Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 28 sec ago

Thursday's security updates

Thursday 9th of April 2015 03:53:46 PM

Arch Linux has updated chrony (denial of service).

CentOS has updated krb5 (C6: multiple vulnerabilities).

Debian-LTS has updated arj (multiple vulnerabilities), checkpw (denial of service), libgcrypt11 (multiple vulnerabilities), and libgd2 (multiple vulnerabilities).

Fedora has updated drupal7-webform (F20; F21: unspecified vulnerability), firefox (F21: multiple vulnerabilities), powerpc-utils-python (F20; F21: code execution), and xterm (F20; F21: denial of service).

Mandriva has updated java-1.8.0-openjdk (BS2: multiple vulnerabilities).

Oracle has updated kernel (O5: multiple vulnerabilities) and krb5 (O6: denial of service).

Red Hat has updated krb5 (RHEL6: multiple vulnerabilities).

Ubuntu has updated kernel (12.04; 14.04; 14.10: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

[$] LWN.net Weekly Edition for April 9, 2015

Wednesday 8th of April 2015 11:48:01 PM
The LWN.net Weekly Edition for April 9, 2015 is available.

Security advisories for Wednesday

Wednesday 8th of April 2015 04:42:14 PM

Arch Linux has updated ntp (two vulnerabilities).

CentOS has updated kernel (C5: multiple vulnerabilities).

Debian has updated libxml2 (denial of service).

Fedora has updated setroubleshoot (F21; F20: privilege escalation) and texlive (F21: arbitrary file removal).

openSUSE has updated Chromium (13.2, 13.1: two vulnerabilities), libgit2 (13.2, 13.1: code execution), firefox, thunderbird (13.2, 13.1: multiple vulnerabilities), php5 (13.2, 13.1: multiple vulnerabilities), potrace (13.2, 13.1: denial of service), quassel (13.2, 13.1: denial of service), and subversion (13.2, 13.1: multiple vulnerabilities).

Red Hat has updated kernel (RHEL5: multiple vulnerabilities), novnc (RHEL OSP6.0: VNC session hijacking), openstack-nova (RHEL OSP6.0: cross-site websocket hijack attack), openstack-packstack (RHEL OSP6.0: root command execution), and installer (RHEL OSP6.0: root command execution).

Scientific Linux has updated kernel (C5: multiple vulnerabilities).

SUSE has updated xorg-x11-libs (SLE11 SP3: privilege escalation).

Ubuntu has updated libtasn1-3, libtasn1-6 (14.10, 14.04, 12.04, 10.04: denial of service) and mailman (14.10, 14.04, 12.04: path traversal attack).

Mourning Chris Yeoh

Wednesday 8th of April 2015 12:39:02 PM
From the OpenStack community comes the sad announcement of the passing of Chris Yeoh, a longtime free-software developer. "Chris was humble, helpful and honest. The OpenStack and broader Open Source communities are poorer for his passing." Those with memories of Chris are encouraged to contribute them to a collection being put together for his daughter.

[$] An update on the freedreno graphics driver

Wednesday 8th of April 2015 10:04:03 AM
The freedreno project was started by Rob Clark to create a free-software driver for the Adreno family of GPUs, which are used by the Qualcomm Snapdragon system-on-chip (SoC) family. He presented a status report on the project, along with some history and future plans, at the Embedded Linux Conference, which was held in San Jose, CA, March 23-25.

Click below (subscribers only) for the full report from ELC 2015.

Post-Cryptanalysis, TrueCrypt Alternatives Step Forward (Threat Post)

Tuesday 7th of April 2015 11:10:24 PM
Threat Post takes a look at two TrueCrypt forks, VeraCrypt and CipherShed. Although TrueCrypt development was discontinued last year, the code underwent a two phase audit and passed with a relatively clean bill of health. "VeraCrypt and CipherShed have addressed many of the shortcomings identified not only by the audit, but by others who have scrutinized the TrueCrypt code in recent years. VeraCrypt’s [Mounir] Idrassi, for example, said he replaced TrueCrypt’s lone support of the RIPEMD-160 algorithm with SHA-256 support for system encryption. He said VeraCrypt has also tried to simplify the build process, especially for Linux and Mac OS X systems, so that other less common configurations could be used." The results of the audit of TrueCrypt are available in PDF format; phase 1 was completed in February 2014, and phase 2 was completed March 2015.

Tuesday's security updates

Tuesday 7th of April 2015 04:34:21 PM

Arch Linux has updated tor (denial of service).

Debian has updated arj (multiple vulnerabilities), libgd2 (denial of service), mailman (path traversal attack), and tor (denial of service).

Debian-LTS has updated mailman (path traversal attack) and tor (denial of service).

Fedora has updated chicken (F21; F20: buffer overflow), kernel (F20: multiple vulnerabilities), libxml2 (F21: denial of service), and seamonkey (F21; F20: multiple vulnerabilities).

Gentoo has updated firefox (multiple vulnerabilities).

Mandriva has updated cups-filters (MBS2.0: remote command execution), libtasn1 (MBS1.0, MBS2.0: denial of service), and python-django (MBS1.0: cross-site scripting).

Red Hat has updated kernel (RHEL6.5: multiple vulnerabilities).

Ubuntu has updated firefox (14.10, 14.04, 12.04: certificate verification bypass) and oxide-qt (14.10, 14.04: multiple vulnerabilities).

Kernel prepatch 4.0-rc7

Tuesday 7th of April 2015 09:25:19 AM
Linus has released 4.0-rc7 after a delay of a couple of days for the holiday. "But it's still pretty small, and things are on track for 4.0 next weekend. There's a tiny chance that I'll decide to delay 4.0 by a week just because I'm traveling the week after, and I might want to avoid opening the merge window. We'll see how I feel about it next weekend."

Linux Australia server breach

Monday 6th of April 2015 07:15:53 PM
Linux Australia has reported a breach on the Conference Management (Zookeepr) hosting server. This server hosted the conference systems for linux.conf.au 2013, 2014 and 2015, and for PyCon Australia 2013 and 2014. "The database dumps which occurred during the breach include information provided during conference registration - First and Last Names, physical and email addresses, and any phone contact details provided, as well as a hashed version of the user password. As Zookeepr uses a third party credit card payment gateway for credit card processing, the database dumps do not contain any credit card or banking details."

Security advisories for Monday

Monday 6th of April 2015 05:07:54 PM

Arch Linux has updated firefox (certificate verification bypass), java-batik (information leak), and thunderbird (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities), freeipa (F21: two vulnerabilities), glpi (F21; F20: privilege escalation), lasso (F21; F20: denial of service), mingw-libzip (F21; F20: code execution), mingw-qt5-qtbase (F21; F20: denial of service), mingw-qt5-qtdeclarative (F21; F20: denial of service), mingw-qt5-qtgraphicaleffects (F21; F20: denial of service), mingw-qt5-qtimageformats (F21; F20: denial of service), mingw-qt5-qtlocation (F21; F20: denial of service), mingw-qt5-qtmultimedia (F21; F20: denial of service), mingw-qt5-qtquick1 (F21; F20: denial of service), mingw-qt5-qtscript (F21; F20: denial of service), mingw-qt5-qtsensors (F21; F20: denial of service), mingw-qt5-qtsvg (F21; F20: denial of service), mingw-qt5-qttools (F21; F20: denial of service), mingw-qt5-qttranslations (F21; F20: denial of service), mingw-qt5-qtwebkit (F21; F20: denial of service), mingw-qt5-qtwinextras (F21; F20: denial of service), moodle (F21; F20: multiple vulnerabilities), osc (F21; F20: command injection), patch (F20: multiple vulnerabilities), PyYAML (F21; F20: denial of service), rt (F21: multiple vulnerabilities), slapi-nis (F21: multiple vulnerabilities), thunderbird (F21: multiple vulnerabilities), and tor (F21; F20: denial of service).

Mageia has updated cups-filters (remote command execution), novnc (VNC session hijacking), and php, libzip (multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: two vulnerabilities).

10 Years of Git: An Interview with Git Creator Linus Torvalds (Linux.com)

Monday 6th of April 2015 05:01:08 PM
Linux.com talks with Linus Torvalds about the development of Git. "Just to pick an example: the concept of 'merging' was generally considered to be something really quite painful and hard in most SCM's. You'd plan your merges, because they were big deals. That's not acceptable to me, since I commonly do tens of merges a day when in the merge window, and even then, the biggest overhead shouldn't be the merge itself, it should be testing the result. The 'git' part of the merge is just a couple of seconds, it should take me much longer just to write the merge explanation message."

More in Tux Machines

today's leftovers

Leftovers: Gaming

Leftovers: KDE Software

  • Wayland & Other Tasks Being Worked On For KDE Plasma 5.4
    Now that KDE Plasma 5.3 was released this week, KDE developers are starting to plan out and work on the new material intended for KDE Plasma 5.4.
  • Interview with Wolthera
    My name is Wolthera, I am 25, studied Game Design and currently studying Humanities, because I want to become a better game designer, and I hope to make games in the future as a job. I also draw comics, though nothing has been published yet. [...] After I played a lot with MyPaint, I heard from people that Krita 2.4 was the shit. When I went to the website at the time (which is the one before the one before the current) it just looked alien and strange, and worse: there was no Windows version, so I couldn’t even try it out. So I spent a few more years having fun with MyPaint alone, but eventually I got tired of its brush engine and wanted to try something more rough. When I checked Krita again, it had two things: a new, considerably more coherent website (the one before this one) and a Windows build. Around that time it was still super unstable and it didn’t work with my tablet. But MyPaint also had tablet problems, so I had no qualms about dual booting to Linux and trying it out there.
  • GSoC with KDE
    So, my project is titled: Better Tooling for Baloo. Let me begin by explaining what Baloo is. According to its wiki page it is "Baloo is a metadata and search framework by KDE." What exactly does it mean? Baloo is responsible for providing full text search capabilities to KDE applications. It doesn't end there it also provides searching on basis of metadata of various types of files. To acomplish this it indexes file contents and metadata using various plugins ,called extractors, to handle different types of files. It then exposes the data it has indexed with the help of various API's. So thats a very high level view of how it works. Now, my project, as the title states will provide better tools for Baloo. These tools will mainly be: