Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 13 min 49 sec ago

ownCloud 8.1 released

27 min 8 sec ago
The ownCloud 8.1 release is out. "This release marks significant under the hood improvements, such as increasing scalability and performance of syncing and file operations while making ownCloud a better platform for developers to build upon. Security enhancements, integrated documentation links, more control in the admin panel over external storage, LDAP and encryption make ownCloud more secure and easier to use." See the release notes for details.

Security updates for Tuesday

1 hour 38 min ago

Arch Linux has updated ntp (denial of service).

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).

Debian has updated cups-filters (code execution) and libwmf (code execution).

Gentoo has updated exiv2 (denial of service), icu (code execution), libvncserver (multiple vulnerabilities), libxml2 (denial of service), sqlite (three vulnerabilities), tor (denial of service), and unrtf (code execution).

Red Hat has updated abrt (RHEL6: multiple vulnerabilities) and kernel (RHEL6.4: privilege escalation).

Ubuntu has updated haproxy (15.04, 14.10: information leak), kernel (15.04; 14.10; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: privilege escalation).

Stable kernel updates

Monday 6th of July 2015 06:44:29 PM
Greg KH has released two new stable kernels; 3.14.47 and 3.10.83. Both contain important fixes.

Security advisories for Monday

Monday 6th of July 2015 05:18:04 PM

Arch Linux has updated haproxy (information leak) and openssh (restriction bypass).

Debian has updated haproxy (information leak) and iceweasel (multiple vulnerabilities).

Debian-LTS has updated aptdaemon (information leak) and virtualbox-ose (multiple vulnerabilities).

Fedora has updated ansible (F22; F21: two vulnerabilities), mariadb (F22: man-in-the-middle attack), pam (F21: denial of service), and trafficserver (F22; F21: several vulnerabilities).

Gentoo has updated chrony (multiple vulnerabilities).

Mageia has updated chromium-browser (MG4,5: multiple vulnerabilities), coreutils (MG4: memory handling error), curl (MG5: information disclosure), filezilla (MG4,5: cipher-downgrade attacks), firefox (MG4,5: multiple vulnerabilities), libwmf (MG4,5: multiple vulnerabilities), mysql-connector-java (MG4: information disclosure), owncloud-client (MG4,5: man-in-the-middle attack), pam (MG4,5: denial of service), pcre (MG5: information leak), php (MG4: multiple vulnerabilities), polkit (MG4,5: multiple vulnerabilities), tidy (MG4: buffer overflow), and wireshark (MG5: denial of service).

openSUSE has updated php5 (13.2, 13.1: multiple vulnerabilities) and phpMyAdmin (13.2, 13.1: three vulnerabilities).

Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities).

SUSE has updated OpenSSL (SLE11SP3; SLED11SP3, SLES10SP4; SLES11SP2; SLES10SP4: multiple vulnerabilities).

Ubuntu has updated cups-filters (15.04, 14.10, 14.04, 12.04: code execution) and php5 (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

Kernel Summit 2015: Call for Proposals

Monday 6th of July 2015 12:23:27 AM
The 2015 Kernel Summit will be held October 26-28 in Seoul, South Korea; the call for discussion proposals is out now. Now would be a good time for those who would like to attend the Summit to come up with a good topic and get the discussion going. Proposals are due by July 31.

Kernel prepatch 4.2-rc1

Sunday 5th of July 2015 11:44:27 PM
Linus has released 4.2-rc1 and closed the merge window for this development cycle. As Linus explains, 4.2 may, in the end, not end up being the development cycle with the most commits ever, but there is still a lot going on. "However, if you count the size in pure number of lines changed, this really seems to be the biggest rc we've ever had, with over a million lines added (and about a quarter million removed). That beats the previous champion (3.11-rc1) that was huge mainly due to Lustre being added to the staging tree." The source of the biggest chunk of those new lines is the new amdgpu graphics driver.

Firefox 39 released

Friday 3rd of July 2015 09:55:48 PM

Firefox 39 has been released for both desktop and mobile systems. The new features include a social sharing tool for the Firefox Hello video chat subsystem. It is designed to make it easier to share Firefox Hello chat invitations over third-party social networks. In addition, Firefox's existing phishing-and-malware detection tool has been extended to cover downloads, support has been added for Unicode 8.0's multi-ethnic emoji characters, and there is improved support for the Accessible Rich Internet Applications (ARIA) standard.

Friday's security updates

Friday 3rd of July 2015 03:58:05 PM

Arch Linux has updated firefox (multiple vulnerabilities) and wesnoth (information leak).

Debian has updated stunnel4 (authentication bypass).

Debian-LTS has updated libxml2 (multiple vulnerabilities) and pykerberos (insecure authentication).

Fedora has updated drupal6 (F21; F22: account hijacking) and drupal7 (F21; F22: multiple vulnerabilities).

openSUSE has updated flash-player (11.4).

Oracle has updated firefox (O5; O6; O7: multiple vulnerabilities).

Red Hat has updated firefox (RHEL: multiple vulnerabilities) and openstack-cinder (RHEL OSP: file disclosure).

SUSE has updated MySQL (SLE 11 SP3: cipher downgrade attack), ntp (SLE11 SP3: multiple vulnerabilities), and OpenSSL (SLE 10 Client Tools; SUSE Manager 11 SP2, Studio Onsite; SLE 11 SAP; SLE 11 SP1; SLE SM 11 SP3: multiple vulnerabilities).

Security advisories for Thursday

Thursday 2nd of July 2015 01:54:52 PM

CentOS has updated openssl (C5: three vulnerabilities).

Debian-LTS has updated unattended-upgrades (improper package authentication).

[$] LWN.net Weekly Edition for July 2, 2015

Thursday 2nd of July 2015 12:47:52 AM
The LWN.net Weekly Edition for July 2, 2015 is available.

Supreme Court won’t weigh in on Oracle-Google API copyright battle (Ars Technica)

Wednesday 1st of July 2015 08:20:52 PM
Ars Technica reports that the US Supreme Court rejected Google's appeal of the Google-Oracle API copyright dispute. "Despite the high court's inaction on the case, the Google-Oracle legal flap is far from resolved. That's because the appeals court sent the case back to the lower courts to determine whether Google's use of the code in Android—which it no longer uses—constitutes a "fair use." Oracle is seeking $1 billion in damages. "This is not the end of the road for this case—the Federal Circuit decision explicitly left open the possibility that the kinds of uses Google made were permissible under copyright's fair use doctrine," said Charles Duan, the director of Public Knowledge's patent reform project." (Thanks to Martin Michlmayr)

[$] News and updates from DockerCon 2015

Wednesday 1st of July 2015 06:58:23 PM

DockerCon on June 22 and 23 was a much bigger affair than CoreOSFest or ContainerCamp. DockerCon rented out the San Francisco Marriott for the event; the keynote ballroom seats 2000. That's a pretty dramatic change from the first DockerCon last year, with roughly 500 attendees; it shows the huge growth of interest in Linux containers. Or maybe, given that it's Silicon Valley, what you're seeing is the magnetic power of $95 million in round-C funding.

Subscribers can click below for a report from DockerCon by guest author Josh Berkus.

Security advisories for Wednesday

Wednesday 1st of July 2015 04:26:59 PM

Debian has updated jackrabbit (information leak).

Debian-LTS has updated libcrypto++ (information disclosure), libmodule-signature-perl (multiple vulnerabilities), and ruby1.9.1 (denial of service).

Fedora has updated abrt (F21: multiple vulnerabilities), cups-x2go (F22: multiple vulnerabilities), elfutils (F22: hardening fixes), gnome-abrt (F21: multiple vulnerabilities), kernel (F21: denial of service), libreport (F21: multiple vulnerabilities), pam (F22: denial of service), and rubygem-activesupport (F22; F21: two vulnerabilities).

Mageia has updated apache-mod_jk (MG4: information disclosure), drupal (MG4,5: multiple vulnerabilities), libvpx (MG4,5: denial of service), p7zip (MG4,5: directory traversal), postgresql (MG4: multiple vulnerabilities), and python-tornado (MG4: side-channel attack).

openSUSE has updated p7zip (13.2, 13.1: directory traversal).

Oracle has updated openssl (OL5: multiple vulnerabilities).

Scientific Linux has updated openssl (SL5: multiple vulnerabilities).

Linux Foundation Announces R Consortium

Tuesday 30th of June 2015 05:34:06 PM
The Linux Foundation has announced the R Consortium. "The R language is used by statisticians, analysts and data scientists to unlock value from data. It is a free and open source programming language for statistical computing and provides an interactive environment for data analysis, modeling and visualization. The R Consortium will complement the work of the R Foundation, a nonprofit organization based in Austria that maintains the language. The R Consortium will focus on user outreach and other projects designed to assist the R user and developer communities. Founding companies and organizations of the R Consortium include The R Foundation, Platinum members Microsoft and RStudio; Gold member TIBCO Software Inc.; and Silver members Alteryx, Google, HP, Mango Solutions, Ketchum Trading and Oracle."

Tuesday's security advisories

Tuesday 30th of June 2015 05:13:21 PM

CentOS has updated postgresql (C7; C6: multiple vulnerabilities) and xerces-c (C7: denial of service).

Debian has updated unattended-upgrades (authentication bypass).

Debian-LTS has updated aptdaemon (information leak), hostapd (denial of service), jqueryui (cross-site scripting), and shibboleth-sp2 (denial of service).

Fedora has updated chicken (F22; F21: out-of-bounds read), openvas-cli (F21: sql injection), openvas-libraries (F21: sql injection), openvas-manager (F21: sql injection), openvas-scanner (F21: sql injection), php-htmLawed (F22; F21: multiple vulnerabilities), postgresql (F21: multiple vulnerabilities), python-jwt (F22; F21: token verification bypass), rubygem-jquery-rails (F22; F21: CSRF vulnerability), and rubygem-web-console (F22: code execution).

Oracle has updated postgresql (OL7; OL6: multiple vulnerabilities) and xerces-c (OL7: denial of service).

Red Hat has updated kernel (RHEL6.5: two vulnerabilities), openssl (RHEL5: multiple vulnerabilities), postgresql (RHEL6,7: multiple vulnerabilities), postgresql92-postgresql (RHSCL2: multiple vulnerabilities), rh-postgresql94-postgresql (RHSCL2: multiple vulnerabilities), and xerces-c (RHEL7: denial of service).

Scientific Linux has updated nss (SL6,7: cipher-downgrade attacks), postgresql (SL6,7: multiple vulnerabilities), and xerces-c (SL7: denial of service).

SUSE has updated java-1_6_0-ibm (SLEM12: multiple vulnerabilities).

Ubuntu has updated oxide-qt (15.04, 14.10, 14.04: multiple vulnerabilities) and unattended-upgrades (15.04, 14.10, 14.04, 12.04: authentication bypass).

Amazon's new TLS implementation

Tuesday 30th of June 2015 01:25:25 PM
Amazon has announced the release of a new TLS library called "s2n" under the Apache license. "s2n is a library that has been designed to be small, fast, with simplicity as a priority. s2n avoids implementing rarely used options and extensions, and today is just more than 6,000 lines of code. As a result of this, we’ve found that it is easier to review s2n; we have already completed three external security evaluations and penetration tests on s2n, a practice we will be continuing."

Stable kernel updates

Monday 29th of June 2015 11:07:18 PM
Four new stable kernels are available; 4.1.1, 4.0.7, 3.14.46, and 3.10.82. All contain important fixes.

Security updates for Monday

Monday 29th of June 2015 03:57:11 PM

Debian has updated libcrypto++ (information disclosure).

Debian-LTS has updated cacti (multiple vulnerabilities), libwmf (denial of service), and t1utils (code execution).

Fedora has updated kernel (F22: denial of service).

openSUSE has updated roundcubemail (13.2: two vulnerabilities).

Scientific Linux has updated kvm (SL5: code execution).

SUSE has updated java-1_7_0-ibm (SLE11SP3: multiple vulnerabilities) and Xen (SLES11SP2; SLES11SP1: multiple vulnerabilities).

Valve: Introducing SteamOS "brewmaster"

Friday 26th of June 2015 09:17:17 PM

Valve has announced the first preview release of its forthcoming SteamOS update. The new release is based on Debian 8.1 with long-term support kernel 3.18; there are downloadable builds linked to in the announcement for both UEFI and legacy BIOS systems. There appear to be few user-visible differences between the new release and the current SteamOS so far, though; the announcement notes: "Although there are a lot of changes under the covers, the overall functionality and experience of brewmaster is the same as alchemist."

Friday's security updates

Friday 26th of June 2015 03:14:03 PM

CentOS has updated kvm (C5: code execution).

Debian-LTS has updated librack-ruby (denial of service) and libwmf (multiple vulnerabilities).

openSUSE has updated flash-player (13.1, 13.2: code execution), chromium (13.1, 13.2: multiple vulnerabilities), and openssl (13.1, 13.2: multiple vulnerabilities).

Oracle has updated kvm (O5: code execution) and nss (O6; O7: cipher-downgrade attacks).

Red Hat has updated kernel (RHEL5: privilege escalation) and kvm (RHEL5: code execution).

Scientific Linux has updated kernel (SL7: multiple vulnerabilities) and mailman (SL7: code execution).

SUSE has updated compat-openssl098 (SLE12: multiple vulnerabilities), KVM (SLE11 SP3: multiple vulnerabilities), and openssl (SLE12: multiple vulnerabilities).

More in Tux Machines

EC publishes open source code of legislation editor

The European Commission is about to make available as open source a prototype of LEOS, a software solution for drafting and automatic processing of legal texts. The software currently supports legal texts issued by the EC, yet can be extended to support other legislative processes. Read more

Lenovo ThinkPad L450 comes with Ubuntu

Canonical, the commercial sponsor of Ubuntu, has announced that Lenovo will start shipping Ubuntu preloaded devices starting with ThinkPad L450 laptop series this month. The laptops will be on sale at selected commercial resellers and distributors at Rs 40,000. Read more

Leftovers: Kernel

openSUSE Leap 42 Is a New Version That Will Change the openSUSE Project

The openSUSE community has spoken, and the name and version of the new openSUSE release have been chosen. The project is undergoing some major changes, and they had to illustrate that with a name that sells it. Read more