Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 54 min 17 sec ago

LEDE v17.01.4 service release

8 hours 8 min ago
Version 17.01.4 of the LEDE router distribution is available with a number of important fixes. "While this release includes fixes for the bugs in the WPA Protocol disclosed earlier this week, these fixes do not fix the problem on the client-side. You still need to update all your client devices. As some client devices might never receive an update, an optional AP-side workaround was introduced in hostapd to complicate these attacks, slowing them down."

Apache OpenOffice 4.1.4 released

8 hours 29 min ago
The OpenOffice 4.1.4 release is finally available; see this article for some background on this release. The announcement is all bright and sunny, but a look at the August 16 Apache board minutes shows concern about the state of the project. Indeed, the OpenOffice project management committee was, according to these minutes, supposed to post an announcement about the state of the project; it would appear that has not yet happened.

Samsung to support Linux distributions on Galaxy handsets

9 hours 3 min ago
Here's a Samsung press release describing the company's move into the "run Linux on your phone" space. "Installed as an app, Linux on Galaxy gives smartphones the capability to run multiple operating systems, enabling developers to work with their preferred Linux-based distributions on their mobile devices. Whenever they need to use a function that is not available on the smartphone OS, users can simply switch to the app and run any program they need to in a Linux OS environment."

Ubuntu 17.10 (Artful Aardvark) released

9 hours 8 min ago
The Ubuntu 17.10 release is out. "Under the hood, there have been updates to many core packages, including a new 4.13-based kernel, glibc 2.26, gcc 7.2, and much more. Ubuntu Desktop has had a major overhaul, with the switch from Unity as our default desktop to GNOME3 and gnome-shell. Along with that, there are the usual incremental improvements, with newer versions of GTK and Qt, and updates to major packages like Firefox and LibreOffice." See the release notes for more information.

Security updates for Thursday

9 hours 10 min ago
Security updates have been issued by CentOS (wpa_supplicant), Debian (db, db4.7, db4.8, graphicsmagick, imagemagick, nss, and yadifa), Fedora (ImageMagick, rubygem-rmagick, and upx), Mageia (flash-player-plugin, libxfont, openvpn, ruby, webmin, and wireshark), openSUSE (cacti, git, and upx), Oracle (wpa_supplicant), Red Hat (kernel-rt, rh-nodejs4-nodejs-tough-cookie, rh-nodejs6-nodejs-tough-cookie, and wpa_supplicant), Scientific Linux (wpa_supplicant), and Slackware (libXres, wpa_supplicant, and xorg).

[$] LWN.net Weekly Edition for October 19, 2017

Thursday 19th of October 2017 01:20:51 AM
The LWN.net Weekly Edition for October 19, 2017 is available.

[$] KRACK, ROCA, and device insecurity

Wednesday 18th of October 2017 10:21:26 PM

Monday October 16 was not a particularly good day for those who are even remotely security conscious—or, in truth, even for those who aren't. Two separate security holes came to light; one probably affects almost all users of modern technology. The other is more esoteric at some level, but still serious. In both cases, the code in question is baked into various devices, which makes it more difficult to fix; in many cases, the devices in question may not even have a plausible path toward a fix. Encryption has been a boon for internet security, but both of these vulnerabilities have highlighted that there is more to security than simply cryptography.

Tips to Secure Your Network in the Wake of KRACK (Linux.com)

Wednesday 18th of October 2017 07:21:31 PM
Konstantin Ryabitsev argues on Linux.com that WiFi security is only a part of the problem. "Wi-Fi is merely the first link in a long chain of communication happening over channels that we should not trust. If I were to guess, the Wi-Fi router you’re using has probably not received a security update since the day it got put together. Worse, it probably came with default or easily guessable administrative credentials that were never changed. Unless you set up and configured that router yourself and you can remember the last time you updated its firmware, you should assume that it is now controlled by someone else and cannot be trusted."

[$] Achieving DisplayPort compliance

Wednesday 18th of October 2017 03:55:40 PM

At the X.Org Developers Conference, hosted by Google in Mountain View, CA September 20-22, Manasi Navare gave a talk about her journey learning about kernel graphics on the way to achieving DisplayPort (DP) compliance for Intel graphics devices. Making that work involved learning about DP, the kernel graphics subsystem, and how to do kernel development, as well. There were plenty of details to absorb, including the relatively new atomic mode setting support, the design of which was described in a two-part LWN article.

Ruiz: Fleet Commander: production ready!

Wednesday 18th of October 2017 03:34:18 PM
Alberto Ruiz announces that Fleet Commander is ready for production use. "Fleet Commander is an integrated solution for large Linux desktop deployments that provides a configuration management interface that is controlled centrally and that covers desktop, applications and network configuration. For people familiar with Group Policy Objects in Active Directory in Windows, it is very similar."

Stable kernel updates

Wednesday 18th of October 2017 03:33:13 PM
Greg Kroah-Hartman has released stable kernels 4.13.8, 4.9.57, 4.4.93, and 3.18.76. All of them contain important fixes and users should upgrade.

Security updates for Wednesday

Wednesday 18th of October 2017 03:27:17 PM
Security updates have been issued by Arch Linux (kernel, linux-hardened, and linux-zen), CentOS (wpa_supplicant), Debian (xorg-server), Fedora (selinux-policy), Gentoo (libarchive, nagios-core, ruby, and xen), openSUSE (wpa_supplicant), Oracle (wpa_supplicant), Red Hat (Red Hat Single Sign-On, rh-nodejs6-nodejs, rh-sso7-keycloak, and wpa_supplicant), Scientific Linux (wpa_supplicant), SUSE (git, wpa_supplicant, and xen), and Ubuntu (xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial).

ACME Support in Apache HTTP Server Project

Tuesday 17th of October 2017 06:37:58 PM
Let's Encrypt has announced that Automatic Certificate Management Environment (ACME) protocol support is being integrated into the Apache HTTP Server (httpd). "ACME support being built in to one of the world’s most popular Web servers, Apache httpd, is great because it means that deploying HTTPS will be even easier for millions of websites. It’s a huge step towards delivering the ideal certificate issuance and management experience to as many people as possible."

[$] A comparison of cryptographic keycards

Tuesday 17th of October 2017 03:33:22 PM
An earlier LWN article showed that private key storage is an important problem to solve in any cryptographic system and established keycards as a good way to store private key material offline. But which keycard should we use? This article examines the form factor, openness, and performance of four keycards to try to help readers choose the one that will fit their needs.


Security updates for Tuesday

Tuesday 17th of October 2017 03:22:39 PM
Security updates have been issued by Arch Linux (flashplugin, hostapd, lib32-flashplugin, and wpa_supplicant), Debian (sdl-image1.2), Fedora (curl, openvswitch, weechat, and wpa_supplicant), openSUSE (GraphicsMagick, kernel, mbedtls, and wireshark), Red Hat (flash-plugin), and Ubuntu (wpa).

Green: Falling through the KRACKs

Tuesday 17th of October 2017 01:19:24 PM
Matthew Green explores the origins of the KRACK vulnerability. "I don’t want to spend much time talking about KRACK itself, because the vulnerability is pretty straightforward. Instead, I want to talk about why this vulnerability continues to exist so many years after WPA was standardized. And separately, to answer a question: how did this attack slip through, despite the fact that the 802.11i handshake was formally proven secure?"

[$] Point releases for the GNU C Library

Monday 16th of October 2017 10:45:31 PM
The GNU C Library (glibc) project produces regular releases on an approximately six-month cadence. The current release is 2.26 from early August; the 2.27 release is expected at the beginning of February 2018. Unlike many other projects, though, glibc does not normally create point releases for important fixes between the major releases. The last point release from glibc was 2.14.1, which came out in 2011. A discussion on the need for a 2.26 point release led to questions about whether such releases have a useful place in the current software-development environment.

DragonFly BSD 5.0

Monday 16th of October 2017 08:43:18 PM
DragonFly BSD 5.0 has been released. "Preliminary HAMMER2 support has been released into the wild as-of the 5.0 release. This support is considered EXPERIMENTAL and should generally not yet be used for production machines and important data. The boot loader will support both UFS and HAMMER2 /boot. The installer will still use a UFS /boot even for a HAMMER2 installation because the /boot partition is typically very small and HAMMER2, like HAMMER1, does not instantly free space when files are deleted or replaced. DragonFly 5.0 has single-image HAMMER2 support, with live dedup (for cp's), compression, fast recovery, snapshot, and boot support. HAMMER2 does not yet support multi-volume or clustering, though commands for it exist. Please use non-clustered single images for now."

Millions of high-security crypto keys crippled by newly discovered flaw (Ars Technica)

Monday 16th of October 2017 03:21:04 PM
Ars Technica is reporting on a flaw in the RSA library developed by Infineon that drastically reduces the amount of work needed to discover a private key from its corresponding public key. This flaw, dubbed "ROCA", mainly affects key pairs that have been generated on keycards. "While all keys generated with the library are much weaker than they should be, it's not currently practical to factorize all of them. For example, 3072-bit and 4096-bit keys aren't practically factorable. But oddly enough, the theoretically stronger, longer 4096-bit key is much weaker than the 3072-bit key and may fall within the reach of a practical (although costly) factorization if the researchers' method improves. To spare time and cost, attackers can first test a public key to see if it's vulnerable to the attack. The test is inexpensive, requires less than 1 millisecond, and its creators believe it produces practically zero false positives and zero false negatives. The fingerprinting allows attackers to expend effort only on keys that are practically factorizable. The researchers have already used the method successfully to identify weak keys, and they have provided a tool here to test if a given key was generated using the faulty library. A blog post with more details is here."

Security updates for Monday

Monday 16th of October 2017 03:04:37 PM
Security updates have been issued by Debian (wpa), Fedora (perl, recode, and tor), Gentoo (elfutils, gnutls, graphite2, libtasn1, puppet-agent, shadow, and webkit-gtk), Mageia (pjproject, thunderbird, and weechat), and SUSE (kernel).