11 hónap óta
Akamai
released a report pointing out that the
recently-reported CUPS vulnerability
(original disclosure)
could be used to drive distributed denial-of-service (DDoS) attacks as well. Even if an attacker cannot gain remote control over a computer, they can still cause it to fetch a URL of their choice — potentially getting free DDoS amplification.
The Akamai Security Intelligence and Response Team (SIRT) found that more than 198,000 devices are vulnerable to this attack vector and are accessible on the public internet; roughly 34% of those could be used for DDoS abuse (58,000+).
daroc
11 hónap 1 hét óta
Rust has a plethora of smart-pointer types, including reference-counted
pointers, which have special support in the compiler to make them
easier to use. The Rust-for-Linux project would like to reap those same benefits
for its smart pointers, which need to be written by hand to conform to
the
Linux kernel
memory model. Xiangfei Ding
presented at Kangrejos about the work to enable custom
smart pointers to function the same as built-in smart pointers.
daroc
11 hónap 1 hét óta
The
6.11.2,
6.10.13,
and
6.6.54 stable kernels have been released.
They contain important fixes, and upgrading is, as always, recommended.
daroc
11 hónap 1 hét óta
The SUSE Security Team Blog has a detailed
report on its discovery of a privilege escalation in the
oath-toolkit,
which provides libraries and utilities for managing one-time password
(OTP) authentication.
Fellow SUSE engineer Fabian Vogt approached our Security Team about
the project's PAM module. A couple of years ago, the module gained a
feature which allows to place the OTP state file (called usersfile) in
the home directory of the to-be-authenticated user. Fabian noticed
that the PAM module performs unsafe file operations in users' home
directories. Since PAM stacks typically run as root, this can easily
cause security issues.
jzb
11 hónap 1 hét óta
Security updates have been issued by AlmaLinux (firefox, golang, linux-firmware, and thunderbird), Debian (kernel and zabbix), Fedora (firefox, pgadmin4, and php), Mageia (chromium-browser-stable, cjson, hostapd and wpa_supplicant, and openjpeg2), Oracle (firefox, flatpak, and go-toolset:ol8), Red Hat (cups-filters, firefox, grafana, linux-firmware, python3, python3.11, and python3.9), SUSE (expat, firefox, libpcap, and opensc), and Ubuntu (freeradius, imagemagick, and unzip).
daroc
11 hónap 1 hét óta
Cameras were never the simplest of devices for Linux to support; they have
a wide range of operating parameters and can generate high rates of data.
In recent years, though, they have become increasingly complex, stressing
the ability of the kernel's
media
subsystem to manage them. At the 2024
Linux Plumbers Conference, developers from
that subsystem and beyond gathered to discuss the state of affairs and how
complex camera devices should be supported in the future.
corbet
11 hónap 1 hét óta
Security updates have been issued by AlmaLinux (cups-filters), Debian (chromium and php8.2), Fedora (firefox), Oracle (cups-filters, flatpak, kernel, krb5, oVirt 4.5 ovirt-engine, and python-urllib3), Red Hat (cups-filters, firefox, go-toolset:rhel8, golang, and thunderbird), SUSE (postgresql16), and Ubuntu (gnome-shell and linux-azure-fde-5.15).
jake
11 hónap 1 hét óta
The LWN.net Weekly Edition for October 3, 2024 is available.
corbet
11 hónap 1 hét óta
The open-source vector-graphics editor,
Inkscape, is expected to release
version 1.4
in October. The release represents an evolutionary step for the program, which
brings new features, user-interface improvements, new and improved
file-format support, and important changes to the code base. The changes in
this release should improve the user experience for both casual and
professional designers, and make Inkscape more compatible with proprietary
vector-graphics software, including Adobe Illustrator and Affinity
Designer.
jake
11 hónap 1 hét óta
BPF Type Format (BTF),
BPF's debugging information format, has undergone rapid evolution to match
the evolving needs of BPF programs. José Marchesi spoke at Kangrejos about some
of that work — and how it could impact Rust, specifically. He discussed debug
information, kernel-specific relocations, and the planned changes to kernel
stack unwinding. Each of these will require some amount of work to fully
support in Rust, but preliminary signs look promising.
daroc
11 hónap 1 hét óta
Version
24.1 of the Arch-based Manjaro
distribution is now available with the 6.10 Linux kernel,
GNOME 46.5, KDE Plasma 6.1 and KDE Gear 24.08:
Plasma 6.1 on Wayland now has a feature that "remembers" what you were
doing in your last session like it did under X11. Although this is
still work in progress, If you log off and shut down your computer
with a dozen open windows, Plasma will now open them for you the next
time you power up your desktop, making it faster and easier to get
back to what you were doing. At Manjaro we are still defaulting to
X11, however switching to Wayland can be done easily by selecting the
wanted session in your display manager.
The project also offers minimal install images with the 6.6 LTS and
6.1 LTS kernels to support older hardware as needed.
jzb
11 hónap 1 hét óta
Security updates have been issued by AlmaLinux (grafana), Fedora (cjson and php), Oracle (389-ds-base, freeradius, grafana, kernel, and krb5), Slackware (cryfs, cups, and mozilla), SUSE (OpenIPMI, openssl-3, openvpn, thunderbird, and tomcat), and Ubuntu (cups, cups-filters, knot-resolver, linux-raspi, linux-raspi-5.4, orc, php7.4, php8.1, php8.3, python-asyncssh, ruby-devise-two-factor, and vim).
jzb
11 hónap 1 hét óta
Version 7.1 of
the FFmpeg audio/video toolkit has been released. Important changes in
this release include the VVC decoder reaching stable status, and
inclusion of support for MV-HEVC decoding (which is generated by
recent phones and VR headsets), as well as support for Vulkan encoding
with H264 and HEVC. See the announcement and changelog
for full details.
jzb
11 hónap 1 hét óta
Version
131.0 of the Firefox browser has been released. Changes include the
ability to temporarily grant permissions to sites and a preview that pops
up when hovering over tabs.
corbet
11 hónap 1 hét óta
One concern that has often been expressed about the Rust language is that
there is only one compiler for it. That makes it hard to say what the
standard version of the language is and restricts the architectures that
can be targeted by Rust code to those that the available compiler supports.
Adding a Rust frontend to GCC would do much to address those concerns; at
the
2024 GNU Tools
Cauldron, Pierre-Emmanuel Patry gave an update on the state of that
work and what its objectives are.
corbet
11 hónap 1 hét óta
Security updates have been issued by Debian (debian-security-support, nghttp2, and sqlite3), Oracle (cups-filters, kernel, and osbuild-composer), SUSE (openssl-3), and Ubuntu (bubblewrap, flatpak and python2.7, python3.5).
corbet
11 hónap 1 hét óta
Tathagata Roy has been working to make the
Coccinelle tool that is used (among other things)
to automate the refactoring of C code work on Rust
code as well. Roy gave a
presentation at Kangrejos about that work,
including the creative approaches necessary to work with Rust's more complicated
control flow and syntax.
daroc
11 hónap 1 hét óta
Linus Torvalds
released
6.12-rc1 and closed the 6.12 merge window on September 29; at that
point, 11,260 non-merge change sets had been pulled into the mainline for
the 6.12 release. That is the lowest number of merge-window changes since
5.17-rc1 in January 2022, which brought in 11,068 changesets. Nonetheless,
6.12 brings a number of interesting changes, many of which were included in
the roughly 4,500 changes merged since
the
summary of the first half of the 6.12 merge window was written.
corbet
11 hónap 1 hét óta
WordPress is the world's most
popular open‑source blogging and content‑management platform. In its
20‑plus years of existence, WordPress has been something of a poster
child for open source, similar to Linux and Firefox. It introduced the
concept of open source to millions of bloggers, small‑business owners,
and others who have deployed WordPress to support their web‑publishing
needs. Unfortunately, it is now in the spotlight due to an increasingly
ugly dispute between two companies, Automattic and WP Engine, that has spilled over into
the WordPress community.
jzb
11 hónap 1 hét óta
The
6.11.1,
6.10.12,
6.6.53, and
6.1.112 stable kernels have been released.
Each contains important fixes and users of those series should upgrade.
jake
Ellenőrizve
13 perc 38 másodperc ago
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Feliratkozás a következőre: Linux Weekly News hírcsatorna