Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 10 min ago

Docker 1.8 released

Wednesday 12th of August 2015 03:10:26 PM
The 1.8 release of the Docker container system is out, with a number of new features. "Docker Content Trust is a new feature in Docker Engine 1.8 that makes it possible to verify the publisher of Docker images. When a publisher pushes an image to a remote registry, Docker signs the image with a private key. When you later pull this image, Docker uses the publisher’s public key to verify that the image you are about to run is exactly what the publisher created, has not been tampered with, and is up to date."

Thor: another free video codec

Tuesday 11th of August 2015 08:04:39 PM
Cisco, it seems, is unhappy with the patent mess around video codecs, so it has launched a project called "Thor" to make one that can be freely distributed. "The effort is being staffed by some of the world’s most foremost codec experts, including the legendary Gisle Bjøntegaard and Arild Fuldseth, both of whom have been heavy contributors to prior video codecs. We also hired patent lawyers and consultants familiar with this technology area. We created a new codec development process which would allow us to work through the long list of patents in this space, and continually evolve our codec to work around or avoid those patents."

Firefox 40 is available

Tuesday 11th of August 2015 05:56:25 PM
Mozilla has released Firefox 40. There are several new features listed in the release notes such as; improved scrolling, graphics, and video playback performance with off main thread compositing, added protection against unwanted software downloads, a new style for add-on manager based on the in-content preferences style, and an improved graphic blocklist mechanism.

Kali Linux 2.0 released

Tuesday 11th of August 2015 04:38:23 PM
Kali Linux is a Debian-based distribution oriented toward penetration testing and related tasks; the 2.0 release is now available. "There’s a new 4.0 kernel, now based on Debian Jessie, improved hardware and wireless driver coverage, support for a variety of Desktop Environments (gnome, kde, xfce, mate, e17, lxde, i3wm), updated desktop environment and tools – and the list goes on. But these bulletpoint items are essentially a side effect of the real changes that have taken place in our development backend. Ready to hear the real news? Take a deep breath, it’s a long list." At the top of that list is that Kali is now a rolling distribution.

Security updates for Tuesday

Tuesday 11th of August 2015 04:17:49 PM

Arch Linux has updated ppp (denial of service).

Debian has updated subversion (two vulnerabilities).

Debian-LTS has updated opensaml2 (denial of service).

Fedora has updated elasticsearch (F22: multiple vulnerabilities), lxc (F22; F21: two vulnerabilities), and rubygems (F22: DNS hijacking).

OpenSSH 7.0

Tuesday 11th of August 2015 02:00:49 PM
The OpenSSH 7.0 release is out. It fixes a number of problems and adds a few new configuration features, but the main focus of 7.0 is taking things out: "This focus of this release is primarily to deprecate weak, legacy and/or unsafe cryptography." More old crypto is slated for removal in 7.1; see the announcement for the list.

Ubuntu One file-syncronization code released

Tuesday 11th of August 2015 01:13:04 PM
Ubuntu has announced the release of the file-synchronization code behind its "Ubuntu One" service. The release is about as "over-the-wall" as it gets, though: "Will you take patches? In general, no. We won’t have anybody assigned to reviewing and accepting code. We’d encourage interested maintainers to fork the code and build out a community around it."

Stable kernel updates

Monday 10th of August 2015 10:15:37 PM
Stable kernels 4.1.5, 3.14.50, and 3.10.86 have been released. All of them contain important fixes throughout the tree.

Security advisories for Monday

Monday 10th of August 2015 04:52:12 PM

CentOS has updated firefox (C7; C6; C5: information leak).

Debian has updated activemq (denial of service) and opensaml2 (problem with previous update).

Debian-LTS has updated xmltooling (denial of service).

Fedora has updated community-mysql (F22; F21: unspecified vulnerabilities) and firefox (F22; F21: information leak).

Mageia has updated cacti (MG4,5: multiple vulnerabilities), firefox (MG4,5: information leak), ghostscript (MG4,5: buffer overflow), libunwind (MG4,5: buffer overflow), lxc (MG5: two vulnerabilities), and wordpress (MG4: multiple vulnerabilities).

Oracle has updated firefox (OL7; OL6; OL5: information leak).

Red Hat has updated firefox (RHEL5,6,7: information leak).

Scientific Linux has updated firefox (SL5,6,7: information leak).

Slackware has updated firefox (information leak) and nss (information leak).

Kernel prepatch 4.2-rc6

Sunday 9th of August 2015 09:45:52 PM
The 4.2-rc6 kernel prepatch is out. Linus says: "So last week I wasn't very happy about the state of the release candidates, but things are looking up. Not only is rc6 finally shrinking noticeably, the issues I was worried about had fixes come in early in the week, and so I don't have anything big pending. Assuming nothing new comes up, I suspect we will end up with the regular release schedule after all (ie in two weeks). Knock wood."

Ubuntu 14.04.3 LTS released

Friday 7th of August 2015 11:04:57 PM
The third update to the 14.04 Long Term Support release is available for Desktop, Server, Cloud, and Core products, as well as other flavors of Ubuntu with long-term support. "We have expanded our hardware enablement offering since 12.04, and with 14.04.3, this point release contains an updated kernel and X stack for new installations to support new hardware across all our supported architectures, not just x86."

Firefox 39.0.3 is out

Friday 7th of August 2015 09:29:38 PM
Firefox 39.0.3 has been released. This update contains exactly one change: a fix for the recently reported PDF vulnerability that is being actively exploited on the net.

CentOS Linux 6.7 released

Friday 7th of August 2015 07:03:26 PM
CentOS Linux 6.7 has been released for x86 and x86_64. "There are many fundamental changes in this release, compared with the past CentOS Linux 6 releases, and we highly recommend everyone study the upstream Release Notes as well as the upstream Technical Notes about the changes and how they might impact your installation. (See the 'Further Reading' section of the CentOS release notes."

Security updates for Friday

Friday 7th of August 2015 04:54:41 PM

Arch Linux has updated firefox (information leak) and wordpress (multiple vulnerabilities).

Debian has updated kernel (multiple vulnerabilities).

Debian-LTS has updated openssh (two vulnerabilities) and remind (buffer overflow).

Fedora has updated drupal6-cck (F22; F21: unspecified vulnerability), lighttpd (F22; F21: log injection), mantis (F22; F21: information disclosure), opensaml-java (F22; F21: missing host name verification), opensaml-java-openws (F22; F21: missing host name verification), and openstack-swift (F22: arbitrary object deletion).

Oracle has updated kernel 3.8.13 (OL7; OL6: information leak), kernel 2.6.39 (OL6; OL5: two vulnerabilities), and kernel 2.6.32 (OL6; OL5: two vulnerabilities).

Ubuntu has updated firefox (15.04, 14.04, 12.04: information leak) and openjdk-6 (12.04: multiple vulnerabilities).

Privacy Badger 1.0

Friday 7th of August 2015 11:54:01 AM
The Electronic Frontier Foundation has announced the 1.0 release of the Privacy Badger browser extension. "As you browse the Web, Privacy Badger looks at any third party domains that are loaded on a given site and determines whether or not they appear to be tracking you (e.g. by setting cookies that could be used for tracking, or fingerprinting your browser). If the same third party domain appears to be tracking you on three or more different websites, Privacy Badger will conclude that the third party domain is a tracker and block future connections to it." The extension is distributed under GPLv3; see this page for more information.

An active Firefox exploit

Friday 7th of August 2015 11:13:49 AM
Mozilla has posted a warning about a Firefox vulnerability that is currently being actively exploited on the net. "The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the 'same origin policy') and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files." There is a security update for the problem.

Grasch: A Frank Look at Simon: Where To Go From Here

Thursday 6th of August 2015 08:25:49 PM
On his blog, Peter Grasch considers the future for the Simon speech-recognition system for KDE. He is passing the torch and will no longer be actively participating in the project, but he spent some time passing on his knowledge and some thoughts on where things might go from here. In addition, he built a working prototype of a speech-based command and control system for the Plasma desktop called Lera. "If anything, Lera is a starting point. The next steps would be to move Simon’s “eventsimulation” library into a separate framework, to be shared between Lera and Simon. Lera could then use this to type out the recognition results (see Simon’s Dictation plugin). Then, I would suggest porting a simplified notion of “Scenarios” to Lera, which should only really contain a set of commands, and maybe context information (vocabulary and “grammar” can be synthesized automatically from the command triggers). The implementation of training (acoustic model adaption) would then complete a very sensible, very usable version 1.0."

Federated Cloud Sharing in ownCloud 8.1 (ownCloud blog)

Thursday 6th of August 2015 06:13:59 PM
The ownCloud blog has a post about federated file sharing between ownCloud instances in ownCloud 8.1, but it also looks at the wider view of federation between various kinds of cloud servers. ownCloud founder Frank Karlitschek has a series of posts (It is Time to Federate Our Clouds, The Next Generation File Sync and Share Technology, and The Federated Architecture of Next Generation File Sync and Share) on federation technology and has also proposed a cross-cloud-platform federation API: "In addition, today Frank proposed a draft of a Federated Cloud Sharing API to the Open Cloud Mesh working group with the goal of jump-starting a discussion about what is needed to enable federation between different file sharing implementations. Sharing among ownClouds is great, but the true power of a federated file cloud is available when you can share among different implementations seamlessly, because you all speak the same common language. This is the goal of the Open Cloud Mesh working group (of which ownCloud is a member as well), and outside of that, drafts have been shared with a number of well known standards organizations around web technologies and fellow open source file share and sync projects to get the work started."

Security updates for Thursday

Thursday 6th of August 2015 02:31:55 PM

CentOS has updated kernel (C7: multiple vulnerabilities, one from 2014).

Fedora has updated kernel (F22: three vulnerabilities).

openSUSE has updated ghostscript (13.2, 13.1: code execution) and php5 (13.2, 13.1: two vulnerabilities).

Red Hat has updated kernel (RHEL7: multiple vulnerabilities, one from 2014) and kernel-rt (RHEL7; RHEL6: multiple vulnerabilities, one from 2014).

Scientific Linux has updated kernel (SL7: multiple vulnerabilities, one from 2014).

SUSE has updated oracle-update (Manager 2.1: multiple vulnerabilities).

Ubuntu has updated cinder (15.04: arbitrary file reads), python-keystoneclient, python-keystonemiddleware (15.04, 14.04: two vulnerabilities, one from 2014), and swift (15.04, 14.04, 12,04: two vulnerabilities, one from 2014).

[$] LWN.net Weekly Edition for August 6, 2015

Thursday 6th of August 2015 01:24:32 AM
The LWN.net Weekly Edition for August 6, 2015 is available.

More in Tux Machines

Fedora News, Red Hat's Shares

Android Leftovers

Leftovers: Software

today's howtos