Security updates for Wednesday
[Security] Posted May 22, 2013 16:51 UTC (Wed) by ris
CentOS has updated kernel (C5:
denial of service).
Fedora has updated gallery3 (F18; F17:
cross-site scripting) and openstack-keystone (F18: multiple
vulnerabilities).
Mandriva has updated krb5 (UDP
ping-pong flaw in kpasswd).
Red Hat has updated kernel (RHEL5:
denial of service).
Scientific Linux has updated kernel
(SL5: denial of service).
SUSE has updated java-1_6_0-openjdk
(multiple vulnerabilities) and kernel
(privilege escalation).
Ubuntu has updated libtiff (two
vulnerabilities).
Comments (none posted)
Debian GNU/Hurd 2013 released
[Distributions] Posted May 22, 2013 2:36 UTC (Wed) by jake
While it is not an official Debian release, the Debian GNU/Hurd team has announced the release of Debian GNU/Hurd 2013. GNU Hurd is a Unix-style kernel based on the Mach microkernel and Debian GNU/Hurd makes much of the Debian system available atop that kernel.
Debian GNU/Hurd is currently available for the i386 architecture with more than 10.000 software packages available (more than 75% of the Debian archive, and more to come!).
Please make sure to read the configuration information, the FAQ, and the translator primer to get a grasp of the great features of GNU/Hurd.
Due to the very small number of developers, our progress of the project has not been as fast as other successful operating systems, but we believe to have reached a very decent state, even with our limited resources.
Comments (18 posted)
[$] An unexpected perf feature
[Kernel] Posted May 21, 2013 22:10 UTC (Tue) by jake
Local privilege escalations seem to be regularly found in the Linux kernel
these days, but they usually aren't quite so old—more than two years
since the release of 2.6.37—or backported into even earlier kernels.
But CVE-2013-2094
is just that kind of bug, with a now-public exploit that apparently dates
back to 2010.
Click below (subscribers only) for LWN's look at this vulnerability.
Full Story (comments: 25)
QEMU 1.5.0 released
[Development] Posted May 21, 2013 16:17 UTC (Tue) by corbet
Version 1.5.0 of the QEMU hardware emulator is out. "This release
was developed in a little more than 90 days by over 130 unique authors
averaging 20 commits a day. This represents a year-to-year growth of over
38 percent making it the most active release in QEMU history." Some
of the new features include KVM-on-ARM support, a native GTK+ user
interface, and lots of hardware support and performance improvements. See
the change log for lots of
details.
Full Story (comments: 6)
Tuesday's security updates
[Security] Posted May 21, 2013 15:45 UTC (Tue) by ris
Fedora has updated tomcat (F18; F17:
information disclosure) and krb5 (F18: UDP
ping-pong flaw in kpasswd).
openSUSE has updated tiff (12.2; 12.1: buffer
overflows) and clamav (12.2; 12.1: multiple vulnerabilities).
Red Hat has updated kernel-rt
(multiple vulnerabilities) and kernel (RHEL 6.2 EUS; RHEL 6.1 EUS: privilege
escalation).
Slackware has updated kernel
(privilege escalation).
Comments (none posted)
Ktap 0.1 released
[Kernel] Posted May 21, 2013 13:32 UTC (Tue) by corbet
A new kernel tracing tool called "ktap" has made its first release. "KTAP have
different design principles from Linux mainstream dynamic tracing language
in that it's based on bytecode, so it doesn't depend upon GCC, doesn't
require compiling a kernel module, safe to use in production environment,
fulfilling the embedded ecosystem's tracing needs." It's in an
early state; the project is looking for testers and contributors.
Comments (10 posted)
Kernel prepatch 3.10-rc2
[Kernel] Posted May 20, 2013 22:09 UTC (Mon) by corbet
The second 3.10 kernel prepatch is out for
testing. "For being an -rc2, it's not unreasonably sized, but I did
take a few pulls that I wouldn't have taken later in the rc series. So it's
not exactly small either. We've got arch updates (PPC, MIPS, PA-RISC),
we've got driver fixes (net, gpu, target, xen), and we've got filesystem
updates (btrfs, ext4 and cepth - rbd)."
Comments (none posted)
Security advisories for Monday
[Security] Posted May 20, 2013 16:32 UTC (Mon) by ris
Fedora has updated mediawiki (F18; F17:
multiple vulnerabilities) and libtiff (F17:
buffer overflows).
Mageia has updated kernel (multiple
vulnerabilities), kernel-linus (multiple
vulnerabilities), kernel-tmb (multiple
vulnerabilities), kernel-rt (multiple
vulnerabilities), and kernel-vserver
(multiple vulnerabilities).
openSUSE has updated telepathy-idle
(certificate validation error) and gnutls
(plaintext recovery).
SUSE has updated acroread (multiple
vulnerabilities), and oracle-update (SM 1.7; SM 1.2: multiple vulnerabilities).
Comments (none posted)
Stable kernels 3.9.3, 3.4.46, and 3.0.79
[Kernel] Posted May 19, 2013 20:16 UTC (Sun) by jake
Greg Kroah-Hartman has announced the release of the 3.9.3, 3.4.46,
and 3.0.79 stable kernels. As always, they
contain important fixes throughout the tree, so users should upgrade.
Comments (none posted)
NetBSD 6.1
[Distributions] Posted May 19, 2013 19:49 UTC (Sun) by ris
The NetBSD Project has announced
NetBSD 6.1, the first feature update of the NetBSD 6 release
branch. "It represents a selected subset of fixes deemed important
for security or stability reasons, as well as new features and
enhancements." See the changelog
for details.
Comments (15 posted)
Mageia 3 released
[Distributions] Posted May 19, 2013 13:42 UTC (Sun) by corbet
The much-delayed Mageia
3 release is out. "We dedicate this release to the memory of
Eugeni Dodonov, our friend, our colleague and a great inspiration to those
he left behind. We miss his brilliance, his courtesy and his
dedication." Changes include an RPM upgrade, the 3.8 kernel,
availability of GRUB2 (but GRUB is still the default bootloader), and
more. See the
release notes for lots of details.
Comments (6 posted)
Perl 5.18.0 released
[Development] Posted May 19, 2013 13:37 UTC (Sun) by corbet
The Perl 5.18.0 release is out. "Perl v5.18.0 represents approximately 12 months of development since Perl
v5.16.0 and contains approximately 400,000 lines of changes across 2,100
files from 113 authors." See this perldelta
page for details on what has changed.
Full Story (comments: 1)
Sony opens up the Xperia Tablet Z
[Announcements] Posted May 17, 2013 20:06 UTC (Fri) by corbet
Sony has announced
the availability of an Android Open Source Project distribution for its
Xperia Tablet Z device. "For all you developers out there, of course
this means you can now access the software and contribute to this
project. And this is all before the tablet is even available in the US. A
special thanks to our Sony Mobile team for helping us create the package
early and a huge thanks to the Android developer community for all your
support. We can’t wait to see what you’ll do with the code." Source
is available on GitHub.
Comments (25 posted)
Friday's security updates
[Security] Posted May 17, 2013 16:30 UTC (Fri) by n8willis
CentOS has updated kernel (C6; perf privilege escalation) and libvirt (denial of service).
Fedora has updated thunderbird
(multiple vulnerabilities).
openSUSE has updated flash-player (multiple vulnerabilities).
Oracle has updated kernel (OL5, OL6;
perf privilege escalation) and libvirt (denial of service).
Red Hat has updated kernel (RHEL 6, RHEL
6.3; perf privilege escalation) and libvirt (denial of service).
Scientific Linux has updated kernel (perf privilege escalation) and
libvirt (denial of service).
Slackware has updated ruby
(object taint bypassing) and thunderbird (multiple vulnerabilities).
SUSE has updated flash-player
(multiple vulnerabilities).
Ubuntu has updated kernel-ec2
(10.04 LTS; multiple vulnerabilities), openstack-keystone (delayed token
invalidation) and openstack-nova
(denial of service).
Comments (none posted)
Strongbox and Aaron Swartz (The New Yorker)
[Security] Posted May 16, 2013 21:14 UTC (Thu) by jake
The New Yorker magazine has started a service called Strongbox that allows anonymous information to be sent to magazine. It is based on the DeadDrop free software project that was created by the late Aaron Swartz, which uses the Tor network to preserve anonymity. The magazine also has an article by Kevin Poulsen, who organized the project, about its history. "In New York, a computer-security expert named James Dolan persuaded a trio of his industry colleagues to meet with Aaron to review the architecture and, later, the code. We wanted to be reasonably confident that the system wouldn't be compromised, and that sources would be able to submit documents anonymously—so that even the media outlets receiving the materials wouldn't be able to tell the government where they came from."
Comments (30 posted)
Ten years of Groklaw
[Announcements] Posted May 16, 2013 15:59 UTC (Thu) by corbet
Groklaw is celebrating
its tenth anniversary. "Thank you for sticking to the job for
ten years without giving out, and for funding the necessary activities that
make Groklaw Groklaw. We made a difference in this old world. It's an
achievement we can tell our grandchildren about some day. Not everyone can
say that, but we actually made a difference. And nobody can take that away
from us."
Comments (none posted)
Thursday's security advisories
[Security] Posted May 16, 2013 15:29 UTC (Thu) by jake
CentOS has updated openswan (C5; C6: code
execution).
Debian has updated kernel (many
vulnerabilities).
Fedora has updated openvpn (F17; F18:
possible plaintext recovery) and clamav
(F18: multiple vulnerabilities).
Mageia has updated flash-player-plugin (many vulnerabilities).
Oracle has updated thunderbird (OL6:
multiple vulnerabilities), firefox (OL5; OL6:
multiple vulnerabilities), and openswan (OL5; OL6: code
execution).
Red Hat has updated openswan (code
execution).
Slackware has updated firefox
(multiple vulnerabilities) and thunderbird
(multiple vulnerabilities).
Ubuntu has updated kernel (10.04:
multiple vulnerabilities) and kernel (12.04; 12.10;
13.04; 12.04 Quantal
hardware enablement kernel: perf privilege escalation).
Comments (2 posted)
Blender dives into 3D printing industry (Libre Graphics World)
[Development] Posted May 16, 2013 15:16 UTC (Thu) by corbet
Libre Graphics World looks
at the use of Blender in 3D printing; the recent 2.67 release includes
a "3D printing toolbox." "While Blender cannot help with making
actual devices easier to use, it definitely could improve designing
printable objects. And that's exactly what happened last week, when Blender
2.67 was released."
Comments (3 posted)
[$] LWN.net Weekly Edition for May 16, 2013
Posted May 16, 2013 1:08 UTC (Thu)
The LWN.net Weekly Edition for May 16, 2013 is available.
Inside this week's LWN.net Weekly Edition
- Front: XBMC on/for Android; DRM in HTML5 published; PyPy 2.0
- Security: Linux web servers pushing malware; New vulnerabilities in gpsd, httpd, java, kernel, ...
- Kernel: copy_range(); 3.10 merge window conclusion; Smarter shrinkers; User-space page fault handling.
- Distributions: Always-releasable Debian; Fedora, Ubuntu, ...
- Development: PostgreSQL 9.3 beta; Packetfence 4.0; Go 1.1; Tahoe-LAFS 1.10; ...
- Announcements: Linux Foundation New Members; no software patents in New Zealand, events.
Read more
Security advisories for Wednesday
[Security] Posted May 15, 2013 17:19 UTC (Wed) by ris
CentOS has updated firefox (C6; C5:
multiple vulnerabilities) and thunderbird (C6; C5:
multiple vulnerabilities). CentOS has also released a testing kernel that fixes CVE-2013-2094 (more information).
Debian has updated kernel (multiple vulnerabilities).
Fedora has updated tinc (F18;
F17: code execution), xen (F18; F17:
denial of service), and curl (F18: cookie information disclosure).
Mandriva has updated firefox
(multiple vulnerabilities).
Red Hat has updated firefox
(multiple vulnerabilities), thunderbird
(multiple vulnerabilities), java-1.7.0-ibm
(multiple vulnerabilities), java-1.6.0-ibm
(multiple vulnerabilities), flash-plugin
(multiple vulnerabilities), and acroread
(multiple vulnerabilities).
Scientific Linux has updated firefox
(multiple vulnerabilities) and thunderbird
(multiple vulnerabilities).
Ubuntu has updated firefox (multiple
vulnerabilities) and thunderbird (multiple
vulnerabilities).
Comments (none posted)