Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 23 min ago

Monday's security advisories

8 hours 8 min ago

Debian-LTS has updated gst-plugins-bad0.10 (two vulnerabilities), gst-plugins-base0.10 (two vulnerabilities), gst-plugins-good0.10 (two vulnerabilities), gst-plugins-ugly0.10 (two vulnerabilities), and wireshark (denial of service).

Fedora has updated bind (F24: denial of service), python-peewee (F25; F24: largely unspecified), sshrc (F25: unspecified), and zoneminder (F25; F24: information disclosure).

Gentoo has updated glibc (multiple vulnerabilities, most from 2014 and 2015), mupdf (three vulnerabilities), and ntfs3g (privilege escalation).

Mageia has updated gnutls (multiple vulnerabilities), gtk-vnc (two vulnerabilities), iceape (multiple vulnerabilities), jitsi (user spoofing), libarchive (denial of service), libgd (multiple vulnerabilities), lynx (URL spoofing), mariadb (multiple vulnerabilities, almost all unspecified), netpbm (multiple vulnerabilities), openjpeg2 (multiple vulnerabilities), tomcat (information disclosure), and viewvc (cross-site scripting).

openSUSE has updated chromium (42.2, 42.1: multiple vulnerabilities), firebird (42.2, 42.1: access restriction bypass), java-1_7_0-openjdk (42.2, 42.1: multiple vulnerabilities), mcabber (42.2: user spoofing), mupdf (42.2, 42.1: multiple vulnerabilities), open-vm-tools (42.1: CVE with no description from 2015), opus (42.2, 42.1: code execution), tiff (42.2, 42.1: code execution), and vim (42.1: code execution).

Red Hat has updated openssl (RHEL7&6: two vulnerabilities).

Scientific Linux has updated openssl (SL7&6: two vulnerabilities).

SUSE has updated kernel (SLE12: denial of service) and kernel (SLE11: multiple vulnerabilities, some from 2004, 2012, and 2015).

Ubuntu has updated python-crypto (16.10, 16.04, 14.04: regression in previous update).

The 4.10 kernel has been released

Sunday 19th of February 2017 11:23:05 PM
Linus has released the 4.10 kernel. "On the whole, 4.10 didn't end up as small as it initially looked. After the huge release that was 4.9, I expected things to be pretty quiet, but it ended up very much a fairly average release by modern kernel standards." Features of note in this release include some long-awaited writeback throttling work, the ability to attach a BPF network filter to a control group, encryption in UBIFS filesystems, Intel cache-allocation technology support, and more. See the KernelNewbies 4.10 page for lots of details.

Stable kernels 4.9.11 and 4.4.50

Sunday 19th of February 2017 04:56:55 PM
The 4.9.11 and 4.4.50 stable kernel updates are available; each contains the usual set of important fixes.

SystemTap 3.1 has been released

Friday 17th of February 2017 09:43:55 PM
The SystemTap team has announced the 3.1 release of the tool that allows extracting performance and debugging information at runtime from the kernel as well as various user-space programs. New features include support for adding probes to Python 2 and 3 functions, Java probes now convert all parameters to strings before passing them to probes, a new @variance() statistical operator has been added, new sample scripts have been added, and more.

Security updates for Friday

Friday 17th of February 2017 03:59:18 PM

Arch Linux has updated diffoscope (file overwrite), flashplugin (multiple vulnerabilities), and lib32-flashplugin (multiple vulnerabilities).

Debian has updated spice (two vulnerabilities).

Debian-LTS has updated spice (two vulnerabilities).

Gentoo has updated imagemagick (multiple vulnerabilities).

openSUSE has updated expat (42.2, 42.1: two vulnerabilities, one from 2012), guile (42.2, 42.1: information disclosure), libgit2 (42.2: multiple vulnerabilities), mariadb (42.2, 42.1: multiple vulnerabilities), mysql-community-server (42.1: multiple vulnerabilities), openssl (42.2; 42.1: multiple vulnerabilities), and postfixadmin (42.2, 42.1: security bypass).

SUSE has updated java-1_7_0-openjdk (SLE12: multiple vulnerabilities).

Ubuntu has updated bind9 (denial of service), python-crypto (16.10, 16.04, 14.04: code execution), and webkit2gtk (16.10, 16.04: multiple vulnerabilities).

Go 1.8 released

Thursday 16th of February 2017 11:08:19 PM
The Go team has announced the release of Go 1.8. "The compiler back end introduced in Go 1.7 for 64-bit x86 is now used on all architectures, and those architectures should see significant performance improvements. For instance, the CPU time required by our benchmark programs was reduced by 20-30% on 32-bit ARM systems. There are also some modest performance improvements in this release for 64-bit x86 systems. The compiler and linker have been made faster. Compile times should be improved by about 15% over Go 1.7. There is still more work to be done in this area: expect faster compilation speeds in future releases." See the release notes for more details.

Thursday's security updates

Thursday 16th of February 2017 03:18:35 PM

Arch Linux has updated gvim (code execution) and vim (code execution).

Red Hat has updated openstack-cinder, openstack-glance, and openstack-nova (OSP7.0: denial of service from 2015).

SUSE has updated kernel (SLE12: many vulnerabilities, some from 2015 and 2014).

Ubuntu has updated libgc (code execution) and openjdk-6 (12.04: multiple vulnerabilities).

Top 10 FOSS legal stories in 2016 (opensource.com)

Thursday 16th of February 2017 01:47:16 PM
Mark Radcliffe surveys the most important legal issues surrounding free and open-source software on opensource.com. "The challenge for the Linux community is to decide when to bring litigation to enforce the GPLv2. What it means in many situations is that to be compliant is currently left to individual contributors rather than being based on a set of community norms. As Theodore Ts'o noted, this issue really concerns project governance. Although permitting individual contributors to make these decisions may be the Platonic ideal, the tradeoff is ambiguity for users trying to be compliant as well as the potential for rogue members of the community (like McHardy) to create problems. The members of the Linux community and other FOSS communities need to consider how they can best assist the members of their community to understand what compliance means and to determine when litigation might be useful in furtherance of the community's goals."

[$] LWN.net Weekly Edition for February 16, 2017

Thursday 16th of February 2017 12:38:06 AM
The LWN.net Weekly Edition for February 16, 2017 is available.

TensorFlow 1.0 released

Wednesday 15th of February 2017 09:19:20 PM
The TensorFlow 1.0 release is available, bringing an API stability guarantee to this machine-learning library from Google. "TensorFlow 1.0 introduces a high-level API for TensorFlow, with tf.layers, tf.metrics, and tf.losses modules. We've also announced the inclusion of a new tf.keras module that provides full compatibility with Keras, another popular high-level neural networks library."

[$] This is why I drink: a discussion of Fedora's legal state

Wednesday 15th of February 2017 05:40:31 PM
Tom Callaway seems to be a very nice person who has been overclocked to about 140% normal human speed. In only 20 minutes he gave an interesting and highly-amusing talk that could have filled a 45-minute slot on the legal principles that underpin Fedora, how they got that way, and how they work out in practice.

Subscribers can click below for the full report from FOSDEM by guest author Tom Yates.

Stable kernel updates

Wednesday 15th of February 2017 05:31:13 PM
Greg KH has released stable kernels 4.9.10 and 4.4.49. Both contain the usual set of important fixes.

Wednesday's security updates

Wednesday 15th of February 2017 05:17:25 PM

CentOS has updated bind (C7: denial of service).

Debian has updated libevent (three vulnerabilities).

Debian-LTS has updated libevent (three vulnerabilities).

Fedora has updated lynx (F25: invalid URL parsing) and xen (F25: multiple vulnerabilities).

Oracle has updated bind (OL7: denial of service).

Red Hat has updated bind (RHEL7: denial of service), flash-plugin (RHEL6: multiple vulnerabilities), and kernel (RHEL7.1: code execution).

Scientific Linux has updated bind (SL7: denial of service).

SUSE has updated java-1_8_0-ibm (SLE12-SP1,2: multiple vulnerabilities) and kernel (SLE12-SP1: multiple vulnerabilities).

Ubuntu has updated php5 (14.04, 12.04: multiple vulnerabilities).

Linux champion Munich takes decisive step towards returning to Windows (TechRepublic)

Wednesday 15th of February 2017 01:35:31 PM
TechRepublic reports that the Munich, Germany city council has voted to begin the move back to proprietary desktop software. "Under a proposal backed by the general council, the administration will investigate how long it will take and how much it will cost to build a Windows 10 client for use by the city's employees. Once this work is complete, the council will vote again on whether to replace LiMux, a custom version of the Linux-based OS Ubuntu, across the authority from 2021."

Malcolm: Testing… Testing… GCC

Tuesday 14th of February 2017 08:03:08 PM
David Malcolm takes a look at the testing going into the upcoming GCC 7.0 release. "The other new approach is in unit-testing: GCC’s existing testing was almost all done by verifying the externally-visible behavior of the program, but we had very little direct coverage of specific implementation subsystems; this was done in a piecemeal fashion using testing plugins. To address this, I’ve added a unit-testing suite to GCC 7, which is run automatically during a non-release build. Compilers use many data structures, so the most obvious benefit is that we can directly test corner-cases in these. As a relative newcomer to the project, one of my “pain points” learning GCC’s internals was the custom garbage collector it uses to manage memory. So, I’m very happy that the test suite now has specific test coverage for various aspects of the collector, which should make the compiler more robust when handling very large input files."

Security updates for Tuesday

Tuesday 14th of February 2017 06:07:04 PM

CentOS has updated java-1.7.0-openjdk (C7; C6; C5: multiple vulnerabilities).

Debian has updated tomcat7 (denial of service), tomcat8 (denial of service), and vim (buffer overflow).

Debian-LTS has updated tomcat7 (denial of service).

Fedora has updated bind (F25: denial of service), kernel (F25; F24: two vulnerabilities), netpbm (F25: three vulnerabilities), tcpdump (F25: multiple vulnerabilities), vim (F25: buffer overflow), and w3m (F25: unspecified).

Gentoo has updated openssl (multiple vulnerabilities) and virtualbox (multiple vulnerabilities).

openSUSE has updated kernel (42.2; 42.1: multiple vulnerabilities).

Oracle has updated java-1.7.0-openjdk (OL7; OL6; OL5: multiple vulnerabilities).

[$] LEDE-17.01 is coming

Monday 13th of February 2017 06:58:17 PM
For some years, OpenWrt has arguably been the most active router-oriented distribution. Things changed in May of last year, though, when a group of OpenWrt developers split off to form the competing LEDE project. While the LEDE developers have been busy, the project has yet to make its first release. That situation is about to change, though, as evidenced by the LEDE v17.01.0-rc1 release candidate, which came out on February 1.

Monday's security advisories

Monday 13th of February 2017 06:09:15 PM

Arch Linux has updated ffmpeg (two vulnerabilities), kdenetwork-kopete (social engineering attacks), and webkit2gtk (multiple vulnerabilities).

Debian-LTS has updated openjdk-7 (multiple vulnerabilities) and vim (buffer overflow).

Fedora has updated epiphany (F24: password extraction sweep attack).

Gentoo has updated gnutls (multiple vulnerabilities), graphviz (multiple vulnerabilities from 2014), and lsyncd (command injection from 2014).

Mageia has updated audacious-plugins (multiple vulnerabilities), calibre (information leak), and nagios (two vulnerabilities).

openSUSE has updated irssi (42.2, 42.1: memory leak), libxml2 (42.2: three vulnerabilities), and tigervnc (42.2, 42.1: denial of service).

Oracle has updated kernel 3.8.13 (OL7; OL6: multiple vulnerabilities), kernel 2.6.39 (OL6; OL5: multiple vulnerabilities).

Red Hat has updated java-1.7.0-openjdk (RHEL5,6,7: multiple vulnerabilities).

Scientific Linux has updated java-1.7.0-openjdk (SL5,6,7: multiple vulnerabilities).

Slackware has updated bind (denial of service), openssl (three vulnerabilities), php (multiple vulnerabilities), and tcpdump (multiple vulnerabilities).

Kernel prepatch 4.10-rc8

Sunday 12th of February 2017 09:44:27 PM
Linus has released one more kernel prepatch, 4.10-rc8, rather than the final 4.10 release that had been expected. He said that 4.10 could have come out this week, but he thought better of it. "But I decided that there's also no huge overriding reason to do so (other than getting back to the usual "rc7 is the last rc" schedule, which would have been nice), and with travel coming up, I decided that I didn't really need to open the merge window. I've done merge windows during travel before, but I just prefer not to."

Sailfish OS 2.1.0 now available to early access for Jolla devices

Friday 10th of February 2017 08:40:38 PM
Sailfish OS 2.1.0 Iijoki has been released. "Iijoki brings major architectural changes to Sailfish OS by introducing Qt 5.6 UI framework, BlueZ 5 Bluetooth stack and basic implementations of 64-bit architecture. It also brings improvements to the camera software with faster shutter speeds, initial support for Virtual Private Networks (VPN), option to enlarge UI fonts to different levels and last but not least, a large number of bug and error fixes mostly reported by our community." The release notes contain additional details.

More in Tux Machines

Linux and Graphics

  • Linux Kernel 4.10 Now Available for Linux Lite Users, Here's How to Install It
    Minutes after the release of Linux kernel 4.10 last evening, Jerry Bezencon from the Linux Lite project announced that users of the Ubuntu-based distribution can now install it on their machines. Linux 4.10 is now the most advanced kernel branch for all Linux-based operating systems, and brings many exciting new features like virtual GPU support, better writeback management, eBPF hooks for cgroups, as well as Intel Cache Allocation Technology support for the L2/L3 caches of Intel processors.
  • Wacom's Intuos Pro To Be Supported By The Linux 4.11 Kernel
    Jiri Kosina submitted the HID updates today for the Linux 4.11 kernel cycle.
  • Mesa 13.0.5 Released for Linux Gamers with over 70 Improvements, Bug Fixes
    We reported the other day that Mesa 13.0.5 3D Graphics Library will be released this week, and it looks like Collabora's Emil Velikov announced it earlier this morning for all Linux gamers. Mesa 13.0.5 is a maintenance update to the Mesa 13.0 stable series of the open source graphics stack used by default in numerous, if not all GNU/Linux distributions, providing gamers with powerful drivers for their AMD Radeon, Nvidia, and Intel GPUs. It comes approximately three weeks after the Mesa 13.0.4 update.
  • mesa 13.0.5

Interview: Thomas Weissel Installing Plasma in Austrian Schools

With Plasma 5 having reached maturity for widespread use we are starting to see rollouts of it in large environments. Dot News interviewed the admin behind one such rollout in Austrian schools. Read more

today's leftovers

  • Top Lightweight Linux Distributions To Try In 2017
    Today I am going to discuss the top lightweight Linux distros you can try this year on your computer. Although you got yourself a prettyLinuxle linux already but there is always something new to try in Linux. Remember I recommend to try this distros in virtualbox firstly or with the live boot before messing with your system. All distro that I will mention here will be new and somewhat differ from regular distros.
  • [ANNOUNCE] linux-4.10-ck1 / MuQSS CPU scheduler 0.152
  • MSAA Compression Support For Intel's ANV Vulkan Driver
    Intel developer Jason Ekstrand posted a patch over the weekend for enabling MSAA compression support within the ANV Vulkan driver.
  • Highlights of YaST development sprint 31
    As we announced in the previous report, our 31th Scrum sprint was slightly shorter than the usual ones. But you would never say so looking to this blog post. We have a lot of things to talk you about!
  • Comparing Mobile Subscriber Data Across Different Sources - How accurate is the TomiAhonen Almanac every year?
    You’ll see that last spring I felt the world had 7.6 Billion total mobile subscriptions when machine-to-machine (M2M) connections are included. I felt the world had 7.2 Billion total subscriptions when excluding M2M and just counting those in use by humans. And the most relevant number (bottom line) is the ‘unique’ mobile users, which I felt was an even 5.0 Billion humans in 2015. The chart also has the total handsets-in-use statistic which I felt was 5.6 Billion at the end of 2015. Note that I was literally the first person to report on the distinction of the unique user count vs total subscriptions and I have been urging, nearly begging for the big industry giants to also measure that number. They are slowly joining in that count. Similarly to M2M, we also are now starting to see others report M2M counts. I have yet to see a major mobile statistical provider give a global count of devices in use. That will hopefully come also, soon. But lets examine these three numbers that we now do have other sources, a year later, to see did I know what I was doing.

Leftovers: Gaming