Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 26 min ago

OSVDB: FIN

Wednesday 6th of April 2016 06:19:45 PM
The Open Sourced Vulnerability Database (OSVDB) has been shut down. "This was not an easy decision, and several of us struggled for well over ten years trying to make it work at great personal expense. The industry simply did not want to contribute and support such an effort. The OSVDB blog will continue to be a place for providing commentary on all things related to the vulnerability world." (Thanks to Paul Wise)

Security advisories for Wednesday

Wednesday 6th of April 2016 04:42:09 PM

Arch Linux has updated mercurial (multiple vulnerabilities).

CentOS has updated graphite2 (C7: multiple vulnerabilities), nspr (C6: two vulnerabilities), nss (C6: two vulnerabilities), and nss-util (C6: two vulnerabilities).

Debian has updated oar (privilege escalation).

Mageia has updated file (buffer over-write), java (sandbox bypass), php (multiple vulnerabilities), and squid (two vulnerabilities).

openSUSE has updated git (Leap42.1: code execution).

Oracle has updated graphite2 (OL7: multiple vulnerabilities) and nss, nss-util, and nspr (OL6: code execution).

Red Hat has updated bind (RHEL6.2: two vulnerabilities) and graphite2 (RHEL7: multiple vulnerabilities).

Scientific Linux has updated graphite2 (SL7: multiple vulnerabilities) and nss, nss-util, nspr (SL6: two vulnerabilities).

Slackware has updated subversion (code execution).

SUSE has updated java-1_7_0-openjdk (SLE12-SP1; SLE11-SP4: sandbox bypass) and java-1_8_0-openjdk (SLE12-SP1: sandbox bypass).

Ubuntu has updated kernel (15.10; 14.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), linux-lts-wily (14.04: multiple vulnerabilities), and linux-raspi2 (15.10: multiple vulnerabilities).

[$] Early packet drop — and more — with BPF

Wednesday 6th of April 2016 01:44:20 PM
The Berkeley packet filter (BPF) mechanism has been working its way into various kernel subsystems since it was rewritten and extended in 2014. There is, it turns out, great value in an in-kernel virtual machine that allows for the implementation of arbitrary policies without writing kernel code. A recent patch set pushing BPF into networking drivers shows some of the potential of this mechanism — and the difficulty of designing its integration in a way that will stand the test of time. If it is successful, it may change the way high-performance networking is done on Linux systems.

KDE Presents its Vision for the Future

Tuesday 5th of April 2016 07:24:30 PM
The KDE project has released a vision statement, a single sentence that sums up what the project would like to achieve: A world in which everyone has control over their digital life and enjoys freedom and privacy. "Our vision unites KDE in common purpose. It sets out where we want to get to, but it provides no guidance on how we should get there. After finalizing our vision (the "what"), we have immediately started the process of defining KDE's Mission Statement (the "how"). As with all things KDE, you are invited to contribute. You can easily add your thoughts on our mission brainstorming wiki page." (Thanks to Paul Wise)

Security updates for Tuesday

Tuesday 5th of April 2016 04:28:35 PM

Arch Linux has updated optipng (code execution).

Debian has updated mercurial (three vulnerabilities) and roundcube (code execution).

Fedora has updated krb5 (F22: null pointer dereference) and vtun (F23; F22: denial of service).

Gentoo has updated xen (multiple vulnerabilities, some from 2012).

openSUSE has updated ghostscript (Leap42.1: buffer overflow).

Red Hat has updated nss, nss-util, nspr (RHEL6: two vulnerabilities).

Slackware has updated thunderbird (multiple vulnerabilities).

SUSE has updated xen (SLE11-SP4: multiple vulnerabilities, some from 2013).

Ubuntu has updated libav (12.04: multiple vulnerabilities) and xchat-gnome (man-in-the-middle attack).

Garrett: There's more than one way to exploit the commons

Tuesday 5th of April 2016 12:35:15 PM
Matthew Garrett's take on the Debian-XScreenSaver disagreement is worth a read. "Free software doesn't benefit from distributions antagonising their upstreams, even if said upstream is a cranky nightclub owner. Debian's users are Debian's highest priority, but those users are going to suffer if developers decide that not using free licenses improves their quality of life. Kneejerk reactions around specific instances aren't helpful, but now is probably a good time to start thinking about what value Debian bring to its upstream authors and how that can be increased."

New Linux-based effort to support global civil infrastructure demands

Monday 4th of April 2016 10:29:02 PM
The Linux Foundation has announced the Civil Infrastructure Platform, "an open source framework that will provide the software foundation needed to deliver essential services for civil infrastructure and economic development on a global scale." Civil infrastructure systems deliver critical services such as electric power, oil and gas, water, health care, communications, transportation and more. "The Civil Infrastructure Platform will aim to work upstream with the Linux kernel and other open source projects to establish a “base layer” of industrial-grade software. This base layer will enable the use of software building blocks that meet safety, security, reliability and other requirements that are critical to industrial and civil infrastructure projects."

More in Tux Machines

Android Leftovers

User Editorial: A different approach to calculating the popularity of Linux gaming on Steam

Now that the monthly Steam statistics are out again, we can see that the result has increased slightly from last month, we are back up to 0.90% from 0.85%. While that is a positive sign, we are again looking at a number below 1% this month. As has been previously pointed out there are a few flaws with the Steam statistics, such as that users of the Big Picture Mode do not get the survey at all. There are also likely a few flaws we don't know about. Still, we can safely assume that the Steam Hardware Survey isn't completely lying either: Linux usage might be off by a bit, but if it says below 1%, it is rather unlikely that the real numbers are for example above 2%. It is a statistic, and we have to treat it like a statistic, that gives us an indication of the Linux market share on Steam. An increase likely means a larger market share and a decrease a smaller market share. A fair point that has been made, however, that the amount of Steam users has been increasing over time. Therefore, it is reasonable to assume the number of Linux Steam users has increased as well. The question is: How did Steam grow? Read more

A Down and Dirty Look at Xubuntu 16.04

In our look at Xubuntu 16.04, we find it to be stable, quick and intuitive. It’s a distro that makes our short list of recommendations for those wishing to move from Windows to GNU/Linux. For a look at Ubuntu’s new LTS release, 16.04 or Xenial Xerus, I decided to forgo “Ubuntu prime” in favor of one of the officially sanctioned “baby *buntus,” choosing Xubuntu, the distro’s Xfce implementation. We use Xfce on Mint on nearly all of the computers here at FOSS Force’s office, so I figured this would put me in familiar territory, especially since Mint is also a Ubuntu based distro. Read more

With Banks' Help, Startup Chain Rolls Out Open Source Blockchain