Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 8 min 36 sec ago

The state of Linux gaming in the SteamOS era (Ars Technica)

6 hours 45 min ago
Ars Technica takes a look at Linux gaming and at what effect SteamOS has had already for gaming on Linux. The article also considers the future and where SteamOS might (or might not) take things. "This all brings up another major question for SteamOS followers: how long is this "beta" going to last, exactly? While Valve has unquestionably built a viable Linux gaming market from practically nothing, the company's lackadaisical development timeline might be holding the market back from growing even more. In the last year, the initial excitement behind the SteamOS beta launch seems to have given way to "Valve Time" malaise in some ways."

Security advisories for Thursday

7 hours 53 min ago

CentOS has updated thunderbird (C6; C5: multiple vulnerabilities).

Debian has updated cups (code execution), iceweasel (multiple vulnerabilities), kfreebsd-9 (denial of service), and libgtk2-perl (code execution).

Fedora has updated libhtp (F20: denial of service).

Gentoo has updated samba (multiple vulnerabilities, some from 2012 and 2013).

Mageia has updated apache-poi (denial of service), cabextract (privilege escalation), e2fsprogs (two code execution flaws), firefox, thunderbird (multiple vulnerabilities), and sympa (information disclosure).

openSUSE has updated cups (13.2, 13.1: code execution) and snack (13.2, 13.1: code execution from 2012).

Oracle has updated firefox (OL5: multiple vulnerabilities) and thunderbird (OL6: multiple vulnerabilities).

Red Hat has announced that RHEL 5.9 support will end on March 31.

Scientific Linux has updated firefox (multiple vulnerabilities) and thunderbird (SL6, SL5: multiple vulnerabilities).

Slackware has updated thunderbird (multiple vulnerabilities) and firefox (multiple vulnerabilities).

SUSE has updated java-1_5_0-ibm (SLE10SP4: many vulnerabilities) and java-1_6_0-ibm (SLE11SP2: two unspecified vulnerabilities).

Ubuntu has updated EC2 kernel (10.04: two vulnerabilities), firefox (14.10, 14.04, 12.04: many vulnerabilities), kernel (14.10; 14.04; 12.04; 10.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

[$] Weekly Edition for February 26, 2015

Thursday 26th of February 2015 01:04:34 AM
The Weekly Edition for February 26, 2015 is available.

[$] What's new in Krita 2.9

Wednesday 25th of February 2015 11:56:56 PM
The newest update to the Krita digital painting application has been released. Version 2.9 introduces several new user-interface features, updates to the layers system, and a variety of tool and rendering improvements. The 2.9 development cycle was also the project's first to be centered around a crowdfunding campaign.

Security advisories for Wednesday

Wednesday 25th of February 2015 04:59:08 PM

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).

Debian-LTS has updated openjdk-6 (multiple vulnerabilities).

Fedora has updated dump (F21; F20: code execution) and samba (F21; F20: root code execution).

Gentoo has updated grep (denial of service).

Mageia has updated freetype2 (many vulnerabilities) and samba (root code execution).

openSUSE has updated samba (13.2, 13.1: two vulnerabilities).

Oracle has updated firefox (OL7; OL6: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities) and thunderbird (RHEL5,6: multiple vulnerabilities).

SUSE has updated Samba (SLE11 SP3: root code execution).

Ubuntu has updated freetype (many vulnerabilities).

Firefox 36 released

Tuesday 24th of February 2015 07:16:20 PM
Mozilla has released Firefox 36.0. The release notes mention a few new features, including support for the full HTTP/2 protocol. This version will no longer accept insecure RC4 ciphers whenever possible and certificates with 1024-bit RSA keys will be phased out. See the release notes for more information.

FOSDEM videos

Tuesday 24th of February 2015 06:50:05 PM
Videos from FOSDEM sessions are available in mp4 format. WebM versions will become available later. (Thanks to Scott Dowdle)

[$] A GNU C Library update

Tuesday 24th of February 2015 06:17:31 PM
A traditional feature of the tools track at the Linux Foundation's Collaboration Summit is an update from the developers of the GNU C Library (glibc); that tradition was upheld in fine form at the 2015 event. Glibc developer Roland McGrath noted that while the project is a critical component in vast numbers of Linux installations, it does not have a lot of developers working on it. Still, even with a relatively small developer base, some real progress has been made over the last year.

Tuesday's security updates

Tuesday 24th of February 2015 05:18:20 PM

Debian has updated kernel (multiple vulnerabilities).

Debian-LTS has updated samba (root code execution).

Fedora has updated php (F21: two vulnerabilities), sox (F21: code execution), sudo (F20: information disclosure), and unzip (F20: multiple vulnerabilities).

Oracle has updated samba (OL7; OL6: root code execution), samba3x (OL5: root code execution), and samba4 (OL6: root code execution).

Red Hat has updated libyaml (RHEL6: denial of service), samba (RHEL7; RHEL6.2, 6.4, 6.5; RHEL6: root code execution), samba3x (RHEL5; RHEL5.6, 5.9: root code execution), and samba4 (RHEL6; RHEL6.4, 6.5: root code execution).

Scientific Linux has updated samba (SL7; SL6,7; SL5: root code execution) and samba4 (SL6: root code execution).

SUSE has updated php5 (SLE12: multiple vulnerabilities).

Ubuntu has updated ca-certificates (certificate update), e2fsprogs (code execution), and samba (14.10, 14.04, 12.04: root code execution).

Morevna Production Report #1

Monday 23rd of February 2015 08:26:24 PM
The Beautiful Queen Marya Morevna is a Russian folk tale. The Morevna Project makes anime videos about Morevna, using free software. This progress report covers the status of their newest episode. "Our main animation tool is Synfig Studio and for the past years it was improved a lot. I guess it’s needles to say, that the new episode will be produced using the latest development version of Synfig. For current stage of the project it is important to ensure that the tool is stable enough for production, so last weeks we were concentrated on fixing the critical bugs. As result of this work, we have published the first Release Candidate for the new stable version of Synfig Studio, which is going to be numbered as 1.0 by the way." (Thanks to Paul Wise)

GNOME 3.15.90

Monday 23rd of February 2015 08:00:41 PM
The first beta in the GNOME 3.15 development series has been released. GNOME 3.15.90 features a new GNOME shell theme, redesigned notifications in GNOME shell, codec installation integrated in gnome-software, a login screen on Wayland, and more.

Security advisories for Monday

Monday 23rd of February 2015 06:15:45 PM

CentOS has updated samba (C7; C6: root code execution), samba3x (C5: root code execution), and samba4 (C6: root code execution).

Debian has updated e2fsprogs (incomplete fix for code execution), eglibc (multiple vulnerabilities), ruby-redcloth (cross-site scripting), samba (root code execution), sudo (information disclosure), typo3-src (authentication bypass), and xdg-utils (command execution).

Fedora has updated apache-poi (F21: XML-handling flaws), apache-poi (F20: denial of service), cups (F21: buffer overflow), drupal6-views (F21; F20: multiple vulnerabilities), e2fsprogs (F20: code execution), sudo (F21: information disclosure), and tomcat (F21: multiple vulnerabilities).

Mageia has updated bind (denial of service).

openSUSE has updated glibc (13.2, 13.1: multiple vulnerabilities).

SUSE has updated java-1_6_0-ibm (SLES10 SP4: multiple unspecified vulnerabilities), java-1_7_0-ibm (SLE11 SP3; SLES11 SP2: multiple unspecified vulnerabilities), and samba (SLE12: root code execution).

Remote code execution vulnerability in Samba

Monday 23rd of February 2015 04:06:58 PM
The Samba 4.1.17, 4.0.25 and 3.6.25 releases are available; they fix an unpleasant code-execution vulnerability. See this Red Hat security blog entry for more information. "CVE-2015-0240 is a security flaw in the smbd file server daemon. It can be exploited by a malicious Samba client, by sending specially-crafted packets to the Samba server. No [authentication] is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root."

Kernel prepatch 4.0-rc1

Monday 23rd of February 2015 03:50:53 AM
Linus has closed the merge window for this release and released 4.0-rc1 — meaning, of course, that the current plan is to call the release "4.0". "But nobody should notice. Because moving to 4.0 does *not* mean that we somehow changed what people see. It's all just more of the same, just with smaller numbers so that I can do releases without having to take off my socks again." The codename has also changed to "Hurr durr I'ma sheep."

Ubuntu 14.04.2 LTS released + 15.04 ("Vivid Vervet") feature freeze

Saturday 21st of February 2015 12:29:24 AM
Ubuntu has announced the release of the second point release for its 14.04 long-term support (LTS). 14.04.2 comes with an updated kernel and X Window stack to support more hardware, along with "security updates and corrections for other high-impact bugs" all on updated installation media "so that fewer updates will need to be downloaded after installation". It is available for all of the members of the Ubuntu clan: Kubuntu, Edubuntu, Xubuntu, Mythbuntu, Ubuntu GNOME, Lubuntu, Ubuntu Kylin, and Ubuntu Studio.

One other note from the Ubuntu world: a feature freeze is in effect for 15.04 ("Vivid Vervet"), which is due in April.

Green: Another update on the Truecrypt audit

Saturday 21st of February 2015 12:06:36 AM
On his blog, Matthew Green gives an update on the plans to audit the TrueCrypt disk encryption tool. Green led an effort in 2013 to raise money for an audit of the TrueCrypt source code, which sort of ran aground when TrueCrypt abruptly shut down in May 2014. "It took us a while to recover from this and come up with a plan B that works within our budget and makes sense. We're now implementing this. A few weeks ago we signed a contract with the newly formed NCC Group's Cryptography Services practice (which grew out of iSEC, Matasano and Intrepidus Group). The project will evaluate the original Truecrypt 7.1a which serves as a baseline for the newer forks, and it will begin shortly. However to minimize price -- and make your donations stretch farther -- we allowed the start date to be a bit flexible, which is why we don't have results yet."

GDB 7.9 released

Friday 20th of February 2015 06:31:51 PM
Version 7.9 of the GDB debugger is out. Changes include enhancements to the Python scripting API, the ability to compile and inject code into the debugged program, signal-handling improvements, and more.

Friday's security updates

Friday 20th of February 2015 05:25:17 PM

Debian has updated libreoffice (denial of service).

Fedora has updated cups (F20: code execution), dbus (F20: denial of service), and freetype (F21; F20: many vulnerabilities).

Mageia has updated cpio (privilege escalation), kernel-linus (many vulnerabilities, two from 2013), kernel-rt (many vulnerabilities, two from 2013), kernel-tmb (many vulnerabilities, two from 2013), kernel-vserver (many vulnerabilities, two from 2013), ruby-sprockets (information disclosure), sudo (information disclosure), and tomcat (HTTP request smuggling).

openSUSE has updated tigervnc (13.2: information leak/denial of service) and xorg-x11-server (13.2, 13.1: information leak/denial of service).

Red Hat has updated openstack-glance (access restriction bypass).

SUSE has updated java-1_7_0-openjdk (many vulnerabilities, lots unspecified).

Ubuntu has updated nss (TLS certificate update).

EFF: Lenovo is breaking HTTPS security on its recent laptops

Thursday 19th of February 2015 04:54:49 PM
Here is a statement from the Electronic Frontier Foundation on the revelation that Lenovo has been shipping insecure man-in-the-middle malware on its laptops. "Lenovo has not just injected ads in a wildly inappropriate manner, but engineered a massive security catastrophe for its users. The use of a single certificate for all of the MITM attacks means that all HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken." For additional amusement, see Lenovo's statement on the issue.

There are a lot of Lenovo users in LWN's audience. Presumably most of them have long since done away with the original software, but those who might have kept it around would be well advised to look into the issue; this site can evidently indicate whether a machine is vulnerable or not.

Security updates for Thursday

Thursday 19th of February 2015 01:03:09 PM

Debian has updated bind9 (denial of service).

Debian-LTS has updated linux-2.6 (multiple vulnerabilities, one from 2013).

Fedora has updated drupal7-path_breadcrumbs (F21; F20: access restriction bypass).

openSUSE has updated perl-YAML-LibYAML (13.2, 13.1: multiple vulnerabilities, one each from 2013 and 2012) and php5 (13.2, 13.1: multiple vulnerabilities).

SUSE has updated xntp (SLE10SP4: multiple vulnerabilities).

Ubuntu has updated bind9 (14.10, 14.04, 12.04: denial of service).