Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 11 min ago

[$] LWN.net Weekly Edition for August 6, 2015

Thursday 6th of August 2015 01:24:32 AM
The LWN.net Weekly Edition for August 6, 2015 is available.

[$] "Big data" features coming in PostgreSQL 9.5

Wednesday 5th of August 2015 06:16:58 PM
PostgreSQL 9.5 Alpha 2 is due to be released on August 6. Not only does the new version support UPSERT, more JSON functionality, and other new features we looked at back in July, it also has some major enhancements for "big data" workloads. Among these are faster sorts, TABLESAMPLE, GROUPING SETS and CUBE, BRIN indexes, and Foreign Data Wrapper improvements. Taken together, these features strengthen arguments for using PostgreSQL for data warehouses, and enable users to continue using it with bigger databases.

Security updates for Wednesday

Wednesday 5th of August 2015 03:55:50 PM

Debian has updated wordpress (regression in previous update).

Debian-LTS has updated ia32-libs (multiple vulnerabilities).

Red Hat has updated java-1.5.0-ibm (RHEL5,6: multiple vulnerabilities) and node.js (RHOSE2.1; RHOSE2.0: man-in-the-middle attack).

SUSE has updated java-1_6_0-ibm (SLEM12: multiple vulnerabilities).

Ubuntu has updated oxide-qt (15.04, 14.04: multiple vulnerabilities).

[$] Fuzzing perf_events

Wednesday 5th of August 2015 12:36:11 PM
You might be surprised to learn that starting with Linux 2.6.31 (in 2009) it has been rather easy to crash the Linux kernel. This date marks the introduction of the perf_event subsystem. It is likely that perf_event is not any more prone to errors than any other large kernel subsystem, but it has the distinction of being subjected to intense testing from the perf_fuzzer tool, which methodically probes the interface for bugs.

Click below (subscribers only) for the full article from perf_fuzzer author Vince Weaver.

LibreOffice 5.0 released

Wednesday 5th of August 2015 11:53:37 AM
The LibreOffice 5.0 release is out. "LibreOffice 5.0 sports a significantly improved user interface, with a better management of the screen space and a cleaner look. In addition, it offers better interoperability with office suites such as Microsoft Office and Apple iWork, thanks to new and improved filters to handle non standard formats." See this post from Michael Meeks for a detailed description of the work that went into this release.

Coalition Announces New ‘Do Not Track’ Standard for Web Browsing

Tuesday 4th of August 2015 07:50:42 PM
The Electronic Frontier Foundation (EFF), privacy company Disconnect and a coalition of Internet companies have announced a stronger “Do Not Track” (DNT) setting for Web browsing—"a new policy standard that, coupled with privacy software, will better protect users from sites that try to secretly follow and record their Internet activity, and incentivize advertisers and data collection companies to respect a user’s choice not to be tracked online."

Tuesday's security advisories

Tuesday 4th of August 2015 05:00:48 PM

Debian has updated squid3 (security bypass) and wordpress (multiple vulnerabilities).

Fedora has updated quassel (F21: denial of service).

Mageia has updated ipython (MG4,5: two vulnerabilities), moodle (MG5: vulnerabilities), pdns (MG4,5: denial of service), and php (MG5: multiple vulnerabilities).

openSUSE has updated gpsm (13.1: code execution from 2013).

Scientific Linux has updated autofs (SL6: privilege escalation), curl (SL6: multiple vulnerabilities), freeradius (SL6: denial of service), gnutls (SL6: multiple vulnerabilities), grep (SL6: two vulnerabilities), hivex (SL6: privilege escalation), httpd (SL6: access restriction bypass), ipa (SL6: cross-site scripting), java-1.6.0-openjdk (SL6: multiple vulnerabilities), kernel (SL6: multiple vulnerabilities), libreoffice (SL6: code execution), libxml2 (SL6: denial of service), mailman (SL6: two vulnerabilities), net-snmp (SL6: denial of service), ntp (SL6: multiple vulnerabilities), pacemaker (SL6: privilege escalation), pki-core (SL6: cross-site scripting), python (SL6: multiple vulnerabilities), sudo (SL6: information disclosure), wireshark (SL6: multiple vulnerabilities), and wpa_supplicant (SL6: denial of service).

Announcing the shutdown of the Ada Initiative

Tuesday 4th of August 2015 01:53:21 PM
The Ada Initiative has announced that it is shutting down in mid-October. In the four years since it was founded, the organization has accomplished a lot to help create a less hostile environment for women in open technology and open culture. "We are proud of what we accomplished with the support of many thousands of volunteers, sponsors, and donors, and we expect all of our programs to continue on in some form without the Ada Initiative." Essentially, the organization found it hard to find others with the same "experiences, skills, strengths and passions" as co-founders Valerie Aurora and Mary Gardiner when they wanted to change roles within the initiative. "The Ada Initiative will shut down in approximately mid-October after using our remaining funds to complete our current obligations and do the tasks necessary to shut down the organization properly. We have several Ally Skills Workshops booked or in the process of being booked during our remaining months of operation. (We will not be booking additional Ally Skills Workshops through the Ada Initiative, but we will refer clients to other people who are teaching the Ally Skills Workshop.) We will teach Impostor Syndrome training classes in Sydney and Oakland in August, and release the materials under the Creative Commons Attribution Sharealike license. We will do the work to keep the Ada Initiative's web content online and available after the Ada Initiative shuts down."

Stable kernel updates

Monday 3rd of August 2015 07:14:56 PM
Greg Kroah-Hartman has released stable kernels 4.1.4, 3.14.49, and 3.10.85. All of them contain important fixes.

Security advisories for Monday

Monday 3rd of August 2015 05:23:36 PM

Debian has updated apache2 (multiple vulnerabilities), ghostscript (code execution), icedove (multiple vulnerabilities), icu (multiple vulnerabilities), and ruby-rack (denial of service).

Fedora has updated bind (F22; F21: denial of service), bind99 (F22: denial of service), libuser (F21: multiple vulnerabilities), and openssh (F21: denial of service).

Mageia has updated bind (MG4,5: denial of service), icu (MG4,5: code execution), and remind (MG4,5: buffer overflow).

openSUSE has updated bind (13.2, 13.1: denial of service) and libuser (13.2: privilege escalation).

Oracle has updated java-1.6.0-openjdk (OL5: multiple vulnerabilities), kernel 2.6.39 (OL6; OL5: multiple vulnerabilities), kernel 2..6.32 (OL6; OL5: multiple vulnerabilities), kernel 3.8.13 (OL7; OL6: multiple vulnerabilities), and lxc (OL7; OL6: two vulnerabilities).

Scientific Linux has updated bind (SL6; SL6,7: denial of service) and libuser (SL6: two vulnerabilities).

More in Tux Machines

Second Alpha Build of Liquid Lemur Linux 2.0 Brings LibreOffice 5, Based on Debian 8

Edward Snyder, the creator and maintainer of the Debian-based Liquid Lemur Linux distribution, has announced the release and immediate availability for download of the second Alpha build of the upcoming Liquid Lemur Linux 2.0 distro. Read more

Manjaro Linux 0.8.13.1 Fluxbox Edition Gets Linux Kernel 4.1 LTS, Download Now

The Manjaro Linux team, through Bernhard Landauer, has proudly announced the release of an updated version of the Manjaro Linux Fluxbox Edition, namely 0.8.13.1, which features an updated Linux kernel and numerous improvements. Read more

NVIDIA reveals GPUs for blade servers, Linux desktop support

VMworld 2015 NVIDIA has announced the second version of its Grid desktop virtualisation software, complete with a pair of GPUs for blade servers. NVIDIA is pitching GRID as a hardware offering tuned to the needs of graphically-demanding desktop virtualisation (VDI) workloads. If that sounds a bit exotic, consider environments like the resources industry, where on-site engineers need CAD and modelling tools, but miners are loathe to deploy desktops in the remote sites where stuff gets dug out of the ground. VDI works a treat in such spots. Read more

GNU Linux-libre 4.2-gnu is now available

Many new drivers required cleaning of their blob-requesting-and-loading machinery. Various others needed deblobbing updates due to blob name changes and false positives. Read more Also: