Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 58 min 6 sec ago

Tuesday's security updates

Tuesday 29th of July 2014 03:31:47 PM

Debian has updated kernel (multiple vulnerabilities).

Fedora has updated drupal6 (F20; F19: multiple vulnerabilities) and drupal7 (F20; F19: multiple vulnerabilities).

Mandriva has updated nss (BS1.0: code execution).

Red Hat has updated kernel (RHEL6.2: privilege escalation).

Android crypto blunder exposes users to highly privileged malware (ars technica)

Tuesday 29th of July 2014 01:37:04 PM
Ars technica reports on a newly disclosed Android vulnerability. It seems that some apps are hard-coded into the system as having special privileges. "According to Jeff Forristal, CTO of Bluebox Security, Android fails to verify the chain of certificates used to certify an app belongs to this elite class of super privileged programs. As a result, a maliciously developed app can include an invalid certificate claiming it's Flash, Wallet, or any other app hard coded into Android. The OS, in turn, will give the rogue app the same special privileges assigned to the legitimate app without ever taking the time to detect the certificate forgery."

An Indiegogo campaign for the Ottawa Linux Symposium

Monday 28th of July 2014 09:06:45 PM
Andrew Hutton, the organizer of the Ottawa Linux Symposium, has put together an Indiegogo campaign to try to raise funds for this event, which has fallen on hard times in recent years. "When I admitted that this year would likely be the last OLS many people expressed a desire to do something to help. This crowdfunding campaign is the best way I could think of to reach out and offer the community a way to help."

Chris Beard Named CEO of Mozilla

Monday 28th of July 2014 08:11:28 PM
Mitchell Baker announced that Chris Beard has been appointed CEO of Mozilla Corp. "Over the years, Chris has led many of Mozilla’s most innovative projects. We have relied on his judgment and advice for nearly a decade. Chris has a clear vision of how to take Mozilla’s mission and turn it into industry-changing products and ideas."

Stable kernel updates

Monday 28th of July 2014 06:11:06 PM
Greg KH has released stable kernels 3.15.7, 3.14.14, 3.10.50, and 3.4.100. All contain important fixes throughout the tree.

Security advisories for Monday

Monday 28th of July 2014 04:39:53 PM

Debian has updated cups (privilege escalation) and modsecurity-apache (rules bypass).

Fedora has updated audacious-plugins (F20: denial of service), cinnamon (F20: denial of service), cinnamon-control-center (F20: denial of service), cinnamon-settings-daemon (F20: denial of service), cobbler (F20; F19: path traversal), control-center (F20: denial of service), empathy (F20: denial of service), ffgtk (F20: denial of service), firefox (F19: multiple vulnerabilities), fldigi (F20: denial of service), fluidsynth (F20: denial of service), gnome-settings-daemon (F20: denial of service), gnome-shell (F20: denial of service), gqrx (F20: denial of service), gstreamer1-plugins-good (F20: denial of service), guacamole-server (F20: denial of service), java-1.7.0-openjdk (F20: denial of service), libmikmod (F20: denial of service), minimodem (F20: denial of service), mumble (F20: denial of service), paprefs (F20: denial of service), phonon (F20: denial of service), pulseaudio (F20: denial of service), qemu (F20: denial of service), qmmp (F20: denial of service), qt (F20: denial of service), qt-mobility (F20: denial of service), qt5-qtmultimedia (F20: denial of service), sidplayfp (F20: denial of service), speech-dispatcher (F20: denial of service), sphinxtrain (F20: denial of service), spice-gtk (F20: denial of service), thunderbird (F20: multiple vulnerabilities), xmp (F20: denial of service), and zarafa (F20; F19: information disclosure).

Gentoo has updated openssl (multiple vulnerabilities).

Mageia has updated asterisk (multiple vulnerabilities), avidemux (undisclosed vulnerabilities), cacti (MG4: multiple vulnerabilities), dbus (two denial of service flaws), java-1.7.0-openjdk (multiple vulnerabilities), live555, vlc, mplayer (code execution), mariadb (unidentified vulnerabilities), nss, firefox, thunderbird (multiple vulnerabilities), owncloud (undisclosed vulnerability), pidgin (code execution), ruby-actionpack (MG4: two vulnerabilities), and transmission (code execution).

Oracle has updated kernel (OL5: two vulnerabilities).

Kernel prepatch 3.16-rc7

Sunday 27th of July 2014 10:42:43 PM
Linus has released 3.16-rc7. "We obviously *do* have various real fixes in here, but none of them look all that special or worrisome. And rc7 is finally noticeably smaller than previous rc's, so we clearly are calming down. So unlike my early worries, this might well be the last rc, we'll see how next week looks/feels."

More in Tux Machines

Today in Techrights

Edubuntu Vs UberStudent: Return To College With The Best Linux Distro

Importantly, there are a handful of programs that are on Edubuntu that UberStudent doesn’t have, such as KAlgebra, Kazium, KGeography, and Marble. Instead, UberStudent has a smaller collection of applications but it does include some useful items when it comes to writing papers that Edubuntu does not have. So ultimately, Edubuntu includes more programs that are information-heavy, while UberStudent includes more tools that can aid students in their studies but doesn’t directly give them any sort of information. Read more

Zotac Nvidia Jetson TK1 review

The Jetson TK1, Nvidia’s first development board to be marketed at the general public, has taken a circuitous route to our shores. Unveiled at the company’s Graphics Technology Conference earlier this year, the board launched in the US at a headline-grabbing price of $192 but its international release was hampered by export regulations. Zotac, already an Nvidia partner for its graphics hardware, volunteered to sort things out and has partnered with Maplin to bring the board to the UK. In doing so, however, the price has become a little muddled. $192 – a clever dollar per GPU core – has become £199.99. Compared to Maplin’s other single-board computer, the sub-£30 Raspberry Pi, it’s a high-end item that could find itself priced out of the reach of the company’s usual customers. Read more

New Human Interface Guidelines for GNOME and GTK+

I’ve recently been hard at work on a new and updated version of the GNOME Human Interface Guidelines, and am pleased to announce that this will be ready for the upcoming 3.14 release. Over recent years, application design has evolved a huge amount. The web and native applications have become increasingly similar, and new design patterns have become the norm. During that period, those of us in the GNOME Design Team have worked with developers to expand the range of GTK+’s capabilities, and the result is a much more modern toolkit. Read more