Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 48 min ago

Security advisories for Monday

Monday 10th of August 2015 04:52:12 PM

CentOS has updated firefox (C7; C6; C5: information leak).

Debian has updated activemq (denial of service) and opensaml2 (problem with previous update).

Debian-LTS has updated xmltooling (denial of service).

Fedora has updated community-mysql (F22; F21: unspecified vulnerabilities) and firefox (F22; F21: information leak).

Mageia has updated cacti (MG4,5: multiple vulnerabilities), firefox (MG4,5: information leak), ghostscript (MG4,5: buffer overflow), libunwind (MG4,5: buffer overflow), lxc (MG5: two vulnerabilities), and wordpress (MG4: multiple vulnerabilities).

Oracle has updated firefox (OL7; OL6; OL5: information leak).

Red Hat has updated firefox (RHEL5,6,7: information leak).

Scientific Linux has updated firefox (SL5,6,7: information leak).

Slackware has updated firefox (information leak) and nss (information leak).

Kernel prepatch 4.2-rc6

Sunday 9th of August 2015 09:45:52 PM
The 4.2-rc6 kernel prepatch is out. Linus says: "So last week I wasn't very happy about the state of the release candidates, but things are looking up. Not only is rc6 finally shrinking noticeably, the issues I was worried about had fixes come in early in the week, and so I don't have anything big pending. Assuming nothing new comes up, I suspect we will end up with the regular release schedule after all (ie in two weeks). Knock wood."

Ubuntu 14.04.3 LTS released

Friday 7th of August 2015 11:04:57 PM
The third update to the 14.04 Long Term Support release is available for Desktop, Server, Cloud, and Core products, as well as other flavors of Ubuntu with long-term support. "We have expanded our hardware enablement offering since 12.04, and with 14.04.3, this point release contains an updated kernel and X stack for new installations to support new hardware across all our supported architectures, not just x86."

Firefox 39.0.3 is out

Friday 7th of August 2015 09:29:38 PM
Firefox 39.0.3 has been released. This update contains exactly one change: a fix for the recently reported PDF vulnerability that is being actively exploited on the net.

CentOS Linux 6.7 released

Friday 7th of August 2015 07:03:26 PM
CentOS Linux 6.7 has been released for x86 and x86_64. "There are many fundamental changes in this release, compared with the past CentOS Linux 6 releases, and we highly recommend everyone study the upstream Release Notes as well as the upstream Technical Notes about the changes and how they might impact your installation. (See the 'Further Reading' section of the CentOS release notes."

Security updates for Friday

Friday 7th of August 2015 04:54:41 PM

Arch Linux has updated firefox (information leak) and wordpress (multiple vulnerabilities).

Debian has updated kernel (multiple vulnerabilities).

Debian-LTS has updated openssh (two vulnerabilities) and remind (buffer overflow).

Fedora has updated drupal6-cck (F22; F21: unspecified vulnerability), lighttpd (F22; F21: log injection), mantis (F22; F21: information disclosure), opensaml-java (F22; F21: missing host name verification), opensaml-java-openws (F22; F21: missing host name verification), and openstack-swift (F22: arbitrary object deletion).

Oracle has updated kernel 3.8.13 (OL7; OL6: information leak), kernel 2.6.39 (OL6; OL5: two vulnerabilities), and kernel 2.6.32 (OL6; OL5: two vulnerabilities).

Ubuntu has updated firefox (15.04, 14.04, 12.04: information leak) and openjdk-6 (12.04: multiple vulnerabilities).

Privacy Badger 1.0

Friday 7th of August 2015 11:54:01 AM
The Electronic Frontier Foundation has announced the 1.0 release of the Privacy Badger browser extension. "As you browse the Web, Privacy Badger looks at any third party domains that are loaded on a given site and determines whether or not they appear to be tracking you (e.g. by setting cookies that could be used for tracking, or fingerprinting your browser). If the same third party domain appears to be tracking you on three or more different websites, Privacy Badger will conclude that the third party domain is a tracker and block future connections to it." The extension is distributed under GPLv3; see this page for more information.

An active Firefox exploit

Friday 7th of August 2015 11:13:49 AM
Mozilla has posted a warning about a Firefox vulnerability that is currently being actively exploited on the net. "The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the 'same origin policy') and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files." There is a security update for the problem.

More in Tux Machines

The Linux Test Project has been released for September 2015

Good news everyone, the Linux Test Project test suite stable release for *September 2015* has been released. Since the last release 272 patches by 27 authors were merged. Notable changes are: * Network namespace testcases were rewritten from scratch * New user namespaces testcases * New testcases for various virtual network interfaces * New umount2() testcases (for UMOUNT_NOFOLLOW, MNT_EXPIRE and MNT_DETACH flags) * New open() testcase (for O_PATH flag) * New getrandom() testcases * New inotify, cpuset, futex_wake() and recvmsg() regression tests + The usual number of fixes and enhancements Read more

Smart touchscreen dev kit runs Android on quad-core i.MX6

Gateworks announced a 7-inch touchscreen Android development kit, with a quad-core i.MX6 SoC, GbE, WiFi, BT, GPS, USB, serial I/O, and dual mini-PCIe slots. The Gateworks “GW11036″ Embedded Android Development Kit is aimed at easing the process of developing smart touchscreen-interfaced systems for use in a wide range of applications, including those requiring extended temperature operation. The kit builds on the company’s GW5224 single board computer, adding a 7-inch, 1024 x 600-pixel TFT display, capacitive touchscreen, wireless modules, and a customized, microSD-bootable, Android KitKat operating system. Read more

13 Ways You Can Help Desktop Linux To Grow

This is the condition when there are over 300 Linux distributions with a number of them being desktop focused. Linux was (and still) considered to be the “geek only” zone with the biggest misconception that one need to know the command line to use Linux. Times have changed. Linux is a lot more user-friendly than what it used to be in late 90’s or early 2000. The chances for Linux to gain market share is now and you definitely could help in this cause. Read more

Today and Yesterday in Techrights