Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 2 hours 18 min ago

Stable kernels 4.2.3 and 4.1.10

Saturday 3rd of October 2015 03:24:41 PM
Greg Kroah-Hartman has released the 4.2.3 and 4.1.10 stable kernels. The fix for the deadlocks reported for 4.1.9 did not make it into 4.1.10. As usual, these stable kernels contain fixes throughout the tree.

Ad-blocking extension AdBlock sold to new owner

Friday 2nd of October 2015 11:00:48 PM

Many online media outlets are reporting the news that ownership of the popular ad-blocking browser extension AdBlock has been sold to a new owner. Not to be confused with similarly named projects AdBlock Plus and AdBlock Edge, this AdBlock announced the news of the sale to its users in a pop-up window. TheNextWeb reports that AdBlock employees refused to identify the buyer. In related news, the new owner has decided to join the "Acceptable Ads" whitelisting program run by rival AdBlock Plus. An announcement on the AdBlock Plus site confirms the move, and notes that an "independent review board" will now decide which advertisements are included the Acceptable Ads whitelist. Public nominations for the board are said to be open.

Friday's security updates

Friday 2nd of October 2015 03:47:14 PM

CentOS has updated thunderbird (C6; C5; C7: multiple vulnerabilities).

Debian-LTS has updated binutils (multiple vulnerabilities).

Fedora has updated freeimage (F22; F21: integer overflow), golang (F22; F21: multiple vulnerabilities), jakarta-commons-httpclient (F22; F21: denial of service), and openjpeg2 (F22; F21: use-after-free vulnerability).

Mageia has updated thunderbird (M5: multiple vulnerabilities).

openSUSE has updated bind (11.4: denial of service).

Oracle has updated thunderbird (O6; O7: multiple vulnerabilities).

Red Hat has updated mod_proxy_fcgi (RHEL6: denial of service).

Scientific Linux has updated thunderbird (SL5, 6, 7: multiple vulnerabilities).

Slackware has updated mozilla-thunderbird (14.0, 14.1, current: multiple vulnerabilities), php (14.0, 14.1, current: multiple vulnerabilities), and seamonkey (14.0, 14.1, current: multiple vulnerabilities).

Ubuntu has updated kernel (12.04: multiple vulnerabilities) and linux-ti-omap4 (12.04: multiple vulnerabilities).

GNOME’s 2014 Fiscal Year Annual Report Published

Thursday 1st of October 2015 11:43:56 PM
The GNOME Foundation has announced the release of its Annual Report [PDF] for the 2014 fiscal year, which ran from October 1, 2013 through September 30, 2014. The report covers topics like finances, the Groupon trademark battle, conferences, outreach, accessibility, and lots more. "Jean-François Fortin Tam, president of the GNOME Foundation for 2014-2015, states in the introduction letter: '2014 is on record as one of the most challenging years in the Foundation's history. It is also the year that has given us the most demonstrative and passionate display of support—from our members, our contributors, and the Free Software community—that we have ever experienced.'"

Qubes OS 3.0 released

Thursday 1st of October 2015 08:38:24 PM
Joanna Rutkowska has announced the release of Qubes OS 3.0, which has a new hypervisor abstraction layer (HAL) as one of its "killer features". Qubes OS uses a hypervisor as part of its "security by compartmentalization" strategy for creating a more secure operating system. The HAL "will allow us to easily switch the underlying hypervisors in the near future, perhaps even during the installation time, depending on the user needs (think tradeoffs between hardware compatibility and performance vs. security properties desired, such as e.g. reduction of covert channels between VMs, which might be of importance to some users). More philosophically-wise, this is a nice manifestation of how Qubes OS is really "not yet another virtualization system", but rather: a user of a virtualization system (such as Xen)." We looked at Qubes OS 3.0 back in May.

Stable kernels 3.14.54 and 3.10.90

Thursday 1st of October 2015 07:42:51 PM
Greg Kroah-Hartman has announced the release of the 3.14.54 and 3.10.90 stable kernels. As usual, they contain important fixes throughout the tree and users should upgrade.

FSF, Conservancy publish principles for community-oriented GPL enforcement

Thursday 1st of October 2015 05:46:20 PM
The Free Software Foundation (FSF) has announced a collaboration with Software Freedom Conservancy (SFC) on "The Principles of Community-Oriented GPL Enforcement", which describes what it means to do GPL enforcement in a way that is oriented toward gaining compliance (also: SFC announcement). "'GPL enforcement is mostly an educational process working with people who have made honest mistakes, but it must be undertaken with care and thoughtfulness. Our goal is not to punish or censure violators, but to help them come into compliance. Abiding by these principles aids our work in bringing about that outcome,' said FSF's licensing and compliance manager, Joshua Gay.

Thursday's security advisories

Thursday 1st of October 2015 03:58:34 PM

Debian-LTS has updated commons-httpclient (denial of service) and fuseiso (two vulnerabilities).

Mageia has updated kernel (multiple vulnerabilities).

openSUSE has updated firefox (multiple vulnerabilities) and python-PyJWT (13.2: privilege escalation).

Red Hat has updated openshift (RHOSE2.2: multiple vulnerabilities) and thunderbird (RHEL5,6,7: multiple vulnerabilities).

SUSE has updated haproxy (SOSCC5, SLE12: two vulnerabilities).

Ubuntu has updated cyrus-sasl2 (15.04: denial of service from 2013), php5 (multiple vulnerabilities), rpcbind (denial of service), and lxc (14.04: regression in previous fix).

[$] Weekly Edition for October 1, 2015

Thursday 1st of October 2015 12:44:09 AM
The Weekly Edition for October 1, 2015 is available.

The Linux Foundation Releases Value of Collaborative Development Report

Wednesday 30th of September 2015 06:12:57 PM
The Linux Foundation has announced the release of its first ever report that attempts to measure the estimated value of development costs in its Collaborative Projects. The report is titled “A $5 Billion Value: Estimating the Total Development Cost of Linux Foundation’s Collaborative Projects.” "Linux Foundation Collaborative Projects are independently funded software projects that harness the power of collaborative development to fuel innovation across industries and ecosystems. More than 500 companies and thousands of developers from around the world contribute to these open source software projects that are changing the world in which we live."

[$] Compile-time stack validation

Wednesday 30th of September 2015 06:00:07 PM
An occasionally heard horror story about the kernel development community concerns developers who are told that, in order to get their code upstream, they must first invest considerable effort into fixing a related subsystem. As with many such stories, this is not an experience many kernel developers have had, but there is also a grain of truth behind it. The ongoing live-patching effort, and the extra work that has been required to push that work forward, is a case in point.

Security advisories for Wednesday

Wednesday 30th of September 2015 04:58:16 PM

CentOS has updated openldap (C7: denial of service).

Debian-LTS has updated flightgear (inadequate filesystem validation checks), freetype (denial of service), libemail-address-perl (denial of service), openssh (regression in previous update), and wordpress (multiple vulnerabilities).

Oracle has updated openldap (OL7; OL6; OL5: denial of service).

Ubuntu has updated lxc (15.04, 14.04: apparmor policy bypass).

Two new stable kernels

Tuesday 29th of September 2015 09:31:07 PM
Greg Kroah-Hartman has released stable kernels 4.2.2 and 4.1.9. Both contain numerous fixes throughout the tree.

[$] Using the KVM API

Tuesday 29th of September 2015 05:51:34 PM

Many developers, users, and entire industries rely on virtualization, as provided by software like Xen, QEMU/KVM, or kvmtool. While QEMU can run a software-based virtual machine, and Xen can run cooperating paravirtualized OSes without hardware support, most current uses and deployments of virtualization rely on hardware-accelerated virtualization, as provided on many modern hardware platforms. Linux supports hardware virtualization via the Kernel Virtual Machine (KVM) API. In this article, we'll take a closer look at the KVM API, using it to directly set up a virtual machine without using any existing virtual machine implementation.

Subscribers can click below for guest author Josh Triplett's look at the API from this week's Kernel page.

Tuesday's security advisories

Tuesday 29th of September 2015 04:52:23 PM

CentOS has updated openldap (C6; C5: denial of service).

Debian-LTS has updated virtualbox-ose (multiple vulnerabilities, one from 2013) and vorbis-tools (multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: information disclosure) and openldap (RHEL5,6,7: denial of service).

Scientific Linux has updated openldap (SL5,6,7: denial of service).

Ubuntu has updated kernel (15.04; 14.04: two vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities), linux-lts-utopic (14.04: privilege escalation), and linux-lts-vivid (14.04: two vulnerabilities).

Five years of LibreOffice

Monday 28th of September 2015 07:44:44 PM
The Document Foundation celebrates the fifth birthday of LibreOffice, which was launched as a fork of on September 28, 2010. "LibreOffice 5.0, launched in early August, has been the most successful major release ever, triggering an unprecedented 8,000 donations in 30 days. Of course, the success has been reflected in the number of adoptions, which has soared. The icing on the cake has been the announcement of the Italian Defence Organization, which will be migrating some 150,000 PCs to LibreOffice starting from October 2015."

Taken Offline: New EFF Project Shines Light on Coders and Bloggers Imprisoned For Online Free Expression

Monday 28th of September 2015 06:01:55 PM
The Electronic Frontier Foundation (EFF) has launched the Offline project, "a campaign devoted to digital heroes—coders, bloggers, and technologists—who have been imprisoned, tortured, and even sentenced to death for raising their voices online or building tools that enable and protect free expression on the Internet."

Coming soon... Apache OpenOffice 4.1.2

Monday 28th of September 2015 05:18:06 PM
The Apache OpenOffice blog promises that the 4.1.2 release is coming soon. "Most of the code changes for OpenOffice 4.1.2 have already been integrated. Dozens of old and new developers contributed in recent weeks. For users, improvements are expected in stability (fixes in all modules: Writer, Calc, Impress, Draw, Base), Microsoft interoperability (Sharepoint) and documents import." If "recent weeks" is taken to mean "since July 1", then six developers (0.5 dozens) 13 developers (1.08 dozens) have contributed 135 patches toward this release.

Security updates for Monday

Monday 28th of September 2015 04:30:09 PM

Arch Linux has updated chromium (information disclosure).

Debian has updated cyrus-sasl2 (denial of service from 2013).

Debian-LTS has updated eglibc (multiple vulnerabilities) and nss (two vulnerabilities).

Fedora has updated firefox (F22: multiple vulnerabilities), pdns (F22; F21: denial of service), rolekit (F22: information leak), xen (F22; F21: two vulnerabilities), and xpra (F22; F21: information disclosure).

Mageia has updated pixman (MG5: buffer overflow), rpcbind (MG5: denial of service), and unzip (MG5: two vulnerabilities).

SUSE has updated Xen (SLES10SP4: multiple vulnerabilities).

Ubuntu has updated NVIDIA graphics drivers (15.04, 14.04, 12.04: privilege escalation) and simplestreams (15.04, 14.04: regression in previous update).

Kernel prepatch 4.3-rc3

Sunday 27th of September 2015 05:53:11 PM
The 4.3-rc3 prepatch is out. "So as usual, rc3 is actually bigger than rc2 (fixes are starting to trickle in), but nothing particularly alarming stands out. Everything looks normal: the bulk is drivers (all over, but gpu and networking are the biggest parts) and architecture updates. There's also networking and filesystem updates, along with documentation."