theory context, meaning a set of nodes connected by edges. There is a strong family resemblance among graph-theory graphs, flowcharts, and network diagrams—so much so that some of the same tools can be coerced into creating all of them. We will now survey several mature free-software systems for building these types of visualizations. At least one of these tools will likely be useful if you are ever in need of an automated way to diagram source-code interdependencies, make an organizational chart, visualize a computer network, or organize a sports tournament. We will start with a graphical charting tool and a flexible graphing system that can easily be called by other programs.


Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-04-15 18:42

CentOS has updated java-1.6.0-openjdk (C7; C6; C5: multiple vulnerabilities), java-1.7.0-openjdk (C7; C6; C5: multiple vulnerabilities), and java-1.8.0-openjdk (C7; C6: multiple vulnerabilities).

Debian-LTS has updated libvncserver (multiple vulnerabilities) and libx11 (code execution).

Mageia has updated arj (multiple vulnerabilities), asterisk (SSL server spoofing), flash-player-plugin (multiple vulnerabilities), glusterfs (denial of service), librsync (file checksum collision), ntp (two vulnerabilities), qemu (denial of service), quassel (denial of service), shibboleth-sp (denial of service), socat (denial of service), tor (denial of service), and wesnoth (information leak).

Oracle has updated java-1.6.0-openjdk (OL6: multiple vulnerabilities), java-1.7.0-openjdk (OL6: multiple vulnerabilities), and java-1.8.0-openjdk (OL6: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL5,6 Supplementary: multiple vulnerabilities).

SUSE has updated Adobe Flash Player (SLEWE12, SLED12: multiple vulnerabilities).

Kategóriák: Linux

Debian project leader election results

sze, 2015-04-15 15:14
This year's Debian project election leader election has concluded, with Neil McGovern winning by a conclusive margin.
Kategóriák: Linux

[$] Report from the Python Language Summit

sze, 2015-04-15 00:25
The first half of our report from the Python Language Summit is now available. Subscribers can click below to access reports from five sessions held before lunch covering topics like the atomicity of Python operations, making Python 3 more attractive to developers, PyParallel, infrastructure for Python development, and Python 3 adoption. We will be adding more reports to this page as they become available.
Kategóriák: Linux

OIN Expands the Linux System Definition

k, 2015-04-14 21:05
Open Invention Network (OIN) has announced that it has updated its Linux System patent non-aggression coverage. "For this update, 115 new packages will be added to the Linux System, out of almost 800 proposed by various parties. Key additions are the reference implementations of the popular Go and Lua programming languages, Nginx, Openshift, and development tools like CMake and Maven. This update will represent an increase of approximately 5% of the total number of packages covered in the Linux System, a reflection of the incremental and disciplined nature of the update process."
Kategóriák: Linux

KDE Ships Plasma 5.3 Beta

k, 2015-04-14 20:51
A beta version of Plasma 5.3 has been released. This release features enhanced power management, better Bluetooth capabilities, improved Plasma widgets, a tech preview of Plasma Media Center, big steps towards Wayland support, and lots of bug fixes.
Kategóriák: Linux

Tuesday's security updates

k, 2015-04-14 17:41

Arch Linux has updated ruby (man-in-the-middle attack).

CentOS has updated openssl (C5: multiple vulnerabilities).

Debian-LTS has updated ia32-libs (multiple vulnerabilities).

Oracle has updated openssl (OL5: multiple vulnerabilities).

Red Hat has updated kernel (RHEL6.4: privilege escalation).

Scientific Linux has updated xorg-x11-server (SL7, SL6: information leak/denial of service).

Ubuntu has updated apport (14.10, 14.04: privilege escalation), libx11, libxrender (14.10, 14.04, 12.04: code execution), and ntp (14.10, 14.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

The Document Liberation, one year after

h, 2015-04-13 21:35
The Document Foundation's project Document Liberation looks at its progress during the past year. "During 2014, members of the project released a new framework library, called librevenge, which contains all the document interfaces and helper types, in order to simplify the dependency chain. In addition, they started a new library for importing Adobe PageMaker documents, libpagemaker, written as part of Google Summer of Code 2014 by Anurag Kanungo. Existing libraries have also been extended with the addition of more formats, like libwps with the addition of Microsoft Works Spreadsheet and Database by Laurent Alonso. He is now working on adding support for Lotus 1-2-3, which is one of the most famous legacy applications for personal computers. Laurent has also added support for more than twenty legacy Mac formats to libmwaw."
Kategóriák: Linux

Stable kernel updates

h, 2015-04-13 20:05
Greg KH has released stable kernels 3.19.4, 3.14.38, and 3.10.74. All of them contain the usual set of important fixes.
Kategóriák: Linux

Security advisories for Monday

h, 2015-04-13 19:06

Arch Linux has updated icecast (denial of service).

CentOS has updated xorg-x11-server (C6: information leak).

Debian has updated chrony (multiple vulnerabilities), das-watchdog (privilege escalation), libdbd-firebird-perl (buffer overflow), libtasn1-3 (denial of service), libx11 (code execution), ntp (two vulnerabilities), and wesnoth-1.10 (information leak).

Debian-LTS has updated chrony (multiple vulnerabilities), das-watchdog (privilege escalation), libtasn1-3 (denial of service), and ntp (two vulnerabilities).

Fedora has updated arj (F20: multiple vulnerabilities), ca-certificates (F21; F20: certificate update), ImageMagick (F21: multiple vulnerabilities), libxml2 (F20: denial of service), openldap (F21: denial of service), qemu (F21: multiple vulnerabilities), varnish (F21: heap buffer overflow), and xen (F21; F20: multiple vulnerabilities).

Gentoo has updated apache (multiple vulnerabilities), mysql (multiple unspecified vulnerabilities), sudo (information disclosure), and xen (multiple vulnerabilities).

Mandriva has updated batik (MBS1,2: information leak).

openSUSE has updated kernel (13.2; 13.1: multiple vulnerabilities) and tor (13.2, 13.1: denial of service).

Red Hat has updated openssl (RHEL5: multiple vulnerabilities).

Scientific Linux has updated openssl (SL5: multiple vulnerabilities).

SUSE has updated firefox (SLES12; SLED12: multiple vulnerabilities).

Kategóriák: Linux

Hubička: Link time and inter-procedural optimization improvements in GCC 5

h, 2015-04-13 14:08
Jan Hubička has posted a lengthy discussion of the optimization improvements found in the upcoming GCC 5.0 release. "Identical code folding is a new pass (contributed by Martin Liška, SUSE) looking for functions with the same code and variables with the same constructors. If some are found, one copy is removed and replaced one by an alias to another where possible. This is especially important for C++ code bases that tend to contain duplicated functions as a result of template instantiations."
Kategóriák: Linux

The 4.0 kernel has been released

h, 2015-04-13 09:32
Linus has released the 4.0 kernel right on schedule. "Feature-wise, 4.0 doesn't have all that much special. Much have been made of the new kernel patching infrastructure, but realistically, that not only wasn't the reason for the version number change, we've had much bigger changes in other versions. So this is very much a 'solid code progress' release." Beyond the (incomplete) live-patching mechanism, this release includes the removal of the remap_file_pages() system call, improved persistent memory support, the lazytime mount option, and the kernel address sanitizer.
Kategóriák: Linux

Turon: Fearless Concurrency with Rust

p, 2015-04-10 19:54
Aaron Turon has posted a lengthy introduction to concurrency in the Rust programming language. "Every data type knows whether it can safely be sent between or accessed by multiple threads, and Rust enforces this safe usage; there are no data races, even for lock-free data structures. Thread safety isn't just documentation; it's law."
Kategóriák: Linux

Friday's security updates

p, 2015-04-10 17:07

Arch Linux has updated mediawiki (multiple vulnerabilities).

CentOS has updated xorg-x11-server (C7: information leak/denial of service).

Debian has updated dpkg (integrity-verification bypass).

Fedora has updated arj (F21: multiple vulnerabilities), echoping (F20; F21: multiple vulnerabilities), and python-dulwich (F20; F21: code execution).

Mageia has updated batik (M4: information leak), chromium-browser-stable (M4: multiple vulnerabilities), jakarta-taglibs-standard (M4: code execution), less (M4: information leak), mediawiki (M4: multiple vulnerabilities), openldap (M4: denial of service), qt-creator (M4: key-verification failure), suricata (M4: denial of service), and xerces-c (M4: denial of service).

Mandriva has updated arj (BS1: multiple vulnerabilities), less (BS1,2: information leak), mediawiki (BS1: multiple vulnerabilities), and ntp (BS1,2: multiple vulnerabilities).

Oracle has updated xorg-x11-server (O6; O7: information leak/denial of service).

Red Hat has updated qemu-kvm-rhev (RHEL OSP: privilege escalation) and xorg-x11-server (RHEL6,7: information leak/denial of service).

Scientific Linux has updated krb5 (SL6: multiple vulnerabilities).

SUSE has updated libXfont (SLE12: multiple vulnerabilities).

Ubuntu has updated dpkg (integrity-verification bypass).

Kategóriák: Linux

X.org election results

p, 2015-04-10 13:38
As was discussed in this LWN article, the X.Org Foundation recently held an election to choose four board members and decide whether to change the organization's by-laws to enable it to become a member of Software in the Public Interest (SPI). The results are now available. The board members elected are Peter Hutterer, Martin Peres, Rob Clark, and Daniel Vetter. The measure to change the by-laws did not pass, though, despite receiving only two "no" votes, because the required two-thirds majority was not reached.
Kategóriák: Linux

Linux Foundation to host Let's Encrypt

p, 2015-04-10 01:44

The Linux Foundation (LF) has announced that it will serve as host of the Let's Encrypt project, as well as the Internet Security Research Group (ISRG). Let's Encrypt is the free, automated SSL/TLS certificate authority that was announced in November 2014 by the Electronic Frontier Foundation (EFF) to provide TLS certificates for every domain on the web. ISRG is the non-profit organization created to spearhead efforts like Let's Encrypt (which, as of now, is ISRG's only public project). In the LF announcement, executive director Jim Zemlin notes that "by hosting this important encryption project in a neutral forum we can accelerate the work towards a free, automated and easy security certification process that benefits millions of people around the world."

Kategóriák: Linux

Thursday's security updates

cs, 2015-04-09 17:53

Arch Linux has updated chrony (denial of service).

CentOS has updated krb5 (C6: multiple vulnerabilities).

Debian-LTS has updated arj (multiple vulnerabilities), checkpw (denial of service), libgcrypt11 (multiple vulnerabilities), and libgd2 (multiple vulnerabilities).

Fedora has updated drupal7-webform (F20; F21: unspecified vulnerability), firefox (F21: multiple vulnerabilities), powerpc-utils-python (F20; F21: code execution), and xterm (F20; F21: denial of service).

Mandriva has updated java-1.8.0-openjdk (BS2: multiple vulnerabilities).

Oracle has updated kernel (O5: multiple vulnerabilities) and krb5 (O6: denial of service).

Red Hat has updated krb5 (RHEL6: multiple vulnerabilities).

Ubuntu has updated kernel (12.04; 14.04; 14.10: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

Kategóriák: Linux

[$] LWN.net Weekly Edition for April 9, 2015

cs, 2015-04-09 01:48
The LWN.net Weekly Edition for April 9, 2015 is available.
Kategóriák: Linux