Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 5 hours 27 min ago

Fresh stable kernels

Wednesday 1st of June 2016 10:22:13 PM
Greg KH has released stable kernels 4.6.1, 4.5.6, 4.4.12, and 3.14.71. All of them contain important fixes.

Announcing the Open Source License API

Wednesday 1st of June 2016 06:46:32 PM
The Open Source Initiative (OSI) has announced the Open Source License API, to "allow third parties to become license-aware, and give organizations the ability to clearly determine if a license is, in fact, an Open Source license, from the authoritative source regarding Open Source licenses, the OSI."

The CoreOS "Torus" distributed storage system

Wednesday 1st of June 2016 05:33:11 PM
CoreOS has announced a new project called Torus which is creating a distributed storage system for containers. "At its core, Torus is a library with an interface that appears as a traditional file, allowing for storage manipulation through well-understood basic file operations. Coordinated and checkpointed through etcd’s consensus process, this distributed file can be exposed to user applications in multiple ways. Today, Torus supports exposing this file as block-oriented storage via a Network Block Device (NBD). We also expect that in the future other storage systems, such as object storage, will be built on top of Torus as collections of these distributed files, coordinated by etcd." The project is quite young, and the current release is a "prototype version."

Security advisories for Wednesday

Wednesday 1st of June 2016 04:39:52 PM

Debian has updated chromium-browser (multiple vulnerabilities) and imagemagick (command execution).

Debian-LTS has updated php5 (multiple vulnerabilities) and ruby-activemodel-3.2 (validation bypass).

openSUSE has updated dosfstools (Leap42.1, 13.2: two vulnerabilities), gdk-pixbuf (Leap42.1: three vulnerabilities), libarchive (13.2: code execution), openssh (Leap42.1: three vulnerabilities), p7zip (13.2: code execution), putty (Leap42.1, 13.2: code execution), and virtualbox (Leap42.1; 13.2: unspecified).

Oracle has updated ntp (OL7; OL6: multiple vulnerabilities), openssl (OL5: multiple vulnerabilities), squid (OL7; OL6: multiple vulnerabilities), and squid34 (OL6: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities).

Scientific Linux has updated openssl (SL5: code execution).

SUSE has updated cyrus-imapd (SLES12-SP1; SLE11-SP4: multiple vulnerabilities) and java-1_6_0-ibm (SLEM for LS12: multiple vulnerabilities).

Ubuntu has updated dosfstools (two vulnerabilities), kernel (14.04: multiple vulnerabilities), libgd2 (multiple vulnerabilities), and lxd (16.04, 15.10: two vulnerabilities).

Tor Browser 6.0 is released

Tuesday 31st of May 2016 10:27:32 PM
The Tor Browser Team has announced the release of Tor browser 6.0. This release brings the browser up-to-date with Firefox 45-ESR, which provides better support for HTML5 video on Youtube, as well as a host of other improvements. DuckDuckGo is now the default search engine. "Lately, we got a couple of comments on our blog and via email wondering why we are now using DuckDuckGo as the default search engine and not Disconnect anymore. Well, we still use Disconnect. But for a while now Disconnect has no access to Google search results anymore which we used in Tor Browser. Disconnect being more a meta search engine which allows users to choose between different search providers fell back to delivering Bing search results which were basically unacceptable quality-wise. While Disconnect is still trying to fix the situation we asked them to change the fallback to DuckDuckGo as their search results are strictly better than the ones Bing delivers."

Security updates for Tuesday

Tuesday 31st of May 2016 06:47:44 PM

Arch Linux has updated chromium (multiple vulnerabilities).

CentOS has updated ntp (C7; C6: multiple vulnerabilities), openssl (C5: code execution), squid (C7; C6: multiple vulnerabilities), and squid34 (C6: multiple vulnerabilities).

Debian has updated gdk-pixbuf (two vulnerabilities) and symfony (two vulnerabilities).

Debian-LTS has updated eglibc (multiple vulnerabilities), libtasn1-3 (denial of service), openafs (multiple vulnerabilities), pdns (insecure database permissions), phpmyadmin (regression in previous update), postgresql-9.1 (multiple vulnerabilities), ruby-activerecord-3.2 (restriction bypass), and wireshark (multiple vulnerabilities).

Fedora has updated bugzilla (F23; F22: cross-site scripting), kf5-kinit (F23: insecure permissions), libarchive (F22: code execution), libimobiledevice (F23: sockets listening on INADDR_ANY), libusbmuxd (F23: sockets listening on INADDR_ANY), php (F23: two vulnerabilities), qemu (F23: multiple vulnerabilities), webkitgtk4 (F23: two vulnerabilities), and xen (F23; F22: privilege escalation).

Gentoo has updated libfpx (denial of service), nss (multiple vulnerabilities), pam (multiple vulnerabilities), and rsync (multiple vulnerabilities).

Mageia has updated botan (two vulnerabilities), docker (privilege escalation), mediawiki (multiple vulnerabilities), and phpmyadmin (cross-site scripting).

openSUSE has updated Chromium (SPH for SLE12; Leap42.1: multiple vulnerabilities), expat (13.2: two vulnerabilities), libxml2 (13.2: two vulnerabilities), libxslt (13.2: denial of service), phpMyAdmin (Leap42.1, 13.2: cross-site scripting), redis (Leap42.1, 13.2: denial of service), and samba (13.2: man-in-the-middle attack).

Red Hat has updated ntp (RHEL6,7: multiple vulnerabilities), openssl (RHEL5: code execution), python27 (RHSCL2.2: multiple vulnerabilities), squid (RHEL7; RHEL6: multiple vulnerabilities), and squid34 (RHEL6: multiple vulnerabilities).

Slackware has updated imagemagick (shell vulnerability), libxml2 (three vulnerabilities), libxslt (denial of service), thunderbird (multiple vulnerabilities), and php (multiple vulnerabilities).

SUSE has updated Xen (SLES10-SP4: multiple vulnerabilities).

Rutkowska: Security challenges for the Qubes build process

Tuesday 31st of May 2016 03:14:17 PM
Qubes founder Joanna Rutkowska writes about how Qubes works to avoid building compromised software into its distribution. "Ultimately, we would like to introduce a multiple-signature scheme, in which several developers (from different countries, social circles, etc.) can sign Qubes-produced binaries and ISOs. Then, an adversary would have to compromise all the build locations in order to get backdoored versions signed. For this to happen, we need to make the build process deterministic (i.e. reproducible). Yet, this task still seems to be years ahead of us."

Krita 3.0 released

Tuesday 31st of May 2016 01:47:37 PM
Version 3.0 of the Krita painting application has been released. "Wrapping up a year of work, this is a really big release: animation support integrated into Krita’s core, Instant Preview for better performance painting and drawing with big brushes on big canvases, ported to the latest version of the Qt platform and too many bigger and smaller new features and improvements to mention!".

Kernel prepatch 4.7-rc1

Monday 30th of May 2016 04:49:11 PM
Linus has released 4.7-rc1 and closed the merge window for this release, saying "this time around we have a fairly big change to the vfs layer that allows filesystems (if they buy into it) to do readdir() and path component lookup in parallel within the same directory. That's probably the biggest conceptual vfs change we've had since we started doing cached pathname lookups using RCU." The code name has been changed to "Psychotic Stoned Sheep."

More in Tux Machines

OSS Leftovers

  • DataBasin - object inspector and updates
    First, the underlying DataBasinKit framework got an important update.
  • In-demand dev skills, understanding licensing, and more open source news
  • Higher ed systems expanding access to open-source materials
    Open-source learning technology is at the core of higher education for institutions that want to reach broader audiences with very strict ideas about how convenient learning should be. But developing these initiatives does not happen quickly or easily. It requires strong leadership in information technology, expertise to determine which solutions work best for a campus, and a financial commitment to making sure the technology is sustainable.
  • Proxmark Pro Proxmark3 Standalone Open Source RFID Tester (video)
    Rysc Corp has unveiled a new open source board in the form of the Proxmark Pro which now offers a true standalone client and RFID test instrument, check out the video below to learn more. The Proxmark Pro will feature an FPGA with 5 times the logic cells of the Proxmark3 and will remove the need to switch between HF and LF bit streams during operation, to use developers.
  • ErupteD Brings Vulkan To The D Programming Language
    The D programming language is just the latest to have support for Vulkan alongside C++, Rust (via Vulkano, if you missed that project), Go, and many other modern languages getting bindings for this Khronos Group high performance graphics API. Should you not be familiar with the D language, see Wikipedia.

Leftovers: Security