Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 2 hours 22 min ago

Slackware 14.2

6 hours 43 min ago
Slackware Linux Project has announced the release of Slackware version 14.2. "Slackware 14.2 brings many updates and enhancements, among which you'll find two of the most advanced desktop environments available today: Xfce 4.12.1, a fast and lightweight but visually appealing and easy to use desktop environment, and KDE 4.14.21 (KDE 4.14.3 with kdelibs-4.14.21) a stable release of the 4.14.x series of the award- winning KDE desktop environment. These desktops utilize eudev, udisks, and udisks2, and many of the specifications from which allow the system administrator to grant use of various hardware devices according to users' group membership so that they will be able to use items such as USB flash sticks, USB cameras that appear like USB storage, portable hard drives, CD and DVD media, MP3 players, and more, all without requiring sudo, the mount or umount command. Just plug and play. Slackware's desktop should be suitable for any level of Linux experience." See the release notes for more details.

Rails 5.0 is available

7 hours 6 min ago

Rails 5.0 has been released. The announcement highlights two new features, the Action Cable framework for handling WebSockets and an "API mode" for interfacing with client-side JavaScript. Development of the latter feature is ongoing; progress can be tracked in the JSONAPI::Resources repository. There are quite a few other new features to be found in the update as well; the release announcement provides links to detailed ChangeLogs for various subprojects.

Friday's security updates

15 hours 6 min ago

Debian-LTS has updated libvirt (authentication bypass), qemu (multiple vulnerabilities), qemu-kvm (multiple vulnerabilities), roundcube (cross-site scripting), wget (code execution), and wireshark (multiple vulnerabilities).

Fedora has updated kernel (F24: multiple vulnerabilities), python-django-horizon (F23: cross-site scripting), python3 (F24: StartTLS stripping), squidGuard (F22; F23; F24: cross-site scripting), struts (F23; F24: multiple vulnerabilities), and wordpress (F22; F23; F24: multiple vulnerabilities).

SUSE has updated kernel (SLE11; SLE12; SLE12 GA: multiple vulnerabilities).

Ubuntu has updated oxide-qt (14.04, 15.10, 16.04: multiple vulnerabilities).

Linux Mint 18 Cinnamon and MATE editions released

Thursday 30th of June 2016 11:59:44 PM
Linux Mint 18 has been released with Cinnamon and MATE editions. "Linux Mint 18 is a long term support release which will be supported until 2021. It comes with updated software and brings refinements and many new features to make your desktop even more comfortable to use." The MATE edition has MATE 1.14 along with many other updates listed on the What's New page. The Cinnamon edition has Cinnamon 3.0 (which we recently reviewed) and lots of other new packages described on its What's New page. The release notes pages (MATE, Cinnamon) also have important information on the releases.

Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption (Bits Please)

Thursday 30th of June 2016 08:14:59 PM
The "Bits Please" blog has a detailed description of how one breaks full-disk encryption on an Android phone. Included therein is a lot of information on how full-disk encryption works on Android devices and its inherent limitations. "Instead of creating a scheme which directly uses the hardware key without ever divulging it to software or firmware, the code above performs the encryption and validation of the key blobs using keys which are directly available to the TrustZone software! Note that the keys are also constant - they are directly derived from the SHK (which is fused into the hardware) and from two 'hard-coded' strings. Let's take a moment to explore some of the implications of this finding."

etcd 3.0 released

Thursday 30th of June 2016 08:03:06 PM
CoreOS has announced the availability of version 3.0 of the etcd distributed key-value store. "etcd 3.0 marks the first stable release of the etcd3 API and data model. Upgrades are simple, because the same etcd2 JSON endpoints and internal cluster protocol are still provided in etcd3. Nevertheless, etcd3 is a wholesale API redesign based on feedback from etcd2 users and experience with scaling etcd2 in practice. This post highlights some notable etcd3 improvements in efficiency, reliability, and concurrency control."

Security updates for Thursday

Thursday 30th of June 2016 02:52:35 PM

Debian has updated libcommons-fileupload-java (denial of service), libreoffice (code execution), tomcat8 (multiple vulnerabilities, some from 2015), and xerces-c (denial of service).

Debian-LTS has updated libgd2 (denial of service), php5 (multiple vulnerabilities), and xerces-c (denial of service).

Fedora has updated setroubleshoot (F23; F22: code execution) and xguest (F23: insecure password creation).

Ubuntu has updated libreoffice (16.04, 15.10, 12.04: code execution).

[$] Weekly Edition for June 30, 2016

Thursday 30th of June 2016 01:51:57 AM
The Weekly Edition for June 30, 2016 is available.

[$] Networking without an operating system

Wednesday 29th of June 2016 07:35:23 PM
At last year's PyCon in Montréal, Josh Triplett introduced the work he and others have done to port Python to run in the GRUB boot loader. At this year's PyCon in Portland, Oregon, he updated attendees on progress that has been made in the BIOS Implementation Test Suite (BITS) to add networking support. True to form, his presentation came with an eye-opening demonstration of the networking implemented in BITS.

Security advisories for Wednesday

Wednesday 29th of June 2016 03:06:29 PM

Fedora has updated haproxy (F24: denial of service) and xguest (F24: insecure password creation).

openSUSE has updated phpMyAdmin (Leap42.1, 13.2; 13.1: multiple vulnerabilities).

SUSE has updated kvm (SLES11-SP3: multiple vulnerabilities) and qemu (SLE12-SP1: multiple vulnerabilities).

PulseAudio 9.0 is out

Wednesday 29th of June 2016 01:58:53 PM
The PulseAudio 9.0 release is out. Changes include improvements to automatic routing, beamforming support, use of the Linux memfd mechanism for transport, higher sample-rate support, and more; see the release notes for details.

See also: this article from Arun Raghavan on how the beamforming feature works. "The basic idea is that if you have a number of microphones (a mic array) in some known arrangement, it is possible to 'point' or steer the array in a particular direction, so sounds coming from that direction are made louder, while sounds from other directions are rendered softer (attenuated)."

[$] How many -stable patches introduce new bugs?

Tuesday 28th of June 2016 10:37:12 PM
The -stable kernel release process faces a contradictory set of constraints. Developers naturally want to get as many fixes into -stable as possible but, at the same time, there is a strong desire to avoid introducing new regressions there. Each -stable release is, after all, intended to be more stable than its predecessor. At times there have been complaints that -stable is too accepting and too prone to regressions, but not many specifics. But, it turns out, this is an area where at least a little bit of objective research can be done.

GitHub's 2015 Transparency Report

Tuesday 28th of June 2016 08:29:07 PM
GitHub has published its 2015 transparency report. "This 2015 report details the types of requests we receive for user accounts, user content, information about our users, and other such information, and how we process those requests. Transparency and trust are essential to GitHub and to the open source community, and giving you access to information about these requests can protect you, protect us, and help you feel safe as you work on GitHub." The report notes that a significant number of requests for removal of content are notices submitted under the Digital Millennium Copyright Act, or the DMCA.

Tuesday's security advisories

Tuesday 28th of June 2016 04:09:49 PM

Debian has updated kernel (multiple vulnerabilities).

Debian-LTS has updated movabletype-opensource (SQL injection) and spice (information disclosure).

Fedora has updated drupal7 (F23; F22: privilege escalation), gd (F24: three vulnerabilities), krb5 (F24: buffer overflow), nodejs (F24: unspecified), and phpMyAdmin (F24: multiple vulnerabilities).

Gentoo has updated icedtea-bin (multiple vulnerabilities) and kwalletd (misuse of crypto).

openSUSE has updated rsync (13.2: unsafe destination path).

SUSE has updated firefox, nss, nspr (SLE12-SP1: multiple vulnerabilities) and kernel (SLE12-SP1; SLE12: multiple vulnerabilities).

Ubuntu has updated kernel (16.04; 15.10; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), linux-lts-wily (14.04: multiple vulnerabilities), linux-lts-xenial (14.04: multiple vulnerabilities), linux-raspi2 (16.04; 15.10: multiple vulnerabilities), linux-snapdragon (16.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

Reding: What's new for Tegra in Linux v4.7

Monday 27th of June 2016 10:58:19 PM
Thierry Reding looks at Tegra support in Linux 4.7. "The XUSB driver has been under development for a ridiculously long time. One of the reasons is that it relies on the XUSB pad controller to configure its pins as required by the board design. The XUSB pad controller is very likely one of the least-intuitive pieces of hardware I've ever encountered, and the attempts to come up with a device tree binding to describe it have been very numerous. We did finally settle on something earlier this year and after the existing code was updated for the new binding, we're finally able to support super-speed USB on Tegra124 and later." (Thanks to Martin Michlmayr)

Project Triforce: Run AFL on Everything!

Monday 27th of June 2016 10:36:06 PM
The developers of "Project Triforce," an effort to run the "american fuzzy lop" fuzz-testing tool in a system-wide manner, have posted a detailed description of what they are up to. "AFL is an awesome tool. The power of an easy to use, feedback-driven fuzzer has produced an absolutely staggering number of bugs. Still, at first AFL required being able to build the executable, something sadly not available on a lot of targets. With the addition of AFL's qemu_mode, it became possible to fuzz binaries without source, exposing a whole new world of targets to AFL. I'd been on a number of Linux container engagements recently where we'd managed to escape through kernel exploits. I fell asleep one night to several AFL screens running, and I awoke suddenly with a crazy idea: 'Run AFL on the Linux Kernel.'"

Open Source Projects as part of MOSS “Mission Partners” Program

Monday 27th of June 2016 09:25:42 PM
The Mozilla blog has announced the first recipients of its Mozilla Open Source Support (MOSS) “Mission Partners” awards. "For many years people with visual impairments and the legally blind have paid a steep price to access the Web on Windows-based computers. The market-leading software for screen readers costs well over $1,000. The high price is a considerable obstacle to keeping the Web open and accessible to all. The NVDA Project has developed an open source screen reader that is free to download and to use, and which works well with Firefox. NVDA aligns with one of the Mozilla Manifesto’s principles: “The Internet is a global public resource that must remain open and accessible.”" The NVDA project received $15,000. Other award recipients include Tor, Tails, Caddy, Mio, DNSSEC/DANE Chain Stapling, Godot Engine, and PeARS. (Thanks to Paul Wise)

Security updates for Monday

Monday 27th of June 2016 05:33:49 PM

Arch Linux has updated chromium (multiple vulnerabilities), libdwarf (multiple vulnerabilities), libpurple (multiple vulnerabilities), phpmyadmin (multiple vulnerabilities), vlc (code execution), and xerces-c (code execution).

Debian has updated libpdfbox-java (XML External Entity (XXE) attacks).

Debian-LTS has updated gimp (use-after-free), java-common (OpenJDK 6 no longer supported), libcommons-fileupload-java (denial of service), mysql-connector-java (information disclosure), nss (denial of service), and tomcat7 (denial of service).

Fedora has updated drupal7 (F24: privilege escalation), mirrormanager (F24; F23; F22: unspecified), optipng (F23: code execution), python (F23: man-in-the-middle attack), and qemu (F24: multiple vulnerabilities).

Gentoo has updated claws-mail (multiple vulnerabilities), freexl (multiple vulnerabilities), hostapd (multiple vulnerabilities), imagemagick (multiple vulnerabilities), libssh (multiple vulnerabilities), plib (code execution from 2011), and sudo (privilege escalation).

openSUSE has updated libarchive (13.2: denial of service), libav (Leap42.1: two vulnerabilities), libtasn1 (Leap42.1: denial of service), libtorrent-rasterbar (13.1: denial of service), mariadb (Leap42.1: multiple vulnerabilities), p7zip (Leap42.1: code execution), php5 (Leap42.1: multiple vulnerabilities), and rsync (Leap42.1: unsafe destination path).

Oracle has updated kernel 2.6.32 (OL6; OL5: privilege escalation).

Red Hat has updated kernel-rt (RHEMRG2.5: multiple vulnerabilities).

Scientific Linux has updated kernel (SL7: two vulnerabilities).

Slackware has updated php (multiple vulnerabilities).

Kernel prepatch 4.7-rc5

Monday 27th of June 2016 02:57:09 AM
The 4.7-rc5 kernel prepatch is out. "I think things are calming down, although with almost two thirds of the commits coming in since Friday morning, it doesn't feel that way - my Fridays end up feeling very busy. But looking at the numbers, we're pretty much where we normally are at this time of the rc series."

A couple of unpleasant local kernel vulnerabilities

Saturday 25th of June 2016 03:17:26 PM
The just-released 4.6.3, 4.4.14, and 3.14.73 stable kernels contain a set of netfilter fixes that, it has just been disclosed, fix a couple of severe local privilege-escalation vulnerabilities. Anybody who is running a site with user and network namespaces enabled will want to update their kernels in short order. The fixes were originally committed into 4.6-rc2 in April with no comment regarding their implications.

More in Tux Machines

today's leftovers

  • Calamares 2.3 Installer Released
  • ANNOUNCE: libosinfo 0.3.1 released
    I am happy to announce a new release of libosinfo, version 0.3.1 is now available, signed with key DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF (4096R). All historical releases are available from the project download page.
  • There and Back Again: The MongoDB Cloud Story
    Before it was a database company, MongoDB was a cloud company. Founded in 2007 and originally known as 10gen, the company originally intended to build a Java cloud platform. After building a database it called MongoDB, the company realized that the infrastructure software it had built to support its product was more popular than the product itself, and the PaaS company pivoted to become a database company – eventually taking the obvious step of renaming itself to reflect its new purpose.
  • C++17: New Features Coming To 33-Year-Old Programming Language
    The C++17 standard is taking shape and adding new features to the vintage programming language. This major update aims to make C++ an easier language to work with and brings powerful technical specifications.
  • Clearing the Keystone Environment

GNU/Linux Leftovers

Red Hat Summit

  • Red Hat Summit Advocates the Power of Participation
    Red Hat hosted its annual Red Hat Summit customer event June 28-30 at the Moscone Center in San Francisco, with a theme of harnessing the power of participation. Once again, the DevNation developer event, which is the successor to JBoss World, was co-located with Red Hat Summit. For JBoss, 2016 is a particularly significant year as it marks 10 years since Red Hat acquired it. At DevNation, Red Hat announced the new JBoss Enterprise Application Platform (EAP) 7 release, providing new cloud-enhanced capabilities for Red Hat's flagship middleware platform. JBoss is now also working to help enable Java for the container era, with the launch of the MicroProfile Project, an effort to optimize enterprise Java for a microservices architecture. Java wasn't the only focus of DevNation this year either, as Microsoft took center stage too, announcing the availability of its .NET Core for Red Hat Enterprise Linux. In this slide show, eWEEK takes a look at some of the highlights of the Red Hat Summit and DevNation 2016 events.
  • How Red Hat is tailoring OpenStack to fit … everyone
    Even though there have been no major changes announced to the OpenStack platform of late, it was still one of the most talked about subjects at this year’s Red Hat Summit. Red Hat plays a significant role in the development of the platform and is very proud of its contribution to the community.
  • New technologies foster an open-source environment
    In 2007, when 3scale, Inc. was founded, some people thought it was crazy to be investing so much time and energy into API. But Steven Willmott, CEO of 3scale, Inc., said that even at that time his team knew that the future was API-driven, and they wanted to help that happen.

Leftovers: Gaming