Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 5 min ago

Security updates for Thursday

Thursday 19th of March 2015 03:28:21 PM

OpenSSL has updates released today, with two vulnerabilities of "High" severity, as described in its advisory. One of the High vulnerabilities is a reclassification of the FREAK vulnerability due to the prevalence of servers with RSA export ciphers available, the other is a denial of service in OpenSSL 1.0.2.

CentOS has updated freetype (C6: multiple vulnerabilities) and unzip (C6: multiple vulnerabilities).

Debian has updated file (denial of service).

Debian-LTS has updated mono (three SSL/TLS vulnerabilities).

Gentoo has updated python (multiple vulnerabilities, two from 2013).

Mageia has updated moodle (multiple vulnerabilities).

openSUSE has updated gdm (13.2: screen lock bypass), glusterfs (13.2: denial of service), and libssh2_org (13.2, 13.1: information leak).

Oracle has updated unzip (OL7; OL6: multiple vulnerabilities).

Red Hat has updated postgresql92-postgresql (RHSC1: multiple vulnerabilities) and unzip (RHEL6&7: multiple vulnerabilities).

SUSE has updated kernel (SLE12: multiple vulnerabilities).

Fedora seeks a diversity advisor

Thursday 19th of March 2015 01:58:29 PM
The Fedora project is looking for somebody to become its diversity advisor. "The Fedora Diversity Advisor will lead initiatives to assess and promote equality and inclusion within the Fedora contributor and user communities, and will develop project strategy on diversity issues. The Diversity Advisor will also be the point of contact for Fedora’s participation in third-party outreach programs and events." You have to get to the bottom of the announcement to read that this is a volunteer position, though they hope to change that someday.

[$] LWN.net Weekly Edition for March 19, 2015

Thursday 19th of March 2015 01:05:51 AM
The LWN.net Weekly Edition for March 19, 2015 is available.

OpenSSH 6.8 released

Wednesday 18th of March 2015 04:12:33 PM
The OpenSSH 6.8 release is available. New features include host-key rotation support (to allow graceful changes to host keys), an option to require two public keys for authentication, and quite a few more.

Stable kernel updates

Wednesday 18th of March 2015 04:08:44 PM
Greg Kroah-Hartman has released a set of stable kernel updates: 3.19.2, 3.14.36, and 3.10.72. All contain the usual set of important fixes.

Security advisories for Wednesday

Wednesday 18th of March 2015 03:52:18 PM

Debian has updated php5 (multiple vulnerabilities).

Fedora has updated freexl (F21; F20: denial of service) and libgcrypt (F21: two vulnerabilities).

openSUSE has updated vorbis-tools (13.2, 13.1: denial of service).

Oracle has updated freetype (OL7; OL6: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL5,6: multiple vulnerabilities) and freetype (RHEL6,7: multiple vulnerabilities).

Ubuntu has updated libxfont (privilege escalation) and php5 (multiple vulnerabilities).

Utah software company’s decade-old suit against IBM revived (SL Tribune)

Wednesday 18th of March 2015 03:09:52 PM
The Salt Lake Tribune reports that the SCO Group's lawsuit against IBM is once again alive and moving in Federal court. "In addition to its claims of IBM misappropriation of code, SCO alleges that IBM executives and lawyers directed the company's Linux programmers to destroy source code on their computers after SCO made its allegations. The company's other remaining claims are that IBM's actions amounted to unfair competition and interference with its contracts and business relations with other companies."

Qt 5.5 Alpha Available

Tuesday 17th of March 2015 06:06:01 PM
Qt 5.5 alpha has been released. "With Qt 5.5, Canvas 3D is fully supported and a technology preview of long awaited Qt 3D is included. Qt 5.5 also introduces mapping support with a Qt Location technology preview. Qt 5.5 Alpha is the first step towards Qt 5.5 final release planned to be available in May." Check out the New Features in Qt 5.5 page for more details.

[$] Reservations for must-succeed memory allocations

Tuesday 17th of March 2015 04:54:55 PM
When the schedule for the 2015 Linux Storage, Filesystem, and Memory Management Summit was laid out, its authors optimistically set aside 30 minutes on the first day for the thorny issue of memory-allocation problems in low-memory situations. That session (covered here) didn't get past the issue of whether small allocations should be allowed to fail, so the remainder of the discussion, focused on finding better solutions for the problem of allocations that simply cannot fail, was pushed into a plenary session on the second day.

With this article, LWN's coverage of the memory-management track at LSFMM 2015 is complete; sessions from the filesystems track are being added as well. It all can be found at the LWN LSFMM 2015 page.

Tuesday's security updates

Tuesday 17th of March 2015 04:19:17 PM

Debian has updated checkpw (denial of service), libxfont (privilege escalation), and tcpdump (multiple vulnerabilities).

Debian-LTS has updated gnupg (multiple vulnerabilities) and tcpdump (multiple vulnerabilities).

Gentoo has updated adobe-flash (multiple vulnerabilities) and file (multiple vulnerabilities).

Red Hat has updated kernel (RHEL6.2: multiple vulnerabilities) and kernel-rt (RHE MRG2.5: multiple vulnerabilities).

Ubuntu has updated libav (12.04: multiple vulnerabilities).

The GNU Manifesto Turns Thirty (New Yorker)

Tuesday 17th of March 2015 03:47:02 PM
The New Yorker notes the 30th anniversary of the GNU Manifesto. "Stallman was one of the first to grasp that, if commercial entities were going to own the methods and technologies that controlled computers, then computer users would inevitably become beholden to those entities. This has come to pass, and in spades. Most computer users have become dependent on proprietary code provided by companies like Apple, Facebook, and Google, the use of which comes with conditions we may not condone or even know about, and can’t control; we have forfeited the freedom to adapt such code according to our needs, preferences, and personal ethics."

Security advisories for Monday

Monday 16th of March 2015 05:46:02 PM

Debian has updated freetype (many vulnerabilities), gnutls26 (two vulnerabilities), icu (multiple vulnerabilities), libav (multiple vulnerabilities), and putty (information disclosure).

Debian-LTS has updated libextlib-ruby (code execution and more), libssh2 (information leak), mod-gnutls (restriction bypass), and putty (information disclosure).

Fedora has updated 389-admin (F21: multiple /tmp/ file vulnerabilities), cups-filters (F21; F20: remote command execution), gnupg (F20: multiple vulnerabilities), httpd (F21: multiple vulnerabilities), jBCrypt (F21; F20: integer overflow), kernel (F20: multiple vulnerabilities), libmspack (F21; F20: denial of service), libuv (F20: privilege escalation), nodejs (F20: privilege escalation), phpMyAdmin (F21; F20: information leak), putty (F21; F20: information disclosure), tcllib (F21: HTML injection), and v8 (F20: privilege escalation).

Gentoo has updated hivex (privilege escalation) and icu (multiple vulnerabilities).

Mageia has updated 389-ds-base (multiple vulnerabilities) and flash-player-plugin (multiple vulnerabilities).

Mandriva has updated kernel (multiple vulnerabilities), nss (multiple vulnerabilities), qemu (multiple vulnerabilities), and yaml (multiple vulnerabilities).

openSUSE has updated flashplayer (11.4: multiple vulnerabilities), chromium (13.2, 13.1: multiple vulnerabilities), and postgresql (11.4: multiple vulnerabilities).

SUSE has updated flash-player (SLED11 SP3: multiple vulnerabilities) and java-1_7_0-openjdk (SLE12: multiple vulnerabilities).

Ubuntu has updated cups-filters (14.10, 14.04: remote command execution), requests (14.10, 14.04: cookie stealing attacks), and sudo (information disclosure).

Kernel prepatch 4.0-rc4

Monday 16th of March 2015 01:45:33 AM
The fourth 4.0 prepatch is out for testing. Linus says: "Nothing particularly stands out here. Shortlog appended, I think we're doing fine for where in the release cycle we are."

OpenSCAD 2015.03 released with text objects support (Libre Graphics World)

Friday 13th of March 2015 08:28:40 PM

Libre Graphics World has a look at the new release of OpenSCAD, the 3D solid-modeling tool often used in conjunction with 3D printers. The new features include support for complex text layout, offset functions for manipulating polygons, and the ability to generate height maps from PNG images. "The user interface got a few improvements as well: new startup dialog to quickly open recent files or examples from a library, new QScintilla-based code editor with folding support, SVG and AMF exporting, and more."

Friday's security updates

Friday 13th of March 2015 03:10:48 PM

CentOS has updated kernel (C6: multiple vulnerabilities).

Debian has updated gnupg (multiple vulnerabilities), libgcrypt11 (multiple vulnerabilities), movabletype-opensource (multiple vulnerabilities), and nss (data smuggling).

Fedora has updated krb5 (F21: multiple vulnerabilities) and suricata (F21: multiple vulnerabilities).

Mageia has updated libarchive (M4: directory traversal), libssh2 (M4: denial of service), and qt3, qt4, qt5base (M4: denial of service).

openSUSE has updated flash-player (13.1, 13.2: multiple vulnerabilities), osc (13.1, 13.2: command injection), and wireshark (13.1, 13.2: multiple vulnerabilities).

Oracle has updated gnome-shell, clutter, cogl, mutter (O7: lock screen bypass), httpd (O7: multiple vulnerabilities), ipa (O7: multiple vulnerabilities), kernel (O7: multiple vulnerabilities), krb5 (O7: multiple vulnerabilities), libreoffice (O7: code execution), libvirt (O7: multiple vulnerabilities), qemu-kvm (O7: multiple vulnerabilities), and thunderbird (O7: multiple vulnerabilities).

SUSE has updated bind (SLE10: denial of service), flash-player (SLE12: multiple vulnerabilities), and osc (SLE12: command injection).

NTP's Fate Hinges On 'Father Time' (InformationWeek)

Friday 13th of March 2015 01:58:58 PM
InformationWeek has a lengthy look at the maintenance of the network time protocol (NTP) code. "Not all is well within the NTP open source project. The number of volunteer contributors -- those who submit code for periodic updates, examine bug reports, and write fixes -- has shrunk over its long lifespan, even as its importance has increased. Its ongoing development and maintenance now rest mostly on the shoulders of [Harlan] Stenn, and that's why NTP faces a turning point. Stenn, who also works sporadically on his own consulting business, has given himself a deadline: Garner more financial support by April, 'or look for regular work.'"

Google Code shutting down

Thursday 12th of March 2015 06:39:35 PM
Google has announced that the Google Code repository is shutting down. "As developers migrated away from Google Code, a growing share of the remaining projects were spam or abuse. Lately, the administrative load has consisted almost exclusively of abuse management. After profiling non-abusive activity on Google Code, it has become clear to us that the service simply isn’t needed anymore." New project creation has been stopped already; the final pulling of the plug will be in January 2016.

Thursday's security updates

Thursday 12th of March 2015 04:17:42 PM

openSUSE has updated cacti (13.2, 13.1: multiple vulnerabilities).

Oracle has updated kernel (OL6: multiple vulnerabilities).

Red Hat has updated kernel (RHEL6: multiple vulnerabilities).

Scientific Linux has updated bind (SL6,7: denial of service) and kernel (SL6: multiple vulnerabilities).

SUSE has updated bind (SLES11 SP1: denial of service) and kernel (SLES11 SP2: multiple vulnerabilities).

Ubuntu has updated kernel (14.10; 14.04; 12.04; 10.04: privilege escalation), linux-lts-trusty (12.04: privilege escalation), and linux-lts-utopic (14.04: privilege escalation).

[$] LWN.net Weekly Edition for March 12, 2015

Wednesday 11th of March 2015 11:03:24 PM
The LWN.net Weekly Edition for March 12, 2015 is available.

[$] GitHub unveils its Licenses API

Wednesday 11th of March 2015 08:18:15 PM

Since opening its doors in 2008, GitHub has grown to become the largest active project-hosting service for open-source software. But it has also attracted a fair share of criticism for some of its implementation choices—with one of the leading complaints being that it takes a lax approach to software licensing. That, in turn, leads to a glut of repositories bearing little or no licensing details. The company recently announced a new tool to help combat the license-confusion issue: a site-wide API for querying and reporting license information. Whether that API is up to the task, however, remains to be seen.

More in Tux Machines

Leftovers: Software

  • Git 2.3.4 Is Now Available for Download, Fixes Multiple Issues
    A new maintenance release of the Git 2.3 software, the world’s most popular distributed revision control system, was pushed today on mirrors worldwide. Git 2.3.4 is a small bugfix release that patches no more than 7 issues discovered in the previous release of the software, Git 2.3.3, which was announced last week.
  • Sound Juicer 3.16.0 Officially Released, GNOME’s Default Audio-CD Ripper
    The release of the GNOME 3.16 desktop environment is imminent, so application developers still publish their packages on the GNOME’s FTP website in preparation for tomorrow’s big announcement.
  • MuseScore 2.0 Milestone Release – Free Music Scoring App [Install in Ubuntu]
    MuseScore is a free, open-source music notation and composition application built using Qt 5, with access to thousands of music sheets, an integrated sequencer to allow for immediate playback and many more features. Version 2.0 was released today, March 25, and it represents a milestone release in the development of MuseScore, shipping with an impressive number of new features, varying from major UI changes to musical notation features like tablature support, or improved playback support.
  • Edit UEFI varstores
    UEFI firmware has a concept of persistent variables. They are used to control the boot order amongst other things. They are stored in non-volatile RAM on the system board, or for virtual machines in a host file.
  • Python for remote reconfiguration of server firmware
    There's documentation in the README, and I'm sorry for the API being kind of awful (it suffers rather heavily from me writing Python while knowing basically no Python). Still, it ought to work. I'm interested in hearing from anybody with problems, anybody who's interested in getting it on Pypi and anybody who's willing to add support for new HP systems.

today's howtos

Leftovers: Gaming

Leftovers: Screenshots