Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 5 hours 40 min ago

Thursday's security advisories

Thursday 6th of October 2016 03:21:33 PM

Debian has updated nspr (code execution) and nss (multiple vulnerabilities, some from 2015).

Debian-LTS has updated bind9 (two denial of service flaws), freeimage (code execution), and zendframework (SQL injection).

Fedora has updated c-ares (F24: code execution).

openSUSE has updated ffmpeg (42.1: not well specified), postgresql94 (42.1: two vulnerabilities), and python-Jinja2 (13.2: privilege escalation from 2014).

Scientific Linux has updated kernel (SL6: two vulnerabilities).

SUSE has updated openssl (SLE11: multiple vulnerabilities), php53 (SLE11SP4; SLE11SP2: multiple vulnerabilities), and php7 (SLE12: multiple vulnerabilities).

Ubuntu has updated ntp (16.04, 14.04, 12.04: multiple vulnerabilities, many from 2015).

[$] Weekly Edition for October 6, 2016

Thursday 6th of October 2016 12:00:50 AM
The Weekly Edition for October 6, 2016 is available.

FontForge release

Wednesday 5th of October 2016 08:48:07 PM
There's a new release of FontForge available. "This release introduces a new icon set, new functionality for custom icon selection graphics, support for GlyphOrderAndAliasDB files, and support for Unicode 9.0."

Security advisories for Wednesday

Wednesday 5th of October 2016 04:06:41 PM

CentOS has updated kernel (C6: two vulnerabilities).

Debian has updated icedove (multiple vulnerabilities) and libav (multiple vulnerabilities).

Debian-LTS has updated libav (multiple vulnerabilities).

Fedora has updated gd (F23: denial of service) and links (F24; F23: anonymity leak).

openSUSE has updated flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso (Leap42.1: buffer overflow), mariadb (Leap42.1: SQL injection/privilege escalation), and php5 (Leap42.1: multiple vulnerabilities).

Oracle has updated kernel (OL6: three vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and kernel (RHEL6: two vulnerabilities).

Scientific Linux has updated thunderbird (SL5,6,7: multiple vulnerabilities).

Ubuntu has updated php5, php7.0 (multiple vulnerabilities).

MOSS supports four more open source projects

Tuesday 4th of October 2016 09:35:19 PM
The Mozilla Open Source Support (MOSS) program has awarded $300,000 to four projects this quarter. "On the Foundational Technology track, we awarded $100,000 to Redash, a tool for building visualizations of data for better decision-making within organizations, and $50,000 to Review Board, software for doing web-based source code review. Both of these pieces of software are in heavy use at Mozilla. We also awarded $100,000 to Kea, the successor to the venerable ISC DHCP codebase, which deals with allocation of IP addresses on a network. Mozilla uses ISC DHCP, which makes funding its replacement a natural move even though we haven’t deployed it yet. On the Mission Partners track, we awarded $56,000 to Speech Rule Engine, a code library which converts mathematical markup into vocalised form (speech) for the sight-impaired, allowing them to fully appreciate mathematical and scientific content on the web." (Thanks to Paul Wise)

Plasma 5.8 LTS is out

Tuesday 4th of October 2016 08:24:53 PM
KDE has released Plasma 5.8. "This marks the point where the developers and designers are happy to recommend Plasma for the widest possible audience be they enterprise or non-techy home users. If you tried a KDE desktop previously and have moved away, now is the time to re-assess, Plasma is simple by default, powerful when needed." Plasma 5.8 is KDE's first Long Term Support release. The changelog has the details.

Mageia thanks long time contributor and friend

Tuesday 4th of October 2016 04:35:03 PM
The Mageia project remembers Thomas Spuhler who died in September. "Thomas had been contributing to Mageia, and Mandriva before that, since 2009 as a packager, and much earlier already partaking in email discussions and bug reports. His packaging interests were mostly web and server-related components, for which his contributions were invaluable. He had to step back from his Mageia responsibilities in early August due to his health condition."

Tuesday's security advisories

Tuesday 4th of October 2016 03:58:51 PM

Arch Linux has updated hostapd (two vulnerabilities) and systemd (denial of service).

CentOS has updated thunderbird (C7; C6; C5: code execution).

Debian has updated libdbd-mysql-perl (denial of service).

Fedora has updated bind99 (F24: denial of service), mariadb (F23: SQL injection/privilege escalation), and mongodb (F23: information disclosure).

Mageia has updated bind (denial of service), chromium-browser-stable (multiple vulnerabilities), freerdp (denial of service), libcryptopp (information disclosure), and python-django (cross-site request forgery).

openSUSE has updated chromium (Leap42.1, 13.2; SPH for SLE12: multiple vulnerabilities), glibc (13.2: denial of service), and php5 (13.2: multiple vulnerabilities).

Oracle has updated thunderbird (OL7; OL6: code execution).

Red Hat has updated thunderbird (RHEL5,6,7: code execution).

SUSE has updated firefox (SLE12-SP1; SLE11-SP2: multiple vulnerabilities).

Two Arduinos become one (Arduino Blog)

Monday 3rd of October 2016 06:09:51 PM
The schism between two Arduino companies (that we covered in March 2015) has apparently been settled. The poster child for the open hardware movement is now under one company "Arduino Holding" and a new not-for-profit Arduino Foundation has been started. "Massimo Banzi, Co-Founder of Arduino LLC, commented, 'Today is one of the best days in Arduino history. This allows us to start a new course for Arduino made of constructive dialogue and disruptive innovation in the education, Makers and IoT fields. The Arduino Foundation will allow us to champion the core values of the Arduino Community within the open-source ecosystem and to make our commitment to open-source stronger than ever. This is really a new beginning for Arduino!'" (Thanks to Paul Wise.)

Security updates for Monday

Monday 3rd of October 2016 05:38:41 PM

Debian has updated c-ares (code execution), chromium-browser (MV), and wordpress (regression in previous security update).

Debian-LTS has updated ruby-activerecord-3.2 (access restriction bypass).

Fedora has updated bash (F24: code execution), bind (F24: denial of service), community-mysql (F23: unspecified), nodejs-tough-cookie (F23: denial of service), openjpeg2 (F24: denial of service), openssh (F24: null pointer dereference), pdns (F23: denial of service), and systemd (F24: denial of service).

Scientific Linux has updated python-twisted-web (SL7&6: HTTP proxy redirect).

Slackware has updated thunderbird (unspecified).

Ubuntu has updated pillow (14.04: regression in previous security update).

The 4.8 kernel has been released

Monday 3rd of October 2016 01:04:23 AM
Linus Torvalds has announced the availability of the 4.8 kernel: "So the last week was really quiet, which maybe means that I could probably just have skipped rc8 after all. Oh well, no real harm done." Some of the headline changes in this release include support for transparent huge pages in the tmpfs filesystem, a new formatted documentation subsystem and a number of documentation changes to match, a new timeout subsystem that should address the latency problems experienced by its predecessor, continued work on the express data path for high-performance network routing, build-system improvements allowing the use of GCC plugins, the hardened usercopy security work, and much more. The KernelNewbies 4.8 page is still under construction as of this writing, but should contain lots of details in the near future.

[$] Why kernel development still uses email

Saturday 1st of October 2016 09:19:09 PM
In a world full of fancy development tools and sites, the kernel project's dependence on email and mailing lists can seem quaintly dated, if not positively prehistoric. But, as Greg Kroah-Hartman pointed out in a Kernel Recipes talk titled "Patches carved into stone tablets", there are some good reasons for the kernel community's choices. Rather than being a holdover from an older era, email remains the best way to manage a project as large as the kernel.

Varda: The Mysterious Fiber Bomb Problem: A Debugging Story

Friday 30th of September 2016 10:58:08 PM
Over at the Sandstorm Blog, project founder Kenton Varda relates a debugging war story. Sandstorm web servers would mysteriously peg the CPU around once a week, slowing request processing to a crawl, seemingly at random. "Obviously, we needed to take a CPU profile while the bug was in progress. Of course, the bug only reproduced in production, therefore we’d have to take our profile in production. This ruled out any profiling technology that would harm performance at other times – so, no instrumented binaries. We’d need a sampling profiler that could run on an existing process on-demand. And it would have to understand both C++ and V8 Javascript. (This last requirement ruled out my personal favorite profiler, pprof from google-perftools.) Luckily, it turns out there is a correct modern answer: Linux’s “perf” tool. This is a sampling profiler that relies on Linux kernel APIs, thus not requiring loading any code into the target binary at all, at least for C/C++. And for Javascript, it turns out V8 has built-in support for generating a “perf map”, which tells the tool how to map JITed code locations back to Javascript source: just pass the --perf_basic_prof_only_functions flag on the Node command-line. This flag is safe in production – it writes some data to disk over time, but we rebuild all our VMs weekly, so the files never get large enough to be a problem."

Friday's security advisories

Friday 30th of September 2016 05:58:53 PM

Arch Linux has updated c-ares (code execution) and wordpress (multiple vulnerabilities).

CentOS has updated python-twisted-web (C7; C6: HTTP proxy redirect).

Debian has updated wordpress (multiple vulnerabilities).

Debian-LTS has updated chicken (two vulnerabilities), firefox-esr (regression in previous security update), icedove (multiple vulnerabilities), and ruby-activesupport-3.2 (access restriction bypass).

Fedora has updated curl (F23: code execution) and php-adodb (F24; F23: SQL injection).

openSUSE has updated libgcrypt (42.1: flawed random number generation), openjpeg (42.1: denial of service), and postgresql93 (13.2: two vulnerabilities).

Oracle has updated python-twisted-web (OL7; OL6: HTTP proxy redirect).

Red Hat has updated python-twisted-web (RHEL7&6: HTTP proxy redirect).

SUSE has updated pidgin (SLE11: multiple vulnerabilities) and postgresql94 (SLE11: two vulnerabilities).

Stable kernels 4.7.6 and 4.4.23

Friday 30th of September 2016 09:17:41 AM
Greg Kroah-Hartman has released the 4.7.6 and 4.4.23 stable kernels with the usual set of important fixes.

Security updates for Thursday

Thursday 29th of September 2016 06:39:57 PM

CentOS has updated bind (C7; C6; C5: denial of service), bind97 (C5: denial of service), kvm (C5: two vulnerabilities), and openssl (C7; C6: multiple vulnerabilities).

Fedora has updated vfrnav (F24: unspecified).

Oracle has updated bind (OL7; OL6; OL5: denial of service) and bind97 (OL5: denial of service).

Scientific Linux has updated bind (denial of service), bind97 (SL5: denial of service), kvm (SL5: two vulnerabilities), and openssl (SL7&6: multiple vulnerabilities).

SUSE has updated postgresql93 (SLE12: two vulnerabilities) and postgresql94 (SLE12: two vulnerabilities).

Ubuntu has updated clamav (16.04, 14.04, 12.04: three code execution flaws), samba (16.04, 14.04: crypto downgrade), and systemd (16.04: denial of service).

Qubes OS 3.2 released

Thursday 29th of September 2016 02:20:53 PM
Version 3.2 of the Qubes OS distribution is available. "This is an incremental improvement over the 3.1 version that we released earlier this year. A lot of work went into making this release more polished, more stable and easier to use than our previous releases." Changes include a new management infrastructure, the ability to assign individual USB devices to virtual machines and a switch to the Xfce4 desktop. See the release notes for details.

PostgreSQL 9.6 released

Thursday 29th of September 2016 02:04:31 PM
The PostgreSQL 9.6 release is available. "This release will allow users to both scale up and scale out high performance database workloads. New features include parallel query, synchronous replication improvements, phrase search, and improvements to performance and usability, as well as many more features." See the announcement text and the release notes for more information.

[$] Weekly Edition for September 29, 2016

Thursday 29th of September 2016 01:12:29 AM
The Weekly Edition for September 29, 2016 is available.

Debian Project mourns the loss of Kristoffer H. Rose

Wednesday 28th of September 2016 04:27:21 PM
Ana Guerrero Lopez sadly reports that Kristoffer H. Rose died on September 17. "Kristoffer was a Debian contributor from the very early days of the project, and the upstream author of several packages that are still in the Debian archive nowadays, such as the LaTeX package Xy-pic and FlexML. On his return to the project after several years' absence, many of us had the pleasure of meeting Kristoffer during DebConf15 in Heidelberg. The Debian Project honours his good work and strong dedication to Debian and Free Software. Kristoffer's broad technical knowledge and his ability to share that knowledge with others will be missed. The contributions of Kristoffer will not be forgotten, and the high standards of his work will continue to serve as an inspiration to others."

More in Tux Machines

Today and Yesterday in Techrights

Plasma 5.8.2, Applications 16.08.2 and Frameworks 5.27.0 available in Chakra

The latest updates for KDE's Plasma, Applications and Frameworks series are now available to all Chakra users. The Plasma 5.8.2 release provides additional bugfixes to the many new features and changes that were introduced in 5.8.0 aimed at enhancing users' experience: Read more

Yocto driven camera design taps octa-core Snapdragon

Qualcomm and Thundercomm unveiled a Linux-supported, 4K camera reference design with an octa-core Snapdragon 625 and video analytics software. Qualcomm and hardware partner Thundercomm Technology announced an IP Connected Camera reference design called the Snapdragon 625 IP Camera built around its 14nm-fabricated, octa-core Cortex-A53 Snapdragon 625 system-on-chip. This is Qualcomm’s first Connected Camera design to support Linux instead of Android. Read more