Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 44 min ago

Open Crypto Audit gives TrueCrypt a passing grade

Thursday 2nd of April 2015 07:17:42 PM

At his blog, cryptographer Matt Green announced that the Open Crypto Audit project's review of the now-abandoned TrueCrypt encryption tool is complete, and that "based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances." TrueCrypt was abruptly abandoned by its anonymous developers in 2014, leading some to suspect that a serious vulnerability had been discovered. The final Open Crypto Audit report [PDF] suggests otherwise, which is good news for users as well as for the multiple open-source projects that have subsequently developed TrueCrypt-compatibility support.

Thursday's security updates

Thursday 2nd of April 2015 02:26:23 PM

Arch Linux has updated chromium (multiple vulnerabilities).

CentOS has updated thunderbird (C5: multiple vulnerabilities).

Debian has updated iceweasel (multiple vulnerabilities).

Mandriva has updated flac (BS2: multiple vulnerabilities), graphviz (BS2: format-string vulnerability), owncloud (BS1; BS2: multiple vulnerabilities), and tor (BS1: denial of service).

openSUSE has updated php5 (13.1, 13.2: multiple vulnerabilities) and python-Django (13.2: multiple vulnerabilities).

Oracle has updated firefox (O5: multiple vulnerabilities) and thunderbird (O6; O7: multiple vulnerabilities).

Scientific Linux has updated thunderbird (multiple vulnerabilities).

SUSE has updated kernel (SLES11: multiple vulnerabilities).

Ubuntu has updated tiff (regression fix for previous update).

Django 1.8 released

Thursday 2nd of April 2015 09:04:21 AM
Version 1.8 of the Django web platform is out. "This version has been designated as a long-term support (LTS) release, which means that security and data loss fixes will be applied for at least the next three years." New features include support for multiple template engines, complex SQL expressions, some PostgreSQL-specific add-ons, and more; see the release notes for details.

[$] LWN.net Weekly Edition for April 2, 2015

Thursday 2nd of April 2015 12:39:51 AM
The LWN.net Weekly Edition for April 2, 2015 is available.

[$] XFS: There and back ... and there again?

Wednesday 1st of April 2015 06:43:45 PM
In a thought-provoking—and characteristically amusing—talk at the Vault conference, Dave Chinner looked at the history of XFS, its current status, and where the filesystem may be heading. In keeping with the title of the talk (shared by this article), he sees parallels in what drove the original development of XFS and what will be driving new filesystems. Chinner's vision of the future for today's filesystems, and not just of XFS, may be a bit surprising or controversial—possibly both.

Security advisories for Wednesday

Wednesday 1st of April 2015 05:31:59 PM

Arch Linux has updated firefox (multiple vulnerabilities).

CentOS has updated bind (C7: denial of service), firefox (C7: two vulnerabilities), firefox (C6; C5; C7: multiple vulnerabilities), xulrunner (C7: multiple vulnerabilities), flac (C7; C6: two vulnerabilities), freetype (C7: multiple vulnerabilities), ipa (C7: two vulnerabilities), slapi-nis (C7: two vulnerabilities), kernel (C7: two vulnerabilities), libxml2 (C7: denial of service), openssl (C7: multiple vulnerabilities), postgresql (C7: multiple vulnerabilities), setroubleshoot (C7: privilege escalation), thunderbird (C7; C7: multiple vulnerabilities), and unzip (C7: multiple vulnerabilities).

Debian has updated wireshark (multiple vulnerabilities).

Debian-LTS has updated freetype (many vulnerabilities).

Fedora has updated drupal7-entity (F21; F20: cross-site scripting) and php (F20: multiple vulnerabilities).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), owncloud (unspecified vulnerabilities), python-rope (code execution), and tor (denial of service).

Oracle has updated firefox (OL7; OL6: multiple vulnerabilities) and flac (OL7; OL6: two vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), flac (RHEL6,7: two vulnerabilities), and thunderbird (RHEL5,6,7: multiple vulnerabilities).

Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities) and flac (SL6,7: two vulnerabilities).

Ubuntu has updated firefox (14.10, 14.04, 12.04: multiple vulnerabilities), gnupg, gnupg2 (14.10, 14.04, 12.04, 10.04: multiple vulnerabilities), libgcrypt11, libgcrypt20 (14.10, 14.04, 12.04, 10.04: information leak), and tiff (14.10, 14.04, 12.04, 10.04: multiple vulnerabilities).

Firefox 37.0

Tuesday 31st of March 2015 08:24:05 PM
Firefox 37.0 has been released. This release features improved protection against site impersonation via OneCRL centralized certificate revocation, Bing search now uses HTTPS for secure searching, opportunistic encrypting of HTTP traffic where the server supports HTTP/2 AltSvc, and more. See the release notes for details.

Tuesday's security updates

Tuesday 31st of March 2015 04:16:12 PM

Arch Linux has updated musl (code execution).

Debian has updated openldap (multiple vulnerabilities).

Mandriva has updated dokuwiki (MBS1.0: multiple vulnerabilities) and phpmyadmin (MBS1.0: information leak).

openSUSE has updated gd (13.2, 13.1: denial of service) and seamonkey (13.2, 13.1: two vulnerabilities).

Oracle has updated libxml2 (OL7: denial of service) and postgresql (OL7; OL6: multiple vulnerabilities).

SUSE has updated firefox (SLE12: two vulnerabilities).

Ubuntu has updated jakarta-taglibs-standard (14.10, 14.04: code execution).

Kernel prepatch 4.0-rc6

Monday 30th of March 2015 07:43:47 PM
Linus has released 4.0-rc6 right on schedule. "Things are calming down nicely, and there are fixes all over. The NUMA balancing performance regression is fixed, and things are looking up again in general. There were a number of i915 issues and a KVM double-fault thing that meant that for a while there I was pretty sure that this would be a release that will go to rc8, but that may be unnecessary."

Security advisories for Monday

Monday 30th of March 2015 05:39:02 PM

CentOS has updated postgresql (C6: multiple vulnerabilities).

Debian has updated freexl (code execution).

Fedora has updated drupal6 (F21; F20: multiple vulnerabilities), drupal7 (F21; F20: multiple vulnerabilities), libssh2 (F20: information leak), mingw-xerces-c (F21; F20: denial of service), php (F21: multiple vulnerabilities), tcpdump (F21: multiple vulnerabilities), and xerces-c (F21; F20: denial of service).

Gentoo has updated busybox (multiple vulnerabilities).

Mandriva has updated apache-mod_wsgi (MBS2.0: privilege escalation), bash (MBS2.0: multiple vulnerabilities), bind (MBS2.0: denial of service), binutils (MBS2.0: multiple vulnerabilities), clamav (MBS2.0: multiple vulnerabilities), coreutils (MBS1.0, MBS2.0: code execution), ctags (MBS2.0: denial of service), ctdb (MBS2.0: insecure temporary files), dbus (MBS2.0: multiple vulnerabilities), drupal (MBS1.0: multiple vulnerabilities), ejabberd (MBS2.0: incorrectly allows unencrypted connections), erlang (MBS2.0: command injection), ffmpeg (MBS2.0: multiple vulnerabilities), firebird (MBS2.0: denial of service), freerdp (MBS2.0: two vulnerabilities), gcc (MBS2.0: code execution), git (MBS2.0: code execution), glibc (MBS2.0: multiple vulnerabilities), glpi (MBS2.0: multiple vulnerabilities), grub2 (MBS2.0: code execution), gtk+3.0 (MBS2.0: screen lock bypass), icu (MBS2.0: multiple vulnerabilities), ipython (MBS2.0: code execution), jasper (MBS2.0: multiple vulnerabilities), jython (MBS2.0: code execution), libarchive (MBS1.0, MBS2.0: directory traversal), libtiff (MBS1.0: multiple vulnerabilities), libxfont (MBS1.0: multiple vulnerabilities), setup (MBS2.0: information disclosure), tcpdump (MBS1.0: multiple vulnerabilities), and wireshark (MBS1.0: multiple vulnerabilities).

openSUSE has updated freetype2 (13.2, 13.1: many vulnerabilities), gnutls (13.2, 13.1: certificate algorithm consistency checking issue), and rubygem-bundler (13.2, 13.1: installs malicious gem files).

Red Hat has updated kernel-rt (RHE MRG for RHEL6: two vulnerabilities), libxml2 (RHEL7: denial of service), and postgresql (RHEL6, RHEL7: multiple vulnerabilities).

Scientific Linux has updated libxml2 (SL7: denial of service) and postgresql (SL6, SL7: multiple vulnerabilities).

More in Tux Machines

An open source, e-commerce friendly CMS

Developers Peter Ivanov, Alex Raikov, and I came up with the idea for Microweber about five years ago, when we were all having problems building sites with the existing solutions. Microweber aims to take the complexity out of building a website, online shop, or blog, through a combination of drag-and-drop UI and real-time, WYSIWYG site edits. From the beginning, it's been an open source project. The earliest versions were licensed under GPL, but we switched to Apache License version 2.0 to allow the developers to protect their work and have commercial merits. Read more

Change a Ton of Unity Features in Ubuntu 15.04 with Unsettings

Unsettings is a graphical configuration program that can be used to change a large number of Unity settings. A new update has been released and now Ubuntu 15.04 is also supported. Read more

What is open source? Licensing, history, and more

Another example of open source: You wouldn’t buy a car with the hood welded shut, so why do we buy proprietary software? If you can’t see what’s going on and see what’s happening under the hood then you’re stuck with the car exactly the way it is and that might not be so great. While some people are fine with that, computer geeks shouldn’t be. We should want to get in there and tinker with it. Read more

Weekend in Techrights

Threats to FOSS Patents Links