Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 48 min 24 sec ago

Firefox 39 released

1 hour 50 min ago

Firefox 39 has been released for both desktop and mobile systems. The new features include a social sharing tool for the Firefox Hello video chat subsystem. It is designed to make it easier to share Firefox Hello chat invitations over third-party social networks. In addition, Firefox's existing phishing-and-malware detection tool has been extended to cover downloads, support has been added for Unicode 8.0's multi-ethnic emoji characters, and there is improved support for the Accessible Rich Internet Applications (ARIA) standard.

Friday's security updates

7 hours 48 min ago

Arch Linux has updated firefox (multiple vulnerabilities) and wesnoth (information leak).

Debian has updated stunnel4 (authentication bypass).

Debian-LTS has updated libxml2 (multiple vulnerabilities) and pykerberos (insecure authentication).

Fedora has updated drupal6 (F21; F22: account hijacking) and drupal7 (F21; F22: multiple vulnerabilities).

openSUSE has updated flash-player (11.4).

Oracle has updated firefox (O5; O6; O7: multiple vulnerabilities).

Red Hat has updated firefox (RHEL: multiple vulnerabilities) and openstack-cinder (RHEL OSP: file disclosure).

SUSE has updated MySQL (SLE 11 SP3: cipher downgrade attack), ntp (SLE11 SP3: multiple vulnerabilities), and OpenSSL (SLE 10 Client Tools; SUSE Manager 11 SP2, Studio Onsite; SLE 11 SAP; SLE 11 SP1; SLE SM 11 SP3: multiple vulnerabilities).

Security advisories for Thursday

Thursday 2nd of July 2015 01:54:52 PM

CentOS has updated openssl (C5: three vulnerabilities).

Debian-LTS has updated unattended-upgrades (improper package authentication).

[$] LWN.net Weekly Edition for July 2, 2015

Thursday 2nd of July 2015 12:47:52 AM
The LWN.net Weekly Edition for July 2, 2015 is available.

Supreme Court won’t weigh in on Oracle-Google API copyright battle (Ars Technica)

Wednesday 1st of July 2015 08:20:52 PM
Ars Technica reports that the US Supreme Court rejected Google's appeal of the Google-Oracle API copyright dispute. "Despite the high court's inaction on the case, the Google-Oracle legal flap is far from resolved. That's because the appeals court sent the case back to the lower courts to determine whether Google's use of the code in Android—which it no longer uses—constitutes a "fair use." Oracle is seeking $1 billion in damages. "This is not the end of the road for this case—the Federal Circuit decision explicitly left open the possibility that the kinds of uses Google made were permissible under copyright's fair use doctrine," said Charles Duan, the director of Public Knowledge's patent reform project." (Thanks to Martin Michlmayr)

[$] News and updates from DockerCon 2015

Wednesday 1st of July 2015 06:58:23 PM

DockerCon on June 22 and 23 was a much bigger affair than CoreOSFest or ContainerCamp. DockerCon rented out the San Francisco Marriott for the event; the keynote ballroom seats 2000. That's a pretty dramatic change from the first DockerCon last year, with roughly 500 attendees; it shows the huge growth of interest in Linux containers. Or maybe, given that it's Silicon Valley, what you're seeing is the magnetic power of $95 million in round-C funding.

Subscribers can click below for a report from DockerCon by guest author Josh Berkus.

Security advisories for Wednesday

Wednesday 1st of July 2015 04:26:59 PM

Debian has updated jackrabbit (information leak).

Debian-LTS has updated libcrypto++ (information disclosure), libmodule-signature-perl (multiple vulnerabilities), and ruby1.9.1 (denial of service).

Fedora has updated abrt (F21: multiple vulnerabilities), cups-x2go (F22: multiple vulnerabilities), elfutils (F22: hardening fixes), gnome-abrt (F21: multiple vulnerabilities), kernel (F21: denial of service), libreport (F21: multiple vulnerabilities), pam (F22: denial of service), and rubygem-activesupport (F22; F21: two vulnerabilities).

Mageia has updated apache-mod_jk (MG4: information disclosure), drupal (MG4,5: multiple vulnerabilities), libvpx (MG4,5: denial of service), p7zip (MG4,5: directory traversal), postgresql (MG4: multiple vulnerabilities), and python-tornado (MG4: side-channel attack).

openSUSE has updated p7zip (13.2, 13.1: directory traversal).

Oracle has updated openssl (OL5: multiple vulnerabilities).

Scientific Linux has updated openssl (SL5: multiple vulnerabilities).

Linux Foundation Announces R Consortium

Tuesday 30th of June 2015 05:34:06 PM
The Linux Foundation has announced the R Consortium. "The R language is used by statisticians, analysts and data scientists to unlock value from data. It is a free and open source programming language for statistical computing and provides an interactive environment for data analysis, modeling and visualization. The R Consortium will complement the work of the R Foundation, a nonprofit organization based in Austria that maintains the language. The R Consortium will focus on user outreach and other projects designed to assist the R user and developer communities. Founding companies and organizations of the R Consortium include The R Foundation, Platinum members Microsoft and RStudio; Gold member TIBCO Software Inc.; and Silver members Alteryx, Google, HP, Mango Solutions, Ketchum Trading and Oracle."

Tuesday's security advisories

Tuesday 30th of June 2015 05:13:21 PM

CentOS has updated postgresql (C7; C6: multiple vulnerabilities) and xerces-c (C7: denial of service).

Debian has updated unattended-upgrades (authentication bypass).

Debian-LTS has updated aptdaemon (information leak), hostapd (denial of service), jqueryui (cross-site scripting), and shibboleth-sp2 (denial of service).

Fedora has updated chicken (F22; F21: out-of-bounds read), openvas-cli (F21: sql injection), openvas-libraries (F21: sql injection), openvas-manager (F21: sql injection), openvas-scanner (F21: sql injection), php-htmLawed (F22; F21: multiple vulnerabilities), postgresql (F21: multiple vulnerabilities), python-jwt (F22; F21: token verification bypass), rubygem-jquery-rails (F22; F21: CSRF vulnerability), and rubygem-web-console (F22: code execution).

Oracle has updated postgresql (OL7; OL6: multiple vulnerabilities) and xerces-c (OL7: denial of service).

Red Hat has updated kernel (RHEL6.5: two vulnerabilities), openssl (RHEL5: multiple vulnerabilities), postgresql (RHEL6,7: multiple vulnerabilities), postgresql92-postgresql (RHSCL2: multiple vulnerabilities), rh-postgresql94-postgresql (RHSCL2: multiple vulnerabilities), and xerces-c (RHEL7: denial of service).

Scientific Linux has updated nss (SL6,7: cipher-downgrade attacks), postgresql (SL6,7: multiple vulnerabilities), and xerces-c (SL7: denial of service).

SUSE has updated java-1_6_0-ibm (SLEM12: multiple vulnerabilities).

Ubuntu has updated oxide-qt (15.04, 14.10, 14.04: multiple vulnerabilities) and unattended-upgrades (15.04, 14.10, 14.04, 12.04: authentication bypass).

Amazon's new TLS implementation

Tuesday 30th of June 2015 01:25:25 PM
Amazon has announced the release of a new TLS library called "s2n" under the Apache license. "s2n is a library that has been designed to be small, fast, with simplicity as a priority. s2n avoids implementing rarely used options and extensions, and today is just more than 6,000 lines of code. As a result of this, we’ve found that it is easier to review s2n; we have already completed three external security evaluations and penetration tests on s2n, a practice we will be continuing."

Stable kernel updates

Monday 29th of June 2015 11:07:18 PM
Four new stable kernels are available; 4.1.1, 4.0.7, 3.14.46, and 3.10.82. All contain important fixes.

Security updates for Monday

Monday 29th of June 2015 03:57:11 PM

Debian has updated libcrypto++ (information disclosure).

Debian-LTS has updated cacti (multiple vulnerabilities), libwmf (denial of service), and t1utils (code execution).

Fedora has updated kernel (F22: denial of service).

openSUSE has updated roundcubemail (13.2: two vulnerabilities).

Scientific Linux has updated kvm (SL5: code execution).

SUSE has updated java-1_7_0-ibm (SLE11SP3: multiple vulnerabilities) and Xen (SLES11SP2; SLES11SP1: multiple vulnerabilities).

Valve: Introducing SteamOS "brewmaster"

Friday 26th of June 2015 09:17:17 PM

Valve has announced the first preview release of its forthcoming SteamOS update. The new release is based on Debian 8.1 with long-term support kernel 3.18; there are downloadable builds linked to in the announcement for both UEFI and legacy BIOS systems. There appear to be few user-visible differences between the new release and the current SteamOS so far, though; the announcement notes: "Although there are a lot of changes under the covers, the overall functionality and experience of brewmaster is the same as alchemist."

Friday's security updates

Friday 26th of June 2015 03:14:03 PM

CentOS has updated kvm (C5: code execution).

Debian-LTS has updated librack-ruby (denial of service) and libwmf (multiple vulnerabilities).

openSUSE has updated flash-player (13.1, 13.2: code execution), chromium (13.1, 13.2: multiple vulnerabilities), and openssl (13.1, 13.2: multiple vulnerabilities).

Oracle has updated kvm (O5: code execution) and nss (O6; O7: cipher-downgrade attacks).

Red Hat has updated kernel (RHEL5: privilege escalation) and kvm (RHEL5: code execution).

Scientific Linux has updated kernel (SL7: multiple vulnerabilities) and mailman (SL7: code execution).

SUSE has updated compat-openssl098 (SLE12: multiple vulnerabilities), KVM (SLE11 SP3: multiple vulnerabilities), and openssl (SLE12: multiple vulnerabilities).

Ardour 4.1 released

Thursday 25th of June 2015 11:51:37 PM
Version 4.1 of the Ardour digital audio workstation software has been released. There are some new features in the release including input gain control, support for capture-only and playback-only devices, a real "Save As" option (with the old option being renamed to "Snapshot (& switch to new version)"), and allowing plugins to be reordered and meter positions to change without adding a click into the audio. There are also lots of user interface changes, including better High-DPI support. "This release contains several new features, both internally and in the user interface, and a slew of bug fixes worthy of your attention. Encouragingly, we also have one of our longest ever contributor lists for this release. We had hoped to be on a roughly monthly release cycle after the release of 4.0, but collaborations with other organizations delayed 4.1 by nearly a month."

Joint Statement from the UCC and KC

Thursday 25th of June 2015 10:34:18 PM
The Ubuntu Community Council (UCC) and Kubuntu Council (KC) have issued a joint statement regarding the conflict between Jonathan Riddell and the UCC. "We have mutually agreed that KDE is important to Ubuntu, and the Kubuntu Council believes that Ubuntu is important to the KDE community as well. Therefore we have a basis to work together on putting out a lovely Wily release. We recognize that there are honest and strong feelings about both the things that led up to the current controversy and the way that resolution of it was handled. Despite that, we would all like to move forward as best we can for the betterment of the Ubuntu project, including Kubuntu." LWN covered the controversy in late May.

Thursday's security updates

Thursday 25th of June 2015 03:05:28 PM

CentOS has updated nss (C7; C6: cipher downgrade) and nss-util (C7; C6: cipher downgrade).

Debian has updated cacti (three vulnerabilities).

Fedora has updated xen (F20: multiple vulnerabilities).

Oracle has updated kernel 2.6.39 (OL6; OL5: two vulnerabilities), kernel 3.8.13 (OL7; OL6: two vulnerabilities), and kernel 2.6.32 (OL6; OL5: two vulnerabilities)

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), flash-plugin (RHEL5&6: code execution), nss (RHEL6&7: cipher downgrade), php55-php (RHSC2: multiple vulnerabilities), and rh-php56-php (RHSC2: multiple vulnerabilities).

Scientific Linux has updated libreswan (SL7: denial of service) and php (SL7: multiple vulnerabilities).

SUSE has updated IBM Java (SLE10SP4: multiple vulnerabilities) and Java (SLE11SP2: multiple vulnerabilities).

Ubuntu has updated python2.7, python3.2, python3.4 (14.10, 14.04, 12.04: multiple vulnerabilities, some from 2013), tomcat6 (12.04: three vulnerabilities), and tomcat7 (15.04, 14.10, 14.04: multiple vulnerabilities).

LWN.net Weekly Edition for June 25, 2015

Thursday 25th of June 2015 12:40:59 AM
The LWN.net Weekly Edition for June 25, 2015 is available.

[$] A report from PGCon 2015

Wednesday 24th of June 2015 05:14:26 PM
PGCon 2015, the PostgreSQL international developer conference, took place in Ottawa, Canada from June 16 to 20. This PGCon involved a change in format from prior editions, with a "developer unconference" in the two days before the main conference program. Both the conference and the unconference covered a wide range of topics, many of them related to horizontal or vertical scaling, or to new PostgreSQL features.

Subscribers can click below for a report from the conference from guest author Josh Berkus.

Security updates for Wednesday

Wednesday 24th of June 2015 04:58:08 PM

Arch Linux has updated flashplugin (code execution).

CentOS has updated kernel (C7: multiple vulnerabilities), libreswan (C7: denial of service), mailman (C7: path traversal attack), and php (C7: multiple vulnerabilities).

Debian has updated wireshark (denial of service).

Debian-LTS has updated zendframework (regression in previous update).

Fedora has updated curl (F22: information disclosure), libwmf (F21: code execution), openssl (F21: multiple vulnerabilities), and xen (F22; F21: multiple vulnerabilities).

Mageia has updated flash-player-plugin (multiple vulnerabilities).

openSUSE has updated cacti (13.2, 13.1: SQL injection), curl (13.2, 13.1: information disclosure), and libwmf (13.2; 13.1: code execution).

Oracle has updated kernel (OL7: multiple vulnerabilities), libreswan (OL7: denial of service), mailman (OL7: path traversal attack), and php (OL7: multiple vulnerabilities).

SUSE has updated flash-player (SLED12: code execution).

More in Tux Machines

today's howtos

Leftovers: Gaming

Red Hat Summit and News

Leftovers: Ubuntu