Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 8 min 44 sec ago

[$] LWN.net Weekly Edition for December 22, 2016

Thursday 22nd of December 2016 01:59:45 AM
The LWN.net Weekly Edition for December 22, 2016 is available.

[$] Using systemd for more secure services in Fedora

Wednesday 21st of December 2016 06:25:07 PM

The AF_PACKET local privilege escalation (also known as CVE-2016-8655) has been fixed by most distributions at this point; stable kernels addressing the problem were released on December 10. But, as a discussion on the fedora-devel mailing list shows, systemd now provides options that could help mitigate CVE-2016-8655 and, more importantly, other vulnerabilities that remain undiscovered or have yet to be introduced. The genesis for the discussion was a blog post from Lennart Poettering about the RestrictAddressFamilies directive, but recent systemd versions have other sandboxing features that could be used to head off the next vulnerability.

Wednesday's security updates

Wednesday 21st of December 2016 06:08:42 PM

CentOS has updated kernel (C5: use after free), thunderbird (C5: multiple vulnerabilities), and xen (C5: privilege escalation).

Debian has updated flightgear (file overwrites), php-ssh2 (problem with previous php update), and python-bottle (CRLF attacks).

Debian-LTS has updated dcmtk (buffer overflows/underflows).

Fedora has updated mapserver (F25; F24: information leak).

openSUSE has updated ceph (42.2: denial of service) and zlib (13.2: multiple vulnerabilities).

Oracle has updated kernel (OL5: use after free), vim (OL7; OL6: code execution), and xen (OL5: privilege escalation).

Red Hat has updated gstreamer-plugins-bad-free (RHEL6: code execution), gstreamer-plugins-good (RHEL6: multiple vulnerabilities), thunderbird (RHEL5,6,7: multiple vulnerabilities), and vim (RHEL6,7: code execution).

Scientific Linux has updated gstreamer-plugins-bad-free (SL6: code execution), gstreamer-plugins-good (SL6: multiple vulnerabilities), thunderbird (SL5,6,7: multiple vulnerabilities), and vim (SL6,7: code execution).

SUSE has updated kernel (SLE11-SP4: two vulnerabilities).

Ubuntu has updated kernel (16.10; 16.04; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities), linux-lts-xenial (14.04: multiple vulnerabilities), linux-raspi2 (16.10; 16.04: multiple vulnerabilities), linux-snapdragon (16.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: information leak).

More in Tux Machines

GNOME News

  • Do you like Windows 10 Look but Love LINUX? Here are Windows 10 GTK Themes for you!
  • A history about Gtk+, Vulkan and Wayland
    A few weeks ago, I was curious to test Gtk+ 4. I know it has some awsome features like OpenGL rendering, major cleanups and other hot stuff, but didn’t have the chance to check it out until then. I was mostly excited about Vulkan. I know both of my laptop’s graphic cards support Vulkan. It’s a hybrid Intel Broadwell G2 + NVidia GeForce 920M, although I don’t use the latter because Linux sucks hard with Dual GPU. Downloaded the latest Gtk+ source, compiled and… nothing. Immediate segmentation fault. Yay! What a great chance to get involved with the next major Gtk+ version development!
  • GNOME Developer On GTK4: State-of-the-Art of Toolkit Support
    GNOME developer Georges Stavracas has shared his thoughts on the state of the GTK4 tool-kit with the recent work involving a Vulkan renderer, including which also now works on Wayland. Georges Stavracas was excited to try the current state of GTK4 development but initially hit a segmentation fault. But after overcoming that, he was successful in running GTK4 on Wayland and the widgets being rendered by Vulkan. He commented on his blog, "May not be as exciting, since there are no new visible features but… damn, it’s Gtk+ being rendered with Vulkan on Wayland. It’s basically the state-of-the-art of toolkit support right now. Even better, the absolute majority of applications will gain this for free once they port to Gtk+ 4 series."

Red Hat and Fedora

Leftovers: Ubuntu

Android Leftovers