Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 2 hours 11 min ago

Security advisories for Wednesday

Wednesday 10th of December 2014 05:58:57 PM

CentOS has updated kernel (C7: multiple vulnerabilities) and rpm (C7; C6; C5: code execution).

Mageia has updated flash-player-plugin (multiple vulnerabilities), graphviz (format string vulnerability), iceape (multiple vulnerabilities), nodejs (multiple vulnerabilities), openafs (multiple vulnerabilities), php-pear-HTML_AJAX (code execution), and util-linux (command injection).

Oracle has updated kernel (OL7: multiple vulnerabilities) and rpm (OL7; OL6; OL5: code execution).

Red Hat has updated httpd24-httpd (RHSCL: two vulnerabilities), kernel (RHEL7: multiple vulnerabilities), and rpm (RHEL7; RHEL5,6; EUS products: code execution).

Scientific Linux has updated rpm (SL7; SL5,6: code execution).

Ubuntu has updated bind9 (denial of service) and xorg-server, xorg-server-lts-trusty (14.10, 14.04, 12.04: multiple vulnerabilities), xorg-server, xorg-server-lts-trusty ( incomplete fixes in previous update).

Qt 5.4 released

Wednesday 10th of December 2014 01:37:46 PM
Version 5.4 of the Qt toolkit is now available. It provides better interaction with web-based content, improved graphics, Bluetooth Low Energy support, and a lot more, including a licensing change: "As announced earlier, the open-source version for Qt 5.4 is also made available under the LGPLv3 license. The new licensing option allows us at The Qt Company to introduce more value-add components for the whole Qt ecosystem without making compromises on the business side. It also helps to protect 3rd party developers’ freedom from consumer device lock-down and prevents Tivoization as well as other misuse."

An extensive set of vulnerabilities

Tuesday 9th of December 2014 07:12:27 PM
The X.Org developers have released an advisory warning of a large set of vulnerabilities in the server, some of which date back to the X11R1 release in 1987. "How critical these vulnerabilities are to any given installation depends on whether they run an X server with root privileges or reduced privileges; whether they run X servers exposed to network clients or limited to local connections; and whether or not they allow use of the affected protocol extensions, especially the GLX extension."

Linux software nasty slithers out of online watering holes (The Register)

Tuesday 9th of December 2014 06:30:29 PM
The Turla trojan malware has been found to run on Linux, reports The Register. "[Kaspersky researcher Kurt] Baumgartner said the module written in C and C++ was hardened against reverse-engineering through the use of stripped symbol information and hidden network communications, adding it could not be discovered using Netstat. It contained attack capabilities which did not require root privileges including arbitrary remote command execution, incoming packet interception and remote management."

"Ubuntu Core" announced

Tuesday 9th of December 2014 05:14:00 PM
Mark Shuttleworth has announced the availability of "Ubuntu Core," a version of the distribution that takes a different approach to package management. "This is in a sense the biggest break with tradition in 10 years of Ubuntu, because Ubuntu Core doesn’t use debs or apt-get. We call it 'snappy' because that’s the new bullet-proof mechanism for app delivery and system updates; it’s completely different to the traditional package-based Ubuntu server and desktop. The snappy system keeps each part of Ubuntu in a separate, read-only file, and does the same for each application. That way, developers can deliver everything they need to be confident their app will work exactly as they intend, and we can take steps to keep the various apps isolated from one another, and ensure that updates are always perfect. Of course, that means that apt-get won’t work, but that’s OK since developers can reuse debs to make their snappy apps, and the core system is exactly the same as any other Ubuntu system – server or desktop."

Tuesday's security updates

Tuesday 9th of December 2014 04:49:56 PM

Debian has updated bind9 (denial of service) and kernel (multiple vulnerabilities).

Gentoo has updated dovecot (denial of service), libvirt (multiple vulnerabilities), nfs-utils (information disclosure), and qemu (multiple vulnerabilities).

SUSE has updated OpenVPN (SLE11 SP3: denial of service).

Ubuntu has updated graphviz (format string vulnerability).

Fedora 21 released

Tuesday 9th of December 2014 03:30:21 PM
The Fedora 21 distribution release is now available, in three different flavors (cloud, server, and workstation). "Fedora 21 is a game-changer for the Fedora Project, and we think you're going to be very pleased with the results." See the announcement for the highlights found in each of the released spins.

Kocialkowski: A hacker's journey: freeing a phone from the ground up, first part

Monday 8th of December 2014 07:55:35 PM
Paul Kocialkowski shares his experience with porting Replicant to the LG Optimus Black. "Every once in a while, an unexpected combination of circumstances ends up enabling us to do something pretty awesome. This is the story of one of those times. About a year ago, a member of the Replicant community started evaluating a few targets from CyanogenMod and noticed some interesting ones. After some early research, he picked a device: the LG Optimus Black (P970), bought one and started porting Replicant to it. After a few encouraging results, he was left facing issues he couldn't overcome and decided to give up with the port. As the device could still be an interesting target for Replicant, we decided to buy the phone from him so that I could pick up the work where he stalled." (Thanks to Paul Wise)

The SFLC's intervention in Google v. Oracle

Monday 8th of December 2014 07:07:50 PM
The Software Freedom Law Center has filed an interesting brief with the U.S. Supreme Court on whether the Court should review the Federal Circuit court decision stating that Android violates Oracle's copyrights by shipping some Java headers. The SFLC disagrees with the Circuit court decision, but, interestingly, still argues that the Supreme Court should not look at the case. "Given that the parties are agreed that Petitioner has the right to royalty-free use of all the material at issue under GNU GPL, and it is in addition entitled to claim that its use was licensed at all relevant times, there is no public interest in the adjudication a controversy which remains merely theoretical if not factually moot."

[$] A quick look at the new FontForge release

Monday 8th of December 2014 06:07:46 PM

FontForge is the most feature-rich free-software application for building and editing font files, but that is a niche that, regrettably, attracted relatively few developers over the project's lifespan. The situation has improved considerably in the last two years, however, and the latest release introduces several significant improvements. The new features include some expansion and enhancement to the editing tools, which will appeal to existing FontForge users, but they also include other changes that may be more significant in making FontForge appealing to new users.

Security advisories for Monday

Monday 8th of December 2014 06:02:54 PM

Debian has updated getmail4 (multiple vulnerabilities) and icedove (multiple vulnerabilities).

Fedora has updated arm-none-eabi-binutils-cs (F20; F19: multiple vulnerabilities), avr-binutils (F20; F19: multiple vulnerabilities), firefox (F19: multiple vulnerabilities), flac (F20: multiple vulnerabilities), graphviz (F20; F19: format string vulnerability), hivex (F20; F19: invalid hive files), kwebkitpart (F20; F19: code execution), libksba (F20; F19: denial of service), nrpe (F19: code execution), readline (F19: insecure temporary files), and thunderbird (F19: multiple vulnerabilities).

Mageia has updated apache-mod_wsgi (privilege escalation), jasper (code execution), and openvpn (denial of service).

openSUSE has updated apache2-mod_wsgi (13.1, 12.3: privilege escalation), docker (13.2: privilege escalation), firefox (13.2, 13.1, 12.3: multiple vulnerabilities), flac (13.2, 13.1, 12.3: multiple vulnerabilities), icecast (13.2; 13.1, 12.3: information leak/privilege escalation), openvpn (13.2, 13.1, 12.3: denial of service), and ruby19 (13.1, 12.3: two vulnerabilities).

Oracle has updated docker (OL7; OL6: privilege escalation).

Scientific Linux has updated kernel (SL5: restriction bypass).

SUSE has updated clamav (SLE11 SP3; SLES11 SP1,2: multiple vulnerabilities).

Ubuntu has updated ghostscript (10.04: code execution) and jasper (14.10, 14.04, 12.04: code execution).

The 3.18 kernel has been released

Monday 8th of December 2014 04:17:36 AM
Linus has released the 3.18 kernel. "I'd love to say that we've figured out the problem that plagues 3.17 for a couple of people, but we haven't. At the same time, there's absolutely no point in having everybody else twiddling their thumbs when a couple of people are actively trying to bisect an older issue, so holding up the release just didn't make sense." Highlights in this release include the bpf() system call, some significant networking performance improvements, dozens of new drivers, thousands of fixes, and more.

Some stable kernel updates

Sunday 7th of December 2014 08:27:15 PM
The 3.17.5 stable kernel has been released with a comment saying "No one should use it"; instead, the immediately following 3.17.6, containing an important patch reversion, should be used. Also available are 3.14.26 and 3.10.62.

Software Freedom Conservancy launches supporter program

Friday 5th of December 2014 07:48:39 PM

Software Freedom Conservancy (SFC), the US-based non-profit organization that sponsors around 30 separate FOSS projects, has announced a "Supporter" program. The program allows individuals to make a recurring donation to SFC's general operating fund, akin to the individual membership-style programs also offered by the Free Software Foundation, Software In The Public Interest, and various other non-profits in the community. As always, individuals can also make donations directly to SFC member projects.

Friday's security updates

Friday 5th of December 2014 04:44:24 PM

CentOS has updated kernel (C5: privilege escalation).

Mageia has updated mutt (M4: denial of service), yaml, perl-YAML-LibYAML (M4: denial of service), phpmyadmin (M4: denial of service), and tcpdump (M4: code execution).

openSUSE has updated clamav (12.3, 13.1, 13.2: multiple vulnerabilities), flash-player: code execution), and phpMyAdmin (12.3, 13.1, 13.2: multiple vulnerabilities).

Oracle has updated kernel (O5: privilege escalation; O6; O7: multiple vulnerabilities).

Red Hat has updated kernel (RHEL5: privilege escalation).

Ubuntu has updated MAAS (12.04, 14.04, 14.10: privilege escalation).

Hutterer: pointer acceleration in libinput - building a DPI database for mice

Friday 5th of December 2014 02:54:38 PM
Peter Hutterer describes a new mechanism aimed at providing consistent acceleration behavior across mice. "For us, useless and unpredictable is bad, especially in the use-case of everyday desktops. To work around that, libinput 0.7 now incorporates the physical resolution into pointer acceleration. And to do that we need a database, which will be provided by udev as of systemd 218 (unreleased at the time of writing). This database incorporates the various devices and their physical resolution, together with their sampling rate. udev sets the resolution as the MOUSE_DPI property that we can read in libinput and use as reference point in the pointer accel code." The developers are looking for help to populate this new database.

The first CentOS Linux Rolling media release

Friday 5th of December 2014 02:23:21 PM
The CentOS project has announced the availability of the first in a series of monthly rolling releases. "CentOS Linux rolling builds are point in time snapshot media rebuild from original release time, to include all updates pushed to's repositories. This includes all security, bugfix, enhancement and general updates for CentOS Linux. Machines installed from this media will have all these updates pre-included and will look no different when compared with machines installed with older media that have been yum updated to the same point in time."

A new set of Docker tools

Thursday 4th of December 2014 06:24:33 PM
Docker has announced a new set of container management tools: Machine (for system provisioning), Swarm (native clustering for Dockerized applications), and Compose (assembly of multi-container applications). "Finally, Docker Swarm has a pluggable architecture and ships 'batteries included' with a default scheduler. Stay tuned for the public API in the first half of 2015 which will allow swapping-in a scheduler implemented by an ecosystem partner or even your own custom implementation. Nevertheless, regardless of the underlying scheduler implementation, the interface to the app remains consistent, meaning that the app remains 100% portable."

Thursday's security updates

Thursday 4th of December 2014 06:20:23 PM

CentOS has updated firefox (C5; C6; C7: multiple vulnerabilities), nss (C5; C6; C7: protocol downgrade), thunderbird (C5; C6: multiple vulnerabilities), and wpa_supplicant (C7: command execution).

Debian has updated iceweasel (multiple vulnerabilities), jasper (code execution), qemu (privilege escalation), qemu-kvm (privilege escalation), and tcpdump (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities), tcpdump (F19: multiple vulnerabilities), teeworlds (F19; F20: denial of service), thunderbird (F20: multiple vulnerabilities), util-linux (F20: command injection), and wireshark (F20: multiple vulnerabilities).

Mageia has updated firefox, thunderbird (M4: multiple vulnerabilities), libreoffice (M4: code execution), mediawiki (M4: multiple vulnerabilities), and sddm (M4: multiple vulnerabilities).

Oracle has updated firefox (O5; O6: multiple vulnerabilities) and wpa_supplicant (O7: command execution).

Red Hat has updated wget (RHEL6.5: code execution) and wpa_supplicant (RHEL7: command execution).

Scientific Linux has updated firefox (multiple vulnerabilities), nss, nss-util, nss-softokn (protocol downgrade), thunderbird (SL6: multiple vulnerabilities), and wpa_supplicant (SL7: command execution).

Ubuntu has updated eglibc, glibc (10.04, 12.04, 14.04, 14.10: multiple vulnerabilities), tcpdump (10.04, 12.04, 14.04, 14.10: multiple vulnerabilities), and thunderbird (12.04, 14.04, 14.10: multiple vulnerabilities).

[$] Weekly Edition for December 4, 2014

Thursday 4th of December 2014 01:21:21 AM
The Weekly Edition for December 4, 2014 is available.

More in Tux Machines

UBOS -- a new Linux distro for personal servers and IoT devices

UBOS is a new Linux distro that aims to make it 10x easier to run server-side apps for yourself, or for your family, on hardware you own. Why give your valuable data to Google or some other data overlord, if you can keep it under your own control? All you need is a spare (physical, virtual, or cloud) computer that can run Linux. UBOS automates much of the administration, so you can get on with life. Want to use ownCloud instead of Dropbox? Shaarli instead of delicious? An RSS reader or an Internet-of-Things app? UBOS makes installation and maintenance easy and quick.

Slovak statisticians rely on open source for voting machines

The Slovak Republic’s Bureau of Statistics has used PCs running Ubuntu Linux for recording votes in the country’s municipal election on 29 November. Using open source saves money, says Štefan Tóth, Director Geneŕal of Informatics Section at the agency. For the bureau’s IT system administrators, Ubuntu proves easier to maintain and configure, and the software also withstands malware attacks better than the proprietary alternative, director Tóth confirms Read more

Users Can Backup Linux Systems with Clonezilla Live 2.3.1-18

Clonezilla Live, a Linux distribution based on DRBL, Partclone, and udpcast that lets users perform bare metal backup and recovery with very little effort has been upgraded to version 2.3.1-18 and is now ready for download. Read more

KDE Applications 14.12 - New Features, Frameworks Ports

Today KDE released KDE Applications 14.12, delivering new features and bug fixes to more than a hundred applications. Most of these applications are based on KDE Development Platform 4 but the first applications have been ported to KDE Frameworks 5. Frameworks is a set of modularized libraries providing additional functionality for Qt5, the latest version of the popular Qt cross-platform application framework. KDE app dragons This release marks the beginning of a new style of releases replacing the threesome of KDE Workspaces, Platform and Applications in the 4 series which ended with the latest KDE Applications update last month. Read more