Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 2 hours 17 min ago

Goodbye, Pi. Hello, C.H.I.P. (Linux Journal)

Monday 18th of May 2015 08:03:39 PM
Linux Journal takes a look at the C.H.I.P. mini-computer, an open software and hardware device that comes with a Debian-based OS. "The official public release is scheduled for next year, but crowdfunding backers will be able to land a "Kernel Hacker" package this September. This package is aimed at Linux developers who want to help to contribute to kernel modifications for the C.H.I.P. before its final release."

Kernel prepatch 4.1-rc4

Monday 18th of May 2015 07:47:04 PM
Linus has released the 4.1-rc4 kernel prepatch, saying: "So here it is, last-minute fix and all. The -rc4 patch is a bit bigger than the previous ones, but that seems to be mainly due to normal random timing - just the fluctuation of when submaintainer trees get pushed."

Stable kernel updates

Monday 18th of May 2015 05:01:10 PM
New stable kernels 4.0.4, 3.14.43, and 3.10.79 have been released. All of them contain important fixes throughout the tree.

Security advisories for Monday

Monday 18th of May 2015 04:50:02 PM

Arch Linux has updated thunderbird (multiple vulnerabilities).

CentOS has updated thunderbird (C7: multiple vulnerabilities).

Debian has updated libmodule-signature-perl (multiple vulnerabilities).

Debian-LTS has updated dpkg (integrity-verification bypass), nbd (denial of service), and tiff (multiple vulnerabilities).

Fedora has updated java-1.8.0-openjdk (F21: unspecified vulnerability), NetworkManager (F21: denial of service), phpMyAdmin (F21; F20: two vulnerabilities), qemu (F21: code execution), and t1utils (F21; F20: multiple vulnerabilities).

Mageia has updated ruby-rest-client (two vulnerabilities) and virtualbox (code execution).

openSUSE has updated flash-player (11.4: multiple vulnerabilities), qemu (13.2; 13.1: code execution), and firefox (11.4: multiple vulnerabilities).

Red Hat has updated thunderbird (RHEL5,6,7: multiple vulnerabilities).

Slackware has updated thunderbird (multiple vulnerabilities).

SUSE has updated KVM (SLE11SP3: code execution), qemu (SLE12: two vulnerabilities), and spice (SLE12; SLESDK12: denial of service).

[$] An introduction to Clear Containers

Monday 18th of May 2015 04:04:05 PM
Guest author Arjan van de Ven writes: "Containers are hot. Everyone loves them. Developers love the ease of creating a "bundle" of something that users can consume; DevOps and information-technology departments love the ease of management and deployment." A group at Intel is working on a new approach to containers called "Clear Containers"; click below (subscribers only) for an introduction to how these containers work.

Hardening Hypervisors Against VENOM-Style Attacks (Xen Project Blog)

Friday 15th of May 2015 08:20:58 PM
The Xen Project looks at a mechanism to mitigate vulnerabilities like VENOM that attack emulation layers in QEMU. "The good news is it’s easy to mitigate all present and future QEMU bugs, which the recent Xen Security Advisory emphasized as well. Stubdomains can nip the whole class of vulnerabilities exposed by QEMU in the bud by moving QEMU into a de-privileged domain of its own. Instead of having QEMU run as root in dom0, a stubdomain has access only to the VM it is providing emulation for. Thus, an escape through QEMU will only land an attacker in a stubdomain, without access to critical resources. Furthermore, QEMU in a stubdomain runs on MiniOS, so an attacker would only have a very limited environment to run code in (as in return-to-libc/ROP-style), having exactly the same level of privilege as in the domain where the attack started. Nothing is to be gained for a lot of work, effectively making the system as secure as it would be if only PV drivers were used." The Red Hat Security Blog also noted this kind of mitigation for VENOM-style attacks.

Rust 1.0 released

Friday 15th of May 2015 05:15:15 PM
Version 1.0 of the Rust language has been released. "The 1.0 release marks the end of that churn. This release is the official beginning of our commitment to stability, and as such it offers a firm foundation for building applications and libraries. From this point forward, breaking changes are largely out of scope (some minor caveats apply, such as compiler bugs). That said, releasing 1.0 doesn’t mean that the Rust language is “done”. We have many improvements in store. In fact, the Nightly builds of Rust already demonstrate improvements to compile times (with more to come) and includes work on new APIs and language features, like std::fs and associated constants."

Friday's security updates

Friday 15th of May 2015 01:50:07 PM

Arch Linux has updated wireshark-cli (multiple vulnerabilities), wireshark-gtk (multiple vulnerabilities), and wireshark-qt (multiple vulnerabilities).

SUSE has updated flash-player (SLE12: multiple vulnerabilities).

3 big lessons I learned from running an open source company (

Thursday 14th of May 2015 07:58:22 PM
Over at, Lucidworks co-founder and CTO Grant Ingersoll writes about lessons he has learned from running an open-source company. "You might ask, 'Why not open source it all and just provide support?' It's a fair question and one I think every company that open sources code struggles to answer, unless they are a data company (e.g., LinkedIn, Facebook), a consulting company, or a critical part of everyone's infrastructure (e.g., operating systems) and can live off of support alone. Many companies start by open sourcing to gain adoption and then add commercial features (and get accused of selling out), whereas others start commercial and then open source. Internally, the sales side almost always wants "something extra" that they can hang their quota on, while the engineers often want it all open because they know they can take their work with them."

Thursday's security updates

Thursday 14th of May 2015 03:58:54 PM

Arch Linux has updated qemu (code execution).

CentOS has updated firefox (C5: multiple vulnerabilities), kernel (C7: code execution), kvm (C5: code execution), qemu-kvm (C7; C6: code execution), and xen (C5: code execution).

Debian has updated iceweasel (multiple vulnerabilities) and qemu (multiple vulnerabilities).

Debian-LTS has updated icu (multiple vulnerabilities some from 2013).

Fedora has updated ca-certificates (F21: certificate changes), firefox (F21: multiple vulnerabilities), gnutls (F21: signature algorithm verification botch), libssh (F21: denial of service), and thunderbird (F21: two vulnerabilities).

Mageia has updated darktable (denial of service), kernel-linus (three vulnerabilities), kernel-tmb (multiple vulnerabilities), libraw (denial of service), qemu (code execution), rawtherapee (denial of service), ufraw and dcraw (denial of service), and wireshark (three dissector vulnerabilities).

Oracle has updated firefox (OL6: multiple vulnerabilities), kvm (OL5: denial of service), qemu-kvm (OL7; OL6: code execution), kernel (OL7; OL6; OL6; OL5: multiple vulnerabilities), and xen (OL5: code execution).

Scientific Linux has updated firefox (SL7,SL6,SL5: multiple vulnerabilities), kernel (SL7: code execution), kexec-tools (SL7: arbitrary file overwrite), pcs (SL7; SL6: privilege escalation), qemu-kvm (SL7; SL6: code execution), tomcat (SL7: HTTP request smuggling), and tomcat6 (SL6: HTTP request smuggling).

SUSE has updated kvm (SLE11SP3: denial of service).

Ubuntu has updated firefox (multiple vulnerabilities) and qemu, qemu-kvm (three vulnerabilities).

[$] Weekly Edition for May 14, 2015

Thursday 14th of May 2015 01:08:12 AM
The Weekly Edition for May 14, 2015 is available.

Linux 3.19.y-ckt extended stable support

Wednesday 13th of May 2015 07:08:08 PM
Kamal Mostafa has announced that Canonical's kernel team will pick up stable maintenance of the 3.19 kernel series, until July 2016.

Stable kernel updates

Wednesday 13th of May 2015 06:46:32 PM
Greg Kroah-Hartman has released stable kernels 4.0.3, 3.14.42, and 3.10.78. All of them contain important fixes.

[$] CoreOS Fest and the world of containers, part 1

Wednesday 13th of May 2015 06:26:54 PM

It's been a Linux container bonanza in San Francisco recently, and that includes a series of events and announcements from multiple startups and cloud hosts. It seems like everyone is fighting for a piece of what they hope will be a new multi-billion-dollar market. This included Container Camp on April 17 and CoreOS Fest on May 5th and 6th, with DockerCon to come near the end of June. While there is a lot of hype, the current container gold rush has yielded more than a few benefits for users — and caused technological development so rapid it is hard to keep up with.

Subscribers can click below for a report by guest author Josh Berkus from this week's edition.

Security advisories for Wednesday

Wednesday 13th of May 2015 05:25:05 PM

Arch Linux has updated firefox (multiple vulnerabilities) and tomcat6 (denial of service).

CentOS has updated firefox (C7; C6: multiple vulnerabilities), kexec-tools (C7: file overwrites), pcs (C7; C6: privilege escalation), tomcat (C7: HTTP request smuggling), and tomcat6 (C6: HTTP request smuggling).

Debian has updated quassel (SQL injection).

Fedora has updated clamav (F20: multiple vulnerabilities), dpkg (F21; F20: two vulnerabilities), kernel (F21: two vulnerabilities), texlive (F21: predictable filenames), and wpa_supplicant (F20: code execution).

Gentoo has updated ettercap (multiple vulnerabilities).

Mageia has updated dnsmasq (information disclosure), flash-player-plugin (multiple vulnerabilities), hostapd (denial of service), netcf (denial of service), pam (two vulnerabilities), and testdisk (multiple vulnerabilities).

Oracle has updated firefox (OL7; OL5: multiple vulnerabilities), kernel (OL7: two vulnerabilities), kexec-tools (OL7: file overwrites), tomcat (OL7: HTTP request smuggling), and tomcat6 (OL6: HTTP request smuggling).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), flash-plugin (RHEL5,6: multiple vulnerabilities), java-1.6.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm (RHEL5: multiple vulnerabilities), kernel (RHEL7: privilege escalation), kernel-rt (RHEL7; RHEMRG2.5: privilege escalation), kexec-tools (RHEL7: file overwrites), kvm (RHEL5: code execution), pcs (RHEL7; RHEL6: privilege escalation), qemu-kvm (RHEL7; RHEL6: code execution), qemu-kvm-rhev (RHEL7, RHEL6, RHEL OSP4,5,6: code execution), tomcat (RHEL7: HTTP request smuggling), tomcat6 (RHEL6: HTTP request smuggling), and xen (RHEL5: code execution).

Scientific Linux has updated kvm (SL5: code execution) and xen (SL5: code execution).

Slackware has updated mozilla (multiple vulnerabilities).

SUSE has updated php5 (SLE12: multiple vulnerabilities).

[$] Trading off safety and performance in the kernel

Tuesday 12th of May 2015 08:04:39 PM
The kernel community ordinarily tries to avoid letting users get into a position where the integrity of their data might be compromised. There are exceptions, though; consider, for example, the ability to explicitly flush important data to disk (or more importantly, to avoid flushing at any given time). Buffering I/O in this manner can significantly improve disk write I/O throughput, but if application developers are careless, the result can be data loss should the system go down at an inopportune time. Recently there have been a couple of proposed performance-oriented changes that have tested the community's willingness to let users put themselves into danger.

Click below (subscribers only) for the full story from this week's Kernel Page.

Firefox 38.0

Tuesday 12th of May 2015 07:00:53 PM
Mozilla has released Firefox 38.0. This version features new tab-based preferences and Ruby annotation support. Also, it will be the base for the next ESR release. The release notes contain more information.

Tuesday's security updates

Tuesday 12th of May 2015 04:28:57 PM

Debian has updated mercurial (two vulnerabilities).

Mageia has updated async-http-client (two vulnerabilities), glpi (privilege escalation), kernel (multiple vulnerabilities), libarchive (denial of service), libssh (denial of service), mailman (path traversal attack), pnp4nagios (cross-site scripting), postgis (multiple vulnerabilities), ruby-redcarpet (cross-site scripting), and springframework (information disclosure).

openSUSE has updated Chromium (13.2, 13.1: two vulnerabilities), curl (13.2, 13.1: information leak), dnsmasq (13.2, 13.1: information disclosure), gnu_parallel (13.2, 13.1: file overwrite), libreoffice (13.2: code execution), libssh (13.2, 13.1: denial of service), libtasn1 (13.2, 13.1: denial of service), pcre (13.2, 13.1: multiple vulnerabilities), and php5 (13.2, 13.1: multiple vulnerabilities).

Slackware has updated mariadb (multiple unspecified vulnerabilities), mysql (multiple unspecified vulnerabilities), and wpa_supplicant (code execution).

Ubuntu has updated libmodule-signature-perl (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities) and openssl (12.04: re-enable TLSv1.2 by default).

The Foresight Linux Project shuts down

Tuesday 12th of May 2015 01:06:31 PM
The development of the Foresight Linux distribution has come to an end. "The Foresight Linux Council has determined that there has been insufficient volunteer activity to sustain meaningful new development of Foresight Linux. Faced with the need either to update the project's physical infrastructure or cease operations, we find no compelling reason to update the infrastructure."

The last stable 3.19.x kernel

Monday 11th of May 2015 05:56:07 PM
Greg Kroah-Hartman has released stable kernel 3.19.8. This is the last kernel in the 3.19.x series and users should upgrade to 4.0.x.

More in Tux Machines

What's New for You This June in Open Source CMS

You can't talk about open source content management systems without talking about WordPress, the most popular CMS on the planet. WordPress powers some of the largest websites in the world including CNN, Time magazine and Ted. According to W3tech, WordPress powers 23 percent of the top 10 million websites in the world. Read more

From Linux User, to Electrical Engineer, to Linux Foundation Instructor: Jan-Simon Möller

Jan-Simon Möller is a consultant and trainer for the Linux Foundation's training program and holds an electrical engineering degree. But he started out as a home Linux user tinkering with different distributions before moving on to systems administration. He now teaches a range of Linux Foundation courses, from writing Linux kernel drivers, to embedded Linux development, and system administration. His expertise lies in embedded Linux, Realtime Linux, SELinux, power management, and integration of new compilers. Here Möller tells us more about how he learned Linux, his career path, the projects he's currently involved in, and his ham radio hobby. Read more

Cinnamon 2.6 to Arrive in Linux Mint 17.2 "Rafaela" and LMDE 2 "Betsy" by the End of June

Cinnamon 2.6 was released yesterday and the developers have promised that it will be available in the supported Linux Mint flavors by the end of the month. Read more

The Linux Foundation Offers Course for SysAdmins on EdX

The Linux Foundation partnership with edX platform is expanding, and users will now get the Essentials of Linux Systems Administration (LFS201) online course, which should help prepare the SysAdmins of tomorrow. Read more