Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 54 min ago

Friday's security updates

4 hours 2 min ago

CentOS has updated php (C6; C7: multiple vulnerabilities), php53 (C5: multiple vulnerabilities), and wget (C6; C7: code execution).

Debian has updated kernel (multiple vulnerabilities).

Fedora has updated sddm (F21: multiple vulnerabilities).

Mageia has updated file (denial of service) and dokuwiki (multiple vulnerabilities).

Oracle has updated kernel (O5; O6; O6; O7: multiple vulnerabilities), php (O6; O7: multiple vulnerabilities), php53 (O5: multiple vulnerabilities), and wget (O6; O7: code execution).

Red Hat has updated kernel (RHEL6: multiple vulnerabilities), php (RHEL6,7: multiple vulnerabilities), php53 (RHEL5: multiple vulnerabilities), php54-php (SC1: multiple vulnerabilities), php55-php (SC1: multiple vulnerabilities), and wget (RHEL6,7: code execution).

Ubuntu has updated kernel (14.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), and wget (code execution).

KVM Matures, and the Use Cases Multiply (Linux.com)

Thursday 30th of October 2014 07:41:34 PM
Over at Linux.com, Adam Jollans has a report from the recently completed KVM Forum that was held in Düsseldorf, Germany October 14-16. He looks at a talk that he gave on KVM's relationship to OpenStack and the open cloud, a new white paper on KVM [PDF], and a panel on network function virtualization (NFV): "In the past, communications networks have been built with specific routers, switches and hubs with the configuration of all the components being manual and complex. The idea now is to take that network function, put it into software running on standard hardware. The discussion touched on the demands – in terms of latency, throughput, and packet jitter – that network function virtualization places on KVM when it is being run on general purpose hardware and used to support high data volume. There was a lively discussion about how to get fast communication between the virtual machines as well as issues such as performance and sharing memory, as attendees drilled down into how KVM could be applied in new ways."

Stable kernels 3.17.2, 3.16.7, 3.14.23, and 3.10.59

Thursday 30th of October 2014 05:04:56 PM
Greg Kroah-Hartman has announced the release of four new stable kernels: 3.17.2, 3.16.7, 3.14.23, and 3.10.59. As always, they contain important fixes and users of those series should update. Note that 3.16.7 is the last stable kernel in the 3.16 series; users should upgrade to 3.17 soon.

Security advisories for Thursday

Thursday 30th of October 2014 03:11:49 PM

Debian has updated dokuwiki (multiple vulnerabilities).

Red Hat has updated v8314-v8 (i.e. V8) (SC1: multiple vulnerabilities, several from 2013).

Slackware has updated wget (code execution).

Ubuntu has updated php5 (multiple vulnerabilities) and systemd-shim (14.10: denial of service).

[$] LWN.net Weekly Edition for October 30, 2014

Thursday 30th of October 2014 12:53:55 AM
The LWN.net Weekly Edition for October 30, 2014 is available.

A "highly critical public service announcement" from Drupal

Wednesday 29th of October 2014 08:03:30 PM
The Drupal project has put out an advisory that if you haven't already patched the recent SQL injection vulnerability, it's probably too late. "Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement."

Security advisories for Wednesday

Wednesday 29th of October 2014 04:27:48 PM

CentOS has updated kernel (C7: multiple vulnerabilities).

Debian has updated iceweasel (multiple vulnerabilities).

Fedora has updated file (F20: out-of-bounds read flaw), seamonkey (F20: multiple vulnerabilities), webkitgtk3 (F20: disable SSLv3 to address POODLE), and wpa_supplicant (F20: command execution).

Mageia has updated kde4 (MG4: multiple vulnerabilities), konversation (information disclosure), mythtv (SSDP reflection attacks), php-ZendFramework (multiple vulnerabilities), quassel (information disclosure), and zabbix (local file inclusion).

Mandriva has updated wget (symlink attack) and wpa_supplicant (command execution).

openSUSE has updated openssl (13.1, 12.3: multiple vulnerabilities) and libxml2 (13.1, 12.3: denial of service).

Oracle has updated kernel (OL7: multiple vulnerabilities).

Red Hat has updated kernel (RHEL7: multiple vulnerabilities).

[$] A Debian init system GR flurry

Wednesday 29th of October 2014 02:28:27 PM
One might have hoped that that Debian systemd debate would have wound down several months ago, after the technical committee decided the default init system question and especially after Matthew Vernon's general resolution on init system choice was withdrawn due to a lack of seconds. The Debian community, it seemed, was tired of this discussion and ready to move on. Given a few months to rest, though, even old, tiresome subjects can once again seem worthy of discussion. So now we have a return of the init system choice resolution — along with three alternatives of varying scope.

Release for CentOS-6.6 i386 and x86_64

Tuesday 28th of October 2014 07:38:19 PM
CentOS 6.6 has been released. "There are many fundamental changes in this release, compared with the past CentOS-6 releases, and we highly recommend everyone study the upstream Release Notes as well as the upstream Technical Notes about the changes and how they might impact your installation. (See the 'Further Reading' section of the [CentOS release notes])."

Tuesday's security updates

Tuesday 28th of October 2014 06:00:38 PM

Debian has updated torque (denial of service).

Fedora has updated devscripts (F20: directory traversal), drupal7 (F20; F19: SQL injection), kernel (F20: multiple vulnerabilities), kernel (F20: more KVM vulnerabilities), php (F19: three vulnerabilities), php-ZendFramework2 (F20: multiple vulnerabilities), phpMyAdmin (F20: cross-site scripting), python (F19: buffer overflow), python-oauth2 (F20; F19: two vulnerabilities), rubygem-httpclient (F20; F19: allows ssl negotiation), and sddm (F20: multiple vulnerabilities).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), nginx (virtual host confusion attacks), php (three vulnerabilities), qemu (MG4: multiple vulnerabilities), wget (symlink attack), and wpa_supplicant, hostapd (command execution).

Mandriva has updated mariadb (multiple vulnerabilities).

openSUSE has updated flash-player (multiple vulnerabilities) and perl-Email-Address (denial of service).

Ubuntu has updated pidgin (14.10, 14.04, 12.04: multiple vulnerabilities).

First Jessie based Debian Edu alpha released

Tuesday 28th of October 2014 02:27:03 PM
The first alpha release of Debian Edu (also known as Skolelinux) is available for testing. "Would you like to give your school's computer a longer life? Are you tired of sneaker administration, running from computer to computer reinstalling the operating system? Would you like to administrate all the computers in your school using only a couple of hours every week? Check out Debian Edu Jessie!"

The Canonical Distribution of Ubuntu OpenStack

Tuesday 28th of October 2014 02:23:45 PM
Canonical has announced a new OpenStack-oriented distribution. "Based on Canonical’s industry-leading OpenStack reference architecture and building on Ubuntu’s leading position as the most widely used OpenStack platform, the Canonical Distribution gives users the widest range of commercially-supported vendor options for storage, software-defined networking and hypervisor from Canonical and its OpenStack partners. It then automates the creation and management of a reference OpenStack based on those choices."

Note that some conditions apply: "The Canonical Distribution of Ubuntu OpenStack is now available as a public beta, free for up to 10 physical and 10 virtual machines." See this page for more information.

Season of KDE 2014

Monday 27th of October 2014 07:57:44 PM
The Season of KDE is a community outreach program, much like Google Summer of Code. "It is meant for people who could not get into Google Summer of Code for various reasons, or people who simply prefer a differently structured, somewhat less constrained program. Season of KDE is managed by the same team of admins and mentors that takes care of Google Summer of Code and Google Code-in matters for KDE, with the same level of quality and care." The student application deadline is October 31. The mentor application deadline is November 5.

SUSE Linux Enterprise 12 Now Available

Monday 27th of October 2014 05:50:47 PM
SUSE has announced the release of SUSE Linux Enterprise 12. "New products based on SUSE Linux Enterprise 12 feature enhancements that more readily enable system uptime, improve operational efficiency and accelerate innovation. The foundation for all SUSE data center operating systems and extensions, SUSE Linux Enterprise meets the performance requirements of data centers with mixed IT environments, while reducing the risk of technological obsolescence and vendor lock-in." SUSE Linux Enterprise Server is available for x86_64, IBM Power Systems, and IBM System z.

Security advisories for Monday

Monday 27th of October 2014 03:33:48 PM

Debian has updated libtasn1-3 (multiple vulnerabilities) and libxml2 (denial of service).

Fedora has updated sysklogd (F20; F19: denial of service).

Mageia has updated drupal (SQL injection), firefox, thunderbird (multiple vulnerabilities), java-1.7.0-openjdk (multiple vulnerabilities), mariadb (multiple vulnerabilities), and pidgin (multiple vulnerabilities).

Ubuntu has updated libxml2 (14.04, 12.04, 10.04: denial of service).

Qubes OS release 2 available

Monday 27th of October 2014 01:09:09 PM
Release 2 of the Qubes OS secure desktop system is available. The biggest change, perhaps, is support for "fully virtualized AppVMs"; these allow running any operating system in a fully virtualized mode under Qubes. Other additions include secure audio input to AppVMs (allowing Skype to be run in a sandbox, evidently), policy control over the clipboard, an improved secure backup infrastructure, improved hardware support, and more.

Kernel prepatch 3.18-rc2

Monday 27th of October 2014 10:11:04 AM
The second 3.18 prepatch is available for testing. "I had hoped that the rc1 release would mean that a few stragglers would quickly surface, and then the rest of the rc would be more normal. But no, I had straggling merge-window pull requests come in all week, and rc2 is bigger than I'd like." Perhaps the most significant of those requests was for the overlayfs union filesystem, which has finally been merged after years of trying.

Taiga, a new open source project management tool with focus on usability (Opensource.com)

Friday 24th of October 2014 07:50:18 PM
Opensource.com takes a look at the Taiga project management tool. "It started with the team at Kaleidos, a Madrid-based company that builds software for both large corporations and startups. Though much of their time is spent working for clients, several times a year they break off for their own Personal Innovation Weeks (ΠWEEK). These are weeklong hack-a-thons dedicated to personal improvement and prototyping internal ideas of all sorts. While there, they unanimously decided to solve the biggest of their own problems: project management. Taiga was born, and by early 2014, the team at Kaleidos was already using Taiga for all their internal projects. Taiga Agile, LLC was formed in February 2014 to give the project a formal structure, and the source code was made available at GitHub."

Friday's security advisories

Friday 24th of October 2014 04:51:43 PM

Debian has updated pidgin (multiple vulnerabilities).

Mageia has updated ctags (denial of service), ejabberd (incorrectly allows unencrypted connections), iceape (multiple vulnerabilities), libxml2 (denial of service), lua (code execution), openssl (multiple vulnerabilities), and phpmyadmin (cross-site scripting).

Mandriva has updated ctags (denial of service), ejabberd (incorrectly allows unencrypted connections), java-1.7.0-openjdk (multiple vulnerabilities), libxml2 (denial of service), lua (code execution), openssl (multiple vulnerabilities), and phpmyadmin (cross-site scripting).

Red Hat has updated kernel (RHEL6.5: denial of service).

Ubuntu has updated openjdk-7 (14.10: multiple vulnerabilities).

openSUSE Factory and Tumbleweed to merge

Friday 24th of October 2014 01:13:35 PM
The openSUSE project has announced that the "Factory" and "Tumbleweed" distributions will merge into a single rolling distribution (called "Tumbleweed"). There is also an FAQ posting about the merger. "With the vast improvements to the Factory development process over the last 2 years, we effectively found ourselves as a project with not one, but two rolling release distributions in addition to our main regular release distribution. GregKH signalled his intention to stop maintaining Tumbleweed as a 'rolling-released based on the current release'. It seemed a natural decision then to bring both the Factory rolling release and Tumbleweed rolling release together, so we can consolidate our efforts and make openSUSE's single rolling release as stable and effective as possible."

More in Tux Machines

GNOME 3.15.1

GNOME development continues apace; here is the first snapshot of the GNOME 3.15 development cycle, the 3.15.1 release. To compile GNOME 3.15.1, you can use the jhbuild [1] modulesets [2] (which use the exact tarball versions from the official release). [1] http://library.gnome.org/devel/jhbuild/ [2] http://download.gnome.org/teams/releng/3.15.1/ The release notes that describe the changes between 3.14.1 and 3.15.1 are available. Go read them to learn what's new in this release: core - http://download.gnome.org/core/3.15/3.15.1/NEWS apps - http://download.gnome.org/apps/3.15/3.15.1/NEWS The GNOME 3.15.1 release is available here: core sources - http://download.gnome.org/core/3.15/3.15.1 apps sources - http://download.gnome.org/apps/3.15/3.15.1 Read more

GSmartControl Review – Read SMART Data and Test Your Drives

GSmartControl is an application that allows users to check the health of the drives with the help of the SMART data. It's not a unique application and there are others that can do this job, but it's always a good thing to have alternatives. Read more

Xine Media Player Review – Powerful but Outdated

Xine is both an open source multimedia playback engine and a video playback application that's been around for a very long time. The number of people using this application has diminished, and there are few maintained third-party apps that are based on this engine. We'll take a closer look at the application to see why this is happening. Read more

Wine Announcement

The Wine development release 1.7.30 is now available. What's new in this release (see below for details): - More support for fonts in DirectWrite. - Improved ATL thunk support. - A few more C runtime functions. - Regedit import/export fixes. - Various bug fixes. Read more