Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 8 min ago

[$] The kernel community confronts GPL enforcement

Wednesday 31st of August 2016 07:11:04 PM
Some of the most important discussions associated with the annual Kernel Summit do not happen at the event itself; instead, they unfold prior to the summit on the planning mailing list. There is value in learning what developers feel needs to be talked about and, often, important issues can be resolved before the summit itself takes place. That list has just hosted (indeed, is still hosting as of this writing) a voluminous discussion on license enforcement that was described by some participants as being "pointless" or worse. But that discussion has served a valuable purpose: it has brought to the light a debate that has long festered under the surface, and it has clarified where some of the real disagreements lie.

Apache OpenOffice CVE-2016-1513 hotfix released

Wednesday 31st of August 2016 05:45:51 PM
LWN covered a memory corruption vulnerability (CVE-2016-1513) in Apache OpenOffice that was disclosed before a fix was available. Now a hotfix for the problem has been released. "The official Apache OpenOffice security bulletin was announced on July 21, 2016. Affected is Apache OpenOffice 4.1.2 and older on all platforms and all languages. OpenOffice.org versions are also affected. The Apache OpenOffice project recommends to update to the latest version 4.1.2 and then to download and install the Zip file from the table below. Please follow the installation instructions in the respective Readme file." (Thanks to Cesar Eduardo Barros)

Security advisories for Wednesday

Wednesday 31st of August 2016 04:48:40 PM

Arch Linux has updated mupdf (denial of service).

Debian has updated libarchive (multiple vulnerabilities) and tryton-server (two vulnerabilities).

Debian-LTS has updated tiff (multiple vulnerabilities).

Fedora has updated krb5 (F23: denial of service).

Mageia has updated bsdiff (denial of service), ctdb (privilege escalation), curl (three vulnerabilities), fontconfig (privilege escalation), gnupg/libgcrypt (flawed random number generation), kernel-linus (multiple vulnerabilities), kernel-tmb (multiple vulnerabilities), mupdf (denial of service), nettle/nettle2.7 (information leak), openssh (three vulnerabilities), php (multiple vulnerabilities), phpmyadmin (multiple vulnerabilities), postgresql (two vulnerabilities), and python-django (cross-site scripting).

openSUSE has updated libqt4 (Leap42.1: unsafe SSL ciphers).

Red Hat has updated rh-postgresql94-postgresql (RHSCL: two vulnerabilities).

SUSE has updated firefox (SLE11-SP4: multiple vulnerabilities).

Ubuntu has updated linux-lts-xenial (14.04: multiple vulnerabilities), linux-raspi2 (16.04: multiple vulnerabilities), and linux-snapdragon (16.04: multiple vulnerabilities).

August 2016 GNU Toolchain Update

Tuesday 30th of August 2016 10:40:31 PM
The Red Hat Developer's blog looks at the latest updates to the GNU toolchain. GCC 6.2 and GDB 7.11.1 are mostly bug-fix releases, but GCC contains a few enhancements for SPARC users and there's a look at what's coming in GDB 7.12. Glibc 2.24 contains many new features and enhancements. "A new NSS action is added to facilitate large distributed system administration. The action, MERGE, allows remote user stores like LDAP to be merged into local user stores like /etc/groups in order to provide easy to use, updated, and managed sets of merged credentials."

Haller: MAC Address Spoofing in NetworkManager 1.4.0

Tuesday 30th of August 2016 07:45:19 PM
We recently pointed to Lubomir Rintel's coverage of NetworkManager 1.4. Thomas Haller follows up with a more detailed look at the MAC spoofing capabilities of NetworkManager. "1.2.0 relies on support from wpa_supplicant to configure a random MAC address. The problem is that it requires API which will only be part of the next major release 2.6 of the supplicant. Such a release does not yet exist to this date and thus virtually nobody is using this feature. With NetworkManager 1.4.0, changing of the MAC address is done by NetworkManager itself, requiring no support from the supplicant. This allows also for more flexibility to generate “stable” addresses and the “generate-mac-address-mask”. Also, the same options are now available not only for Wi-Fi, but also Ethernet devices."

Security updates for Tuesday

Tuesday 30th of August 2016 04:43:16 PM

Arch Linux has updated mupdf (denial of service).

Debian-LTS has updated gnupg (flawed random number generation).

Fedora has updated borgbackup (F24; F23: directory traversal), freeipa (F24; F23: denial of service), java-1.8.0-openjdk-aarch32 (F24: multiple vulnerabilities), rubygem-actionpack (F24; F23: unsafe query generation), and rubygem-activerecord (F24; F23: unsafe query generation).

openSUSE has updated kernel (13.1: multiple vulnerabilities).

Slackware has updated kernel (TCP connection takeover).

Ubuntu has updated kernel (16.04; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

Remembering Vernon Adams

Tuesday 30th of August 2016 12:06:03 AM

Open-source font developer Vernon Adams has passed away in California at the age of 49. In 2014, Adams was injured in an automobile collision, sustaining serious trauma from which he never fully recovered. Perhaps best known within the Linux community as the creator of KDE's user-interface font Oxygen, Adams created a total of 51 font families published through Google Fonts, all under open licenses. He was also active in a number of related free-software projects, including FontForge, Metapolator, and the Open Font Library. In 2012, he co-authored the user's guide for FontForge as part of Google's Summer of Code Documentation Camp, which we reported on at that time.

Speaking personally, Vernon was always quick to offer encouragement and assistance to newcomers—regardless of their experience with type design, FontForge, or free software in general. There were also few people who put as much energy into improving the usability of free-software design tools as he did. In addition, he was a constant advocate for free-software principles in the world of fonts—not just on development lists and at libre graphics conferences, but on type forums as well, where "open source" did not automatically garner a warm reception. The tagline on his web site was "fonts for everyone," and he meant it. He'll be missed.

Security advisories for Monday

Monday 29th of August 2016 04:20:57 PM

Arch Linux has updated wireshark-cli (multiple vulnerabilities).

Debian has updated mupdf (two denial of service flaws).

Debian-LTS has updated eog (out-of-bounds write), quagga (two vulnerabilities), ruby-actionpack-3.2 (multiple vulnerabilities), and ruby-activesupport-3.2 (denial of service).

Fedora has updated lcms2 (F24: heap memory leak), uClibc (F24: code execution), and webkitgtk4 (F24: multiple vulnerabilities).

openSUSE has updated Firefox (13.1: buffer overflow), firefox, nss (Leap42.1, 13.2: buffer overflow), phpMyAdmin (Leap42.1, 13.2; 13.1: multiple vulnerabilities), and typo3-cms-4_5 (Leap42.1, 13.2: three vulnerabilities).

Oracle has updated java-1.6.0-openjdk (OL7; OL6; OL5: multiple vulnerabilities) and kernel 4.1.12 (OL7; OL6: multiple vulnerabilities).

Böck: Multiple vulnerabilities in RPM – and a rant

Monday 29th of August 2016 12:29:02 PM
Hanno Böck performed some fuzz testing on the dpkg and RPM package managers and reported the results; it seems that one of the projects has been rather more responsive than the other in fixing these issues. "The development process of RPM seems to be totally chaotic, it's neither clear where one reports bugs nor where one gets the latest code and security bugs don't get fixed within a reasonable time. There's been some recent events that make me feel especially worried about this..." It seems that some of the maintenance issues with RPM may not have improved greatly since they were reported here ten years ago.

Kernel prepatch 4.8-rc4

Monday 29th of August 2016 09:32:23 AM
The 4.8-rc4 kernel prepatch is out. "Everything looks normal, and it's been a bit quieter than rc3 too, so hopefully we're well into the "it's calming down" phase. Although with the usual timing-related fluctuation (different maintainers stagger their pulls differently), it's hard to tell a trend yet."

More in Tux Machines

LXQt 0.11.0 Desktop Environment Arrives After Almost One Year of Development

After being in development for the past eleven months, the next major release of the lightweight, Qt-based LXQt desktop environment has been officially released and it's available for download. Read more

Antivirus Live CD 20.0-0.99.2 Uses ClamAV 0.99.2 to Protect Your PC from Viruses

Today, September 25, 2016, 4MLinux developer Zbigniew Konojacki informs Softpedia about the immediate availability for download of a new, updated version of his popular, independent, free, and open source Antivirus Live CD. Read more

How to: Install Google Chrome web browser on Ubuntu Linux (and uninstall Firefox)

Ubuntu comes with a lot of quality software pre-installed. Unfortunately, the default web browser, Mozilla Firefox, has been on the decline -- it is slow and clunky. On Linux, Google Chrome is now the top web browser, and it is the best way to experience Adobe Flash content too (if you still need it). Installing Google Chrome on the Linux-based operating system is not totally straightforward. This is unfortunate, as the search-giant's web browser is an important part of having an overall quality experience on Ubuntu. Don't worry, however, as we will help you to both install the wonderful Google Chrome and uninstall the disappointing Mozilla Firefox. Read more

Parsix GNU/Linux 8.10 "Erik" Gets the Latest Debian Security Fixes, Update Now

A few minutes ago, the development team behind the Debian-based Parsix GNU/Linux computer operating system announced that new security fixes are now available for the Parsix GNU/Linux 8.10 "Erik" release. Read more