Slackware 14.1 beta
[Distributions] Posted Sep 18, 2013 19:20 UTC (Wed) by ris
From the September 18 entry in the Slackware changelog:
"Hey folks, I'm calling this a beta! Really, it's been better than beta
quality for a while. There will probably still be a few more updates
here and there (and certainly updates to the docs). Enjoy, and please test."
Comments (24 posted)
Security advisories for Wednesday
[Security] Posted Sep 18, 2013 16:36 UTC (Wed) by ris
CentOS has updated firefox (C5; C6: multiple vulnerabilities) and thunderbird (C5; C6: multiple vulnerabilities).
Debian has updated chrony (two vulnerabilities), iceweasel (multiple vulnerabilities), and python-django (denial of service).
Fedora has updated graphite-web (F19; F18:
unspecified vulnerability), libtiff (F18: code execution), and roundcubemail (F19; F18: two cross-site scripting flaws).
Mageia has updated chromium-browser-stable (multiple
vulnerabilities), flash-player-plugin
(multiple vulnerabilities), mediawiki (multiple vulnerabilities), python-OpenSSL (certificate spoofing), python-setuptools (code execution), and subversion (privilege escalation).
Mandriva has updated firefox (multiple vulnerabilities).
openSUSE has updated python
(11.4: man in the middle attack) and python3 (11.4: man in the middle attack).
Oracle has updated firefox (OL6:
multiple vulnerabilities), thunderbird
(OL6: multiple vulnerabilities), and enterprise kernel (OL6; OL5: multiple vulnerabilities).
Red Hat has updated firefox
(multiple vulnerabilities), kernel-rt (multiple vulnerabilities), and thunderbird (multiple vulnerabilities).
Scientific Linux has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities).
Slackware has updated glibc
(password disclosure), firefox (multiple
vulnerabilities), and thunderbird (multiple vulnerabilities).
SUSE has updated flash-player
(multiple vulnerabilities).
Ubuntu has updated firefox (multiple vulnerabilities).
Comments (none posted)
IBM Announces $1 Billion Linux Investment for Power Systems
[Announcements] Posted Sep 17, 2013 18:11 UTC (Tue) by ris
IBM has announced plans to invest $1 billion over the next five years in
new Linux and open source technologies for IBM's Power Systems servers. "Two immediate initiatives announced, a new client center in Europe and a Linux on Power development cloud, focus on rapidly expanding IBM's growing ecosystem supporting Linux on Power Systems which today represents thousands of independent software vendor and open source applications worldwide."
Full Story (comments: 12)
The OpenZFS project launches
[Kernel] Posted Sep 17, 2013 16:50 UTC (Tue) by corbet
The OpenZFS project has announced its
existence. "ZFS is the world's most advanced filesystem, in
active development for over a decade. Recent development has continued in
the open, and OpenZFS is the new formal name for this open community of
developers, users, and companies improving, using, and building on
ZFS. Founded by members of the Linux, FreeBSD, Mac OS X, and illumos
communities, including Matt Ahrens, one of the two original authors of ZFS,
the OpenZFS community brings together over a hundred software developers
from these platforms."
Comments (35 posted)
Firefox 24 released
[Development] Posted Sep 17, 2013 16:43 UTC (Tue) by ris
Mozilla has released
Firefox 24. See the release
notes for details.
Comments (6 posted)
The end of the 3.12 merge window
[Kernel] Posted Sep 17, 2013 15:46 UTC (Tue) by corbet
In the end, 9,479 non-merge changesets were pulled into the mainline
repository for the 3.12 merge window; about 1,000 of those came in after
the writing of last week's summary.
Few of the changes merged in the final days of the merge window were hugely
exciting, but there have been a number of new features and improvements.
Click below (subscribers only) for the conclusion of LWN's 3.12 merge
window summary series.
Full Story (comments: 18)
Tuesday's security updates
[Security] Posted Sep 17, 2013 15:42 UTC (Tue) by ris
Fedora has updated wireshark
(F19: multiple vulnerabilities).
Mandriva has updated subversion (privilege escalation).
openSUSE has updated flash-player (12.x; 11.4:
multiple vulnerabilities).
Comments (none posted)
The Linux Foundation's kernel development report is out
[Kernel] Posted Sep 17, 2013 8:38 UTC (Tue) by corbet
The Linux Foundation has announced
the release of its roughly annual report on the kernel development
community; this report is written by Greg Kroah-Hartman, Amanda McPherson,
and LWN editor Jonathan Corbet. There won't be much new there for those
who follow the development statistics on LWN, but it does take a bit of a
longer time perspective.
Comments (20 posted)
Development kernel 3.12-rc1
[Kernel] Posted Sep 16, 2013 21:50 UTC (Mon) by corbet
Linus has closed the merge window for the 3.12 development cycle, releasing
the 3.12-rc1 development kernel. For a brief period, 3.12 went under the
code name "Suicidal Squirrel," but, at the last moment, it was changed to
"One giant leap for frogkind." No announcement has been posted as of this
writing; it will be added here if and when it arrives.
Update: here is the announcement:
"I personally particularly like the scalability improvements that got
merged this time around. The tty layer locking got cleaned up and in the
process a lot of locking became per-tty, which actually shows up on some
(admittedly odd) loads. And the dentry refcount scalability work means that
the filename caches now scale very well indeed, even for the case where you
look up the same directory or file (which could historically result in
contention on the per-dentry d_lock)."
Comments (3 posted)
Fedora 20 Alpha to slip by one week
[Distributions] Posted Sep 16, 2013 21:27 UTC (Mon) by ris
Jaroslav Reznik reports that the Fedora 20 Alpha release will be delayed by
one week. All other milestones will also be delayed as a result.
Full Story (comments: 8)
Security advisories for Monday
[Security] Posted Sep 16, 2013 17:20 UTC (Mon) by ris
Debian has updated wireshark (multiple vulnerabilities) and wordpress (multiple vulnerabilities).
Fedora has updated asterisk (F18; F19:
multiple vulnerabilities), kernel (F18:
multiple vulnerabilities), lightdm (F19: information leak), and python-pyrad (F19; F18: predictable password hashing).
Gentoo has updated acroread (code
execution), filezilla (multiple
vulnerabilities), libotr (code execution),
and libraw (multiple vulnerabilities).
Mageia has updated libmodplug (two code execution vulnerabilities) and php-pear-Auth_OpenID (denial of service).
Mandriva has updated mediawiki (multiple vulnerabilities).
openSUSE has updated squid
(11.4: multiple denial of service vulnerabilities) and squid3 (11.4: denial of service).
SUSE has updated oracle-update (multiple vulnerabilities).
Comments (2 posted)
A set of stable kernel updates
[Kernel] Posted Sep 16, 2013 8:02 UTC (Mon) by corbet
The
3.0.96,
3.4.62,
3.10.12, and
3.11.1 stable kernel updates are all
available with the usual set of important fixes.
Comments (none posted)
Pocock: Calendar and Contact data with free software in the Smartphone era
[Development] Posted Sep 13, 2013 22:57 UTC (Fri) by n8willis
At his blog, Daniel Pocock assesses the state of free software support for calendar and contact data on smartphones. Historically, he notes, a number of approaches were tried and failed to pick up significant traction, such as LDAP and SyncML. "The good news is, CardDAV and CalDAV are gaining traction, in no small part due to support from Apple and the highly proprietary iPhone. Some free software enthusiasts may find that surprising. It appears to be a strategic move from Apple, using open standards to compete with the dominance of Microsoft Exchange in large corporate networks." Despite the openness of the standards, however, Pocock goes on to detail a number of challenges to working with them in free software on a mobile phone.
Comments (18 posted)
Friday's security updates
[Security] Posted Sep 13, 2013 16:03 UTC (Fri) by n8willis
Debian has updated mediawiki (information leak).
Fedora has updated kernel
(F19; multiple vulnerabilities) and perl-Crypt-DSA (F18; F19: improperly secure randomness).
Gentoo has updated pip (multiple vulnerabilities).
Mandriva has updated libmodplug (multiple vulnerabilities), python-django (directory traversal), and python-OpenSSL (certificate spoofing).
openSUSE has updated python (12.2; 12.3:
certificate spoofing), python3 (12.2; 12.3:
certificate spoofing), squid (12.2; 12.3:
multiple vulnerabilities), squid3
(12.2, code execution), and subversion (privilege escalation).
Ubuntu has updated lightdm
(13.04, information leak).
Comments (1 posted)
Introducing the Qt WebEngine
[Development] Posted Sep 12, 2013 23:35 UTC (Thu) by n8willis
At the Digia blog, Lars Knoll announces that Qt has decided to migrate its web rendering engine from WebKit to Chromium. First among the reasons listed is that "Chromium has a cross-platform focus, with the browser being available on all major desktop platforms and Android. The same is no longer true of WebKit, and we would have had to support all the OS’es on our own in that project." Knoll also cites Chromium's better support for recent HTML5 features, and says that "we are seeing that Chromium is currently by far the most dynamic and fastest moving browser available. Basing our next-generation Web engine on Chromium is a strategic and long-term decision. We strongly believe that the above facts will lead to a much better Web engine for Qt than what we can offer with Qt WebKit right now. "
Comments (182 posted)
Thursday's security updates
[Security] Posted Sep 12, 2013 14:24 UTC (Thu) by n8willis
CentOS has updated Xen4CentOS libvirt
(group updating error) and Xen4CentOS
xen (unspecified vulnerability).
Fedora has updated wireshark
(F19; multiple vulnerabilities).
Mandriva has updated openswan (multiple vulnerabilities).
openSUSE has updated libzypp (12.2; 12.3: key verification bypass).
Comments (none posted)
Security of Java takes a dangerous turn for the worse, experts say (ars technica)
[Security] Posted Sep 12, 2013 1:16 UTC (Thu) by corbet
This
ars technica article predicts some nasty security problems for
Java 6 users. "The most visible sign of deterioration are
in-the-wild attacks exploiting unpatched vulnerabilities in Java version 6,
Christopher Budd, threat communications manager at antivirus provider Trend
Micro, wrote in a blog post published Tuesday. The version, which Oracle
stopped supporting in February, is still used by about half of the Java
user base, he said. Malware developers have responded by reverse
engineering security patches issued for Java 7, and using the insights to
craft exploits for the older version. Because Java 6 is no longer
supported ... those same flaws will never be fixed."
See the
original blog post for more information.
Comments (58 posted)
LWN.net Weekly Edition for September 12, 2013
Posted Sep 12, 2013 1:02 UTC (Thu)
The LWN.net Weekly Edition for September 12, 2013 is available.
Inside this week's LWN.net Weekly Edition
- Front: Toward healthy paranoia; Intel and XMir.
- Security: Using vulnerabilities instead of new laws; New vulnerabilities in django, gdm, kernel, subversion, ...
- Kernel: 3.12 merge window, part 2; Security bug handling; BSD-style securelevel.
- Distributions: Debian gets dgit; LFS, ...
- Development: Birdfont; PostgreSQL 9.3.0; Slony 2.2.0; Patchfield audio server; ...
- Announcements: FSF on iPhone, Defective By Design FAQ, fostering collaboration, ...
Read more
BSD-style securelevel comes to Linux — again
[Kernel] Posted Sep 11, 2013 19:04 UTC (Wed) by corbet
Most of the hand-wringing over the UEFI secure boot mechanism has long
passed; those who want to run Linux on systems with secure boot enabled
are, for the most part, able to do so. Things are quiet enough that one
might be tempted to believe that the problem is entirely solved. As it
happens, though, the core patches that implement the lockdown that some
developers think is necessary for proper secure boot support still have not
made their way into the mainline. The developer behind that work is still
trying to get it merged though; in the process, he has brought back an old
idea that was last rejected in 1998.
Full Story (comments: 35)
Security advisories for Wednesday
[Security] Posted Sep 11, 2013 16:04 UTC (Wed) by ris
Debian has updated exactimage (denial of service) and python-django (directory traversal).
Gentoo has updated snack (code execution).
Mandriva has updated gdm (privilege escalation).
Red Hat has updated flash-plugin
(multiple vulnerabilities).
Comments (none posted)