Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 58 min ago

Security updates for Monday

11 hours 59 min ago

Debian has updated libcrypto++ (information disclosure).

Debian-LTS has updated cacti (multiple vulnerabilities), libwmf (denial of service), and t1utils (code execution).

Fedora has updated kernel (F22: denial of service).

openSUSE has updated roundcubemail (13.2: two vulnerabilities).

Scientific Linux has updated kvm (SL5: code execution).

SUSE has updated java-1_7_0-ibm (SLE11SP3: multiple vulnerabilities) and Xen (SLES11SP2; SLES11SP1: multiple vulnerabilities).

Valve: Introducing SteamOS "brewmaster"

Friday 26th of June 2015 09:17:17 PM

Valve has announced the first preview release of its forthcoming SteamOS update. The new release is based on Debian 8.1 with long-term support kernel 3.18; there are downloadable builds linked to in the announcement for both UEFI and legacy BIOS systems. There appear to be few user-visible differences between the new release and the current SteamOS so far, though; the announcement notes: "Although there are a lot of changes under the covers, the overall functionality and experience of brewmaster is the same as alchemist."

Friday's security updates

Friday 26th of June 2015 03:14:03 PM

CentOS has updated kvm (C5: code execution).

Debian-LTS has updated librack-ruby (denial of service) and libwmf (multiple vulnerabilities).

openSUSE has updated flash-player (13.1, 13.2: code execution), chromium (13.1, 13.2: multiple vulnerabilities), and openssl (13.1, 13.2: multiple vulnerabilities).

Oracle has updated kvm (O5: code execution) and nss (O6; O7: cipher-downgrade attacks).

Red Hat has updated kernel (RHEL5: privilege escalation) and kvm (RHEL5: code execution).

Scientific Linux has updated kernel (SL7: multiple vulnerabilities) and mailman (SL7: code execution).

SUSE has updated compat-openssl098 (SLE12: multiple vulnerabilities), KVM (SLE11 SP3: multiple vulnerabilities), and openssl (SLE12: multiple vulnerabilities).

Ardour 4.1 released

Thursday 25th of June 2015 11:51:37 PM
Version 4.1 of the Ardour digital audio workstation software has been released. There are some new features in the release including input gain control, support for capture-only and playback-only devices, a real "Save As" option (with the old option being renamed to "Snapshot (& switch to new version)"), and allowing plugins to be reordered and meter positions to change without adding a click into the audio. There are also lots of user interface changes, including better High-DPI support. "This release contains several new features, both internally and in the user interface, and a slew of bug fixes worthy of your attention. Encouragingly, we also have one of our longest ever contributor lists for this release. We had hoped to be on a roughly monthly release cycle after the release of 4.0, but collaborations with other organizations delayed 4.1 by nearly a month."

Joint Statement from the UCC and KC

Thursday 25th of June 2015 10:34:18 PM
The Ubuntu Community Council (UCC) and Kubuntu Council (KC) have issued a joint statement regarding the conflict between Jonathan Riddell and the UCC. "We have mutually agreed that KDE is important to Ubuntu, and the Kubuntu Council believes that Ubuntu is important to the KDE community as well. Therefore we have a basis to work together on putting out a lovely Wily release. We recognize that there are honest and strong feelings about both the things that led up to the current controversy and the way that resolution of it was handled. Despite that, we would all like to move forward as best we can for the betterment of the Ubuntu project, including Kubuntu." LWN covered the controversy in late May.

Thursday's security updates

Thursday 25th of June 2015 03:05:28 PM

CentOS has updated nss (C7; C6: cipher downgrade) and nss-util (C7; C6: cipher downgrade).

Debian has updated cacti (three vulnerabilities).

Fedora has updated xen (F20: multiple vulnerabilities).

Oracle has updated kernel 2.6.39 (OL6; OL5: two vulnerabilities), kernel 3.8.13 (OL7; OL6: two vulnerabilities), and kernel 2.6.32 (OL6; OL5: two vulnerabilities)

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), flash-plugin (RHEL5&6: code execution), nss (RHEL6&7: cipher downgrade), php55-php (RHSC2: multiple vulnerabilities), and rh-php56-php (RHSC2: multiple vulnerabilities).

Scientific Linux has updated libreswan (SL7: denial of service) and php (SL7: multiple vulnerabilities).

SUSE has updated IBM Java (SLE10SP4: multiple vulnerabilities) and Java (SLE11SP2: multiple vulnerabilities).

Ubuntu has updated python2.7, python3.2, python3.4 (14.10, 14.04, 12.04: multiple vulnerabilities, some from 2013), tomcat6 (12.04: three vulnerabilities), and tomcat7 (15.04, 14.10, 14.04: multiple vulnerabilities).

[$] LWN.net Weekly Edition for June 25, 2015

Thursday 25th of June 2015 12:40:59 AM
The LWN.net Weekly Edition for June 25, 2015 is available.

[$] A report from PGCon 2015

Wednesday 24th of June 2015 05:14:26 PM
PGCon 2015, the PostgreSQL international developer conference, took place in Ottawa, Canada from June 16 to 20. This PGCon involved a change in format from prior editions, with a "developer unconference" in the two days before the main conference program. Both the conference and the unconference covered a wide range of topics, many of them related to horizontal or vertical scaling, or to new PostgreSQL features.

Subscribers can click below for a report from the conference from guest author Josh Berkus.

Security updates for Wednesday

Wednesday 24th of June 2015 04:58:08 PM

Arch Linux has updated flashplugin (code execution).

CentOS has updated kernel (C7: multiple vulnerabilities), libreswan (C7: denial of service), mailman (C7: path traversal attack), and php (C7: multiple vulnerabilities).

Debian has updated wireshark (denial of service).

Debian-LTS has updated zendframework (regression in previous update).

Fedora has updated curl (F22: information disclosure), libwmf (F21: code execution), openssl (F21: multiple vulnerabilities), and xen (F22; F21: multiple vulnerabilities).

Mageia has updated flash-player-plugin (multiple vulnerabilities).

openSUSE has updated cacti (13.2, 13.1: SQL injection), curl (13.2, 13.1: information disclosure), and libwmf (13.2; 13.1: code execution).

Oracle has updated kernel (OL7: multiple vulnerabilities), libreswan (OL7: denial of service), mailman (OL7: path traversal attack), and php (OL7: multiple vulnerabilities).

SUSE has updated flash-player (SLED12: code execution).

Red Hat Announces Winners of Women in Open Source Awards

Tuesday 23rd of June 2015 10:19:01 PM
Red Hat has announced the winners of its Women in Open Source Awards. The Academic Award goes to Kesha Shah, a student at Dhirubhai Ambani Institute of Information and Communication Technology, and the Community Award goes to Sarah Sharp, embedded software architect at Intel. Opensource.com has interviews with both women.

Kesha Shah: "Last year, I was a mentor in Season of KDE and GCI again, with BRLCAD and KDE. Now, I am currently working on testing automation of Ushahidi with Systers, an Anita Borg community, as a part of GSoC. During my journey, I had seen several of my peers enter the domain, succeed, and fail in equal measure. So, I took up the challenge of mentoring newbies. One of my biggest achievements is that I have personally guided about 20-22 newbies into the world of open source through mentoring programs like GCI, SoK, Learn IT girls, and through conducting hands-on workshops and enlightening talks on open source. Those efforts converted them to regular contributors."

Sarah Sharp: "My second proudest moment is the very first round when the Linux kernel participated in the Outreach Program for Women (now called Outreachy). A lot of kernel maintainers complained about how newcomers would send them mangled patches, and grump about how the newcomers should really just RTFM and look at our patch submission guidelines. Of course, it turned out the manual was lacking or out of date, and there were a lot of steps to set up tools for Linux kernel development, so I spent a week and created a step-by-step tutorial. It was really gratifying to see those first applicants go through my tutorial and send well-formed patches. I've loved watching those interns move onto bigger projects, and even get hired to work on the Linux kernel, and I'm really proud I was able to help people get involved in Linux kernel development."

Stable kernel updates

Tuesday 23rd of June 2015 06:08:24 PM
Greg Kroah-Hartman has released stable kernels 4.0.6, 3.14.45, and 3.10.81. All of them contain important fixes throughout the tree.

Tuesday's security advisories

Tuesday 23rd of June 2015 05:10:29 PM

Arch Linux has updated curl (information disclosure).

Debian-LTS has updated postgresql-8.4 (denial of service).

Fedora has updated xorg-x11-server (F22: permission bypass).

Gentoo has updated chromium (multiple vulnerabilities) and gnutls (denial of service).

Red Hat has updated kernel (RHEL7: multiple vulnerabilities), kernel-rt (RHEL7; RHEMRG2.5: multiple vulnerabilities), libreswan (RHEL7: denial of service), mailman (RHEL7: path traversal attack), and php (RHEL7: multiple vulnerabilities).

SUSE has updated e2fsprogs (SLE11SP4: code execution).

Ubuntu has updated kernel (14.10; 14.04; 12.04: regression in previous update), linux-ti-omap4 (12.04: regression in previous update), linux-lts-trusty (12.04: regression in previous update), linux-lts-utopic (14.04: regression in previous update), and patch (14.10, 14.04, 12.04: multiple vulnerabilities).

The Open Container Project

Monday 22nd of June 2015 07:01:01 PM
The Open Container Project has announced its existence. "Housed under the Linux Foundation, the OCP’s mission is to enable users and companies to continue to innovate and develop container-based solutions, with confidence that their pre-existing development efforts will be protected and without industry fragmentation. As part of this initiative, Docker will donate the code for its software container format and its runtime, as well as the associated specifications. The leadership of the Application Container spec (“appc”) initiative, including founding member CoreOS, will also be bringing their technical leadership and support to OCP."

Security advisories for Monday

Monday 22nd of June 2015 05:20:55 PM

Debian has updated pyjwt (accepts arbitrary tokens).

Debian-LTS has updated libclamunrar (double-free error), qemu (code execution), qemu-kvm (code execution), and zendframework (multiple vulnerabilities).

Fedora has updated abrt (F22: multiple vulnerabilities), cups (F22; F21: two vulnerabilities), drupal7-views (F22; F21; F20: access bypass), gnome-abrt (F22: multiple vulnerabilities), kernel (F22; F21: privilege escalation), krb5 (F21: two vulnerabilities), libreport (F22: multiple vulnerabilities), openssl (F22: multiple vulnerabilities), postgresql (F22: multiple vulnerabilities), qemu (F21: denial of service), qpid-cpp (F21: two vulnerabilities), and satyr (F22: multiple vulnerabilities).

Gentoo has updated adobe-flash (multiple vulnerabilities) and openssl (multiple vulnerabilities).

openSUSE has updated cgit (13.2, 13.1: code execution), xen (13.2; 13.1: multiple vulnerabilities), and XWayland (13.2: permission bypass).

SUSE has updated IBM Java (SLE11SP3: multiple vulnerabilities).

The long ARM of Linux: Red Hat Enterprise Linux Server for ARM Development Preview (Red Hat Blog)

Monday 22nd of June 2015 04:51:44 PM
In a post on the Red Hat Blog, the company has announced a version of Red Hat Enterprise Linux (RHEL) for ARM development. "Today, we are making the Red Hat Enterprise Linux Server for ARM Development Preview 7.1 available to all current and future members of the Red Hat ARM Partner Early Access Program as well as their end users as an unsupported development platform, providing a common standards-based operating system for existing 64-bit ARM hardware. Beyond this release, we plan to continue collaborating with our partner ISVs and OEMs, end users, and the broader open source community to enhance and refine the platform to ultimately work with the next generation of ARM-based designs." Jon Masters, who is the technical lead for the project, has a lengthy Google+ post about the project and its history over the last 4+ years.

Three projects funded by CII

Monday 22nd of June 2015 02:40:22 PM
The Linux Foundation's Critical Infrastructure Initiative has announced the funding of three projects to the tune of "nearly $500,000." "CII's funds will support a new open source automated testing project, the Reproducible Builds initiative from Debian, and IT security researcher Hanno Boeck's Fuzzing Project. Additionally, The Linux Foundation is announcing Emily Ratliff is joining The Linux Foundation as senior director of infrastructure security for CII. Ratliff is a Linux, system and cloud security expert with more than 20 years' experience. Most recently she worked as a security engineer for AMD and logged nearly 15 years at IBM."

Shuttleworth: Introducing the Fan

Monday 22nd of June 2015 02:12:16 PM
Mark Shuttleworth announces "the Fan", a new mechanism for directing communications between containers. "We recognised that container networking is unusual, and quite unlike true software-defined networking, in that the number of containers you want on each host is probably roughly the same. You want to run a couple hundred containers on each VM. You also don’t (in the docker case) want to live migrate them around, you just kill them and start them again elsewhere. Essentially, what you need is an address multiplier – anywhere you have one interface, it would be handy to have 250 of them instead." See this page for details on how it works.

Mageia 5 released

Monday 22nd of June 2015 01:34:07 PM
The Mageia 5 release is now available. The headline feature in this long-awaited distribution release appears to be UEFI BIOS support, but there's more; see the release notes for details.

The 4.1 kernel is out

Monday 22nd of June 2015 12:47:46 PM
Linus has released the 4.1 kernel. "It's not like the 4.1 release cycle was particularly painful, and let's hope that the extra week of letting it sit makes for a great release. Which wouldn't be a bad thing, considering that 4.1 will also be a LTS release." Headline features in this release include support for encrypted ext4 filesystems, the persistent memory block driver, ACPI support for the ARM64 architecture, and more.

[$] Rebasing openSUSE

Friday 19th of June 2015 09:42:27 PM
The openSUSE project has often struggled with questions of identity: what is the distribution trying to be, and for who? From the 2010 strategy search through to the 2013 development-model discussions and the 2014 release-management questions, openSUSE's developers have tried to find a development approach that is both sustainable and appealing to a wider audience. In 2015, it appears that a partial success has been achieved, but that success is driving a new and controversial change.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Leftovers: KDE Software Roy Schestowitz 29/06/2015 - 11:19pm
Story Open source COM version of BeagleBone Black hits Kickstarter Rianne Schestowitz 29/06/2015 - 10:50pm
Story Aria2 Vs Wget – Choose your Download Manager linuxpitstop 29/06/2015 - 10:42pm
Story Intel Dominates The Perf Changes For Linux 4.2 Roy Schestowitz 29/06/2015 - 10:16pm
Story BeagleCore Open Source Internet Of Things Development Board (video) Roy Schestowitz 29/06/2015 - 10:03pm
Story Red Hat CEO Warns About Faux Open Source Roy Schestowitz 29/06/2015 - 9:58pm
Story Check the Ubuntu Touch Wish List for Apps and New Features Roy Schestowitz 29/06/2015 - 9:45pm
Story Finding the Right Enterprise SSD for Linux Machines Rianne Schestowitz 29/06/2015 - 9:32pm
Story A month with Fedora 22 leaves me hungry for 23 Roy Schestowitz 29/06/2015 - 9:30pm
Story Red Hat CEO Applies Open-Source Principles to Management [VIDEO] Rianne Schestowitz 29/06/2015 - 9:30pm