Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 48 min ago

Fresh stable kernels

Wednesday 1st of June 2016 10:22:13 PM
Greg KH has released stable kernels 4.6.1, 4.5.6, 4.4.12, and 3.14.71. All of them contain important fixes.

Announcing the Open Source License API

Wednesday 1st of June 2016 06:46:32 PM
The Open Source Initiative (OSI) has announced the Open Source License API, to "allow third parties to become license-aware, and give organizations the ability to clearly determine if a license is, in fact, an Open Source license, from the authoritative source regarding Open Source licenses, the OSI."

The CoreOS "Torus" distributed storage system

Wednesday 1st of June 2016 05:33:11 PM
CoreOS has announced a new project called Torus which is creating a distributed storage system for containers. "At its core, Torus is a library with an interface that appears as a traditional file, allowing for storage manipulation through well-understood basic file operations. Coordinated and checkpointed through etcd’s consensus process, this distributed file can be exposed to user applications in multiple ways. Today, Torus supports exposing this file as block-oriented storage via a Network Block Device (NBD). We also expect that in the future other storage systems, such as object storage, will be built on top of Torus as collections of these distributed files, coordinated by etcd." The project is quite young, and the current release is a "prototype version."

Security advisories for Wednesday

Wednesday 1st of June 2016 04:39:52 PM

Debian has updated chromium-browser (multiple vulnerabilities) and imagemagick (command execution).

Debian-LTS has updated php5 (multiple vulnerabilities) and ruby-activemodel-3.2 (validation bypass).

openSUSE has updated dosfstools (Leap42.1, 13.2: two vulnerabilities), gdk-pixbuf (Leap42.1: three vulnerabilities), libarchive (13.2: code execution), openssh (Leap42.1: three vulnerabilities), p7zip (13.2: code execution), putty (Leap42.1, 13.2: code execution), and virtualbox (Leap42.1; 13.2: unspecified).

Oracle has updated ntp (OL7; OL6: multiple vulnerabilities), openssl (OL5: multiple vulnerabilities), squid (OL7; OL6: multiple vulnerabilities), and squid34 (OL6: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities).

Scientific Linux has updated openssl (SL5: code execution).

SUSE has updated cyrus-imapd (SLES12-SP1; SLE11-SP4: multiple vulnerabilities) and java-1_6_0-ibm (SLEM for LS12: multiple vulnerabilities).

Ubuntu has updated dosfstools (two vulnerabilities), kernel (14.04: multiple vulnerabilities), libgd2 (multiple vulnerabilities), and lxd (16.04, 15.10: two vulnerabilities).

Tor Browser 6.0 is released

Tuesday 31st of May 2016 10:27:32 PM
The Tor Browser Team has announced the release of Tor browser 6.0. This release brings the browser up-to-date with Firefox 45-ESR, which provides better support for HTML5 video on Youtube, as well as a host of other improvements. DuckDuckGo is now the default search engine. "Lately, we got a couple of comments on our blog and via email wondering why we are now using DuckDuckGo as the default search engine and not Disconnect anymore. Well, we still use Disconnect. But for a while now Disconnect has no access to Google search results anymore which we used in Tor Browser. Disconnect being more a meta search engine which allows users to choose between different search providers fell back to delivering Bing search results which were basically unacceptable quality-wise. While Disconnect is still trying to fix the situation we asked them to change the fallback to DuckDuckGo as their search results are strictly better than the ones Bing delivers."

Security updates for Tuesday

Tuesday 31st of May 2016 06:47:44 PM

Arch Linux has updated chromium (multiple vulnerabilities).

CentOS has updated ntp (C7; C6: multiple vulnerabilities), openssl (C5: code execution), squid (C7; C6: multiple vulnerabilities), and squid34 (C6: multiple vulnerabilities).

Debian has updated gdk-pixbuf (two vulnerabilities) and symfony (two vulnerabilities).

Debian-LTS has updated eglibc (multiple vulnerabilities), libtasn1-3 (denial of service), openafs (multiple vulnerabilities), pdns (insecure database permissions), phpmyadmin (regression in previous update), postgresql-9.1 (multiple vulnerabilities), ruby-activerecord-3.2 (restriction bypass), and wireshark (multiple vulnerabilities).

Fedora has updated bugzilla (F23; F22: cross-site scripting), kf5-kinit (F23: insecure permissions), libarchive (F22: code execution), libimobiledevice (F23: sockets listening on INADDR_ANY), libusbmuxd (F23: sockets listening on INADDR_ANY), php (F23: two vulnerabilities), qemu (F23: multiple vulnerabilities), webkitgtk4 (F23: two vulnerabilities), and xen (F23; F22: privilege escalation).

Gentoo has updated libfpx (denial of service), nss (multiple vulnerabilities), pam (multiple vulnerabilities), and rsync (multiple vulnerabilities).

Mageia has updated botan (two vulnerabilities), docker (privilege escalation), mediawiki (multiple vulnerabilities), and phpmyadmin (cross-site scripting).

openSUSE has updated Chromium (SPH for SLE12; Leap42.1: multiple vulnerabilities), expat (13.2: two vulnerabilities), libxml2 (13.2: two vulnerabilities), libxslt (13.2: denial of service), phpMyAdmin (Leap42.1, 13.2: cross-site scripting), redis (Leap42.1, 13.2: denial of service), and samba (13.2: man-in-the-middle attack).

Red Hat has updated ntp (RHEL6,7: multiple vulnerabilities), openssl (RHEL5: code execution), python27 (RHSCL2.2: multiple vulnerabilities), squid (RHEL7; RHEL6: multiple vulnerabilities), and squid34 (RHEL6: multiple vulnerabilities).

Slackware has updated imagemagick (shell vulnerability), libxml2 (three vulnerabilities), libxslt (denial of service), thunderbird (multiple vulnerabilities), and php (multiple vulnerabilities).

SUSE has updated Xen (SLES10-SP4: multiple vulnerabilities).

Rutkowska: Security challenges for the Qubes build process

Tuesday 31st of May 2016 03:14:17 PM
Qubes founder Joanna Rutkowska writes about how Qubes works to avoid building compromised software into its distribution. "Ultimately, we would like to introduce a multiple-signature scheme, in which several developers (from different countries, social circles, etc.) can sign Qubes-produced binaries and ISOs. Then, an adversary would have to compromise all the build locations in order to get backdoored versions signed. For this to happen, we need to make the build process deterministic (i.e. reproducible). Yet, this task still seems to be years ahead of us."

Krita 3.0 released

Tuesday 31st of May 2016 01:47:37 PM
Version 3.0 of the Krita painting application has been released. "Wrapping up a year of work, this is a really big release: animation support integrated into Krita’s core, Instant Preview for better performance painting and drawing with big brushes on big canvases, ported to the latest version of the Qt platform and too many bigger and smaller new features and improvements to mention!".

Kernel prepatch 4.7-rc1

Monday 30th of May 2016 04:49:11 PM
Linus has released 4.7-rc1 and closed the merge window for this release, saying "this time around we have a fairly big change to the vfs layer that allows filesystems (if they buy into it) to do readdir() and path component lookup in parallel within the same directory. That's probably the biggest conceptual vfs change we've had since we started doing cached pathname lookups using RCU." The code name has been changed to "Psychotic Stoned Sheep."

More in Tux Machines

today's howtos

KaOS 2016.06 Moves the Distro to Linux Kernel 4.6, Adds Full-Disk Encryption

The developers of the KaOS Linux operating system have had the great pleasure of announcing the release and immediate availability for download of the KaOS 2016.06 ISO image with some very exciting goodies. First and foremost, the devs have decided to move the distribution from the long-term supported Linux 4.4 kernel series to Linux kernel 4.6, which makes it possible to fully automate the early microcode update. Furthermore, the default desktop environment has been migrated to the Beta of the upcoming KDE Plasma 5.7. Read more

Tiny Core Linux 7.2 Enters Development, First Release Candidate Is Out Now

The developers of one of the smallest GNU/Linux operating systems, Tiny Core, have announced that the next point release in the Tiny Core Linux 7 series, version 7.2, is now open for development. Tiny Core Linux 7.2 RC1 (Release Candidate 1) has been released today, June 25, 2016, and it lets early adopters and public testers get an early taste of what's coming to the final Tiny Core Linux 7.2 operating system in the coming weeks. Read more

Huawei CEO: Will keep using Android as long as it's open

He made the said comment in a Weibo post, where-in he also noted that Google's mobile OS has promoted the development of smartphones, which in turn has benefited consumers. Interestingly, he didn't say anything about whether or not Huawei is developing an in-house mobile OS - said to be called Kirin OS. His silence on the matter, though, can be taken as a confirmation of sorts, especially when his comment reflects the possibility of Google restricting the companies’ freedom with Android in future. Read more Also: Huawei CEO Comments On Rumors about its Independent OS