Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 12 min ago

Fedora Council elections scheduled

Friday 31st of October 2014 10:26:56 PM

Fedora Project Leader Matthew Miller has announced the election schedule meant to fill the two new "at large" slots on Fedora's upcoming Fedora Council governance body. "These positions are of strategic importance, with a full voice in the Council's consensus process. The primary function of the Council is to identify community goals and to organize and enable the project to achieve them." Nominations will be open from November 4 through 10; voting be open from November 18 through 25. The week in between will be for campaigning. Miller also encourages potential candidates to consider the time commitment the new roles require. "We recognize that this level of commitment is difficult for many community members with full-time jobs not directly related to Fedora, and the intent is not to exclude those contributors. At the same time, these positions will require a meaningful commitment of time and responsiveness. If your other obligations make this impossible, please consider suggesting candidacy to other community members who you feel would be able to bring your voice to the table."

Linux 3.16.y.z extended stable support

Friday 31st of October 2014 06:48:38 PM
The Ubuntu kernel team has announced that they will be providing extended support for the 3.16 kernel series. The team will pick up where Greg Kroah-Hartman left off, with 3.16.7, and will provide support until April 2016.

Friday's security updates

Friday 31st of October 2014 04:50:15 PM

CentOS has updated php (C6; C7: multiple vulnerabilities), php53 (C5: multiple vulnerabilities), and wget (C6; C7: code execution).

Debian has updated kernel (multiple vulnerabilities).

Fedora has updated sddm (F21: multiple vulnerabilities).

Mageia has updated file (denial of service) and dokuwiki (multiple vulnerabilities).

Oracle has updated kernel (O5; O6; O6; O7: multiple vulnerabilities), php (O6; O7: multiple vulnerabilities), php53 (O5: multiple vulnerabilities), and wget (O6; O7: code execution).

Red Hat has updated kernel (RHEL6: multiple vulnerabilities), php (RHEL6,7: multiple vulnerabilities), php53 (RHEL5: multiple vulnerabilities), php54-php (SC1: multiple vulnerabilities), php55-php (SC1: multiple vulnerabilities), and wget (RHEL6,7: code execution).

Ubuntu has updated kernel (14.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), and wget (code execution).

KVM Matures, and the Use Cases Multiply (Linux.com)

Thursday 30th of October 2014 07:41:34 PM
Over at Linux.com, Adam Jollans has a report from the recently completed KVM Forum that was held in Düsseldorf, Germany October 14-16. He looks at a talk that he gave on KVM's relationship to OpenStack and the open cloud, a new white paper on KVM [PDF], and a panel on network function virtualization (NFV): "In the past, communications networks have been built with specific routers, switches and hubs with the configuration of all the components being manual and complex. The idea now is to take that network function, put it into software running on standard hardware. The discussion touched on the demands – in terms of latency, throughput, and packet jitter – that network function virtualization places on KVM when it is being run on general purpose hardware and used to support high data volume. There was a lively discussion about how to get fast communication between the virtual machines as well as issues such as performance and sharing memory, as attendees drilled down into how KVM could be applied in new ways."

Stable kernels 3.17.2, 3.16.7, 3.14.23, and 3.10.59

Thursday 30th of October 2014 05:04:56 PM
Greg Kroah-Hartman has announced the release of four new stable kernels: 3.17.2, 3.16.7, 3.14.23, and 3.10.59. As always, they contain important fixes and users of those series should update. Note that 3.16.7 is the last stable kernel in the 3.16 series; users should upgrade to 3.17 soon.

Security advisories for Thursday

Thursday 30th of October 2014 03:11:49 PM

Debian has updated dokuwiki (multiple vulnerabilities).

Red Hat has updated v8314-v8 (i.e. V8) (SC1: multiple vulnerabilities, several from 2013).

Slackware has updated wget (code execution).

Ubuntu has updated php5 (multiple vulnerabilities) and systemd-shim (14.10: denial of service).

[$] LWN.net Weekly Edition for October 30, 2014

Thursday 30th of October 2014 12:53:55 AM
The LWN.net Weekly Edition for October 30, 2014 is available.

A "highly critical public service announcement" from Drupal

Wednesday 29th of October 2014 08:03:30 PM
The Drupal project has put out an advisory that if you haven't already patched the recent SQL injection vulnerability, it's probably too late. "Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement."

Security advisories for Wednesday

Wednesday 29th of October 2014 04:27:48 PM

CentOS has updated kernel (C7: multiple vulnerabilities).

Debian has updated iceweasel (multiple vulnerabilities).

Fedora has updated file (F20: out-of-bounds read flaw), seamonkey (F20: multiple vulnerabilities), webkitgtk3 (F20: disable SSLv3 to address POODLE), and wpa_supplicant (F20: command execution).

Mageia has updated kde4 (MG4: multiple vulnerabilities), konversation (information disclosure), mythtv (SSDP reflection attacks), php-ZendFramework (multiple vulnerabilities), quassel (information disclosure), and zabbix (local file inclusion).

Mandriva has updated wget (symlink attack) and wpa_supplicant (command execution).

openSUSE has updated openssl (13.1, 12.3: multiple vulnerabilities) and libxml2 (13.1, 12.3: denial of service).

Oracle has updated kernel (OL7: multiple vulnerabilities).

Red Hat has updated kernel (RHEL7: multiple vulnerabilities).

[$] A Debian init system GR flurry

Wednesday 29th of October 2014 02:28:27 PM
One might have hoped that that Debian systemd debate would have wound down several months ago, after the technical committee decided the default init system question and especially after Matthew Vernon's general resolution on init system choice was withdrawn due to a lack of seconds. The Debian community, it seemed, was tired of this discussion and ready to move on. Given a few months to rest, though, even old, tiresome subjects can once again seem worthy of discussion. So now we have a return of the init system choice resolution — along with three alternatives of varying scope.

Release for CentOS-6.6 i386 and x86_64

Tuesday 28th of October 2014 07:38:19 PM
CentOS 6.6 has been released. "There are many fundamental changes in this release, compared with the past CentOS-6 releases, and we highly recommend everyone study the upstream Release Notes as well as the upstream Technical Notes about the changes and how they might impact your installation. (See the 'Further Reading' section of the [CentOS release notes])."

Tuesday's security updates

Tuesday 28th of October 2014 06:00:38 PM

Debian has updated torque (denial of service).

Fedora has updated devscripts (F20: directory traversal), drupal7 (F20; F19: SQL injection), kernel (F20: multiple vulnerabilities), kernel (F20: more KVM vulnerabilities), php (F19: three vulnerabilities), php-ZendFramework2 (F20: multiple vulnerabilities), phpMyAdmin (F20: cross-site scripting), python (F19: buffer overflow), python-oauth2 (F20; F19: two vulnerabilities), rubygem-httpclient (F20; F19: allows ssl negotiation), and sddm (F20: multiple vulnerabilities).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), nginx (virtual host confusion attacks), php (three vulnerabilities), qemu (MG4: multiple vulnerabilities), wget (symlink attack), and wpa_supplicant, hostapd (command execution).

Mandriva has updated mariadb (multiple vulnerabilities).

openSUSE has updated flash-player (multiple vulnerabilities) and perl-Email-Address (denial of service).

Ubuntu has updated pidgin (14.10, 14.04, 12.04: multiple vulnerabilities).

First Jessie based Debian Edu alpha released

Tuesday 28th of October 2014 02:27:03 PM
The first alpha release of Debian Edu (also known as Skolelinux) is available for testing. "Would you like to give your school's computer a longer life? Are you tired of sneaker administration, running from computer to computer reinstalling the operating system? Would you like to administrate all the computers in your school using only a couple of hours every week? Check out Debian Edu Jessie!"

The Canonical Distribution of Ubuntu OpenStack

Tuesday 28th of October 2014 02:23:45 PM
Canonical has announced a new OpenStack-oriented distribution. "Based on Canonical’s industry-leading OpenStack reference architecture and building on Ubuntu’s leading position as the most widely used OpenStack platform, the Canonical Distribution gives users the widest range of commercially-supported vendor options for storage, software-defined networking and hypervisor from Canonical and its OpenStack partners. It then automates the creation and management of a reference OpenStack based on those choices."

Note that some conditions apply: "The Canonical Distribution of Ubuntu OpenStack is now available as a public beta, free for up to 10 physical and 10 virtual machines." See this page for more information.

Season of KDE 2014

Monday 27th of October 2014 07:57:44 PM
The Season of KDE is a community outreach program, much like Google Summer of Code. "It is meant for people who could not get into Google Summer of Code for various reasons, or people who simply prefer a differently structured, somewhat less constrained program. Season of KDE is managed by the same team of admins and mentors that takes care of Google Summer of Code and Google Code-in matters for KDE, with the same level of quality and care." The student application deadline is October 31. The mentor application deadline is November 5.

SUSE Linux Enterprise 12 Now Available

Monday 27th of October 2014 05:50:47 PM
SUSE has announced the release of SUSE Linux Enterprise 12. "New products based on SUSE Linux Enterprise 12 feature enhancements that more readily enable system uptime, improve operational efficiency and accelerate innovation. The foundation for all SUSE data center operating systems and extensions, SUSE Linux Enterprise meets the performance requirements of data centers with mixed IT environments, while reducing the risk of technological obsolescence and vendor lock-in." SUSE Linux Enterprise Server is available for x86_64, IBM Power Systems, and IBM System z.

Security advisories for Monday

Monday 27th of October 2014 03:33:48 PM

Debian has updated libtasn1-3 (multiple vulnerabilities) and libxml2 (denial of service).

Fedora has updated sysklogd (F20; F19: denial of service).

Mageia has updated drupal (SQL injection), firefox, thunderbird (multiple vulnerabilities), java-1.7.0-openjdk (multiple vulnerabilities), mariadb (multiple vulnerabilities), and pidgin (multiple vulnerabilities).

Ubuntu has updated libxml2 (14.04, 12.04, 10.04: denial of service).

Qubes OS release 2 available

Monday 27th of October 2014 01:09:09 PM
Release 2 of the Qubes OS secure desktop system is available. The biggest change, perhaps, is support for "fully virtualized AppVMs"; these allow running any operating system in a fully virtualized mode under Qubes. Other additions include secure audio input to AppVMs (allowing Skype to be run in a sandbox, evidently), policy control over the clipboard, an improved secure backup infrastructure, improved hardware support, and more.

Kernel prepatch 3.18-rc2

Monday 27th of October 2014 10:11:04 AM
The second 3.18 prepatch is available for testing. "I had hoped that the rc1 release would mean that a few stragglers would quickly surface, and then the rest of the rc would be more normal. But no, I had straggling merge-window pull requests come in all week, and rc2 is bigger than I'd like." Perhaps the most significant of those requests was for the overlayfs union filesystem, which has finally been merged after years of trying.

Taiga, a new open source project management tool with focus on usability (Opensource.com)

Friday 24th of October 2014 07:50:18 PM
Opensource.com takes a look at the Taiga project management tool. "It started with the team at Kaleidos, a Madrid-based company that builds software for both large corporations and startups. Though much of their time is spent working for clients, several times a year they break off for their own Personal Innovation Weeks (ΠWEEK). These are weeklong hack-a-thons dedicated to personal improvement and prototyping internal ideas of all sorts. While there, they unanimously decided to solve the biggest of their own problems: project management. Taiga was born, and by early 2014, the team at Kaleidos was already using Taiga for all their internal projects. Taiga Agile, LLC was formed in February 2014 to give the project a formal structure, and the source code was made available at GitHub."

More in Tux Machines

China starts Windows wipe-out, switches to Linux

China is presently in a situation to completely eradicate Windows from the country. Though this is not immediately possible, the map to wipe-out the Windows operating system from every computer is planned over a period of a few years from now. According to a report on SoftPedia, China has planned to move away from Microsoft Windows completely. Recently, China had announced the ban of Windows 8 in the country accusing Microsoft of spying the China government and businesses via the operating system. China has made it mandatory to all organizations to switch from the Microsoft Windows operating system to a locally developed operating system based on Linux. China believes that by the year 2020, they will successfully eradicate Windows and would have an already switched to a more powerful and secure operating system of their own. Read more

Simplicity Linux 14.10 is now available to download!

Simplicity Linux 14.10 is now available for everyone to download. It uses the 3.15.4 kernel. Netbook and Desktop Editions both use LXDE as the desktop environment, and X Edition uses KDE 4.12.3. The download links are as follows: Read more

Free-software pioneer says it's all about liberty

When it comes to code that runs a computer or a program, Richard Stallman believes it should be free. Not only at no cost to the user, but unshackled and independent. To Stallman, it is a matter of liberty, not price. “We say free software as in ‘free speech’ not ‘free beer,’” Stallman said. The computer programmer and activist shared his views, which earned him the MacArthur “Genius Grant,” during a presentation at Weber State University on Thursday. Read more

Samsung fires another shot at Microsoft in Android patent battle

This move came as no surprise to lawyers who've been following the case. One intellectual property (IP) attorney whose firm is covering the case closely said that Samsung is simply adding another argument to their contention that their existing Microsoft Android patent deal is invalid on business contract grounds. According to Reuters, Samsung said it agreed to pay Microsoft Android patent license royalties in 2011, but the deal also stated that Samsung would develop Windows phones and share confidential business information with Microsoft. If Samsung were to sell a certain number of Windows phones, then Microsoft would reduce the Android royalty payments. Read more