Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 10 min ago

Django 1.8 released

Thursday 2nd of April 2015 09:04:21 AM
Version 1.8 of the Django web platform is out. "This version has been designated as a long-term support (LTS) release, which means that security and data loss fixes will be applied for at least the next three years." New features include support for multiple template engines, complex SQL expressions, some PostgreSQL-specific add-ons, and more; see the release notes for details.

[$] LWN.net Weekly Edition for April 2, 2015

Thursday 2nd of April 2015 12:39:51 AM
The LWN.net Weekly Edition for April 2, 2015 is available.

[$] XFS: There and back ... and there again?

Wednesday 1st of April 2015 06:43:45 PM
In a thought-provoking—and characteristically amusing—talk at the Vault conference, Dave Chinner looked at the history of XFS, its current status, and where the filesystem may be heading. In keeping with the title of the talk (shared by this article), he sees parallels in what drove the original development of XFS and what will be driving new filesystems. Chinner's vision of the future for today's filesystems, and not just of XFS, may be a bit surprising or controversial—possibly both.

Security advisories for Wednesday

Wednesday 1st of April 2015 05:31:59 PM

Arch Linux has updated firefox (multiple vulnerabilities).

CentOS has updated bind (C7: denial of service), firefox (C7: two vulnerabilities), firefox (C6; C5; C7: multiple vulnerabilities), xulrunner (C7: multiple vulnerabilities), flac (C7; C6: two vulnerabilities), freetype (C7: multiple vulnerabilities), ipa (C7: two vulnerabilities), slapi-nis (C7: two vulnerabilities), kernel (C7: two vulnerabilities), libxml2 (C7: denial of service), openssl (C7: multiple vulnerabilities), postgresql (C7: multiple vulnerabilities), setroubleshoot (C7: privilege escalation), thunderbird (C7; C7: multiple vulnerabilities), and unzip (C7: multiple vulnerabilities).

Debian has updated wireshark (multiple vulnerabilities).

Debian-LTS has updated freetype (many vulnerabilities).

Fedora has updated drupal7-entity (F21; F20: cross-site scripting) and php (F20: multiple vulnerabilities).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), owncloud (unspecified vulnerabilities), python-rope (code execution), and tor (denial of service).

Oracle has updated firefox (OL7; OL6: multiple vulnerabilities) and flac (OL7; OL6: two vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), flac (RHEL6,7: two vulnerabilities), and thunderbird (RHEL5,6,7: multiple vulnerabilities).

Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities) and flac (SL6,7: two vulnerabilities).

Ubuntu has updated firefox (14.10, 14.04, 12.04: multiple vulnerabilities), gnupg, gnupg2 (14.10, 14.04, 12.04, 10.04: multiple vulnerabilities), libgcrypt11, libgcrypt20 (14.10, 14.04, 12.04, 10.04: information leak), and tiff (14.10, 14.04, 12.04, 10.04: multiple vulnerabilities).

Firefox 37.0

Tuesday 31st of March 2015 08:24:05 PM
Firefox 37.0 has been released. This release features improved protection against site impersonation via OneCRL centralized certificate revocation, Bing search now uses HTTPS for secure searching, opportunistic encrypting of HTTP traffic where the server supports HTTP/2 AltSvc, and more. See the release notes for details.

Tuesday's security updates

Tuesday 31st of March 2015 04:16:12 PM

Arch Linux has updated musl (code execution).

Debian has updated openldap (multiple vulnerabilities).

Mandriva has updated dokuwiki (MBS1.0: multiple vulnerabilities) and phpmyadmin (MBS1.0: information leak).

openSUSE has updated gd (13.2, 13.1: denial of service) and seamonkey (13.2, 13.1: two vulnerabilities).

Oracle has updated libxml2 (OL7: denial of service) and postgresql (OL7; OL6: multiple vulnerabilities).

SUSE has updated firefox (SLE12: two vulnerabilities).

Ubuntu has updated jakarta-taglibs-standard (14.10, 14.04: code execution).

Kernel prepatch 4.0-rc6

Monday 30th of March 2015 07:43:47 PM
Linus has released 4.0-rc6 right on schedule. "Things are calming down nicely, and there are fixes all over. The NUMA balancing performance regression is fixed, and things are looking up again in general. There were a number of i915 issues and a KVM double-fault thing that meant that for a while there I was pretty sure that this would be a release that will go to rc8, but that may be unnecessary."

Security advisories for Monday

Monday 30th of March 2015 05:39:02 PM

CentOS has updated postgresql (C6: multiple vulnerabilities).

Debian has updated freexl (code execution).

Fedora has updated drupal6 (F21; F20: multiple vulnerabilities), drupal7 (F21; F20: multiple vulnerabilities), libssh2 (F20: information leak), mingw-xerces-c (F21; F20: denial of service), php (F21: multiple vulnerabilities), tcpdump (F21: multiple vulnerabilities), and xerces-c (F21; F20: denial of service).

Gentoo has updated busybox (multiple vulnerabilities).

Mandriva has updated apache-mod_wsgi (MBS2.0: privilege escalation), bash (MBS2.0: multiple vulnerabilities), bind (MBS2.0: denial of service), binutils (MBS2.0: multiple vulnerabilities), clamav (MBS2.0: multiple vulnerabilities), coreutils (MBS1.0, MBS2.0: code execution), ctags (MBS2.0: denial of service), ctdb (MBS2.0: insecure temporary files), dbus (MBS2.0: multiple vulnerabilities), drupal (MBS1.0: multiple vulnerabilities), ejabberd (MBS2.0: incorrectly allows unencrypted connections), erlang (MBS2.0: command injection), ffmpeg (MBS2.0: multiple vulnerabilities), firebird (MBS2.0: denial of service), freerdp (MBS2.0: two vulnerabilities), gcc (MBS2.0: code execution), git (MBS2.0: code execution), glibc (MBS2.0: multiple vulnerabilities), glpi (MBS2.0: multiple vulnerabilities), grub2 (MBS2.0: code execution), gtk+3.0 (MBS2.0: screen lock bypass), icu (MBS2.0: multiple vulnerabilities), ipython (MBS2.0: code execution), jasper (MBS2.0: multiple vulnerabilities), jython (MBS2.0: code execution), libarchive (MBS1.0, MBS2.0: directory traversal), libtiff (MBS1.0: multiple vulnerabilities), libxfont (MBS1.0: multiple vulnerabilities), setup (MBS2.0: information disclosure), tcpdump (MBS1.0: multiple vulnerabilities), and wireshark (MBS1.0: multiple vulnerabilities).

openSUSE has updated freetype2 (13.2, 13.1: many vulnerabilities), gnutls (13.2, 13.1: certificate algorithm consistency checking issue), and rubygem-bundler (13.2, 13.1: installs malicious gem files).

Red Hat has updated kernel-rt (RHE MRG for RHEL6: two vulnerabilities), libxml2 (RHEL7: denial of service), and postgresql (RHEL6, RHEL7: multiple vulnerabilities).

Scientific Linux has updated libxml2 (SL7: denial of service) and postgresql (SL6, SL7: multiple vulnerabilities).

A massive weekend security update pile

Sunday 29th of March 2015 05:14:27 PM
The pile of security updates has gotten deep enough that it makes sense to shove them out now. The biggest pile is seemingly Mandriva catching up on numerous updates for its Mandriva Business Server (MBS) line of products.

Debian has updated batik (unauthorized file access), binutils (code execution), dulwich (code execution), libxfont (privilege escalation), php5 (fix regression from previous update), shibboleth-sp2 (denial of service), and xerces-c (denial of service).

Fedora has updated kernel (F21: code execution), mongodb (F21: denial of service), python-requests (F21: cookie stealing), python-urllib3 (F21: cookie stealing), strongswan (F20, F21: denial of service), and webkitgtk4 (F21: late certificate verification).

Mageia has updated docuwiki (cross-site scripting), drupal (authentication bypass), krb5 (denial of service), python-requests (cookie stealing), setup (incorrect file protections), and wireshark (dissector issues).

Mandriva has updated apache (MBS2: 11 CVEs), apache-mod_security (MBS2: restriction bypass), cifs-utils (MBS2: code execution), cups (MBS2: six CVEs), cups-filters (MBS2: nine CVEs), curl (MBS2: seven CVEs), dovecot (MBS2: denial of service), egroupware (MBS2: code execution), elfutils (MBS2: code execution), emacs (MBS2: symbolic link vulnerability), freetype2 (MBS2: 21 CVEs), gnupg (MBS1, MBS2: five CVEs), gnutls (MBS2: five CVEs), imagemagick (MBS2: five CVEs), jbigkit (MBS2: code execution), json-c (MBS2: denial of service), krb5 (MBS1-2: five CVEs), lcms2 (MBS2: denial of service), libcap-ng (MBS2: privilege escalation), libgd (MBS2: denial of service), libevent (MBS2: code execution), libjpeg (MBS2: code execution), libksba (MBS2: denial of service), liblzo (MBS2: code execution), libpng (MBS2: memory overwrite), libpng12 (MBS2: three 2013 CVEs), libsndfile (MBS2: code execution), libssh (MBS2: information disclosure and denial of service), libssh2 (MBS1, MBS2: MITM vulnerability), libtasn1 (MBS2: denial of service), libtiff (MBS2: six CVEs), libvirt (MBS1, MBS2: denial of service and information leak), libvncserver (MBS2: six CVEs), libxfont (MBS2: six CVEs), libxml2 (MBS2: denial of service), lua (MBS2: code execution), mariadb (MBS2: uncountable unexplained CVEs), mpfr (MBS2: code execution), mutt (MBS2: denial of service), net-snmp (MBS2: denial of service), nginx (MBS2: code execution), nodejs (MBS2: multiple unspecified vulnerabilities), not-yet-commons-ssl (MBS2: MITM vulnerability), ntp (MBS2: six CVEs), openldap (MBS1, MBS2: denial of service), openssh (MBS2: restriction and authentication bypass), openvpn (MBS2: denial of service), patch (MBS2: file overwrite), pcre (MBS2: denial of service), perl (MBS2: denial of service), php (MBS1, MBS2: lots of vulnerabilities), postgresql (MBS2: twelve CVEs), ppp (MBS2: privilege escalation), pulseaudio (MBS2: denial of service), python-django (MBS2: five CVEs), python-pillow (MBS2: five CVEs), python-requests (MBS2: cookie stealing), php-ZendFramework (MBS2: eight CVEs), python (MBS2: seven CVEs), python3 (MBS2: five CVEs), python-lxml (MBS2: code injection), python-numpy (MBS2: temporary file vulnerability), readline (MBS2: symbolic link vulnerability), rsync (MBS2: denial of service), rsyslog (MBS2: denial of service), ruby (MBS2: denial of service), samba (MBS1, MBS2: code execution and more), samba4 (MBS2: code execution), sendmail (MBS2: file descriptor access), serf (MBS2: MITM vulnerability), squid (MBS2: five CVEs), stunnel (MBS2: private key disclosure), subversion (MBS2: five CVEs), sudo (MBS2: file disclosure), tcpdump (MBS2: seven CVEs), tomcat (MBS2: eight CVEs), torque (MBS2: kill arbitrary processes), udisks2 (MBS2: code execution), unzip (MBS2: code execution), util-linux (MBS2: command injection), wpa_supplicant (MBS2: command execution), wget (MBS2: symbolic link vulnerability), x11-server (MBS2: thirteen CVEs), and xlockmore (MBS2: lock bypass).

openSUSE has updated mercurial (command injection).

SUSE has updated firefox (SLES10-11: code execution) and mysql (SLES11: 33 vulnerabilities).

More in Tux Machines

World’s smallest i.MX6 module has onboard WiFi, eMMC

Variscite unveiled a 50 x 20mm “DART-MX6″ module that runs Linux or Android on the Freescale i.MX6, with up to 64GB eMMC flash and -40 to 85°C support. Variscite’s claim that the 50 x 20mm DART-MX6 is the world’s smallest computer-on-module based on Freescale’s i.MX6 system-on-chip appears to be a valid one. It beats the smallest ones we’ve seen to date: TechNexion’s 40 x 36mm PICO-IMX6, and Solid-Run’s 47 x 30mm microSOM i4. It’s also just a hair larger than Variscite’s own 52 x 17mm DART-4460, which is based on a dual-core TI OMAP4460 SoC, and Gumstix’s slightly larger 58 x 17mm Overo modules, which use TI Sitara AM37xx SoCs. Read more

BQ Aquaris E4.5 Ubuntu Edition review

The BQ Aquaris e4.5 Ubuntu Edition is not the debut Canonical must have envisaged for Ubuntu Phone, in the early days of the platform’s development. It’s a perfectly functional smartphone for the most part, and we like the concept of scopes, but the hardware is humdrum, performance is sluggish, and the software running on it is rough and ready, and full of holes. We’ll be tracking the progress of Ubuntu Phone with interest – it surely must get better than this – but this first device is one to write off to experience. Read more