Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 48 min ago

PSF: 2014 Year in Review, Part 2

8 hours 16 min ago
The Python Software Foundation wraps up its 2014 retrospective. "On the technical side, the Python language grew with the releases of Python 2.7.9, 3.3.5, 3.4, and, in August, 3.4.1. Major new features of the 3.4 series, compared to 3.3 include "hundreds of small improvements and bug fixes." Additionally, Python 3.4.1 has many more advantages."

Security advisories for Monday

12 hours 40 min ago

CentOS has updated jasper (C7: multiple vulnerabilities).

Debian has updated jasper (multiple vulnerabilities), mysql-5.5 (multiple vulnerabilities), polarssl (code execution), squid (denial of service), and websvn (information disclosure).

Debian-LTS has updated libevent (denial of service) and websvn (information disclosure).

Fedora has updated docker-io (F20: multiple vulnerabilities), grep (F21: heap buffer overrun), java-1.7.0-openjdk (F20: multiple vulnerabilities), java-1.8.0-openjdk (F21; F20: multiple vulnerabilities), kde-runtime (F20: misuse of crypto), kernel (F21: restriction bypass), python-django (F21: multiple vulnerabilities), and xdg-utils (F21: command injection).

Mageia has updated aircrack-ng (multiple vulnerabilities), chromium-browser-stable (multiple vulnerabilities), jasper (multiple vulnerabilities), and java-1.7.0-openjdk (multiple vulnerabilities).

openSUSE has updated Firefox (11.4: multiple vulnerabilities), libevent (13.2, 13.1: denial of service), openssl (13.2, 13.1: multiple vulnerabilities), shotwell, vala (13.2: heap buffer overflow), and thunderbird (13.2, 13.1: multiple vulnerabilities).

SUSE has updated flash-player (SLED11 SP3: unspecified vulnerability) and vsftpd (SLES11 SP3: unauthorized access).

Ubuntu has updated ghostscript (10.04: multiple vulnerabilities), jasper (14.10, 14.04, 12.04: multiple vulnerabilities), and unbound (14.10, 14.04: denial of service).

Kernel prepatch 3.19-rc6

22 hours 39 min ago
Linus has released the 3.19-rc6 kernel prepatch. "I currently expect to make an rc7 next week, with the final 3.19 in two weeks, as per the usual schedule."

New open source dependency manager on the scene (Opensource.com)

Friday 23rd of January 2015 11:38:21 PM

At Opensource.com, Jordi Mon introduces the biicode project, an open-source dependency-management system for C and C++ applications that is akin to Ruby Gems or the Python Package Index. It is a challenging goal, he says, "because there are approximately 4 million C/C++ developers, and both languages represent up to almost 20% of the world's code." The project was started as a proprietary service, and only recently transitioned into an open-source project.

Friday's security updates

Friday 23rd of January 2015 03:35:34 PM

CentOS has updated jasper (C6: multiple vulnerabilities).

openSUSE has updated dbus-1 (13.1, 13.2: multiple vulnerabilities), elfutils (13.1, 13.2: directory traversal), flash-player (13.1, 13.2: memory randomization circumvention), otrs (13.1, 13.2: authentication bypass), roundcubemail (13.2: cross-site request forgery), strongswan (13.1, 13.2: denial of service), and wireshark (13.1, 13.2: multiple vulnerabilities).

Oracle has updated jasper (O6; O7: multiple vulnerabilities).

Red Hat has updated jasper (RHEL6,7: multiple vulnerabilities), java-1.7.0-oracle (multiple vulnerabilities), and java-1.8.0-oracle (RHEL6: multiple vulnerabilities).

Scientific Linux has updated jasper (SL6,7: multiple vulnerabilities).

SUSE has updated flash-player (memory randomization circumvention) and rpm (SLE12: multiple vulnerabilities).

Ubuntu has updated elfutils (directory traversal), mysql-5.5 (12.04, 14.04, 14.10): multiple vulnerabilities, and samba (14.04, 14.10: privilege escalation).

A two-part series on LXC networking (Flockport Labs)

Thursday 22nd of January 2015 11:13:24 PM
Flockport Labs has a two-part "LXC networking superguide" that covers a bunch of LXC networking concepts, as well as practical ideas on connecting containers (Part1 and Part 2). Part 1 starts with an introduction to LXC networking, then moves into extending layer 2 to remote hosts using a layer 3 tunnel. Part 2 looks at using LXC containers as routers. "We are going to create a bridge on 2 remote hosts over their public IPs and connect the bridges with Ethernet over GRE or L2tpv3 so containers connecting to these bridges are on the same layer 2 network. We will first show you how to do this with Ethernet over GRE and then L2tpv3. The main difference is Ethernet over GRE is less well known while L2tpv3 is more widely used for l2 extension and uses UDP, and thus could be more flexible."

Thursday's security advisories

Thursday 22nd of January 2015 03:23:01 PM

Fedora has updated binutils (F21: two vulnerabilities), cross-binutils (F21; F20: multiple vulnerabilities), exiv2 (F21: denial of service), libsndfile (F21: code execution), and python-pillow (F21: denial of service).

Mageia has updated freeciv (code execution).

Oracle has updated java-1.7.0-openjdk (OL5: multiple vulnerabilities).

Red Hat has updated java-1.7.0-openjdk (RHEL6&7; RHEL5: multiple vulnerabilities), java-1.8.0-openjdk (RHEL6: multiple vulnerabilities), kernel (RHEL6.5: multiple vulnerabilities), and openssl (RHEL6&7: multiple vulnerabilities).

[$] LWN.net Weekly Edition for January 22, 2015

Thursday 22nd of January 2015 01:40:06 AM
The LWN.net Weekly Edition for January 22, 2015 is available.

Security advisories for Wednesday

Wednesday 21st of January 2015 06:19:22 PM

CentOS has updated java-1.7.0-openjdk (C7; C6; C5: multiple vulnerabilities), java-1.8.0-openjdk (C6: multiple vulnerabilities), and openssl (C7; C6: multiple vulnerabilities).

Debian has updated privoxy (use after free) and sympa (information disclosure).

Fedora has updated elfutils (F20: directory traversal), gd (F20: memory leak), libsndfile (F20: multiple vulnerabilities), and openssl (F20: multiple vulnerabilities).

Oracle has updated java-1.7.0-openjdk (OL7; OL6: multiple vulnerabilities), java-1.8.0-openjdk (OL6: multiple vulnerabilities), and openssl (OL7; OL6: multiple vulnerabilities).

Scientific Linux has updated java-1.7.0-openjdk (SL6,7; SL5: multiple vulnerabilities), java-1.8.0-openjdk (SL6: multiple vulnerabilities), and openssl (SL6,7: multiple vulnerabilities).

Slackware has updated samba (privilege escalation).

SUSE has updated bind (SLE12: denial of service).

Cory Doctorow Rejoins EFF to Eradicate DRM Everywhere

Tuesday 20th of January 2015 10:52:31 PM
The Electronic Frontier Foundation has announced that Cory Doctorow has rejoined the organization "to battle the pervasive use of dangerous digital rights management (DRM) technologies that threaten users' security and privacy, distort markets, confiscate public rights, and undermine innovation."

Shuttleworth: Smart things powered by snappy Ubuntu Core on ARM and x86

Tuesday 20th of January 2015 10:05:44 PM
Mark Shuttleworth takes a look at Ubuntu and the Internet of Things. "Ubuntu is right at the heart of the “internet thing” revolution, and so we are in a good position to raise the bar for security and consistency across the whole ecosystem. Ubuntu is already pervasive on devices – you’ve probably seen lots of “Ubuntu in the wild” stories, from self-driving cars to space programs and robots and the occasional airport display. I’m excited that we can help underpin the next wave of innovation while also thoughtful about the responsibility that entails. So today we’re launching snappy Ubuntu Core on a wide range of boards, chips and chipsets, because the snappy system and Ubuntu Core are perfect for distributed, connected devices that need security updates for the OS and applications but also need to be completely reliable and self-healing. Snappy is much better than package dependencies for robust, distributed devices."

Tuesday's security updates

Tuesday 20th of January 2015 06:00:57 PM

Debian has updated icedove (multiple vulnerabilities).

Debian-LTS has updated tomcat6 (exception on empty XML attributes).

Mageia has updated binutils (multiple vulnerabilities), coreutils (code execution), elfutils (directory traversal), file (denial of service), iceape (multiple vulnerabilities), moodle (multiple vulnerabilities), and otrs (privilege escalation).

SUSE has updated libpng16 (SLE12: two vulnerabilities).

Ubuntu has updated thunderbird (14.10, 14.04, 12.04: multiple vulnerabilities).

PSF 2014 Year in Review

Monday 19th of January 2015 09:08:33 PM
The Python Software Foundation begins a review of 2014. "2014 was an eventful year for the Python community, and so we thought a brief rundown of highlights from last year should put us all in the right frame of mind to make 2015 an equally, or even more, productive year. There was so much activity in 2014, that it will take the next couple of blog posts to cover it all, so today's post will focus on membership growth, PSF funding, and conferences."

Linux.conf.au 2015 videos

Monday 19th of January 2015 09:07:39 PM
Videos from linux.conf.au 2015 have been posted to YouTube.

Kernel prepatch 3.19-rc5

Monday 19th of January 2015 05:59:02 PM
On January 18, Linus Torvalds released the fifth prepatch for Linux 3.19. Things are not calming down quite the way he would like and rc5 is larger than rc4, but: "That said, it's not like there is anything particularly scary in here. The arm64 vm bug that I mentioned as pending in the rc4 notes got fixed within a day of that previous rc release, and the rest looks pretty standard. Mostly drivers (networking, usb, scsi target, block layer, mmc, tty etc), but also arch updates (arm, x86, s390 and some tiny powerpc fixes), some filesystem updates (fuse and nfs), tracing fixes, and some perf tooling fixes."

Security advisories for Monday

Monday 19th of January 2015 05:37:21 PM

Debian has updated lsyncd (command injection) and xdg-utils (command execution).

Debian-LTS has updated ia32-libs (multiple vulnerabilities).

Fedora has updated elfutils (F21: directory traversal), gd (F21: denial of service), libhtp (F21; F20: denial of service), thunderbird (F21: multiple vulnerabilities), and xen (F21; F20: denial of service).

Mageia has updated firefox, thunderbird (multiple vulnerabilities) and python-django, python-django14 (multiple vulnerabilities).

Mandriva has updated kernel (multiple vulnerabilities).

openSUSE has updated firefox (13.2; 13.1: multiple vulnerabilities), openstack-dashboard (13.1: multiple vulnerabilities), and vsftpd (13.2, 13.1: unspecified vulnerability).

Slackware has updated freetype (code execution), firefox (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and seamonkey (multiple vulnerabilities).

SUSE has updated firefox (SLE12: multiple vulnerabilities).

Ubuntu has updated libevent (14.10, 14.04, 12.04, 10.04: denial of service), libssh (14.10, 14.04, 12.04: denial of service), and rpm (14.10, 14.04, 12.04: code execution).

Taylor: gnome-battery-bench

Friday 16th of January 2015 10:36:36 PM
On his blog, Owen Taylor introduces gnome-battery-bench, which is a tool to measure power usage that should help lengthen battery life on Linux systems. It can smooth out the somewhat jumpy numbers reported by powertop and provide graphical feedback of parameters like power usage and estimated battery life remaining. "gnome-battery-bench is designed as a graphical application because I want to encourage people to explore with it and find out interactively what is using power on their system. And graphing is also useful so that the user can see when something is going wrong with the measurement; sometimes batteries will report data that jumps around. But there’s also a command line version that can be used for automatic scripting of benchmarks. I decided to use recorded sequences of events for a couple of reasons: first, it’s easy for anybody to create new test sequences – you just run the gnome-battery-bench command line tool in record mode and do what you want to test. Second, playing back event sequences at a low level simulates user interaction very accurately. There is little CPU overhead, and as far as the desktop is concerned it’s exactly like user input."

Stable kernels 3.18.3, 3.14.29, and 3.10.65

Friday 16th of January 2015 06:45:54 PM
Greg Kroah-Hartman has released the 3.18.3, 3.14.29, and 3.10.65 stable kernels. As usual, there are fixes in various places throughout the tree and users should upgrade.

Friday's security updates

Friday 16th of January 2015 03:23:10 PM

Debian has updated rpm (two code execution flaws).

Debian-LTS has updated curl (HTTP request injection).

openSUSE has updated flash-player (13.2, 13.1: multiple vulnerabilities), flashplayer (11.4: multiple vulnerabilities), and util-linux (13.2, 13.1: code execution).

SUSE has updated flash-player (SLE11SP3; SLE12: multiple vulnerabilities) and kernel (SLE12: multiple vulnerabilities, one from 2013).

[$] Eben Moglen returns to LCA

Thursday 15th of January 2015 09:08:24 PM
One of the defining moments of LCA 2005 was Eben Moglen's keynote, which was mostly focused on the dangers that software patents presented to our community. Ten years later, Eben returned to LCA for another keynote address. While he had some things to say about software patents, it is clear that Eben thinks that the largest threats to our community — and our freedom in general — come from elsewhere.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Linux chaps want to recycle your mobe as a supercomputer Rianne Schestowitz 27/01/2015 - 4:16am
Story Subsonic 5.1 Media Streamer Released, Install In Ubuntu/Linux Mint Mohd Sohail 27/01/2015 - 3:16am
Story GParted 0.21 Brings ReFS Detection, EXT4 For RHEL5, Reiser4 For Linux 3.x Rianne Schestowitz 27/01/2015 - 1:34am
Story Ubuntu Touch Apps Running in Unity Desktop – Video Rianne Schestowitz 27/01/2015 - 1:25am
Story Debian Forked: All for Devuan and Devuan for All? Rianne Schestowitz 27/01/2015 - 1:21am
Story Wireless-enabled i.MX6 SBC offers remote IoT management Rianne Schestowitz 27/01/2015 - 1:10am
Story Today in Techrights Roy Schestowitz 26/01/2015 - 11:10pm
Story Leftovers: Software Roy Schestowitz 26/01/2015 - 9:49pm
Story today's howtos Roy Schestowitz 26/01/2015 - 9:47pm
Story Evolve OS Is a Superb New OS Built from Scratch, First Beta Is Out – Gallery Roy Schestowitz 26/01/2015 - 9:33pm