Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 7 min ago

Tuesday's security updates

3 hours 23 min ago

CentOS has updated java-1.6.0-openjdk (C7; C6; C5: multiple vulnerabilities).

Debian has updated eglibc (multiple vulnerabilities), wireshark (denial of service), and xen (multiple vulnerabilities).

Fedora has updated python-django (F20: multiple vulnerabilities) and python-django14 (F20: multiple vulnerabilities).

openSUSE has updated flash-player (13.2, 13.1; 11.4: code execution).

Oracle has updated java-1.6.0-openjdk (OL7; OL6; OL5: multiple vulnerabilities).

Red Hat has updated java-1.6.0-openjdk (RHEL5,6,7: multiple vulnerabilities) and java-1.6.0-sun (RHEL5,6,7: multiple vulnerabilities).

Scientific Linux has updated java-1.6.0-openjdk (SL5,6: multiple vulnerabilities).

SUSE has updated flash-player (SLE12: code execution).

Ubuntu has updated oxide-qt (14.10, 14.04: multiple vulnerabilities) and firefox (14.10, 14.04, 12.04: regression in previous update).

PSF: 2014 Year in Review, Part 2

Monday 26th of January 2015 10:30:10 PM
The Python Software Foundation wraps up its 2014 retrospective. "On the technical side, the Python language grew with the releases of Python 2.7.9, 3.3.5, 3.4, and, in August, 3.4.1. Major new features of the 3.4 series, compared to 3.3 include "hundreds of small improvements and bug fixes." Additionally, Python 3.4.1 has many more advantages."

Security advisories for Monday

Monday 26th of January 2015 06:06:18 PM

CentOS has updated jasper (C7: multiple vulnerabilities).

Debian has updated jasper (multiple vulnerabilities), mysql-5.5 (multiple vulnerabilities), polarssl (code execution), squid (denial of service), and websvn (information disclosure).

Debian-LTS has updated libevent (denial of service) and websvn (information disclosure).

Fedora has updated docker-io (F20: multiple vulnerabilities), grep (F21: heap buffer overrun), java-1.7.0-openjdk (F20: multiple vulnerabilities), java-1.8.0-openjdk (F21; F20: multiple vulnerabilities), kde-runtime (F20: misuse of crypto), kernel (F21: restriction bypass), python-django (F21: multiple vulnerabilities), and xdg-utils (F21: command injection).

Mageia has updated aircrack-ng (multiple vulnerabilities), chromium-browser-stable (multiple vulnerabilities), jasper (multiple vulnerabilities), and java-1.7.0-openjdk (multiple vulnerabilities).

openSUSE has updated Firefox (11.4: multiple vulnerabilities), libevent (13.2, 13.1: denial of service), openssl (13.2, 13.1: multiple vulnerabilities), shotwell, vala (13.2: heap buffer overflow), and thunderbird (13.2, 13.1: multiple vulnerabilities).

SUSE has updated flash-player (SLED11 SP3: unspecified vulnerability) and vsftpd (SLES11 SP3: unauthorized access).

Ubuntu has updated ghostscript (10.04: multiple vulnerabilities), jasper (14.10, 14.04, 12.04: multiple vulnerabilities), and unbound (14.10, 14.04: denial of service).

Kernel prepatch 3.19-rc6

Monday 26th of January 2015 08:07:56 AM
Linus has released the 3.19-rc6 kernel prepatch. "I currently expect to make an rc7 next week, with the final 3.19 in two weeks, as per the usual schedule."

New open source dependency manager on the scene (Opensource.com)

Friday 23rd of January 2015 11:38:21 PM

At Opensource.com, Jordi Mon introduces the biicode project, an open-source dependency-management system for C and C++ applications that is akin to Ruby Gems or the Python Package Index. It is a challenging goal, he says, "because there are approximately 4 million C/C++ developers, and both languages represent up to almost 20% of the world's code." The project was started as a proprietary service, and only recently transitioned into an open-source project.

Friday's security updates

Friday 23rd of January 2015 03:35:34 PM

CentOS has updated jasper (C6: multiple vulnerabilities).

openSUSE has updated dbus-1 (13.1, 13.2: multiple vulnerabilities), elfutils (13.1, 13.2: directory traversal), flash-player (13.1, 13.2: memory randomization circumvention), otrs (13.1, 13.2: authentication bypass), roundcubemail (13.2: cross-site request forgery), strongswan (13.1, 13.2: denial of service), and wireshark (13.1, 13.2: multiple vulnerabilities).

Oracle has updated jasper (O6; O7: multiple vulnerabilities).

Red Hat has updated jasper (RHEL6,7: multiple vulnerabilities), java-1.7.0-oracle (multiple vulnerabilities), and java-1.8.0-oracle (RHEL6: multiple vulnerabilities).

Scientific Linux has updated jasper (SL6,7: multiple vulnerabilities).

SUSE has updated flash-player (memory randomization circumvention) and rpm (SLE12: multiple vulnerabilities).

Ubuntu has updated elfutils (directory traversal), mysql-5.5 (12.04, 14.04, 14.10): multiple vulnerabilities, and samba (14.04, 14.10: privilege escalation).

A two-part series on LXC networking (Flockport Labs)

Thursday 22nd of January 2015 11:13:24 PM
Flockport Labs has a two-part "LXC networking superguide" that covers a bunch of LXC networking concepts, as well as practical ideas on connecting containers (Part1 and Part 2). Part 1 starts with an introduction to LXC networking, then moves into extending layer 2 to remote hosts using a layer 3 tunnel. Part 2 looks at using LXC containers as routers. "We are going to create a bridge on 2 remote hosts over their public IPs and connect the bridges with Ethernet over GRE or L2tpv3 so containers connecting to these bridges are on the same layer 2 network. We will first show you how to do this with Ethernet over GRE and then L2tpv3. The main difference is Ethernet over GRE is less well known while L2tpv3 is more widely used for l2 extension and uses UDP, and thus could be more flexible."

Thursday's security advisories

Thursday 22nd of January 2015 03:23:01 PM

Fedora has updated binutils (F21: two vulnerabilities), cross-binutils (F21; F20: multiple vulnerabilities), exiv2 (F21: denial of service), libsndfile (F21: code execution), and python-pillow (F21: denial of service).

Mageia has updated freeciv (code execution).

Oracle has updated java-1.7.0-openjdk (OL5: multiple vulnerabilities).

Red Hat has updated java-1.7.0-openjdk (RHEL6&7; RHEL5: multiple vulnerabilities), java-1.8.0-openjdk (RHEL6: multiple vulnerabilities), kernel (RHEL6.5: multiple vulnerabilities), and openssl (RHEL6&7: multiple vulnerabilities).

[$] LWN.net Weekly Edition for January 22, 2015

Thursday 22nd of January 2015 01:40:06 AM
The LWN.net Weekly Edition for January 22, 2015 is available.

Security advisories for Wednesday

Wednesday 21st of January 2015 06:19:22 PM

CentOS has updated java-1.7.0-openjdk (C7; C6; C5: multiple vulnerabilities), java-1.8.0-openjdk (C6: multiple vulnerabilities), and openssl (C7; C6: multiple vulnerabilities).

Debian has updated privoxy (use after free) and sympa (information disclosure).

Fedora has updated elfutils (F20: directory traversal), gd (F20: memory leak), libsndfile (F20: multiple vulnerabilities), and openssl (F20: multiple vulnerabilities).

Oracle has updated java-1.7.0-openjdk (OL7; OL6: multiple vulnerabilities), java-1.8.0-openjdk (OL6: multiple vulnerabilities), and openssl (OL7; OL6: multiple vulnerabilities).

Scientific Linux has updated java-1.7.0-openjdk (SL6,7; SL5: multiple vulnerabilities), java-1.8.0-openjdk (SL6: multiple vulnerabilities), and openssl (SL6,7: multiple vulnerabilities).

Slackware has updated samba (privilege escalation).

SUSE has updated bind (SLE12: denial of service).

Cory Doctorow Rejoins EFF to Eradicate DRM Everywhere

Tuesday 20th of January 2015 10:52:31 PM
The Electronic Frontier Foundation has announced that Cory Doctorow has rejoined the organization "to battle the pervasive use of dangerous digital rights management (DRM) technologies that threaten users' security and privacy, distort markets, confiscate public rights, and undermine innovation."

Shuttleworth: Smart things powered by snappy Ubuntu Core on ARM and x86

Tuesday 20th of January 2015 10:05:44 PM
Mark Shuttleworth takes a look at Ubuntu and the Internet of Things. "Ubuntu is right at the heart of the “internet thing” revolution, and so we are in a good position to raise the bar for security and consistency across the whole ecosystem. Ubuntu is already pervasive on devices – you’ve probably seen lots of “Ubuntu in the wild” stories, from self-driving cars to space programs and robots and the occasional airport display. I’m excited that we can help underpin the next wave of innovation while also thoughtful about the responsibility that entails. So today we’re launching snappy Ubuntu Core on a wide range of boards, chips and chipsets, because the snappy system and Ubuntu Core are perfect for distributed, connected devices that need security updates for the OS and applications but also need to be completely reliable and self-healing. Snappy is much better than package dependencies for robust, distributed devices."

Tuesday's security updates

Tuesday 20th of January 2015 06:00:57 PM

Debian has updated icedove (multiple vulnerabilities).

Debian-LTS has updated tomcat6 (exception on empty XML attributes).

Mageia has updated binutils (multiple vulnerabilities), coreutils (code execution), elfutils (directory traversal), file (denial of service), iceape (multiple vulnerabilities), moodle (multiple vulnerabilities), and otrs (privilege escalation).

SUSE has updated libpng16 (SLE12: two vulnerabilities).

Ubuntu has updated thunderbird (14.10, 14.04, 12.04: multiple vulnerabilities).

PSF 2014 Year in Review

Monday 19th of January 2015 09:08:33 PM
The Python Software Foundation begins a review of 2014. "2014 was an eventful year for the Python community, and so we thought a brief rundown of highlights from last year should put us all in the right frame of mind to make 2015 an equally, or even more, productive year. There was so much activity in 2014, that it will take the next couple of blog posts to cover it all, so today's post will focus on membership growth, PSF funding, and conferences."

Linux.conf.au 2015 videos

Monday 19th of January 2015 09:07:39 PM
Videos from linux.conf.au 2015 have been posted to YouTube.

Kernel prepatch 3.19-rc5

Monday 19th of January 2015 05:59:02 PM
On January 18, Linus Torvalds released the fifth prepatch for Linux 3.19. Things are not calming down quite the way he would like and rc5 is larger than rc4, but: "That said, it's not like there is anything particularly scary in here. The arm64 vm bug that I mentioned as pending in the rc4 notes got fixed within a day of that previous rc release, and the rest looks pretty standard. Mostly drivers (networking, usb, scsi target, block layer, mmc, tty etc), but also arch updates (arm, x86, s390 and some tiny powerpc fixes), some filesystem updates (fuse and nfs), tracing fixes, and some perf tooling fixes."

Security advisories for Monday

Monday 19th of January 2015 05:37:21 PM

Debian has updated lsyncd (command injection) and xdg-utils (command execution).

Debian-LTS has updated ia32-libs (multiple vulnerabilities).

Fedora has updated elfutils (F21: directory traversal), gd (F21: denial of service), libhtp (F21; F20: denial of service), thunderbird (F21: multiple vulnerabilities), and xen (F21; F20: denial of service).

Mageia has updated firefox, thunderbird (multiple vulnerabilities) and python-django, python-django14 (multiple vulnerabilities).

Mandriva has updated kernel (multiple vulnerabilities).

openSUSE has updated firefox (13.2; 13.1: multiple vulnerabilities), openstack-dashboard (13.1: multiple vulnerabilities), and vsftpd (13.2, 13.1: unspecified vulnerability).

Slackware has updated freetype (code execution), firefox (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and seamonkey (multiple vulnerabilities).

SUSE has updated firefox (SLE12: multiple vulnerabilities).

Ubuntu has updated libevent (14.10, 14.04, 12.04, 10.04: denial of service), libssh (14.10, 14.04, 12.04: denial of service), and rpm (14.10, 14.04, 12.04: code execution).

Taylor: gnome-battery-bench

Friday 16th of January 2015 10:36:36 PM
On his blog, Owen Taylor introduces gnome-battery-bench, which is a tool to measure power usage that should help lengthen battery life on Linux systems. It can smooth out the somewhat jumpy numbers reported by powertop and provide graphical feedback of parameters like power usage and estimated battery life remaining. "gnome-battery-bench is designed as a graphical application because I want to encourage people to explore with it and find out interactively what is using power on their system. And graphing is also useful so that the user can see when something is going wrong with the measurement; sometimes batteries will report data that jumps around. But there’s also a command line version that can be used for automatic scripting of benchmarks. I decided to use recorded sequences of events for a couple of reasons: first, it’s easy for anybody to create new test sequences – you just run the gnome-battery-bench command line tool in record mode and do what you want to test. Second, playing back event sequences at a low level simulates user interaction very accurately. There is little CPU overhead, and as far as the desktop is concerned it’s exactly like user input."

Stable kernels 3.18.3, 3.14.29, and 3.10.65

Friday 16th of January 2015 06:45:54 PM
Greg Kroah-Hartman has released the 3.18.3, 3.14.29, and 3.10.65 stable kernels. As usual, there are fixes in various places throughout the tree and users should upgrade.

Friday's security updates

Friday 16th of January 2015 03:23:10 PM

Debian has updated rpm (two code execution flaws).

Debian-LTS has updated curl (HTTP request injection).

openSUSE has updated flash-player (13.2, 13.1: multiple vulnerabilities), flashplayer (11.4: multiple vulnerabilities), and util-linux (13.2, 13.1: code execution).

SUSE has updated flash-player (SLE11SP3; SLE12: multiple vulnerabilities) and kernel (SLE12: multiple vulnerabilities, one from 2013).

More in Tux Machines

Dell updates Linux-powered Developer Edition portables with M3800 monster

This morning, Dell has announced that their Developer Edition line of Linux-powered laptops is getting a pretty significant revamp. In addition to an upgraded XPS-13 Developer Edition based on Dell’s 2015 XPS-13 refresh, the line is adding a piece of workstation-class hardware: the Dell Precision M3800 mobile workstation, Developer Edition. Read more

China-Based Android Developer APUS Lands $100M For New Services And Global Focus

APUS Group, a seven-month-old Chinese company that develops Android utility apps for the global market, has confirmed that it has raised $100 million in new funding. The company’s Series B round, word of which got out in China earlier this month, will be used to develop new services and grow its reach in global markets like the U.S., Brazil, India and Russia. The round was led by Chengwei Capital, SIG and Qiming Venture Partners, with participation from existing investors Redpoint Ventures and Northern Light Venture. This new funding takes APUS — which is not yet monetizing its services — to $116 million in venture money so far. Read more