Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 2 hours 47 min ago

Security updates for Monday

Monday 3rd of October 2016 05:38:41 PM

Debian has updated c-ares (code execution), chromium-browser (MV), and wordpress (regression in previous security update).

Debian-LTS has updated ruby-activerecord-3.2 (access restriction bypass).

Fedora has updated bash (F24: code execution), bind (F24: denial of service), community-mysql (F23: unspecified), nodejs-tough-cookie (F23: denial of service), openjpeg2 (F24: denial of service), openssh (F24: null pointer dereference), pdns (F23: denial of service), and systemd (F24: denial of service).

Scientific Linux has updated python-twisted-web (SL7&6: HTTP proxy redirect).

Slackware has updated thunderbird (unspecified).

Ubuntu has updated pillow (14.04: regression in previous security update).

The 4.8 kernel has been released

Monday 3rd of October 2016 01:04:23 AM
Linus Torvalds has announced the availability of the 4.8 kernel: "So the last week was really quiet, which maybe means that I could probably just have skipped rc8 after all. Oh well, no real harm done." Some of the headline changes in this release include support for transparent huge pages in the tmpfs filesystem, a new formatted documentation subsystem and a number of documentation changes to match, a new timeout subsystem that should address the latency problems experienced by its predecessor, continued work on the express data path for high-performance network routing, build-system improvements allowing the use of GCC plugins, the hardened usercopy security work, and much more. The KernelNewbies 4.8 page is still under construction as of this writing, but should contain lots of details in the near future.

[$] Why kernel development still uses email

Saturday 1st of October 2016 09:19:09 PM
In a world full of fancy development tools and sites, the kernel project's dependence on email and mailing lists can seem quaintly dated, if not positively prehistoric. But, as Greg Kroah-Hartman pointed out in a Kernel Recipes talk titled "Patches carved into stone tablets", there are some good reasons for the kernel community's choices. Rather than being a holdover from an older era, email remains the best way to manage a project as large as the kernel.

Varda: The Mysterious Fiber Bomb Problem: A Debugging Story

Friday 30th of September 2016 10:58:08 PM
Over at the Sandstorm Blog, project founder Kenton Varda relates a debugging war story. Sandstorm web servers would mysteriously peg the CPU around once a week, slowing request processing to a crawl, seemingly at random. "Obviously, we needed to take a CPU profile while the bug was in progress. Of course, the bug only reproduced in production, therefore we’d have to take our profile in production. This ruled out any profiling technology that would harm performance at other times – so, no instrumented binaries. We’d need a sampling profiler that could run on an existing process on-demand. And it would have to understand both C++ and V8 Javascript. (This last requirement ruled out my personal favorite profiler, pprof from google-perftools.) Luckily, it turns out there is a correct modern answer: Linux’s “perf” tool. This is a sampling profiler that relies on Linux kernel APIs, thus not requiring loading any code into the target binary at all, at least for C/C++. And for Javascript, it turns out V8 has built-in support for generating a “perf map”, which tells the tool how to map JITed code locations back to Javascript source: just pass the --perf_basic_prof_only_functions flag on the Node command-line. This flag is safe in production – it writes some data to disk over time, but we rebuild all our VMs weekly, so the files never get large enough to be a problem."

Friday's security advisories

Friday 30th of September 2016 05:58:53 PM

Arch Linux has updated c-ares (code execution) and wordpress (multiple vulnerabilities).

CentOS has updated python-twisted-web (C7; C6: HTTP proxy redirect).

Debian has updated wordpress (multiple vulnerabilities).

Debian-LTS has updated chicken (two vulnerabilities), firefox-esr (regression in previous security update), icedove (multiple vulnerabilities), and ruby-activesupport-3.2 (access restriction bypass).

Fedora has updated curl (F23: code execution) and php-adodb (F24; F23: SQL injection).

openSUSE has updated libgcrypt (42.1: flawed random number generation), openjpeg (42.1: denial of service), and postgresql93 (13.2: two vulnerabilities).

Oracle has updated python-twisted-web (OL7; OL6: HTTP proxy redirect).

Red Hat has updated python-twisted-web (RHEL7&6: HTTP proxy redirect).

SUSE has updated pidgin (SLE11: multiple vulnerabilities) and postgresql94 (SLE11: two vulnerabilities).

Stable kernels 4.7.6 and 4.4.23

Friday 30th of September 2016 09:17:41 AM
Greg Kroah-Hartman has released the 4.7.6 and 4.4.23 stable kernels with the usual set of important fixes.

Security updates for Thursday

Thursday 29th of September 2016 06:39:57 PM

CentOS has updated bind (C7; C6; C5: denial of service), bind97 (C5: denial of service), kvm (C5: two vulnerabilities), and openssl (C7; C6: multiple vulnerabilities).

Fedora has updated vfrnav (F24: unspecified).

Oracle has updated bind (OL7; OL6; OL5: denial of service) and bind97 (OL5: denial of service).

Scientific Linux has updated bind (denial of service), bind97 (SL5: denial of service), kvm (SL5: two vulnerabilities), and openssl (SL7&6: multiple vulnerabilities).

SUSE has updated postgresql93 (SLE12: two vulnerabilities) and postgresql94 (SLE12: two vulnerabilities).

Ubuntu has updated clamav (16.04, 14.04, 12.04: three code execution flaws), samba (16.04, 14.04: crypto downgrade), and systemd (16.04: denial of service).

Qubes OS 3.2 released

Thursday 29th of September 2016 02:20:53 PM
Version 3.2 of the Qubes OS distribution is available. "This is an incremental improvement over the 3.1 version that we released earlier this year. A lot of work went into making this release more polished, more stable and easier to use than our previous releases." Changes include a new management infrastructure, the ability to assign individual USB devices to virtual machines and a switch to the Xfce4 desktop. See the release notes for details.

PostgreSQL 9.6 released

Thursday 29th of September 2016 02:04:31 PM
The PostgreSQL 9.6 release is available. "This release will allow users to both scale up and scale out high performance database workloads. New features include parallel query, synchronous replication improvements, phrase search, and improvements to performance and usability, as well as many more features." See the announcement text and the release notes for more information.

More in Tux Machines

Linux and the Imaginary New User

Linux has always had a reputation for being difficult to use. Consequently, when developers began improving users interfaces, they concentrated on what they imagined that new users needed. They rarely had the actual opportunity to observe new users, but the new user they imagined became a standard figure among developers, often surviving to this day. Yet after observing this habit for over a decade, I wonder more than ever if the imaginary new user still exists, or ever existed at all. I suspect, too, that the emphasis on this figure has been a detriment to other types of users. Read more

TheSSS 20.0 Server-Oriented Linux Distro Ships with Linux Kernel 4.4.17, PHP 5.6

4MLinux developer Zbigniew Konojacki informs Softpedia today, October 26, 2016, about the release and immediate availability of version 20.0 of his server-oriented TheSSS (The Smallest Server Suite) GNU/Linux distribution. Read more

Ubuntu 17.04 (Zesty Zapus) Daily Build ISO Images Are Now Available for Download

Now that the upcoming Ubuntu 17.04 (Zesty Zapus) operating system is officially open for development, the first daily build ISO images have published in the usual places for early adopters and public testers. Read more

Today in Techrights