Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 6 hours 48 min ago

Tuesday's security advisories

Tuesday 4th of October 2016 03:58:51 PM

Arch Linux has updated hostapd (two vulnerabilities) and systemd (denial of service).

CentOS has updated thunderbird (C7; C6; C5: code execution).

Debian has updated libdbd-mysql-perl (denial of service).

Fedora has updated bind99 (F24: denial of service), mariadb (F23: SQL injection/privilege escalation), and mongodb (F23: information disclosure).

Mageia has updated bind (denial of service), chromium-browser-stable (multiple vulnerabilities), freerdp (denial of service), libcryptopp (information disclosure), and python-django (cross-site request forgery).

openSUSE has updated chromium (Leap42.1, 13.2; SPH for SLE12: multiple vulnerabilities), glibc (13.2: denial of service), and php5 (13.2: multiple vulnerabilities).

Oracle has updated thunderbird (OL7; OL6: code execution).

Red Hat has updated thunderbird (RHEL5,6,7: code execution).

SUSE has updated firefox (SLE12-SP1; SLE11-SP2: multiple vulnerabilities).

Two Arduinos become one (Arduino Blog)

Monday 3rd of October 2016 06:09:51 PM
The schism between two Arduino companies (that we covered in March 2015) has apparently been settled. The poster child for the open hardware movement is now under one company "Arduino Holding" and a new not-for-profit Arduino Foundation has been started. "Massimo Banzi, Co-Founder of Arduino LLC, commented, 'Today is one of the best days in Arduino history. This allows us to start a new course for Arduino made of constructive dialogue and disruptive innovation in the education, Makers and IoT fields. The Arduino Foundation will allow us to champion the core values of the Arduino Community within the open-source ecosystem and to make our commitment to open-source stronger than ever. This is really a new beginning for Arduino!'" (Thanks to Paul Wise.)

Security updates for Monday

Monday 3rd of October 2016 05:38:41 PM

Debian has updated c-ares (code execution), chromium-browser (MV), and wordpress (regression in previous security update).

Debian-LTS has updated ruby-activerecord-3.2 (access restriction bypass).

Fedora has updated bash (F24: code execution), bind (F24: denial of service), community-mysql (F23: unspecified), nodejs-tough-cookie (F23: denial of service), openjpeg2 (F24: denial of service), openssh (F24: null pointer dereference), pdns (F23: denial of service), and systemd (F24: denial of service).

Scientific Linux has updated python-twisted-web (SL7&6: HTTP proxy redirect).

Slackware has updated thunderbird (unspecified).

Ubuntu has updated pillow (14.04: regression in previous security update).

The 4.8 kernel has been released

Monday 3rd of October 2016 01:04:23 AM
Linus Torvalds has announced the availability of the 4.8 kernel: "So the last week was really quiet, which maybe means that I could probably just have skipped rc8 after all. Oh well, no real harm done." Some of the headline changes in this release include support for transparent huge pages in the tmpfs filesystem, a new formatted documentation subsystem and a number of documentation changes to match, a new timeout subsystem that should address the latency problems experienced by its predecessor, continued work on the express data path for high-performance network routing, build-system improvements allowing the use of GCC plugins, the hardened usercopy security work, and much more. The KernelNewbies 4.8 page is still under construction as of this writing, but should contain lots of details in the near future.

[$] Why kernel development still uses email

Saturday 1st of October 2016 09:19:09 PM
In a world full of fancy development tools and sites, the kernel project's dependence on email and mailing lists can seem quaintly dated, if not positively prehistoric. But, as Greg Kroah-Hartman pointed out in a Kernel Recipes talk titled "Patches carved into stone tablets", there are some good reasons for the kernel community's choices. Rather than being a holdover from an older era, email remains the best way to manage a project as large as the kernel.

Varda: The Mysterious Fiber Bomb Problem: A Debugging Story

Friday 30th of September 2016 10:58:08 PM
Over at the Sandstorm Blog, project founder Kenton Varda relates a debugging war story. Sandstorm web servers would mysteriously peg the CPU around once a week, slowing request processing to a crawl, seemingly at random. "Obviously, we needed to take a CPU profile while the bug was in progress. Of course, the bug only reproduced in production, therefore we’d have to take our profile in production. This ruled out any profiling technology that would harm performance at other times – so, no instrumented binaries. We’d need a sampling profiler that could run on an existing process on-demand. And it would have to understand both C++ and V8 Javascript. (This last requirement ruled out my personal favorite profiler, pprof from google-perftools.) Luckily, it turns out there is a correct modern answer: Linux’s “perf” tool. This is a sampling profiler that relies on Linux kernel APIs, thus not requiring loading any code into the target binary at all, at least for C/C++. And for Javascript, it turns out V8 has built-in support for generating a “perf map”, which tells the tool how to map JITed code locations back to Javascript source: just pass the --perf_basic_prof_only_functions flag on the Node command-line. This flag is safe in production – it writes some data to disk over time, but we rebuild all our VMs weekly, so the files never get large enough to be a problem."

Friday's security advisories

Friday 30th of September 2016 05:58:53 PM

Arch Linux has updated c-ares (code execution) and wordpress (multiple vulnerabilities).

CentOS has updated python-twisted-web (C7; C6: HTTP proxy redirect).

Debian has updated wordpress (multiple vulnerabilities).

Debian-LTS has updated chicken (two vulnerabilities), firefox-esr (regression in previous security update), icedove (multiple vulnerabilities), and ruby-activesupport-3.2 (access restriction bypass).

Fedora has updated curl (F23: code execution) and php-adodb (F24; F23: SQL injection).

openSUSE has updated libgcrypt (42.1: flawed random number generation), openjpeg (42.1: denial of service), and postgresql93 (13.2: two vulnerabilities).

Oracle has updated python-twisted-web (OL7; OL6: HTTP proxy redirect).

Red Hat has updated python-twisted-web (RHEL7&6: HTTP proxy redirect).

SUSE has updated pidgin (SLE11: multiple vulnerabilities) and postgresql94 (SLE11: two vulnerabilities).

More in Tux Machines

Linux Devices

Linux Graphics

Fedora News

  • The Bugs So Far Potentially Blocking The Fedora 25 Release
    Adam Williamson of the Fedora QA team has sent out a list of the bugs currently outstanding that could block the Fedora 25 release from happening on its current schedule should they not be fixed in time.
  • Updated Fedora 24 ISO Respins Now Available with Dirty COW-Patched Linux Kernel
    It looks like a new set of updated Live ISO images for the Fedora 24 GNU/Linux operating system were published by Ben Williams, founder of the Fedora Unity Project and a Fedora Ambassador. Dubbed F24-20161023, the updated Live ISOs a few days ago and include up-to-date components from the official Fedora 24 Linux software repositories, with which was fully syncronized as of October 23, 2016. Of course, this means that they also include the latest Linux kernel update fully patched against the "Dirty COW" bug.
  • PHP version 5.6.28RC1 and 7.0.13RC1
  • Flock Stories 2016, Episode 1: Redon Skikuli
    Flock Stories by Chris WardIf you were wondering where Flock 2018 might be, today’s guest Redon Skikuli might just have your answer! Redon is not just a Fedora community contributor, he’s a Fedora community creator. I ask Redon what he’s up to these days and why he thinks we should also consider joining future Flocks.

New KNOPPIX Release, LibreOffice 5.1.6, Rosa Down

In Linux news today KNOPPIX 7.7.1 was released to the public based on Debian with GNOME 3.22, KDE 5.7.2, and "Everything 3D." The Rosa project is experiencing network issues and folks may experience problems trying to connect to their services the next few days. LibreOffice 5.1.6 was announced today by The Document Foundation, the sixth update to the Still branch for stable users, and a new vulnerability was disclosed in GNU Tar. Read more