Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 23 min ago

Three new stable kernels

Friday 24th of June 2016 08:33:14 PM

Greg Kroah-Hartman has released stable kernel updates 4.6.3, 4.4.14, and 3.14.73. Each contains important fixes throughout the tree.

Friday's security updates

Friday 24th of June 2016 02:18:41 PM

CentOS has updated kernel (C7: multiple vulnerabilities), libxml2 (C6; C7: multiple vulnerabilities), ocaml (C7: information leak), setroubleshoot (C7: multiple vulnerabilities), and setroubleshoot-plugins (C7: multiple vulnerabilities).

Fedora has updated python (F24: startTLS stripping), setroubleshoot (F24: code execution), and setroubleshoot-plugins (F24: code execution).

Oracle has updated kernel (O7: multiple vulnerabilities), libxml2 (O6; O7: multiple vulnerabilities), ocaml (O7: information leak), and setroubleshoot and setroubleshoot-plugins (O7: multiple vulnerabilities).

Red Hat has updated kernel (RHEL7: multiple vulnerabilities), kernel-rt (RHEL7: multiple vulnerabilities), and ocaml (RHEL7: information leak).

Scientific Linux has updated libxml2 (SL 6,7: multiple vulnerabilities) and setroubleshoot and setroubleshoot-plugins (SL7; SL6: multiple vulnerabilities).

SUSE has updated kernel (SLE11: multiple vulnerabilities).

Defending Our Brand (Let's Encrypt)

Thursday 23rd of June 2016 09:37:48 PM
It seems that the Comodo TLS certificate authority (CA) has filed for three trademarks using variations of "Let's Encrypt". As might be guessed, the Let's Encrypt project is less than pleased by Comodo trying to coopt its name. "Since March of 2016 we have repeatedly asked Comodo to abandon their “Let’s Encrypt” applications, directly and through our attorneys, but they have refused to do so. We are clearly the first and senior user of “Let’s Encrypt” in relation to Internet security, including SSL/TLS certificates – both in terms of length of use and in terms of the widespread public association of that brand with our organization. If necessary, we will vigorously defend the Let’s Encrypt brand we’ve worked so hard to build. That said, our organization has limited resources and a protracted dispute with Comodo regarding its improper registration of our trademarks would significantly and unnecessarily distract both organizations from the core mission they should share: creating a more secure and privacy-respecting Web. We urge Comodo to do the right thing and abandon its “Let’s Encrypt” trademark applications so we can focus all of our energy on improving the Web." [Thanks to Paul Wise.]

Xen 4.7 released

Thursday 23rd of June 2016 05:05:04 PM
Version 4.7 of the Xen hypervisor has been released. "With dozens of major improvements, many more bug fixes and small improvements, and significant improvements to Drivers and Devices, Xen Project 4.7 reflects a thriving community around the Xen Project Hypervisor." Some of the new features include live patching, better dom0 robustness, better migration support between non-identical hosts, scheduler improvements, and more. See the release notes for more information.

Thursday's security advisories

Thursday 23rd of June 2016 03:02:57 PM

Debian-LTS has updated squidguard (cross-site scripting).

Fedora has updated php-symfony-security-acl (F24: unspecified). Also, Fedora has sent out a reminder that Fedora 22 will reach its end of life on July 19.

Mageia has updated chromium-browser-stable (multiple vulnerabilities), kernel-linus (multiple vulnerabilities, one from 2013), kernel-tmb (multiple vulnerabilities, one from 2013), libimobiledevice (socket listening on all network interfaces), and python (three vulnerabilities).

openSUSE has updated libarchive (42.1: code execution), mariadb (13.2: many unspecified vulnerabilities), and obs-service-source_validator (42.1; 13.2: code execution).

Red Hat has updated libxml2 (RHEL6&7: multiple vulnerabilities) and setroubleshoot and setroubleshoot-plugins (RHEL7: three vulnerabilities).

[$] LWN.net Weekly Edition for June 23, 2016

Thursday 23rd of June 2016 02:41:35 AM
The LWN.net Weekly Edition for June 23, 2016 is available.

Sony agrees to pay millions to gamers to settle PS3 Linux debacle (ars technica)

Wednesday 22nd of June 2016 07:41:10 PM
Back in 2009, Sony removed the "install other OS" option from its PS3 game consoles, removing the ability to install Linux on those machines. It then went after developers who figured out how to jailbreak the device. Ars technica reports that Sony has now settled a class-action lawsuit over those actions. "Under the terms of the accord, which has not been approved by a California federal judge yet, gamers are eligible to receive $55 if they used Linux on the console. The proposed settlement, which will be vetted by a judge next month, also provides $9 to each console owner that bought a PS3 based on Sony's claims about 'Other OS' functionality." The lawyers, instead, get over $2 million.

Security advisories for Wednesday

Wednesday 22nd of June 2016 04:07:38 PM

CentOS has updated setroubleshoot (C6: multiple vulnerabilities) and setroubleshoot-plugins (C6: multiple vulnerabilities).

Debian-LTS has updated icedove (multiple vulnerabilities) and python2.7 (three vulnerabilities).

Fedora has updated expat (F24: multiple vulnerabilities), php-zendframework-zendxml (F23; F22: insecure ciphertexts), php-ZendFramework2 (F23; F22: insecure ciphertexts), and xen (F22: two vulnerabilities).

openSUSE has updated Chromium (13.1: multiple vulnerabilities), ImageMagick (Leap42.1: command execution), and vlc (Leap42.1; 13.2: multiple vulnerabilities).

Oracle has updated openssl (OL5: multiple vulnerabilities) and setroubleshoot and setroubleshoot-plugins (OL6: multiple vulnerabilities).

Red Hat has updated python-django-horizon (RHOSP8.0; RHELOSP7 for RHEL7; RHELOSP6 for RHEL7; RHELOSP5 for RHEL7; RHELOSP5 for RHEL6: cross-site scripting) and setroubleshoot and setroubleshoot-plugins (RHEL6: multiple vulnerabilities).

Elixir v1.3 released

Tuesday 21st of June 2016 08:05:29 PM
Version 1.3 of the Elixir programming language has been released. "Elixir v1.3 brings many improvements to the language, the compiler and its tooling, specially Mix (Elixir’s build tool) and ExUnit (Elixir’s test framework). The most notable additions are the new Calendar types, the new cross-reference checker in Mix, and the assertion diffing in ExUnit."

Announcing Flatpak

Tuesday 21st of June 2016 07:41:10 PM
Not to be left behind by a certain competing project, the developers of the Flatpak packaging system have put out a press release proclaiming its virtues. "The Linux desktop has long been held back by platform fragmentation. This has been a burden on developers, and creates a high barrier to entry for third party application developers. Flatpak aims to change all that. From the very start its primary goal has been to allow the same application to run across a myriad of Linux distributions and operating systems. In doing so, it greatly increases the number of users that application developers can easily reach."

Security updates for Tuesday

Tuesday 21st of June 2016 04:24:59 PM

Fedora has updated nfdump (F23; F22: multiple vulnerabilities) and webkitgtk4 (F22: two vulnerabilities).

openSUSE has updated ctdb (Leap42.1, 13.2: privilege escalation), libtorrent-rasterbar (Leap42.1, 13.2: denial of service), ntp (Leap42.1: multiple vulnerabilities), and kernel (Leap42.1: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities).

Slackware has updated libarchive (multiple vulnerabilities) and pcre (denial of service).

SUSE has updated ctdb (SLE11-SP4: privilege escalation), libimobiledevice, usbmuxd (SLE12-SP1: sockets listening on INADDR_ANY), and php53 (SLES11-SP2: multiple vulnerabilities).

Ubuntu has updated dnsmasq (16.04, 15.10: denial of service), expat (two vulnerabilities), haproxy (16.04: denial of service), spice (16.04, 15.10, 14.04: two vulnerabilities), wget (code execution), and xmlrpc-c (12.04: multiple vulnerabilities).

Fedora 24 released

Tuesday 21st of June 2016 02:28:18 PM
After several schedule slips, the Fedora 24 release is available. "The Fedora Project has embarked on a great journey... redefining what an operating system should be for users and developers. Such innovation does not come overnight, and Fedora 24 is one big step on the road to the next generation of Linux distributions. But that does not mean that Fedora 24 is some 'interim' release; there are great new features for Fedora users to deploy in their production environments right now!" See the Fedora 24 approved features list for an idea of what's in this release.

Horn: Exploiting Recursion in the Linux Kernel

Tuesday 21st of June 2016 02:04:26 AM
On the Project Zero blog, Jann Horn describes a bug Horn found that allows user space to overflow the kernel stack using the ecryptfs encrypted filesystem. That overflow can be used to elevate privileges for local users on Ubuntu systems configured for encrypted home directories. "However, the reason why I wrote a full root exploit for this not exactly widely exploitable bug is that I wanted to demonstrate that Linux stack overflows can occur in very non-obvious ways, and even with the existing mitigations turned on, they're still exploitable. In my bug report, I asked the kernel security list to add guard pages to kernel stacks and remove the thread_info struct from the bottom of the stack to more reliably mitigate this bug class, similar to what other operating systems and grsecurity are already doing. Andy Lutomirski had actually already started working on this, and he has now published patches that add guard pages: https://lkml.org/lkml/2016/6/15/1064."

[$] Transport-level protocols in user space

Monday 20th of June 2016 09:31:48 PM
The Linux networking developers have long held a strong opinion about user-space protocol implementations: they should be avoided in favor of making the in-kernel implementation better. So it might be surprising to see a veteran networking developer post a patch set aimed at making user-space implementations easier. A look at this patch and its motivations shines an interesting light on changes that are taking place in the networking world.

Security advisories for Monday

Monday 20th of June 2016 04:40:07 PM

Arch Linux has updated flashplugin (multiple vulnerabilities), glibc (denial of service), lib32-flashplugin (multiple vulnerabilities), lib32-glibc (denial of service), and wget (code execution).

Debian has updated libxslt (three vulnerabilities).

Debian-LTS has updated firefox-esr (multiple vulnerabilities) and horizon (cross-site scripting).

Fedora has updated expat (F23: multiple vulnerabilities), GraphicsMagick (F23; F22: multiple vulnerabilities), iperf3 (F23; F22: denial of service), sudo (F22: information leak), and wget (F22: code execution).

Gentoo has updated dhcpcd (denial of service), ffmpeg (multiple vulnerabilities), flash-player (multiple vulnerabilities), and php (multiple vulnerabilities).

openSUSE has updated Chromium (SPH for SLE12; Leap42.1; 13.2: multiple vulnerabilities), flash-player (13.2; 13.1: multiple vulnerabilities), and poppler (Leap42.1: code execution).

Scientific Linux has updated ImageMagick (SL6,7: multiple vulnerabilities).

Kernel prepatch 4.7-rc4

Monday 20th of June 2016 04:14:04 PM

The 4.7-rc4 prepatch is now available for testing. Linus Torvalds said that it is "pretty small" with "nothing particularly worrisome". The development cycle proceeds apace with the usual sorts of changes: "The statistics look very normal: about two thirds drivers, with the rest being half architecture updates and half "misc" (small filesystem updates,. some documentation, and a smattering of patches elsewhere)."

Klumpp: A few words about the future of the Limba project

Saturday 18th of June 2016 12:40:26 AM

Those concerned about the proliferation of application-packaging formats will soon have one fewer to worry about. At his blog, Matthias Klumpp announces that he intends to scale back his work on Limba, the cross-distribution application-packaging format he has developed as an extension of the ideas in the earlier Listaller. The decision comes on the heels of discussions with Flatpak developer Alexander Larsson, since the two projects overlap in many respects: "Alex and I had very productive discussions, and except for the modularity issue, we were pretty much on the same page in every other aspect regarding the sandboxing and app-distribution matters."

Given that he has several other active projects in development, Klumpp has decided to throttle back on Limba, although he will continue to hack on it "as a research project" and sees several opportunities where it might still fit into vendor-independent software distribution down the road. "This is good news for all the people out there using the Tanglu Linux distribution, AppStream-metadata-consuming services, PackageKit on Debian, etc. – those will receive more attention," Klumpp concludes.

Friday's security updates

Saturday 18th of June 2016 12:14:01 AM

CentOS has updated firefox (C6; C5; C7: multiple vulnerabilities) and imagemagick (C6; C7: multiple vulnerabilities).

Debian has updated drupal7 (privilege escalation).

Debian-LTS has updated imagemagick (buffer overflow) and kernel (multiple vulnerabilities).

Gentoo has updated nginx (multiple vulnerabilities) and spice (multiple vulnerabilities).

Mageia has updated expat (M5: multiple vulnerabilities), flash-player-plugin (M5: multiple vulnerabilities), and virtualbox (M5: unspecified vulnerability).

openSUSE has updated wireshark (13.2, Leap 42.1: multiple vulnerabilities).

Oracle has updated ImageMagick (O7; O6: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL 5,6: multiple vulnerabilities) and imagemagick (RHEL 6,7: multiple vulnerabilities).

Scientific Linux has updated firefox (SL 5,6,7: multiple vulnerabilities), kernel (SL6: multiple vulnerabilities), ntp (SL 6,7: multiple vulnerabilities), spice-server (SL6: multiple vulnerabilities), squid (SL6: multiple vulnerabilities), and squid34 (SL6: multiple vulnerabilities).

SUSE has updated ImageMagick (SLE11: command execution), libxml2 (SLE11: multiple vulnerabilities), and ntp (SLE11: multiple vulnerabilities).

The Children's Illustrated Guide to Kubernetes

Friday 17th of June 2016 11:33:53 PM
For those who are wondering what Kubernetes is all about, Matt Butcher has posted an illustrated guide for children. "Phippy loved life aboard Captain Kube's ship and she enjoyed the company of her new friends (every replicated pod of Goldie was equally delightful). But as she thought back to her days on the scary hosted provider, she began to wonder if perhaps she could also have a little privacy. 'It sounds like what you need,' said Captain Kube, 'is a namespace.'"

The Qt Company Releases Qt 5.7

Thursday 16th of June 2016 05:11:41 PM
Qt 5.7 has been released, with a new Qt 3D module and other improvements. "The future of user interfaces is moving towards heavier integration of 3D graphics. 3D integration of Qt has always been possible with direct OpenGL programming but with Qt 5.7 and the new Qt 3D module it is now easy to create 3D UIs and interact with 3D objects using high-level Qt C++ and QML APIs. Visualizing a 3D model with Qt 3D is now a matter of minutes instead of hours or days of OpenGL programming. In addition to just 3D rendering, Qt 3D is a fully extensible 3D framework for near-realtime simulations e.g. physics engine, artificial intelligence, collision detection. Qt 3D has been developed together with KDAB, a Qt Service Partner and the biggest external contributor to Qt. For more information about KDAB, please visit www.kdab.com."

More in Tux Machines

Leftovers: OSS

OSS in the Back End

  • Open Source NFV Part Four: Open Source MANO
    Defined in ETSI ISG NFV architecture, MANO (Management and Network Orchestration) is a layer — a combination of multiple functional entities — that manages and orchestrates the cloud infrastructure, resources and services. It is comprised of, mainly, three different entities — NFV Orchestrator, VNF Manager and Virtual Infrastructure Manager (VIM). The figure below highlights the MANO part of the ETSI NFV architecture.
  • After the hype: Where containers make sense for IT organizations
    Container software and its related technologies are on fire, winning the hearts and minds of thousands of developers and catching the attention of hundreds of enterprises, as evidenced by the huge number of attendees at this week’s DockerCon 2016 event. The big tech companies are going all in. Google, IBM, Microsoft and many others were out in full force at DockerCon, scrambling to demonstrate how they’re investing in and supporting containers. Recent surveys indicate that container adoption is surging, with legions of users reporting they’re ready to take the next step and move from testing to production. Such is the popularity of containers that SiliconANGLE founder and theCUBE host John Furrier was prompted to proclaim that, thanks to containers, “DevOps is now mainstream.” That will change the game for those who invest in containers while causing “a world of hurt” for those who have yet to adapt, Furrier said.
  • Is Apstra SDN? Same idea, different angle
    The company’s product, called Apstra Operating System (AOS), takes policies based on the enterprise’s intent and automatically translates them into settings on network devices from multiple vendors. When the IT department wants to add a new component to the data center, AOS is designed to figure out what needed changes would flow from that addition and carry them out. The distributed OS is vendor-agnostic. It will work with devices from Cisco Systems, Hewlett Packard Enterprise, Juniper Networks, Cumulus Networks, the Open Compute Project and others.
  • MapR Launches New Partner Program for Open Source Data Analytics
    Converged data vendor MapR has launched a new global partner program for resellers and distributors to leverage the company's integrated data storage, processing and analytics platform.
  • A Seamless Monitoring System for Apache Mesos Clusters
  • All Marathons Need a Runner. Introducing Pheidippides
    Activision Publishing, a computer games publisher, uses a Mesos-based platform to manage vast quantities of data collected from players to automate much of the gameplay behavior. To address a critical configuration management problem, James Humphrey and John Dennison built a rather elegant solution that puts all configurations in a single place, and named it Pheidippides.
  • New Tools and Techniques for Managing and Monitoring Mesos
    The platform includes a large number of tools including Logstash, Elasticsearch, InfluxDB, and Kibana.
  • BlueData Can Run Hadoop on AWS, Leave Data on Premises
    We've been watching the Big Data space pick up momentum this year, and Big Data as a Service is one of the most interesting new branches of this trend to follow. In a new development in this space, BlueData, provider of a leading Big-Data-as-a-Service software platform, has announced that the enterprise edition of its BlueData EPIC software will run on Amazon Web Services (AWS) and other public clouds. Essentially, users can now run their cloud and computing applications and services in an Amazon Web Services (AWS) instance while keeping data on-premises, which is required for some companies in the European Union.

today's howtos

Industrial SBC builds on Raspberry Pi Compute Module

On Kickstarter, a “MyPi” industrial SBC using the RPi Compute Module offers a mini-PCIe slot, serial port, wide-range power, and modular expansion. You might wonder why in 2016 someone would introduce a sandwich-style single board computer built around the aging, ARM11 based COM version of the original Raspberry Pi, the Raspberry Pi Compute Module. First off, there are still plenty of industrial applications that don’t need much CPU horsepower, and second, the Compute Module is still the only COM based on Raspberry Pi hardware, although the cheaper, somewhat COM-like Raspberry Pi Zero, which has the same 700MHz processor, comes close. Read more