Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 2 min ago

Security advisories for Monday

Monday 27th of April 2015 05:18:43 PM

Arch Linux has updated curl (multiple vulnerabilities) and wpa_supplicant (code execution).

Debian has updated chromium-browser (multiple vulnerabilities), kernel (multiple vulnerabilities), libreoffice (code execution), openjdk-6 (multiple vulnerabilities), openjdk-7 (multiple vulnerabilities), and wpa (code execution).

Fedora has updated cherokee (F21; F20: authentication bypass), chrony (F20: multiple vulnerabilities), php (F20: multiple vulnerabilities), qt5-qtbase (F21; F20: multiple vulnerabilities), resteasy (F20: XML eXternal Entity (XXE) attacks), spatialite-tools (F20: multiple vulnerabilities), sqlite (F20: multiple vulnerabilities), wesnoth (F21; F20: information leak), wpa_supplicant (F21: code execution), and zarafa (F21; F20: denial of service).

Mageia has updated php (three vulnerabilities) and wordpress (multiple vulnerabilities).

Mandriva has updated asterisk (MBS1.0: SSL server spoofing), glusterfs (MBS2.0: denial of service), librsync (MBS1.0: file checksum collision), perl-Module-Signature (MBS1.0: multiple vulnerabilities), php (MBS1.0, MBS2.0: multiple vulnerabilities), qemu (MBS1.0, MBS2.0: denial of service), setup (MBS2.0: information disclosure), and tor (MBS1.0: denial of service).

openSUSE has updated java-1_7_0-openjdk (13.2: multiple vulnerabilities), java-1_8_0-openjdk (13.2: multiple vulnerabilities), and ntp (13.2, 13.1: two vulnerabilities).

Ubuntu has updated autofs (14.10: privilege escalation), libreoffice (14.10, 14.04, 12.04: two vulnerabilities), and tcpdump (14.10, 14.04, 12.04: multiple vulnerabilities).

Kernel prepatch 4.1-rc1

Monday 27th of April 2015 01:36:21 AM
The 4.1-rc1 prepatch is out. Linus says: "No earth-shattering new features come to mind, even if initial support for ACPI on arm64 looks funny. Depending on what you care about, your notion of 'big new feature' may differ from mine, of course. There's a lot of work all over, and some of it might just make a big difference to your use cases." What he doesn't mention is that, in the end, kdbus was not merged for this development cycle.

Debian 8 "Jessie" released

Sunday 26th of April 2015 03:42:49 AM
Debian 8, codenamed "Jessie", has been released. It comes with a wide array of upgraded packages including GNOME 3.14, KDE Plasma Workspaces and KDE Applications 4.11.13, Python 2.7.9 and 3.4.2, Perl 5.20.2, PHP 5.6.7, PostgreSQL 9.4.1, MariaDB 10.0.16 and MySQL 5.5.42, Linux 3.16.7-ctk9, and lots more. "With this broad selection of packages and its traditional wide architecture support, Debian once again stays true to its goal of being the universal operating system. It is suitable for many different use cases: from desktop systems to netbooks; from development servers to cluster systems; and for database, web, or storage servers. At the same time, additional quality assurance efforts like automatic installation and upgrade tests for all packages in Debian's archive ensure that "Jessie" fulfills the high expectations that users have of a stable Debian release."

Rust Once, Run Everywhere

Friday 24th of April 2015 07:24:39 PM

The Rust blog has posted a guide to using Rust's foreign function interface (FFI) with C code. Highlighted in particular are Rust's safe abstractions, which are said to impose no costs. "Most features in Rust tie into its core concept of ownership, and the FFI is no exception. When binding a C library in Rust you not only have the benefit of zero overhead, but you are also able to make it safer than C can! Bindings can leverage the ownership and borrowing principles in Rust to codify comments typically found in a C header about how its API should be used."

Friday's security updates

Friday 24th of April 2015 02:59:12 PM

Arch Linux has updated powerdns (denial of service) and powerdns-recursor (denial of service).

Debian-LTS has updated subversion (multiple vulnerabilities).

Fedora has updated lcms (F20: denial of service) and php (F21: multiple vulnerabilities).

Mageia has updated chromium-browser-stable (M4: multiple vulnerabilities), chrony (M4: multiple vulnerabilities), lftp (M4: SSL server spoofing), libksba (M4: denial of service), ntop (M4: cross-site scripting), setup (M4: information disclosure), and t1utils (M4: multiple vulnerabilities).

openSUSE has updated firefox (13.1; 13.2: code execution) and socat (13.1: denial of service).

Oracle has updated kernel (kernel 3.8.18 (O6, O7); kernel 2.6.39 (O5, O6); kernel 2.6.32 (O5, O6): multiple vulnerabilities).

Red Hat has updated novnc (RHEL OSP4: VNC session hijacking).

Ubuntu has updated firefox (code execution), usb-creator (12.04, 14.04, 14.10; 15.04: privilege escalation), and wpa_supplicant (14.04, 14.10: code execution).

More in Tux Machines

Leftovers: Gaming

Android Leftovers

ACPI 6 Non-Volatile Memory Device Support / NFIT / LIBND For Linux

The Linux kernel continues advancing on many hardware fronts, among which is support for ACPI 6.0 and the kernel is making the new LIBND subsystem for non-volatile memory device support. Read more

GNOME to Get GPS Coordinates from Android App

The GNOME developers are trying all kinds of interesting interactions with devices outside the desktop environment, and now they are working on a way to get the GPS locations of an Android phone. Read more