| |||||||||||||
|
| |||||||||||||
Welcome to LWN.netHeadlines for May 18, 2012The problem with nerd politics (The Guardian)
[Security] Posted May 17, 2012 20:00 UTC (Thu) by jake
Over at the Guardian, Cory Doctorow writes about two problems that govern the relationship between politics and technically oriented folks ("nerds" in Doctorow-speak): "nerd determinism" and "nerd fatalism". "But, while it's true that geeks can get around this sort of thing – and other bad network policies, such as network-level censorship, or vendor locks on our tablets, phones, consoles, and computers – this isn't enough to protect us, let alone the world. It doesn't matter how good your email provider is, or how secure your messages are, if 95% of the people you correspond with use a free webmail service with a lawful interception backdoor, and if none of those people can figure out how to use crypto, then nearly all your email will be within reach of spooks and control-freaks and cops on fishing expeditions."
Security advisories for Thursday
[Security] Posted May 17, 2012 18:26 UTC (Thu) by jake
Debian has updated openoffice.org (code execution) and ikiwiki (cross-site scripting). Mandriva has updated imagemagick (2010.1, ES 5.0; 2011.: multiple vulnerabilities). SUSE has updated openssl (SLE 11: two vulnerabilities). Ubuntu has updated sudo (privilege escalation).
Security vulnerability in sudo's netmask function patched (The H)
[Security] Posted May 17, 2012 17:33 UTC (Thu) by jake
The H reports on a vulnerability in sudo when it is configured for IP-based restrictions on users (typically only for centrally managed sudoers files). "When the developers added IPv6 support, they inadvertently made the matching routine used for IPv4 networks call the IPv6 matching routines when no IPv4 match was found. Because the IPv6 fields would be uninitialised, it was possible for the system to think it had found a match where there wasn't one. Finding a match would, in turn, mean permission would be granted for whatever command the rule was controlling, even when the system was on a different network."
[$] LWN.net Weekly Edition for May 17, 2012
Posted May 17, 2012 0:41 UTC (Thu)The LWN.net Weekly Edition for May 17, 2012 is available. Inside this week's LWN.net Weekly Edition
Lotus Symphony code for OpenOffice coming soon
[Development] Posted May 16, 2012 18:21 UTC (Wed) by corbet
IBM has announced that the paperwork has been signed and that the contribution of the Lotus Symphony code to OpenOffice will happen shortly. "The successful delivery of Apache OpenOffice 3.4 has enabled us to finalize our grant with the the Apache Software Foundation and initiate this new phase of effort within the community. This is about envisioning a future for Apache OpenOffice that builds on the best code we can offer together with the best developers who have mastered it." For those wondering about what this code offers, there is a Symphony Contribution wiki page describing the most interesting features.
Security advisories for Wednesday
[Security] Posted May 16, 2012 18:00 UTC (Wed) by ris
CentOS has updated C6: kernel (denial of service). Debian has updated gridengine (privilege escalation). Fedora has updated bind-dyndb-ldap (F16; F15: denial of service), F16: samba4 (remote code execution), F15: kernel (unfiltered netdev rio_ioctl access by users), and F15: expat (denial of service). Gentoo has updated connman (code execution). Red Hat has updated RHEL6: kernel (denial of service) and MRG2.1: kernel-rt (multiple vulnerabilities).
[$] Tasting the Ice Cream Sandwich
[Front] Posted May 15, 2012 20:46 UTC (Tue) by corbet
Owners of Android handsets can be forgiven for feeling frustration over how long it took to get an update from the 2.3 "gingerbread" release. Google's flat-out effort to improve tablet support led to a 3.0 ("honeycomb") release that was not deemed suitable for handset use—or for open-source release. It was only with the 4.0 "Ice Cream Sandwich" cycle that all that new code became available for handsets—sort of. Six months after the 4.0 release, your editor finally got his hands on a device that can run it; what follows is a review of sorts.
Tuesday's security updates
[Security] Posted May 15, 2012 17:24 UTC (Tue) by ris
Gentoo has updated chromium (multiple vulnerabilities). Mandriva has updated ffmpeg (ES5.0; 2010.1; 2011.0: multiple vulnerabilities). openSUSE has updated gnutls (denial of service) and coreutils (command injection). Ubuntu has updated quagga (multiple vulnerabilities).
Kdenlive 0.9 released
[Development] Posted May 15, 2012 13:44 UTC (Tue) by corbet
Version 0.9 of the Kdenlive video editor has been released. Improvements in this release include the ability to align multiple video tracks using the audio stream, a rewritten effects subsystem, improved importing of online media, and a number of usability enhancements.
OrientDB 1.0 released
[Development] Posted May 15, 2012 13:41 UTC (Tue) by corbet
The OrientDB "NoSQL graph-document database management system" project has produced its 1.0 release. New features include a new multi-master replication scheme, a new object database interface, an undo mechanism, server-side scripting, and more.
[$] Highlights from the PostgreSQL 9.2 beta
[Front] Posted May 14, 2012 23:08 UTC (Mon) by jake
The PostgreSQL project has just released a beta of its next major version, 9.2. As usual with its annual release, this version includes many new features, most of which are targeted at improving database performance. The developers have been hard at work improving response times, increasing multicore scalability, and providing for more efficient queries on large data. They also found time to include some other major features, so let's explore a few of the things 9.2 beta has to offer. Guest author Josh Berkus does just that in the full article from this week's edition.
[$] A bcache update
[Kernel] Posted May 14, 2012 19:36 UTC (Mon) by corbet
Bcache is a mechanism for using a solid-state drive as a fast cache for one or more slower drives. LWN last looked at bcache almost two years ago. Since then, the project has been relatively quiet, but development has continued. Click below (subscribers only) for an update on bcache from this week's Kernel Page.
Security updates for Monday
[Security] Posted May 14, 2012 17:41 UTC (Mon) by ris
Debian has updated wordpress (multiple vulnerabilities), ffmpeg (multiple vulnerabilities), and icedove, iceweasel (fixes a regression in previous update). Fedora has updated F16: kernel (unfiltered netdev rio_ioctl access by users) and F16: postgresql-pgpoolAdmin (multiple vulnerabilities). openSUSE has updated chromium (multiple vulnerabilities), taglib (denial of service), mysql-cluster (multiple unspecified vulnerabilities), mysql-community-server (multiple unspecified vulnerabilities), and mariadb (multiple unspecified vulnerabilities). SUSE has updated kernel (multiple vulnerabilities).
Kernels 3.4-rc7 and 3.3.6
[Kernel] Posted May 13, 2012 14:43 UTC (Sun) by corbet
Linus has sent out the 3.4-rc7 prepatch, saying: "This is almost certainly the last -rc in this series - things really have calmed down, and I even considered just cutting 3.4 this weekend, but felt that another week wouldn't hurt." Expect a 3.4 final release in the near future. Meanwhile, on the stable front, 3.3.6 is out with another set of important fixes.
Stable kernel 3.2.17
[Kernel] Posted May 12, 2012 0:23 UTC (Sat) by jake
Ben Hutchings has announced the release of the 3.2.17 stable kernel. It has lots of fixes throughout the tree (160+ patches).
Open Source Robotics Foundation incorporated (The H)
[Development] Posted May 11, 2012 22:54 UTC (Fri) by n8willis
The H has a story about the launch of the Open Source Robotics Foundation (OSRF). "The mission of the non-profit organisation is to support the development, distribution, and adoption of open source software for use in robotics research, education, and product development." Spearheading the OSRF is Willow Garage, whose Robot Operating System (ROS) we covered in January 2012.
My own private Internet: .secure TLD floated as bad-guy-free zone (Ars Technica)
[Security] Posted May 11, 2012 22:36 UTC (Fri) by n8willis
Dan Goodin at Ars Technica reports on iSec Partners, a company proposing to make .secure into a heavily-vetted high security domain. "Sites that wanted to be a part of this exclusive domain would have to undergo rigorous screening to verify their identity. Physical addresses, trademark registrations, articles of incorporation, and other legal documents would be reviewed by human beings. Upon approval, applicants would receive two-factor authentication hardware to register online. They would also be required to meet a minimum set of security practices, including end-to-end encryption of virtually all Web and e-mail traffic."
Friday's security advisories
[Security] Posted May 11, 2012 21:16 UTC (Fri) by n8willis
openSUSE has updated opera (multiple vulnerabilities). Fedora has updated wordpress (F15 and F16: multiple vulnerabilities). Mandriva has updated openssl (denial of service). Red Hat has updated php (code execution).
Open source Java moving to Linux, AIX on PowerPC (IT World Canada)
[Development] Posted May 11, 2012 18:36 UTC (Fri) by n8willis
IT World Canada is reporting that a team from IBM and SAP is working to bring support for PowerPC processors to OpenJDK, on Linux and on IBM's AIX. "'This reference implementation can then be used by IBM and SAP to provide their commercially licensed Java offerings in much the same way in which Oracle offers its Oracle JDK product based on OpenJDK,' [Volker] Simonis said. 'The big advantage for the open source community is that everybody (i.e. Linux distributors like Debian, Red Hat, or Ubuntu) will be able to build and provide free and state-of-the-art versions of Java based on the new OpenJDK platform ports. And of course they are highly welcome to engage in the project as well.'" OpenJDK would replace IBM's proprietary JDK as the leading Java implementation on PowerPC. The project was first proposed May 7 on the OpenJDK discussion list.
PulseAudio 2.0 released
[Development] Posted May 11, 2012 17:11 UTC (Fri) by corbet
Version 2.0 of the PulseAudio sound system is out. New features include support for multiple sample rates, jack detection, a number of VOIP support improvements, a virtual surround module, and more; see the release notes for details.
|
|
||||||||||||