| |||||||||||||
Welcome to LWN.netHeadlines for October 8, 2013Slackware 14.1 beta
[Distributions] Posted Sep 18, 2013 19:20 UTC (Wed) by ris
From the September 18 entry in the Slackware changelog: "Hey folks, I'm calling this a beta! Really, it's been better than beta quality for a while. There will probably still be a few more updates here and there (and certainly updates to the docs). Enjoy, and please test."
Security advisories for Wednesday
[Security] Posted Sep 18, 2013 16:36 UTC (Wed) by ris
CentOS has updated firefox (C5; C6: multiple vulnerabilities) and thunderbird (C5; C6: multiple vulnerabilities). Debian has updated chrony (two vulnerabilities), iceweasel (multiple vulnerabilities), and python-django (denial of service). Fedora has updated graphite-web (F19; F18: unspecified vulnerability), libtiff (F18: code execution), and roundcubemail (F19; F18: two cross-site scripting flaws). Mageia has updated chromium-browser-stable (multiple vulnerabilities), flash-player-plugin (multiple vulnerabilities), mediawiki (multiple vulnerabilities), python-OpenSSL (certificate spoofing), python-setuptools (code execution), and subversion (privilege escalation). Mandriva has updated firefox (multiple vulnerabilities). openSUSE has updated python (11.4: man in the middle attack) and python3 (11.4: man in the middle attack). Oracle has updated firefox (OL6: multiple vulnerabilities), thunderbird (OL6: multiple vulnerabilities), and enterprise kernel (OL6; OL5: multiple vulnerabilities). Red Hat has updated firefox (multiple vulnerabilities), kernel-rt (multiple vulnerabilities), and thunderbird (multiple vulnerabilities). Scientific Linux has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities). Slackware has updated glibc (password disclosure), firefox (multiple vulnerabilities), and thunderbird (multiple vulnerabilities). SUSE has updated flash-player (multiple vulnerabilities). Ubuntu has updated firefox (multiple vulnerabilities).
IBM Announces $1 Billion Linux Investment for Power Systems
[Announcements] Posted Sep 17, 2013 18:11 UTC (Tue) by ris
IBM has announced plans to invest $1 billion over the next five years in new Linux and open source technologies for IBM's Power Systems servers. "Two immediate initiatives announced, a new client center in Europe and a Linux on Power development cloud, focus on rapidly expanding IBM's growing ecosystem supporting Linux on Power Systems which today represents thousands of independent software vendor and open source applications worldwide."
The OpenZFS project launches
[Kernel] Posted Sep 17, 2013 16:50 UTC (Tue) by corbet
The OpenZFS project has announced its existence. "ZFS is the world's most advanced filesystem, in active development for over a decade. Recent development has continued in the open, and OpenZFS is the new formal name for this open community of developers, users, and companies improving, using, and building on ZFS. Founded by members of the Linux, FreeBSD, Mac OS X, and illumos communities, including Matt Ahrens, one of the two original authors of ZFS, the OpenZFS community brings together over a hundred software developers from these platforms."
Firefox 24 released
[Development] Posted Sep 17, 2013 16:43 UTC (Tue) by ris
Mozilla has released Firefox 24. See the release notes for details.
The end of the 3.12 merge window
[Kernel] Posted Sep 17, 2013 15:46 UTC (Tue) by corbet
In the end, 9,479 non-merge changesets were pulled into the mainline repository for the 3.12 merge window; about 1,000 of those came in after the writing of last week's summary. Few of the changes merged in the final days of the merge window were hugely exciting, but there have been a number of new features and improvements. Click below (subscribers only) for the conclusion of LWN's 3.12 merge window summary series.
Tuesday's security updates
[Security] Posted Sep 17, 2013 15:42 UTC (Tue) by ris
Fedora has updated wireshark (F19: multiple vulnerabilities). Mandriva has updated subversion (privilege escalation). openSUSE has updated flash-player (12.x; 11.4: multiple vulnerabilities).
The Linux Foundation's kernel development report is out
[Kernel] Posted Sep 17, 2013 8:38 UTC (Tue) by corbet
The Linux Foundation has announced the release of its roughly annual report on the kernel development community; this report is written by Greg Kroah-Hartman, Amanda McPherson, and LWN editor Jonathan Corbet. There won't be much new there for those who follow the development statistics on LWN, but it does take a bit of a longer time perspective.
Development kernel 3.12-rc1
[Kernel] Posted Sep 16, 2013 21:50 UTC (Mon) by corbet
Linus has closed the merge window for the 3.12 development cycle, releasing the 3.12-rc1 development kernel. For a brief period, 3.12 went under the code name "Suicidal Squirrel," but, at the last moment, it was changed to "One giant leap for frogkind." No announcement has been posted as of this writing; it will be added here if and when it arrives. Update: here is the announcement: "I personally particularly like the scalability improvements that got merged this time around. The tty layer locking got cleaned up and in the process a lot of locking became per-tty, which actually shows up on some (admittedly odd) loads. And the dentry refcount scalability work means that the filename caches now scale very well indeed, even for the case where you look up the same directory or file (which could historically result in contention on the per-dentry d_lock)."
Fedora 20 Alpha to slip by one week
[Distributions] Posted Sep 16, 2013 21:27 UTC (Mon) by ris
Jaroslav Reznik reports that the Fedora 20 Alpha release will be delayed by one week. All other milestones will also be delayed as a result.
Security advisories for Monday
[Security] Posted Sep 16, 2013 17:20 UTC (Mon) by ris
Debian has updated wireshark (multiple vulnerabilities) and wordpress (multiple vulnerabilities). Fedora has updated asterisk (F18; F19: multiple vulnerabilities), kernel (F18: multiple vulnerabilities), lightdm (F19: information leak), and python-pyrad (F19; F18: predictable password hashing). Gentoo has updated acroread (code execution), filezilla (multiple vulnerabilities), libotr (code execution), and libraw (multiple vulnerabilities). Mageia has updated libmodplug (two code execution vulnerabilities) and php-pear-Auth_OpenID (denial of service). Mandriva has updated mediawiki (multiple vulnerabilities). openSUSE has updated squid (11.4: multiple denial of service vulnerabilities) and squid3 (11.4: denial of service). SUSE has updated oracle-update (multiple vulnerabilities).
A set of stable kernel updates
[Kernel] Posted Sep 16, 2013 8:02 UTC (Mon) by corbet
The 3.0.96, 3.4.62, 3.10.12, and 3.11.1 stable kernel updates are all available with the usual set of important fixes.
Pocock: Calendar and Contact data with free software in the Smartphone era
[Development] Posted Sep 13, 2013 22:57 UTC (Fri) by n8willis
At his blog, Daniel Pocock assesses the state of free software support for calendar and contact data on smartphones. Historically, he notes, a number of approaches were tried and failed to pick up significant traction, such as LDAP and SyncML. "The good news is, CardDAV and CalDAV are gaining traction, in no small part due to support from Apple and the highly proprietary iPhone. Some free software enthusiasts may find that surprising. It appears to be a strategic move from Apple, using open standards to compete with the dominance of Microsoft Exchange in large corporate networks." Despite the openness of the standards, however, Pocock goes on to detail a number of challenges to working with them in free software on a mobile phone.
Friday's security updates
[Security] Posted Sep 13, 2013 16:03 UTC (Fri) by n8willis
Debian has updated mediawiki (information leak). Fedora has updated kernel (F19; multiple vulnerabilities) and perl-Crypt-DSA (F18; F19: improperly secure randomness). Gentoo has updated pip (multiple vulnerabilities). Mandriva has updated libmodplug (multiple vulnerabilities), python-django (directory traversal), and python-OpenSSL (certificate spoofing). openSUSE has updated python (12.2; 12.3: certificate spoofing), python3 (12.2; 12.3: certificate spoofing), squid (12.2; 12.3: multiple vulnerabilities), squid3 (12.2, code execution), and subversion (privilege escalation). Ubuntu has updated lightdm (13.04, information leak).
Introducing the Qt WebEngine
[Development] Posted Sep 12, 2013 23:35 UTC (Thu) by n8willis
At the Digia blog, Lars Knoll announces that Qt has decided to migrate its web rendering engine from WebKit to Chromium. First among the reasons listed is that "Chromium has a cross-platform focus, with the browser being available on all major desktop platforms and Android. The same is no longer true of WebKit, and we would have had to support all the OS’es on our own in that project." Knoll also cites Chromium's better support for recent HTML5 features, and says that "we are seeing that Chromium is currently by far the most dynamic and fastest moving browser available. Basing our next-generation Web engine on Chromium is a strategic and long-term decision. We strongly believe that the above facts will lead to a much better Web engine for Qt than what we can offer with Qt WebKit right now. "
Thursday's security updates
[Security] Posted Sep 12, 2013 14:24 UTC (Thu) by n8willis
CentOS has updated Xen4CentOS libvirt (group updating error) and Xen4CentOS xen (unspecified vulnerability). Fedora has updated wireshark (F19; multiple vulnerabilities). Mandriva has updated openswan (multiple vulnerabilities). openSUSE has updated libzypp (12.2; 12.3: key verification bypass).
Security of Java takes a dangerous turn for the worse, experts say (ars technica)
[Security] Posted Sep 12, 2013 1:16 UTC (Thu) by corbet
This ars technica article predicts some nasty security problems for Java 6 users. "The most visible sign of deterioration are in-the-wild attacks exploiting unpatched vulnerabilities in Java version 6, Christopher Budd, threat communications manager at antivirus provider Trend Micro, wrote in a blog post published Tuesday. The version, which Oracle stopped supporting in February, is still used by about half of the Java user base, he said. Malware developers have responded by reverse engineering security patches issued for Java 7, and using the insights to craft exploits for the older version. Because Java 6 is no longer supported ... those same flaws will never be fixed." See the original blog post for more information.
LWN.net Weekly Edition for September 12, 2013
Posted Sep 12, 2013 1:02 UTC (Thu)The LWN.net Weekly Edition for September 12, 2013 is available. Inside this week's LWN.net Weekly Edition
BSD-style securelevel comes to Linux — again
[Kernel] Posted Sep 11, 2013 19:04 UTC (Wed) by corbet
Most of the hand-wringing over the UEFI secure boot mechanism has long passed; those who want to run Linux on systems with secure boot enabled are, for the most part, able to do so. Things are quiet enough that one might be tempted to believe that the problem is entirely solved. As it happens, though, the core patches that implement the lockdown that some developers think is necessary for proper secure boot support still have not made their way into the mainline. The developer behind that work is still trying to get it merged though; in the process, he has brought back an old idea that was last rejected in 1998.
Security advisories for Wednesday
[Security] Posted Sep 11, 2013 16:04 UTC (Wed) by ris
Debian has updated exactimage (denial of service) and python-django (directory traversal). Gentoo has updated snack (code execution). Mandriva has updated gdm (privilege escalation). Red Hat has updated flash-plugin (multiple vulnerabilities).
|
|||||||||||||