The collective noises of the interwebz
Author Archive
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Debian has updated openssl (multiple
vulnerabilities).
openSUSE has updated 12.1: kernel
(multiple vulnerabilities).
Scientific Linux has updated SL5:
kernel (remote denial of service).
Ubuntu has updated openssl (multiple
vulnerabilities) and gsettings-desktop-schemas (fixes a regression
from a previous update).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
The H features
Lua, a programming language with a small footprint. “Lua has been designed to be embedded into applications and devices from the start. This design goal has led to it being very compact, but delivering a lot of power for its size. The source code for implementing the language is only 20,000 lines of ANSI C code and, compiled on Linux with standard libraries, only takes 182KB of memory; another 240KB gets you the Lua library. That includes a register-based virtual machine for running Lua code which is compiled to its own byte code, along with automatic memory management and incremental garbage collection.”
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Oracle has updated OL4: rpm (code
execution) and OL4: samba (remote code
execution).
SUSE has updated SLE11 SP2: samba
(remote code execution and denial of service).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
EWeek introduces
Hone, a security tool developed by the US Department of Energy (DOE).
“Hone gives users a “’glanceable’ type of view of what’s happening on
the network and what’s happening on the machine,” [Hone creater Glenn Fink]
said. Hone also is a tool that has uses beyond understanding and responding to attacks, Fink said. It can be used to help programmers debug new networked applications being developed. In addition, security administrators can use data from Hone to ensure that only certain processes on their systems can communicate with the network, and to monitor what their systems are doing, which would help them identify such threats as viruses, spyware and rootkits.”
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Debian has updated apache2 (insecure
default configuration) and gajim (multiple
vulnerabilities).
Fedora has updated F16: samba
(remote code execution).
Mandriva has updated python-sqlalchemy (SQL injection).
openSUSE has updated samba (12.1; 11.4:
remote code execution) and acroread
(multiple vulnerabilities).
SUSE has updated samba (SLE SDK 11 SP1, SLE11 SP1&2; SLES10 SP2; SLE
SDK 11 SP2, SLE 11 SP2; SLE 10 SP4; Core 9: remote code execution).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
The Linux Foundation (LF) has released
slides and videos from the recent LF Collaboration Summit.
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Jean Paoli has a weblog
post announcing Microsoft’s new wholly owned subsidiary known as
Microsoft Open Technologies, Inc. “The subsidiary provides a new way of engaging in a more clearly defined manner. This new structure will help facilitate the interaction between Microsoft’s proprietary development processes and the company’s open innovation efforts and relationships with open source and open standards communities.”
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Debian has updated samba (remote
code execution) and puppet (multiple
vulnerabilities).
Mandriva has updated curl (multiple
vulnerabilities).
Oracle has updated freetype (OL6; OL5:
multiple vulnerabilities), libtiff (OL6; OL5: code
execution), tomcat (OL6: tomcat6
(regression in previous update), OL5:
tomcat5 (multiple vulnerabilities), samba (OL6; OL5:
remote code execution), and OL5: samba3x
(remote code execution).
Red Hat has updated RHEL4: samba
(remote code execution).
SUSE has updated php5 (multiple
vulnerabilities).
Ubuntu has updated 11.04: kernel
(multiple vulnerabilities) and samba
(remote code execution).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
The Tumanako
Project aims to provide open hardware and software to drive and
recharge electric vehicles. Author Morgen E. Peck covers
the project and talks with developer Philip Court. “The main offering of the Tumanako project is a drive package and inverter for a 200kW induction motor. This includes all of the software necessary to take a “go” command from a driver and the calculations for how much power to feed to the motor. Court says his code works but will not be fully open source — meaning there are still snippets of proprietary code — for another 6 months to a year.”
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Debian has updated inspircd (code
execution).
Gentoo has updated virtualbox
(multiple vulnerabilities) and inspircd
(code execution).
openSUSE has updated openssl (denial
of service).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
The Wall Street Journal is running
a short article about a patent deal between AOL and Microsoft.
“AOL Inc. agreed Monday to sell more than 800 patents and related
products to Microsoft Corp. for $1.1 billion, as the struggling online
company looks to raise fresh cash while fighting a boardroom showdown with
an activist shareholder.” (Thanks to Martin Jeppesen)
Update: this article has more information, including a list of some of the patents involved.
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Fedora has updated python-paste-script (F16; F15:
insecure root GID accessible files), libtasn1 (F16; F15:
denial of service), taglib (F16; F15: multiple vulnerabilities),
perl-YAML-LibYAML (F16; F15: format string vulnerabilities),
drupal7-ctools (F16; F15: cross-site scripting), libpng10
(F16; F15:
code execution), trytond (F16; F15: privilege escalation), F16: sectool (privilege escalation), F16: openstack-keystone (denial of service),
F16: openstack-nova (denial of service),
and F15: thunderbird (code execution).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Carla Schroder showcases
ClearOS. “ClearOS used to be named ClarkConnect. It was built on Red Hat Enterprise Linux and CentOS. The current stable release is 5.2, which tracks RHEL 5.2. There are no point releases after that, even though RHEL has had multiple point releases (5.3, 5.4 and so on) leading up to the 6.0 release. RHEL 6.2 was released in December 2011. ClearOS 6.2 beta 3 came out February 29. So what’s up? A lot. The maintainers have given it a major overhaul, which will be revealed in all of its glory in the final 6.2 release, which is scheduled for “soon”.”
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
David A. Wheeler cautions
against the practice of using bundled libraries. This is probably is not news
to many LWN readers, but it does serve as a reminder. “An advantage of OSS is that many people can review the software, find problems (including vulnerabilities), and fix them… but this advantage is lost if the fixed versions are not used!”
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
SUSE has updated php5 (multiple
vulnerabilities).
Ubuntu has updated gnutls (denial of
service).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Mandriva has updated ES5.0:
phpmyadmin (multiple vulnerabilities), and libvorbis (ES5.0; 2010.1,
2011.0: code execution).
Ubuntu has updated 10.10: mvl-dove
kernel (denial of service).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Red Hat CEO Jim Whitehurst celebrates
the company’s billion dollar milestone with a donation. “Last
December, Red Hat decided that no billion dollar milestone would be
complete without honoring the open source community. To that end, we are
making a $100,000 donation to the future of open source. Red Hat associates
nominated and voted for the following organizations to benefit:”
Creative Commons, Electronic Frontier Foundation, Software Freedom Law Center, and UNICEF Innovation Labs.
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Debian has updated typo3-src
(multiple vulnerabilities), openarena
(fixes a regression from a previous update), and curl (fixes a regression from a previous
update).
Fedora has updated php-pear-CAS (F16; F15:
multiple vulnerabilities), nginx (F16; F15:
information disclosure), asterisk (F16; F15:
multiple vulnerabilities), drupal6-date (F16; F15:
unspecified vulnerabilities), python-sqlalchemy (F16; F15: SQL
injection), F16: thunderbird (code
execution), F16: mingw-libtasn1 (denial of
service), F16: mingw32-gnutls (denial of
service), F15: libpng (code execution), and
F15: pidgin (unspecified vulnerabilities).
Gentoo has updated chromium
(multiple vulnerabilities).
Mandriva has updated libpng (memory
corruption), freeradius (authentication
bypass), mutt (man-in-the-middle attack),
and nagios (cross-site scripting).
SUSE has updated flash-player (code
execution).
Ubuntu has updated aptdaemon
(installs altered packages).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Project Gado is aimed at developing an autonomous archival scanning robot
that will allow small archives and museums digitize holdings at a low cost
and help preserve important documents and pictures. Linux.com takes
a look at the project. ““Almost every aspect of the project uses
some kind of open source tool,” [project manager Thomas] Smith says. “Our robot control software is fully Linux compatible, and we run Ubuntu Linux on all our computers at the Afro. The Gado 2 uses the open source Arduino microcontroller, and all the components that we created – PCB, physical parts – are open source as well.”
The Gado also uses the open source Tesseract OCR engine to process materials, and the MySQL database system to store metadata. “Using open source tools allowed us to create the machine inexpensively, which is extremely important given our requirement that the final device cost less than $500,” Smith says.”
Gado kits are available for pre-sale and are expected to be delivered in August.
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Mandriva has updated gnutls (denial
of service).
openSUSE has updated libpng (code
execution) and libreoffice (information
disclosure).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Debian has updated openarena (denial
of service) and 2.6 kernel (multiple
vulnerabilities).
Fedora has updated F15: kdelibs
(memory corruption) and F15: kernel
(multiple vulnerabilities).
Mandriva has updated libtasn1
(denial of service) and gnutls (denial of
service).
openSUSE has updated 12.1&11.4:
gnash (heap-based buffer overflow), 12.1:
libzip (multiple vulnerabilities), and 12.1&11.4: mozilla (multiple
vulnerabilities).
Scientific Linux has updated SL5:
openoffice.org (information disclosure).
Ubuntu has updated 10.10: kernel
(multiple vulnerabilities), 10.04 EC2:
kernel (denial of service), 10.04:
kernel (denial of service), 11.04:
kernel (multiple vulnerabilities), 10.04
oneiric backport: kernel (2 denial of service vulnerabilities), 10.04 MIX51: kernel (denial of service), 11.10: kernel (multiple vulnerabilities), and
11.10 OMAP: kernel (denial of service).
This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net
Ryan Paul takes
a quick look at experimental collaborative editing capabilities in
LibreOffice. “Telepathy is an open source instant messaging framework that supports multiple protocols. One of the key features of Telepathy is that it allows instant messaging protocols to be used as a medium for arbitrary communication between applications, like a form of real-time network IPC. Building LibreOffice’s collaborative editing features on top of Telepathy eliminates the need to operate special servers for the purpose.”