Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 6 hours 5 min ago

Software Freedom Conservancy Launches 2015 Fundraiser

7 hours 52 min ago
Software Freedom Conservancy has announced a major fundraising effort. "Pointing to the difficulty of relying on corporate funding while pursuing important but controversial issues, like GPL compliance, Conservancy has structured its fundraiser to increase individual support. The organization needs at least 750 annual Supporters to continue its basic community services and 2500 to avoid hibernating its enforcement efforts. If Conservancy does not meet its goals, it will be forced to radically restructure and wind down a substantial portion of its operations."

Security advisories for Wednesday

7 hours 52 min ago

Debian has updated libcommons-collections3-java (unsanitized input data) and symfony (two vulnerabilities).

Debian-LTS has updated putty (memory corruption).

Fedora has updated grub2 (F23: Secure Boot circumvention), krb5 (F21: multiple vulnerabilities), libpng10 (F23; F22; F21: two vulnerabilities), sblim-sfcb (F23; F22; F21: denial of service), and wpa_supplicant (F22: denial of service).

Slackware has updated pcre (code execution).

SUSE has updated linux-3.12.32 (SLELP12: two vulnerabilities), linux-3.12.36 (SLELP12: two vulnerabilities), linux-3.12.38 (SLELP12: two vulnerabilities), linux-3.12.39 (SLELP12: two vulnerabilities), linux-3.12.43 (SLELP12: two vulnerabilities), linux-3.12.44 (SLELP12: two vulnerabilities), and linux-3.12.44 (SLELP12: two vulnerabilities).

Ubuntu has updated icedtea-web (15.10, 15.04, 14.04: applet execution) and python-django (15.10, 15.04, 14.04, 12.04: information disclosure).

[$] A journal for MD/RAID5

Tuesday 24th of November 2015 09:48:12 PM
RAID5 support in the MD driver has been part of mainline Linux since 2.4.0 was released in early 2001. During this time it has been used widely by hobbyists and small installations, but there has been little evidence of any impact on the larger or "enterprise" sites. Anecdotal evidence suggests that such sites are usually happier with so-called "hardware RAID" configurations where a purpose-built computer, whether attached by PCI or fibre channel or similar, is dedicated to managing the array. This situation could begin to change with the 4.4 kernel, which brings some enhancements to the MD driver that should make it more competitive with hardware-RAID controllers.

Security updates for Tuesday

Tuesday 24th of November 2015 06:12:17 PM

Debian-LTS has updated openjdk-6 (multiple vulnerabilities).

Fedora has updated libsndfile (F22; F21: buffer overflow), mingw-freeimage (F23; F22: integer overflow), rpm (F23: denial of service), wpa_supplicant (F21: denial of service), and zarafa (F21: two vulnerabilities, one from 2012).

Oracle has updated autofs (OL7: privilege escalation), binutils (OL7: multiple vulnerabilities), chrony (OL7: multiple vulnerabilities), cpio (OL7: denial of service), cups-filters (OL7: multiple vulnerabilities), curl (OL7: multiple vulnerabilities), file (OL7: multiple vulnerabilities), grep (OL7: heap buffer overrun), grub2 (OL7: Secure Boot circumvention), krb5 (OL7: two vulnerabilities), libreport (OL6: data leak), libssh2 (OL7: information leak), net-snmp (OL7: denial of service), netcf (OL7: denial of service), ntp (OL7: multiple vulnerabilities), openhpi (OL7: world writable /var/lib/openhpi directory), openldap (OL7: unintended cipher usage), openssh (OL7: two vulnerabilities), python (OL7: multiple vulnerabilities), rest (OL7: denial of service), rubygem-bundler and rubygem-thor (OL7: installs malicious gem files), squid (OL7: certificate validation bypass), unbound (OL7: denial of service), wireshark (OL7: multiple vulnerabilities), and xfsprogs (OL7: information disclosure).

Scientific Linux has updated libreport (SL6: data leak).

SUSE has updated firefox (SLES10SP4: multiple vulnerabilities).

Red Hat Enterprise Linux 7.2

Monday 23rd of November 2015 08:34:03 PM
Red Hat has announced the release of Red Hat Enterprise Linux 7.2. "New features and capabilities focus on security, networking, and system administration, along with a continued emphasis on enterprise-ready tooling for the development and deployment of Linux container-based applications. In addition, Red Hat Enterprise Linux 7.2 includes compatibility with the new Red Hat Insights, an add-on operational analytics offering designed to increase IT efficiency and reduce downtime through the proactive identification of known risks and technical issues."

Security advisories for Monday

Monday 23rd of November 2015 05:42:06 PM

Debian has updated openjdk-7 (unspecified vulnerability).

Fedora has updated cyrus-imapd (F21: largely unspecified), gdm (F23: denial of service), jenkins (F23: multiple vulnerabilities), jenkins-remoting (F23: multiple vulnerabilities), kernel (F21: multiple vulnerabilities), libpng (F23: denial of service), m2crypto (F21: denial of service), pdns (F21: denial of service), perl-IPTables-Parse (F21: predictable temporary file names), postgresql (F22: two vulnerabilities), python-rauth (F23: unspecified vulnerability), and xen (F23; F22; F21: denial of service).

openSUSE has updated Chromium (SUSE Package Hub for SLE12; Leap42.1, 13.2, 13.1: information leak), docker (Leap42.1: two vulnerabilities), and miniupnpc (Leap42.1, 13.2, 13.1: code execution).

Red Hat has updated abrt, libreport (RHEL7: multiple vulnerabilities), java-1.6.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm (RHEL5: multiple vulnerabilities), java-1.7.1-ibm (RHEL6,7: multiple vulnerabilities), java-1.8.0-ibm (RHEL7: multiple vulnerabilities), and libreport (RHEL6: data leak).

Gräßlin: Looking at the security of Plasma/Wayland

Monday 23rd of November 2015 03:44:56 PM
Martin Gräßlin looks at the security of the Plasma desktop running under Wayland; it's better than X11, but with some ground yet to cover. "Now imagine you want to write a key logger in a Plasma/Wayland world. How would you do it? I asked myself this question recently, thought about it, found a possible solution and had a key logger in less than 10 minutes: ouch."

GIMP is 20 Years Old, What’s Next? (Libre Graphics World)

Monday 23rd of November 2015 03:19:07 PM
This Libre Graphics World article looks at the challenges faced by the 20-year-old GIMP project. "If you've been following GIMP's progress over recent years, you couldn't help yourself noticing the decreasing activity in terms of both commits (a rather lousy metric) and amount of participants (a more sensible one). 'GIMP is dying', say some. 'GIMP developers are slacking', say others. 'You've got to go for crowdfunding' is yet another popular notion. And no matter what, there's always a few whitebearded folks who would blame the team for not going with changes from the FilmGIMP branch. So what's actually going on and what's the outlook for the project?"

Kernel prepatch 4.4-rc2

Monday 23rd of November 2015 02:54:50 PM
The second 4.4 prepatch is out for testing. Linus says: "Things are looking fairly normal in 4.4-land, with no huge surprises in rc2. There were a couple of late features: parisc hugepage support and some late slub bulk allocator patches were not only merged at the end of the week, but they strictly speaking should have been merge window things."

Poettering: Introducing sd-event

Friday 20th of November 2015 09:33:50 PM
Lennart Poettering introduces the sd-event API for the implementation of event loops. "sd-event.h, of course, is not the first event loop API around, and it doesn't implement any really novel concepts. When we started working on it we tried to do our homework, and checked the various existing event loop APIs, maybe looking for candidates to adopt instead of doing our own, and to learn about the strengths and weaknesses of the various implementations existing. Ultimately, we found no implementation that could deliver what we needed, or where it would be easy to add the missing bits: as usual in the systemd project, we wanted something that allows us access to all the Linux-specific bits, instead of limiting itself to the least common denominator of UNIX."

Friday's security updates

Friday 20th of November 2015 05:42:41 PM

Debian has updated lxc (code execution).

Debian-LTS has updated nspr (code execution).

Mageia has updated dovecot (M5: denial of service), gcc (M5: predictable random values), kernel (M5: multiple vulnerabilities), latex2rtf (M5: code execution), libpng/libpng12 (M5: denial of service), and uglify-js (M5: malicious code obfuscation).

openSUSE has updated krb5 (13.1, 13.2: memory corruption) and libksba (13.1, 13.2: denial of service).

Red Hat has updated autofs (RHEL7: privilege escalation), binutils (RHEL7: multiple vulnerabilities), chrony (RHEL7: multiple vulnerabilities), cpio (RHEL7: code execution), cups-filters (RHEL7: multiple vulnerabilities), curl (RHEL7: multiple vulnerabilities), file (RHEL7: multiple vulnerabilities), glibc (RHEL7: multiple vulnerabilities; RHEL7: privilege escalation), grep (RHEL7: heap buffer overrun), grub2 (RHEL7: Secure Boot circumvention), kernel (RHEL7: multiple vulnerabilities), kernel-rt (RHEL7: multiple vulnerabilities), krb5 (RHEL7: multiple vulnerabilities), libssh2 (RHEL7: denial of service), net-snmp (RHEL7: denial of service), netcf (RHEL7: denial of service), NetworkManager (RHEL7: multiple vulnerabilities), ntp (RHEL7: multiple vulnerabilities), openhpi (RHEL7: world writable /var/lib/openhpi directory), openldap (RHEL7: unintended cipher usage), openssh (RHEL7: multiple vulnerabilities), pacemaker (RHEL7: privilege escalation), pcs (RHEL7: denial of service), python (RHEL7: multiple vulnerabilities), realmd (RHEL7: unsanitized input), rest (RHEL7: denial of service), rubygem-bundler, rubygem-thor (RHEL7: code execution), squid (RHEL7: certificate validation bypass), sssd (RHEL7: memory leak), tigervnc (RHEL7: multiple vulnerabilities), unbound (RHEL7: denial of service), wireshark (RHEL7: multiple vulnerabilities), and xfsprogs (RHEL7: information leak).

Ubuntu has updated libpng (multiple vulnerabilities).

Garrett: If it's not practical to redistribute free software, it's not free software in practice

Friday 20th of November 2015 03:43:22 PM
Matthew Garrett continues his campaign against Canonical's "intellectual property rights policy". "The reality is that if Debian had had an identical policy in 2004, Ubuntu wouldn't exist. The effort required to strip all Debian trademarks from the source packages would have been immense, and this would have had to be repeated for every release. While this policy is in place, nobody's going to be able to take Ubuntu and build something better."

Pitivi 0.95 released

Friday 20th of November 2015 03:26:59 PM
The Pitivi 0.95 release is out, bringing a lot of changes to this longstanding video editor project. "This one packs a lot of bugfixes and architectural work to further stabilize the GES backend. In this blog post, I’ll give you an overview of the new and interesting stuff this release brings, coming out from a year of hard work. It’s pretty epic and you’re in for a few surprises, so I suggest listening to this song while you’re reading this blog post."

Detectify: Chrome Extensions – AKA Total Absence of Privacy

Friday 20th of November 2015 03:23:26 PM
The "Detectify Labs" site has put up a lengthy analysis of the user tracking taking place in many Chrome browser extensions. "Google, claiming that Chrome is the safest web browser out there, is actually making it very simple for extensions to hide how aggressively they are tracking their users. We have also discovered exactly how intrusive this sort of tracking actually is and how these tracking companies actually do a lot of things trying to hide it. Due to the fact that the gathering of data is made inside an extension, all other extensions created to prevent tracking (such as Ghostery) are completely bypassed." At the end they note that the situation with Firefox is not a whole lot better.

Nmap 7 released

Friday 20th of November 2015 03:11:29 PM
Version 7 of the Nmap security scanner has been released. "It is the product of three and a half years of work, nearly 3200 code commits, and more than a dozen point releases since the big Nmap 6 release in May 2012. Nmap turned 18 years old in September this year and celebrates its birthday with 171 new NSE scripts, expanded IPv6 support, world-class SSL/TLS analysis, and more user-requested features than ever."

Langridge: No UI is some UI

Thursday 19th of November 2015 11:01:23 PM

At his blog, Stuart Langridge takes issue with a recent Medium post by Tony Aubé titled No UI is the New UI. Aubé's premise is that "invisible" applications—those that use text-messaging or voice-recognition rather than on-screen interfaces—are the future of UI design. Langridge, however, contends that "until very recently, and honestly pretty much still, a computer can’t understand the nuance of language. So 'use language to control computers' meant 'learn the computer’s language', not 'the computer learns yours'." More to the point, "understanding you is laughably incomplete and is obviously the core of the problem, although explaining one’s ideas and being understood by people is also the core problem of civilisation and we haven’t cracked that one yet either." There is less reason to be optimistic about language-based interfaces, he concludes: "I will say that point-and-grunt is not a very sophisticated way of communicating, but it may be all that technology can currently understand."

Thursday's security updates

Thursday 19th of November 2015 05:00:52 PM

CentOS has updated java-1.6.0-openjdk (C6; C5; C7: multiple vulnerabilities) and postgresql (C6; C7: multiple vulnerabilities).

Debian has updated libpng (multiple vulnerabilities).

Debian-LTS has updated strongswan (authentication bypass).

Fedora has updated kernel (F23; F22: ), krb5 (F22: multiple vulnerabilities), m2crypto (F23; F22: denial of service), monitorix (F23; F22: multiple vulnerabilities), perl-IPTables-Parse (F23; F22: predictable temporary file names), python-django (F23: multiple vulnerabilities), and rpcbind (F22: denial of service).

openSUSE has updated xscreensaver (13.1, 13.2, Leap 42.1: denial of service).

Oracle has updated java-1.6.0-openjdk (O7; O6; O5: multiple vulnerabilities) and postgresql (O7; O6: multiple vulnerabilities).

Red Hat has updated java-1.6.0-openjdk (RHEL 5,6,7: multiple vulnerabilities), postgresql (RHEL 6; RHEL 7: multiple vulnerabilities), postgresql92-postgresql (RHSC 2: multiple vulnerabilities), and rh-postgresql94-postgresql (RHSC 2: multiple vulnerabilities).

Scientific Linux has updated java-1.6.0-openjdk (multiple vulnerabilities) and postgresql (SL6; SL7: multiple vulnerabilities).

Ubuntu has updated nvidia-graphics-drivers-352, nvidia-graphics-drivers-352-updates (privilege escalation).

[$] Weekly Edition for November 19, 2015

Thursday 19th of November 2015 02:13:23 AM
The Weekly Edition for November 19, 2015 is available.

Hiring Open Source Maintainers is Key to Stable Software Supply Chain (

Thursday 19th of November 2015 12:36:55 AM
Brian Warner talks about why Samsung has an open-source group in this article. "If you want the full economic and technical benefit of consuming open source, you hire people who are already influential in the projects that matter to you. You then ask them to continue doing exactly what they do: write great code, manage great releases, and contribute to the overall stability of the project. This is the single best way to ensure stability and predictability in your software supply chain."

Security advisories for Wednesday

Wednesday 18th of November 2015 05:17:23 PM

Arch Linux has updated jenkins (multiple vulnerabilities).

Debian-LTS has updated libpng (multiple vulnerabilities) and openafs (multiple vulnerabilities).

Fedora has updated cyrus-imapd (F22: information disclosure) and pdns (F22: denial of service).

openSUSE has updated dracut (13.2: unspecified vulnerability) and putty (Leap42.1, 13.2, 13.1: memory corruption).

Red Hat has updated nss, nss-util, nspr (RHEL6.2, 6.4, 6.5, 6.6: code execution).

Ubuntu has updated lxcfs (15.10, 15.04: privilege escalation).

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Today in Techrights Roy Schestowitz 26/11/2015 - 12:36am
Story openSUSE Leap 42.1 + Cinnamon, XFCE, or Budgie = GeckoLinux sb56637 25/11/2015 - 10:43pm
Story GOL, Phoronix on Graphics Roy Schestowitz 25/11/2015 - 10:00pm
Story Supporting Software Freedom Conservancy Roy Schestowitz 25/11/2015 - 9:59pm
Story Leftovers: OSS Roy Schestowitz 25/11/2015 - 9:47pm
Story today's howtos Roy Schestowitz 25/11/2015 - 9:42pm
Story Ubuntu 16.04 LTS Continues To Focus On The Linux 4.4 Kernel Roy Schestowitz 25/11/2015 - 8:36pm
Story Will Steam Machine Solve Linux’s Gaming Woes? Roy Schestowitz 25/11/2015 - 8:19pm
Story Solus Is Getting Its Own UEFI Boot Loader Forked from gummiboot Rianne Schestowitz 25/11/2015 - 7:45pm
Story Yorba Group, Developers of Geary and Shotwell, Is No Longer Active Rianne Schestowitz 25/11/2015 - 7:43pm