LWN.net

Sony opens up the Xperia Tablet Z

corbet — 2013-05-17T20:06:21+00:00

Sony has announced the availability of an Android Open Source Project distribution for its Xperia Tablet Z device. "For all you developers out there, of course this means you can now access the software and contribute to this project. And this is all before the tablet is even available in the US. A special thanks to our Sony Mobile team for helping us create the package early and a huge thanks to the Android developer community for all your support. We can’t wait to see what you’ll do with the code." Source is available on GitHub.

Friday's security updates

n8willis — 2013-05-17T16:30:11+00:00

CentOS has updated kernel (C6; perf privilege escalation) and libvirt (denial of service).

Fedora has updated thunderbird (multiple vulnerabilities).

openSUSE has updated flash-player (multiple vulnerabilities).

Oracle has updated kernel (OL5, OL6; perf privilege escalation) and libvirt (denial of service).

Red Hat has updated kernel (RHEL 6, RHEL 6.3; perf privilege escalation) and libvirt (denial of service).

Scientific Linux has updated kernel (perf privilege escalation) and libvirt (denial of service).

Slackware has updated ruby (object taint bypassing) and thunderbird (multiple vulnerabilities).

SUSE has updated flash-player (multiple vulnerabilities).

Ubuntu has updated kernel-ec2 (10.04 LTS; multiple vulnerabilities), openstack-keystone (delayed token invalidation) and openstack-nova (denial of service).

Strongbox and Aaron Swartz (The New Yorker)

jake — 2013-05-16T21:14:42+00:00

The New Yorker magazine has started a service called Strongbox that allows anonymous information to be sent to magazine. It is based on the DeadDrop free software project that was created by the late Aaron Swartz, which uses the Tor network to preserve anonymity. The magazine also has an article by Kevin Poulsen, who organized the project, about its history. "In New York, a computer-security expert named James Dolan persuaded a trio of his industry colleagues to meet with Aaron to review the architecture and, later, the code. We wanted to be reasonably confident that the system wouldn't be compromised, and that sources would be able to submit documents anonymously—so that even the media outlets receiving the materials wouldn't be able to tell the government where they came from."

Ten years of Groklaw

corbet — 2013-05-16T15:59:01+00:00

Groklaw is celebrating its tenth anniversary. "Thank you for sticking to the job for ten years without giving out, and for funding the necessary activities that make Groklaw Groklaw. We made a difference in this old world. It's an achievement we can tell our grandchildren about some day. Not everyone can say that, but we actually made a difference. And nobody can take that away from us."

Thursday's security advisories

jake — 2013-05-16T15:29:21+00:00

CentOS has updated openswan (C5; C6: code execution).

Debian has updated kernel (many vulnerabilities).

Fedora has updated openvpn (F17; F18: possible plaintext recovery) and clamav (F18: multiple vulnerabilities).

Mageia has updated flash-player-plugin (many vulnerabilities).

Oracle has updated thunderbird (OL6: multiple vulnerabilities), firefox (OL5; OL6: multiple vulnerabilities), and openswan (OL5; OL6: code execution).

Red Hat has updated openswan (code execution).

Slackware has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities).

Ubuntu has updated kernel (10.04: multiple vulnerabilities) and kernel (12.04; 12.10; 13.04; 12.04 Quantal hardware enablement kernel: perf privilege escalation).

Blender dives into 3D printing industry (Libre Graphics World)

corbet — 2013-05-16T15:16:08+00:00

Libre Graphics World looks at the use of Blender in 3D printing; the recent 2.67 release includes a "3D printing toolbox." "While Blender cannot help with making actual devices easier to use, it definitely could improve designing printable objects. And that's exactly what happened last week, when Blender 2.67 was released."

[$] LWN.net Weekly Edition for May 16, 2013

corbet — 2013-05-16T01:08:56+00:00

The LWN.net Weekly Edition for May 16, 2013 is available.

Security advisories for Wednesday

ris — 2013-05-15T17:19:58+00:00

CentOS has updated firefox (C6; C5: multiple vulnerabilities) and thunderbird (C6; C5: multiple vulnerabilities). CentOS has also released a testing kernel that fixes CVE-2013-2094 (more information).

Debian has updated kernel (multiple vulnerabilities).

Fedora has updated tinc (F18; F17: code execution), xen (F18; F17: denial of service), and curl (F18: cookie information disclosure).

Mandriva has updated firefox (multiple vulnerabilities).

Red Hat has updated firefox (multiple vulnerabilities), thunderbird (multiple vulnerabilities), java-1.7.0-ibm (multiple vulnerabilities), java-1.6.0-ibm (multiple vulnerabilities), flash-plugin (multiple vulnerabilities), and acroread (multiple vulnerabilities).

Scientific Linux has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities).

Ubuntu has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities).

[$] A look at the PyPy 2.0 release

jake — 2013-05-15T15:31:48+00:00

It's hard to say why, but May appears to be the month where we look in on PyPy. Three years ago, we had a May 2010 introduction to PyPy, followed by an experiment using it in May 2011. This year, the PyPy 2.0 release was made on May 9—that, coupled with our evident tradition, makes for a good reason to look in on this Python interpreter written in Python. Subscribers can click below for our report on the release from this week's edition.

Local root vulnerability in the kernel

corbet — 2013-05-15T14:05:01+00:00

Commit b0a873ebb, merged for the 2.6.37 kernel, included an out of bounds reference bug that went undetected until Tommi Rantala discovered it with the Trinity fuzzing tool this April. It wasn't seen as a security bug by the kernel developers until an exploit was posted; the problem is now known as CVE-2013-2094. Mainline kernels 2.6.37-3.9 are vulnerable, but Red Hat also backported the bug into the 2.6.32-based kernel found in RHEL6. Expect distributor updates shortly.

[$] PostgreSQL 9.3 beta: Federated databases and more

jake — 2013-05-14T20:04:15+00:00

In Berkeley, California — the birthplace of PostgreSQL — it's spring: plum and cherry blossoms, courting finches and college students, new plans for the summer, and the first beta release of the database system. Every year, the first beta of the next PostgreSQL version comes out in April or May, for a final release in September. PostgreSQL 9.3 beta 1 was released to the public on May 13th, and contains a couple dozen new features both for database administrators and application developers. Subscribers can click below for a look at some of the new features by guest author Josh Berkus.

Extended stable support for the 3.8 kernel

corbet — 2013-05-14T19:46:32+00:00

Canonical has announced that the Ubuntu kernel team will be providing stable updates for the 3.8 kernel now that Greg Kroah-Hartman has moved on. This support will last as long as support for the Ubuntu 13.04 release: through August 2014. "We welcome any feedback and contribution to this effort. We will be posting the first review cycle patch set in a week or two."

Stable kernel 3.2.45

ris — 2013-05-14T18:30:29+00:00

Ben Hutchings has released stable kernel 3.2.45 with lots of important fixes throughout the tree.

Tuesday's security updates

ris — 2013-05-14T18:27:58+00:00

CentOS has updated httpd (C6; C5: multiple vulnerabilities).

Fedora has updated php-geshi (F18; F17: multiple vulnerabilities) and libtiff (F18: multiple vulnerabilities).

Oracle has updated httpd (OL6; OL5: multiple vulnerabilities).

Red Hat has updated httpd (multiple vulnerabilities).

Scientific Linux has updated httpd (multiple vulnerabilities).

SUSE has updated kernel (multiple vulnerabilities).

Go language 1.1 released

corbet — 2013-05-13T23:19:05+00:00

Version 1.1 of the "Go" programming language has been released. The bulk of the work seems to be in performance improvements, but there's a number of new features as well, including a race detector and an expanded library. See the release notes for details.