OpenSSL has updates released today, with two vulnerabilities of "High" severity, as described in its advisory. One of the High vulnerabilities is a reclassification of the FREAK vulnerability due to the prevalence of servers with RSA export ciphers available, the other is a denial of service in OpenSSL 1.0.2.
Debian has updated file (denial of service).
Debian-LTS has updated mono (three SSL/TLS vulnerabilities).
Gentoo has updated python (multiple vulnerabilities, two from 2013).
Mageia has updated moodle (multiple vulnerabilities).
SUSE has updated kernel (SLE12: multiple vulnerabilities).
Debian has updated php5 (multiple vulnerabilities).
openSUSE has updated vorbis-tools (13.2, 13.1: denial of service).
With this article, LWN's coverage of the memory-management track at LSFMM 2015 is complete; sessions from the filesystems track are being added as well. It all can be found at the LWN LSFMM 2015 page.
Ubuntu has updated libav (12.04: multiple vulnerabilities).
Fedora has updated 389-admin (F21: multiple /tmp/ file vulnerabilities), cups-filters (F21; F20: remote command execution), gnupg (F20: multiple vulnerabilities), httpd (F21: multiple vulnerabilities), jBCrypt (F21; F20: integer overflow), kernel (F20: multiple vulnerabilities), libmspack (F21; F20: denial of service), libuv (F20: privilege escalation), nodejs (F20: privilege escalation), phpMyAdmin (F21; F20: information leak), putty (F21; F20: information disclosure), tcllib (F21: HTML injection), and v8 (F20: privilege escalation).
Libre Graphics World has a look at the new release of OpenSCAD, the 3D solid-modeling tool often used in conjunction with 3D printers. The new features include support for complex text layout, offset functions for manipulating polygons, and the ability to generate height maps from PNG images. "The user interface got a few improvements as well: new startup dialog to quickly open recent files or examples from a library, new QScintilla-based code editor with folding support, SVG and AMF exporting, and more."
CentOS has updated kernel (C6: multiple vulnerabilities).
Oracle has updated gnome-shell, clutter, cogl, mutter (O7: lock screen bypass), httpd (O7: multiple vulnerabilities), ipa (O7: multiple vulnerabilities), kernel (O7: multiple vulnerabilities), krb5 (O7: multiple vulnerabilities), libreoffice (O7: code execution), libvirt (O7: multiple vulnerabilities), qemu-kvm (O7: multiple vulnerabilities), and thunderbird (O7: multiple vulnerabilities).
openSUSE has updated cacti (13.2, 13.1: multiple vulnerabilities).
Oracle has updated kernel (OL6: multiple vulnerabilities).
Red Hat has updated kernel (RHEL6: multiple vulnerabilities).
Since opening its doors in 2008, GitHub has grown to become the largest active project-hosting service for open-source software. But it has also attracted a fair share of criticism for some of its implementation choices—with one of the leading complaints being that it takes a lax approach to software licensing. That, in turn, leads to a glut of repositories bearing little or no licensing details. The company recently announced a new tool to help combat the license-confusion issue: a site-wide API for querying and reporting license information. Whether that API is up to the task, however, remains to be seen.