Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 20 min ago

Friday's security updates

9 hours 19 min ago

Debian has updated libarchive (directory traversal).

Debian-LTS has updated eglibc (multiple vulnerabilities).

Fedora has updated gnupg (F21: multiple vulnerabilities), libjpeg-turbo (F20; F21: denial of service), and qt (F20: denial of service).

Gentoo has updated jasper (multiple vulnerabilities).

Mageia has updated dokuwiki (M4: access control circumvention), maradns (M4: denial of service), python (M4: missing hostname check), vlc (M4: code execution), and vorbis-tools (M4: multiple vulnerabilities).

openSUSE has updated chromium (13.1, 13.2: multiple vulnerabilities) and php5 (13.1, 13.2: multiple vulnerabilities).

Oracle has updated 389-ds-base (O6: information disclosure).

Red Hat has updated 389-ds-base (RHEL6; RHEl7: information disclosure), chromium-browser (RHEL6: multiple vulnerabilities), firefox (RHEL7: multiple vulnerabilities), glibc (RHEL7: multiple vulnerabilities), gnome-shell, mutter, clutter, cogl (RHEL7: denial of service), hivex (RHEL7: code execution), httpd (RHEL7: multiple vulnerabilities), ipa (RHEL7: multiple vulnerabilities), kernel (RHEL7: multiple vulnerabilities), krb5 (RHEL7: multiple vulnerabilities), libreoffice (RHEL7: multiple vulnerabilities), libvirt (RHEL7: multiple vulnerabilities), openssh (RHEL7: multiple vulnerabilities), openstack-glance (RHEL OSP6: denial of service), pcre (RHEL7: denial of service), powerpc-utils (RHEL7: information disclosure), ppc64-diag (RHEL7: information disclosure), qemu-kvm (RHEL7: multiple vulnerabilities), qemu-kvm-rhev (RHEL OSP6: buffer overflow), redhat-access-plugin-openstack (RHEL OSP6: information disclosure), thunderbird (RHEL7: multiple vulnerabilities), and virt-who (RHEL7: credentials disclosure).

Slackware has updated samba (14.1: code execution).

SUSE has updated PHP 5.3 (SLES11: multiple vulnerabilities).

Samba 4.2.0 released

Thursday 5th of March 2015 11:55:57 PM
The Samba team has announced the first release in the new stable 4.2.x series. This release adds transparent file compression, access to "Snapper" snapshots via the Windows Explorer "previous versions" dialog, better clustering support, and much more. This release also marks the end of support for Samba 3.

[$] A GPL-enforcement suit against VMware

Thursday 5th of March 2015 05:05:39 PM
When Karen Sandler, the executive director of the Software Freedom Conservancy, spoke recently at the Linux Foundation's Collaboration Summit, she spent some time on the Linux Compliance Project, an effort to improve compliance with the Linux kernel's licensing rules. This project, launched with some fanfare in 2012, has been relatively quiet ever since. Karen neglected to mention that this situation was about to change; that had to wait for the announcement on March 5 of the filing of a lawsuit against VMware alleging copyright infringement for its use of kernel code.

Subscribers can click below for the full story.

Thursday's security updates

Thursday 5th of March 2015 03:59:12 PM

Fedora has updated bind (F21; F20: denial of service), lftp (F21: automatically accepting ssh keys), and rubygem-actionpack (F20: two information leaks).

openSUSE has updated vsftpd (13.2, 13.1: access restriction bypass).

Ubuntu has updated icu (14.10, 14.04, 12.04: multiple vulnerabilities, some from 2013).

[$] LWN.net Weekly Edition for March 5, 2015

Thursday 5th of March 2015 01:55:24 AM
The LWN.net Weekly Edition for March 5, 2015 is available.

[$] A look at EasyNAS

Wednesday 4th of March 2015 06:24:14 PM
Thus far, this series on network-attached storage (NAS) distributions has looked at three different approaches to the problem. OpenMediaVault provides a NAS server using traditional Linux filesystems, Rockstor bases everything on the Btrfs filesystem, and FreeNAS is a FreeBSD-based system using ZFS. This fourth (and probably final) installment in this series goes back to Btrfs with a look at EasyNAS, which is another attempt to make the unique features of Btrfs available in a dedicated NAS distribution.

Security advisories for Wednesday

Wednesday 4th of March 2015 05:07:58 PM

Debian has updated icedove (multiple vulnerabilities).

Debian-LTS has updated unace (code execution).

Fedora has updated arc (F21; F20: directory traversal), e2fsprogs (F21; F20: code execution), glibc (F21; F20: multiple vulnerabilities), php (F20: multiple vulnerabilities), and qt (F21: denial of service).

Mageia has updated php (multiple vulnerabilities).

Mandriva has updated bind (denial of service) and freetype2 (many vulnerabilities).

openSUSE has updated apache2 (13.2: denial of service), postgresql93 (13.2: multiple vulnerabilities), and python-rope (13.2, 13.1: unauthorized pickle.load).

Red Hat has updated foreman-proxy (RHEL OSP Foreman; RHEL OSP4.0: restriction bypass).

SUSE has updated php5 (SLE12: two vulnerabilities).

Ubuntu has updated kernel (14.04: regression in previous update) and linux-lts-trusty (12.04: regression in previous update).

GitLab acquires Gitorious

Tuesday 3rd of March 2015 06:27:14 PM
GitLab and Gitorious have announced that GitLab will acquire Gitorious. "Starting today, Gitorious.org users can import their existing projects into GitLab.com by clicking the “Import projects from Gitorious.org” link when creating a new project. Gitorious.org will stay online until the end of May 2015 to give people time to migrate their repositories."

Kernel prepatch 4.0-rc2

Tuesday 3rd of March 2015 05:38:04 PM
The 4.0-rc2 kernel prepatch is out. "So rc2 missed the usual Sunday afternoon timing, because I spent most of the weekend debugging an issue that happened on an old Mac Mini I have around, and I hate making even early -rc releases with problems on machines that I have direct access to. Even if it only affected old machines that actual developers are unlikely to have or at least use. Today I got the patch from Daniel Vetter to fix it, so instead of doing a Sunday evening rc2, it's a Tuesday morning one. Go get it. It works better for the delay."

Security updates for Tuesday

Tuesday 3rd of March 2015 04:12:56 PM

Debian has updated unace (code execution).

Mandriva has updated patch (multiple vulnerabilities), sympa (information disclosure), tomcat (multiple vulnerabilities), and tomcat6 (multiple vulnerabilities).

Red Hat has updated kernel (RHEL6.5; RHEL6.4: multiple vulnerabilities).

SUSE has updated firefox (SLE12: multiple vulnerabilities).

Ubuntu has updated thunderbird (14.10, 14.04, 12.04: multiple vulnerabilities).

Security advisories for Monday

Monday 2nd of March 2015 04:51:20 PM

Debian-LTS has updated bind9 (denial of service), e2fsprogs (code execution), libgtk2-perl (code execution), and sudo (two vulnerabilities).

Fedora has updated httpd (F20: multiple vulnerabilities), librsvg2 (F21; F20: multiple unspecified vulnerabilities), libuv (F21: privilege escalation), nodejs (F21: privilege escalation), v8 (F21: privilege escalation), and vorbis-tools (F21; F20: denial of service).

Mandriva has updated cups (buffer overflow).

openSUSE has updated firefox, nss (13.2, 13.1: multiple vulnerabilities).

SUSE has updated java-1_6_0-ibm (SLES11 SP1,SP2: multiple vulnerabilities).

Ubuntu has updated kernel (14.04: regression in previous update).

IPython 3.0 released

Saturday 28th of February 2015 03:23:46 PM
The IPython interactive development system project has announced its 3.0 release. "Support for languages other than Python is greatly improved, notebook UI has been significantly redesigned, and a lot of improvement has happened in the experimental interactive widgets. The message protocol and document format have both been updated, while maintaining better compatibility with previous versions than prior updates. The notebook webapp now enables editing of any text file, and even a web-based terminal (on Unix platforms)." (LWN looked at IPython in 2014).

VLC 2.2.0 released

Friday 27th of February 2015 10:23:28 PM

Version 2.2.0 of the VLC media player has been released. According to the announcement, highlights in the new version include automatic, hardware-accelerated rotation of portrait-orientation videos such as those shot on smartphones, resuming playback at the last point watched in the previous session, in-application download and installation of extensions, support for interactive Blu-Ray menus, and "compatibility with a very large number of unusual codecs." The release is available for Linux, Android, and Android TV, plus various Windows and Apple platforms.

LLVM 3.6 Released

Friday 27th of February 2015 09:22:41 PM
Version 3.6 of the LLVM compiler suite is out. Changes include "many many bug fixes, optimization improvements, support for more proposed C++1z features in Clang, better native Windows compatibility, embedding LLVM IR in native object files, Go bindings, and more." Details can be found in the LLVM 3.6 release notes and the Clang 3.6 release notes.

New kernel releases

Friday 27th of February 2015 05:08:13 PM

Greg Kroah-Hartman has released the latest stable kernels: 3.18.8, 3.14.34, and 3.10.70. All contain important updates and fixes.

Friday's security updates

Friday 27th of February 2015 03:10:56 PM

Debian has updated request-tracker4 (multiple vulnerabilities).

Debian-LTS has updated cups (code execution) and request-tracker3.8 (multiple vulnerabilities).

Oracle has updated openssl (O5: multiple vulnerabilities).

SUSE has updated Samba (SLES11: code execution).

Ubuntu has updated cups (code execution) and eglibc, glibc (multiple vulnerabilities).

The state of Linux gaming in the SteamOS era (Ars Technica)

Thursday 26th of February 2015 05:20:59 PM
Ars Technica takes a look at Linux gaming and at what effect SteamOS has had already for gaming on Linux. The article also considers the future and where SteamOS might (or might not) take things. "This all brings up another major question for SteamOS followers: how long is this "beta" going to last, exactly? While Valve has unquestionably built a viable Linux gaming market from practically nothing, the company's lackadaisical development timeline might be holding the market back from growing even more. In the last year, the initial excitement behind the SteamOS beta launch seems to have given way to "Valve Time" malaise in some ways."

Security advisories for Thursday

Thursday 26th of February 2015 04:13:34 PM

CentOS has updated thunderbird (C6; C5: multiple vulnerabilities).

Debian has updated cups (code execution), iceweasel (multiple vulnerabilities), kfreebsd-9 (denial of service), and libgtk2-perl (code execution).

Fedora has updated libhtp (F20: denial of service).

Gentoo has updated samba (multiple vulnerabilities, some from 2012 and 2013).

Mageia has updated apache-poi (denial of service), cabextract (privilege escalation), e2fsprogs (two code execution flaws), firefox, thunderbird (multiple vulnerabilities), and sympa (information disclosure).

openSUSE has updated cups (13.2, 13.1: code execution) and snack (13.2, 13.1: code execution from 2012).

Oracle has updated firefox (OL5: multiple vulnerabilities) and thunderbird (OL6: multiple vulnerabilities).

Red Hat has announced that RHEL 5.9 support will end on March 31.

Scientific Linux has updated firefox (multiple vulnerabilities) and thunderbird (SL6, SL5: multiple vulnerabilities).

Slackware has updated thunderbird (multiple vulnerabilities) and firefox (multiple vulnerabilities).

SUSE has updated java-1_5_0-ibm (SLE10SP4: many vulnerabilities) and java-1_6_0-ibm (SLE11SP2: two unspecified vulnerabilities).

Ubuntu has updated EC2 kernel (10.04: two vulnerabilities), firefox (14.10, 14.04, 12.04: many vulnerabilities), kernel (14.10; 14.04; 12.04; 10.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

LWN.net Weekly Edition for February 26, 2015

Thursday 26th of February 2015 01:04:34 AM
The LWN.net Weekly Edition for February 26, 2015 is available.

[$] What's new in Krita 2.9

Wednesday 25th of February 2015 11:56:56 PM
The newest update to the Krita digital painting application has been released. Version 2.9 introduces several new user-interface features, updates to the layers system, and a variety of tool and rendering improvements. The 2.9 development cycle was also the project's first to be centered around a crowdfunding campaign.

More in Tux Machines

Compulab Utilite2 Ubuntu mini PC now available for $192 and up

CompuLab’s Utilite2 is a tiny computer with a Qualcomm Snapdragon 600 processor and support for Ubuntu Linux or Google Android software. The company unveiled the 3.4″ x 2.3″ x 1.1″ computer in December, and now it’s available for purchase. Read more

Shuttleworth says Ubuntu’s future is more exciting than space travel

What now feels like a very long time ago was actually only a handful of years. Back in 2010, Canonical knew exactly what its future would hold and had a plan on how to get there. It wanted to build one OS for all devices: phones, TVs, tablets, the desktop, servers and beyond. It wanted the device to be irrelevant and the OS to be agnostic. Unfortunately, while the company knew exactly what it was doing, its loyal Ubuntu desktop user base didn’t. Read more

Valve develops its own Intel graphics driver for Linux

Valve has developed its own Intel Vulkan GPU graphics driver for Linux that they intend to open-source. The Vulkan API is still being argued about and will not be finalised until later this year, but Valve has been developing their own Intel GPU reference driver for Vulkan to help early adopters boot-strap their code. Read more

Tiny IoT SBC runs Linux, offers Arduino compatibility

The credit card sized, open-spec Udoo Neo SBC features Freescale’s Cortex-M4-enhanced i.MX6 SoloX, plus Arduino compatibility, WiFi, Bluetooth, and sensors. Read more