NetBSD 6.1.2 and NetBSD 6.0.3 released
[Distributions] Posted Sep 30, 2013 18:54 UTC (Mon) by ris
The NetBSD Project has announced
NetBSD 6.1.2 and NetBSD 6.0.3. Both releases contain fixes deemed important
for security or stability reasons. More information can be found in the release
notes.
Comments (1 posted)
Security advisories for Monday
[Security] Posted Sep 30, 2013 16:22 UTC (Mon) by ris
Debian has updated linux-2.6 (multiple vulnerabilities) and proftpd-dfsg (denial of service).
Fedora has updated chicken (F19:
code execution), filezilla (F18: multiple
vulnerabilities), firefox (F18: multiple
vulnerabilities), glibc (F19: multiple
vulnerabilities), livecd-tools (F18:
improper handling of passwords), python-djblets (F19: multiple
vulnerabilities), ReviewBoard (F19:
multiple vulnerabilities), seamonkey (F19:
multiple vulnerabilities), wireshark (F19:
multiple vulnerabilities), xulrunner (F18:
multiple vulnerabilities), and zabbix (F19:
man-in-the-middle attacks).
Gentoo has updated firefox
(multiple vulnerabilities) and xen
(multiple vulnerabilities).
Mandriva has updated davfs2 (privilege escalation).
openSUSE has updated Mozilla
(11.4: multiple vulnerabilities).
Oracle has updated kernel: OL5: multiple vulnerabilities).
Slackware has updated seamonkey (multiple vulnerabilities).
SUSE has updated firefox
(SLE11 SP3: multiple vulnerabilities).
Comments (none posted)
Kernel prepatch 3.12-rc3
[Kernel] Posted Sep 30, 2013 5:27 UTC (Mon) by corbet
The 3.12-rc3 prepatch is out. Linus says:
"On the whole, nothing really appears very scary. Go forth and
test."
Comments (none posted)
New GNU Hurd, Mach, and MIG releases
[Distributions] Posted Sep 28, 2013 10:56 UTC (Sat) by corbet
The GNU project is celebrating its 30th anniversary with the releases of GNU Mach 1.4 ("This new release bundles
bug fixes and enhancements done since the release of version 1.3, eleven
years ago; really too many (both years and improvements) to list them
individually"), GNU MIG 1.4 (MIG
being the Mach interface generator), and version 0.5 of the GNU Hurd kernel
("This new release bundles bug fixes and enhancements done since the
release of version 0.2, 16 years ago").
The Hurd is still 32-bit on x86 only, but a 64-bit port is said to be in
the works.
Comments (22 posted)
Friday's security updates
[Security] Posted Sep 27, 2013 15:36 UTC (Fri) by n8willis
CentOS has updated kernel
(multiple vulnerabilities).
Debian has updated davfs2
(privilege escalation).
Fedora has updated nas (F18, F19:
multiple vulnerabilities), spice-gtk
(F19: privilege escalation), and wordpress (F18: multiple vulnerabilities).
Gentoo has updated dropbear
(multiple vulnerabilities), klibc
(code execution), and squid (multiple vulnerabilities).
Mandriva has updated polkit
(privilege escalation).
openSUSE has updated gpg2
(information disclosure), firefox
(multiple vulnerabilities), python-django (denial of service), seamonkey (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and xulrunner17 (multiple vulnerabilities).
Red Hat has updated kernel (multiple vulnerabilities).
Scientific Linux has updated kernel (SL5; multiple vulnerabilities).
Ubuntu has updated kernel (12.04, 12.10, 13.04: multiple vulnerabilities), linux-lts-quantal (multiple
vulnerabilities), linux-lts-raring
(multiple vulnerabilities), and linux-ti-omap4 (12.04, 12.10, 13.04: multiple vulnerabilities).
Comments (none posted)
30 years of GNU
[Announcements] Posted Sep 27, 2013 12:09 UTC (Fri) by corbet
Richard Stallman launched the GNU
project on September 27, 1983 — thirty years ago. "GNU will
be able to run Unix programs, but will not be identical to Unix. We will
make all improvements that are convenient, based on our experience with
other operating systems. In particular, we plan to have longer filenames,
file version numbers, a crashproof file system, filename completion
perhaps, terminal-independent display support, and eventually a Lisp-based
window system through which several Lisp programs and ordinary Unix
programs can share a screen. Both C and Lisp will be available as system
programming languages. We will have network software based on MIT's
chaosnet protocol, far superior to UUCP. We may also have something
compatible with UUCP." Some of the details may not have come out as
envisioned, but the big idea has held up well.
Comments (123 posted)
Rust 0.8 released
[Development] Posted Sep 27, 2013 7:55 UTC (Fri) by corbet
Version 0.8 of the Rust language has been announced.
"This was another very active release cycle that continued the trend
toward refining the standard library while making minor adjustments to the
language. In this release the `for` keyword has been changed to work with
`Iterator` types, the runtime and task scheduler was rewritten, a new
experimental I/O subsystem was added, and we added a new family of string
formatting macros, `format!`, that will eventually replace `fmt!`."
Comments (9 posted)
Stable kernel updates
[Kernel] Posted Sep 27, 2013 7:50 UTC (Fri) by corbet
The 3.11.2,
3.10.13,
3.4.63, and
3.0.97 stable kernel updates are all
available; each contains the usual set of important fixes.
Comments (none posted)
Pasting images with automatic attribution
[Development] Posted Sep 26, 2013 21:06 UTC (Thu) by n8willis
Peter Liljenberg has developed an add-on for Firefox that copies linked metadata to the clipboard in addition to the "copied" object itself. The initial demonstration of this technique required a specially-crafted page with RDFs metadata linked in, and thus may not seem immediately useful. However, Liljenberg has now implemented a more straightforward use case: copying and pasting an image with attribution data automatically preserved. "The friction for using a shared image is reduced when you don’t have to remember to also write an attribution. The attribution can embed the metadata, so that if someone copies the image from your page, they can also get an attribution created automatically when they paste it into their page."
Comments (5 posted)
Thursday's security updates
[Security] Posted Sep 26, 2013 14:05 UTC (Thu) by n8willis
Debian has updated libvirt
(denial of service).
Fedora has updated lightdm
(F18; information disclosure), rtkit
(F19; privilege escalation), and wordpress (F19; multiple vulnerabilities).
Gentoo has updated libvirt
(multiple vulnerabilities), monkeyd
(multiple vulnerabilities), and tpp
(code execution).
Mandriva has updated kernel (multiple vulnerabilities).
Red Hat has updated openstack-keystone (incorrect token
revocation).
Comments (none posted)
VLC media player 2.1.0 released
[Development] Posted Sep 26, 2013 7:36 UTC (Thu) by corbet
Version 2.1.0 ("Rincewind") of the VLC media player is out. "With a
new audio core, hardware decoding and encoding, port to mobile platforms,
preparation for Ultra-HD video and a special care to support more formats,
it is a major upgrade for VLC. Rincewind fixes around a thousand bugs, in
more than 7000 commits from 140 volunteers."
Full Story (comments: 9)
LWN.net Weekly Edition for September 26, 2013
Posted Sep 26, 2013 0:51 UTC (Thu)
The LWN.net Weekly Edition for September 26, 2013 is available.
Inside this week's LWN.net Weekly Edition
- Front: Free drivers for ARM graphics; A gathering of kernel developers; A SPDX case study
- Security: Encouraging a wider view; New vulnerabilities in chromium, kernel, policykit, tiff, ...
- Kernel: Split PMD locks; A perf ABI fix.
- Distributions: Fedora 20 takes shape; openSUSE, SteamOS, Tails.
- Development: OpenGL debugging; Lightning 2.6; GStreamer 1.2; GNOME 3.10; ...
- Announcements: Studio Storti joins TDF, events.
Read more
GNOME 3.10 Released
[Development] Posted Sep 25, 2013 19:23 UTC (Wed) by ris
The GNOME Project has announced the release of GNOME 3.10. Many components
in this release have initial support for Wayland. See the release notes
for details.
Full Story (comments: 104)
Security advisories for Wednesday
[Security] Posted Sep 25, 2013 16:50 UTC (Wed) by ris
CentOS has updated rtkit (C6: authorization bypass).
Debian has updated pyopenssl (certificate spoofing).
Fedora has updated python-django
(F19: multiple vulnerabilities) and python-django14 (F19: multiple vulnerabilities).
Gentoo has updated chromium
(multiple vulnerabilities), libzrtpcpp
(multiple vulnerabilities), moinmoin
(multiple vulnerabilities), and proftpd
(multiple vulnerabilities).
Mageia has updated libtiff
(multiple vulnerabilities), perl-Crypt-DSA
(improperly secure randomness), and polarssl (multiple vulnerabilities).
Mandriva has updated glpi
(multiple vulnerabilities) and perl-Crypt-DSA (improperly secure randomness).
openSUSE has updated subversion
(11.4: privilege escalation), tiff (11.4:
multiple code execution flaws), and wireshark (11.4: multiple vulnerabilities).
Oracle has updated rtkit (OL6: authorization bypass).
Red Hat has updated puppet
(RHOS3: multiple vulnerabilities), rtkit
(RHEL6: authorization bypass), and ruby193-puppet (RHOS3: multiple vulnerabilities).
Scientific Linux has updated rtkit (SL6: authorization bypass).
Ubuntu has updated python-django
(multiple vulnerabilities) and samba (denial of service).
Comments (none posted)
GStreamer 1.2 released
[Development] Posted Sep 25, 2013 1:00 UTC (Wed) by n8willis
Version 1.2 of the GStreamer multimedia framework has been
released. Packages for GStreamer Core and GStreamer Plugins are
available. The 1.2 release is API- and ABI-backwards-compatible with
GStreamer 1.0, however there are several new features introduced.
Several new plugins are included, including support for DASH adaptive
streaming, JPEG2000 images, VP9 and Daala video, and decoding-only support for WebP.
There is also a new command-line playback tool called gst-play-1.0
(designed for testing purposes), as well as numerous bugfixes and improvements.
Comments (none posted)
A perf ABI fix
[Kernel] Posted Sep 24, 2013 18:14 UTC (Tue) by corbet
It is often said that the kernel developers are committed to avoiding ABI
breaks at almost any cost. But ABI problems can, at times, be hard to
avoid. Some have argued that the perf events interface is particularly
subject to incompatible ABI changes because the perf tool is part
of the
kernel tree itself; since perf can evolve with the kernel, there
is a possibility that
developers might not even notice a break. So the recent discovery of a
perf ABI issue is worth looking at as an
example of how compatibility problems are handled in that code.
Full Story (comments: 38)
Tuesday's security updates
[Security] Posted Sep 24, 2013 16:07 UTC (Tue) by ris
Debian has updated icedove (multiple vulnerabilities).
Fedora has updated proftpd (F18; F19: denial of service).
Gentoo has updated apache
(multiple vulnerabilities) and subversion (multiple vulnerabilities).
openSUSE has updated tiff
(multiple vulnerabilities) and wireshark (multiple vulnerabilities).
Ubuntu has updated libraw (denial of service) and pyopenssl (certificate spoofing).
Comments (none posted)
NVIDIA to provide documentation for Nouveau
[Kernel] Posted Sep 24, 2013 7:12 UTC (Tue) by corbet
Nouveau is the reverse-engineered driver for NVIDIA GPUs; it has been
developed for a number of years with no assistance from NVIDIA. Now,
though, an NVIDIA developer has surfaced on the Nouveau list with an offer
to help: "NVIDIA is releasing public documentation on certain aspects
of our GPUs, with the intent to address areas that impact the
out-of-the-box usability of NVIDIA GPUs with Nouveau. We intend to provide
more documentation over time, and guidance in additional areas as we are
able."
This would appear to be a big step in the right direction.
Full Story (comments: 83)
Kernel prepatch 3.12-rc2
[Kernel] Posted Sep 24, 2013 7:01 UTC (Tue) by corbet
The second 3.12 kernel prepatch is out.
Linus said: "Things have been fairly quiet, probably because lots of
people were traveling for LinuxCon and Linux Plumbers conference last
week. So nothing very exciting stands out. It's mainly driver updates/fixes
(gpu drivers stand out, but there's networking too, and smaller stuff all
over). Apart from drivers there's arch updates (tile/arm/mips) and some
filesystem noise (mainly btrfs)."
Comments (none posted)
Valve launches SteamOS
[Distributions] Posted Sep 23, 2013 17:39 UTC (Mon) by corbet
Valve has announced the
launch of a new gaming-oriented operating system. "As we’ve been
working on bringing Steam to the living room, we’ve come to the conclusion
that the environment best suited to delivering value to customers is an
operating system built around Steam itself. SteamOS combines the
rock-solid architecture of Linux with a gaming experience built for the big
screen. It will be available soon as a free stand-alone operating system
for living room machines." There is little in the way of details
available at this time.
Comments (62 posted)