Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 54 min 31 sec ago

Lumina Desktop 1.0.0 released

Monday 8th of August 2016 09:41:57 PM
Version 1.0.0 of the Lumina Desktop Environment has been released. "After roughly four years of development, I am pleased to announce the first official release of the Lumina desktop environment! This release is an incredible realization of the initial idea of Lumina – a simple and unobtrusive desktop environment meant for users to configure to match their individual needs." Lumina is a from-scratch, BSD-licensed desktop system.

Security updates for Monday

Monday 8th of August 2016 04:39:53 PM

Arch Linux has updated glibc (two denial of service vulnerabilities), lib32-glibc (two denial of service vulnerabilities), and libupnp (unauthenticated access).

Debian has updated kde4libs (command execution) and lighttpd (man-in-the-middle attacks).

Debian-LTS has updated mongodb (two vulnerabilities), mupdf (denial of service), and openjdk-7 (multiple vulnerabilities).

Fedora has updated curl (F24: three vulnerabilities), firefox (F23: multiple vulnerabilities), libgcrypt (F23: key leak), and xen (F24: multiple vulnerabilities).

Mageia has updated ruby-eventmachine (denial of service).

openSUSE has updated bsdiff (Leap42.1, 13.2: denial of service), Chromium (Leap42.1, 13.2; SPH for SLE12: multiple vulnerabilities), java-1_8_0-openjdk (13.2: multiple vulnerabilities), libvirt (Leap42.1: authentication bypass), redis (Leap42.1, 13.2; SPH for SLE12: information leak), and wireshark (Leap42.1, 13.2: multiple vulnerabilities).

Slackware has updated curl (three vulnerabilities), firefox (multiple vulnerabilities), openssh (two vulnerabilities), and stunnel (two vulnerabilities).

Check Point's "QuadRooter" vulnerabilities

Monday 8th of August 2016 02:13:06 PM
Check Point has discovered four local-root vulnerabilities in Qualcomm-based Android devices and is hyping the result as "QuadRooter". "QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device." Actually getting the report requires registration. All four vulnerabilities are in Android-specific code; three of them are in out-of-tree modules (kgsl and ipc_router); the fourth is in the "ashmem" code in the staging tree.

Kernel prepatch 4.8-rc1

Monday 8th of August 2016 01:58:33 AM
Linus has released the 4.8-rc1 prepatch and closed the merge window for this development cycle — sort of. "I actually still have a few pull requests pending in my inbox that I just wanted to take another look at before merging, but the large bulk of the merge window material has been merged, and I wanted to make sure there aren't any new ones coming in." A total of 11,618 non-merge changesets were pulled during the merge window.

Let's Encrypt will be trusted by Firefox 50

Friday 5th of August 2016 11:48:38 PM

The Let's Encrypt project, which provides a free SSL/TLS certificate authority (CA), has announced that Mozilla has accepted the project's root key into the Mozilla root program and will be trusted by default as of Firefox 50. This is a step forward from Let's Encrypt's earlier status. "In order to start issuing widely trusted certificates as soon as possible, we partnered with another CA, IdenTrust, which has a number of existing trusted roots. As part of that partnership, an IdenTrust root 'vouches for' the certificates that we issue, thus making our certificates trusted. We’re incredibly grateful to IdenTrust for helping us to start carrying out our mission as soon as possible. However, our plan has always been to operate as an independently trusted CA. Having our root trusted directly by the Mozilla root program represents significant progress towards that independence." The project has also applied for inclusion the CA trust roots maintained by Apple, Microsoft, Google, Oracle, and Blackberry. News on those programs is still pending.

Friday's security updates

Friday 5th of August 2016 04:08:32 PM

Arch Linux has updated firefox (multiple vulnerabilities), jdk7-openjdk (multiple vulnerabilities), jre7-openjdk (multiple vulnerabilities), and jre7-openjdk-headless (multiple vulnerabilities).

Debian has updated openjdk-7 (multiple vulnerabilities).

Debian-LTS has updated curl (multiple vulnerabilities) and mysql-5.5 (multiple vulnerabilities).

Fedora has updated collectd (F23; F24: code execution), dietlibc (F23; F24: insecure default PATH), perl (F24: privilege escalation), perl-DBD-MySQL (F24: code execution), and python-autobahn (F24: insecure origin validation).

openSUSE has updated MozillaFirefox, mozilla-nss (13.2, Leap 42.1: multiple vulnerabilities).

Oracle has updated kernel (O7; O6: multiple vulnerabilities; O7; O6; O6; O5: privilege escalation) and squid (O6: code execution).

Scientific Linux has updated squid (SL6: code execution).

SUSE has updated kernel (SLE12-LP: multiple vulnerabilities).

Ubuntu has updated firefox (12.04, 14.04, 16.04: multiple vulnerabilities), libreoffice (12.04: code execution), oxide-qt (14.04, 16.04: multiple vulnerabilities), and qemu, qemu-kvm (12.04, 14.04, 16.04: multiple vulnerabilities).

The GNU C Library version 2.24 is now available

Friday 5th of August 2016 12:04:31 AM
The 2.24 version of the GNU C Library (glibc) has been released. It comes with lots of bug fixes, including five for security vulnerabilities (four stack overflows and a memory leak). Some deprecated features have been removed, as well as deprecating the readdir_r() and readdir64_r() functions in favor of readdir() and readdir64(). There are also additions to the math library (nextup*() and nextdown*()) to return the next representable value toward either positive or negative infinity.

Breaking through censorship barriers, even when Tor is blocked (Tor Blog)

Thursday 4th of August 2016 11:53:10 PM
The Tor Blog looks at using Pluggable Transports to avoid country-level Tor blocking. There are some new easy-to-follow graphical directions for using the transports. "Many repressive governments and authorities benefit from blocking their users from having free and open access to the internet. They can simply get the list of Tor relays and block them. This bars millions of people from access to free information, often including those who need it most. We at Tor care about freedom of access to information and strongly oppose censorship. This is why we've developed methods to connect to the network and bypass censorship. These methods are called Pluggable Transports (PTs). Pluggable Transports are a type of bridge to the Tor network. They take advantage of various transports and make encrypted traffic to Tor look like not-interesting or garbage traffic. Unlike normal relays, bridge information is kept secret and distributed between users via BridgeDB."

Security updates for Thursday

Thursday 4th of August 2016 05:06:17 PM

CentOS has updated firefox (C5: multiple vulnerabilities) and squid (C6: code execution).

Debian has updated firefox-esr (multiple vulnerabilities) and wordpress (multiple vulnerabilities).

Debian-LTS has updated collectd (regression in previous security update), firefox-esr (multiple vulnerabilities), and libsys-syslog-perl (privilege escalation).

Fedora has updated firefox (F24: multiple vulnerabilities) and pbuilder (F24; F23: file overwrite).

Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities).

Red Hat has updated squid (RHEL6: code execution).

Scientific Linux has updated firefox (multiple vulnerabilities), golang (SL7: denial of service), kernel (SL7: three vulnerabilities, one from 2015), and libtiff (SL7: multiple vulnerabilities, including some from 2014 and 2015).

SUSE has updated hawk2 (SLE12: clickjacking prevention).

[$] LWN.net Weekly Edition for August 4, 2016

Thursday 4th of August 2016 01:30:06 AM
The LWN.net Weekly Edition for August 4, 2016 is available.

More in Tux Machines

Salix 14.2 Xfce Edition Officially Released Based on Slackware 14.2, Xfce 4.12

After being in development for the past three months, the Salix 14.2 Xfce Edition operating system has finally hit the stable channels, and it is now available for download. Based on the Slackware 14.2 GNU/Linux distribution and built around the lightweight and highly customizable Xfce 4.12 desktop environment, Salix 14.2 Xfce Edition ships with numerous improvements and new features that some of you who managed to test-drive the Beta and Release Candidate pre-releases are already accustomed with. Of course, many of the core components and default applications have been updated to their latest versions. Read more

Leftovers: Security

  • Tor 0.2.8.7 Addresses Important Bug Related to ReachableAddresses Option
    The Tor Project, through Nick Mathewson, is pleased to inform the Tor community about the release and general availability of yet another maintenance update to the Tor 0.2.8 stable series.
  • Emergency Service Window for Kolab Now
    We’re going to need to free up a hypervisor and put its load on other hypervisors, in order to pull out the one hypervisor and have some of its faulty hardware replaced — but there’s two problems; The hypervisor to free up has asserted required CPU capabilities most of the eligible targets do not have — this prevents a migration that does not involve a shut down, reconfiguration, and restart of the guest.

TheSSS 19.0 Linux Server Out with Kernel 4.4.14, Apache 2.4.23 & MariaDB 10.1.16

TheSSS (The Smallest Server Suite) is one of the lightest Linux kernel-based operating systems designed to be used as an all-around server for home users, as well as small- and medium-sized businesses looking for a quick and painless way of distributing files across networks or to simply test some web-based software. Read more

GNOME Control Center 3.22 to Update the Keyboard Settings, Improve Networking

The upcoming GNOME 3.22 desktop environment is still in the works, and a first Beta build was seeded to public beta testers last week, bringing multiple enhancements and new features to most of its core components and apps. While GNOME 3.22 Beta was announced on August 22, it appears that the maintainers of certain core packages needed a little more time to work on various improvements and polish their applications before they were suitable for public testing. And this is the case of GNOME Control Center, which was recently updated to version 3.21.90, which means 3.22 Beta. Read more