Mageia has updated 389-ds-base (privilege escalation), file (denial of service), iceape (multiple vulnerabilities), mutt (code execution), openssh (restriction bypass), perltidy (insecure temporary file creation), and stunnel (private key leak).
Ubuntu has updated linux-lts-raring (12.04 LTS: multiple vulnerabilities).
GNOME News announces Karen's departure as GNOME Foundation Executive Director. "Though Karen will no longer be the GNOME Foundation Executive Director, she will still be a part of the GNOME project. She has announced her intention to run for the Board of Directors, and wrote “I will stay on as pro bono counsel, and of course I’ll continue volunteering in other ways.”"
Fedora has updated curl (F20; F19: wrong re-use of connections in libcurl), httpd (F20: denial of service), k4dirstat (F20; F19: command execution), moodle (F20; F19: multiple vulnerabilities), seamonkey (F20: multiple vulnerabilities), and udisks (F20: privilege escalation).
Slackware has updated curl (multiple vulnerabilities), httpd (multiple vulnerabilities), firefox (multiple vulnerabilities), nss (incorrect wildcard certificate handling), thunderbird (multiple vulnerabilities), openssh (restriction bypass), and seamonkey (multiple vulnerabilities).
Owners of Nexus 4 mobile phones now have yet another open source operating system that they can install: Sailfish OS, the Maemo/MeeGo descendant being developed by the team at Jolla. As a post at JollaUsers.com notes, an email went out to mailing list subscribers announcing the availability of "Early Adopter" Sailfish OS images for the Nexus 4. The builds are far from complete; as the release notes explain, voice calls are not yet enabled, nor are "Sensors, Device clock/alarms, Reset device, Bluetooth, USB control + MTP, Bluetooth, WLAN hotspot, Camera (photography, video recording), and video playback. Nevertheless, Sailfish OS is now on its way to a wider range of devices, and users have another Linux-based mobile platform to experiment with.
The Linux kernel is one of the largest collaborative software projects in the history of the world and has almost nothing in the way of formalized management structure. We have people who have a strong operating systems background who have been contributing code, and then we have people like me. I have a background in fruit fly genetics and yet someone lets me get close to the Linux kernel; this seems wrong. And then we have people who are genuinely kids in their bedroom. It's a miracle it works as well as it does. We should be astonished that we're able to get it so right so much of the time. -- Matthew Garrett
CentOS has updated samba (C6: multiple vulnerabilities).
Debian has updated libxalan2-java (information disclosure/code execution), libyaml (code execution), libyaml-libyaml-perl (code execution), ruby-actionmailer-3.2 (denial of service), and ruby-actionpack-3.2 (multiple vulnerabilities).
Ubuntu has updated samba (password guessing attacks).
Somewhat more than half of LWN's coverage of this year's LSFMM Summit is now available. Subscribers can have a look at a wide range of topics that were discussed on March 24 and 25 in Napa, California. More coverage will be added to the page as it becomes available.
Subscribers can click below for a report on the talk from this week's edition.
CentOS has updated kernel (C6: multiple vulnerabilities).
Gentoo has updated libupnp (multiple vulnerabilities).