lwn.net

Security advisories for Monday

Debian has updated mantis (SQL injection flaws) and nginx (virtual host confusion attacks).

Gentoo has updated adobe-flash
(multiple vulnerabilities), c-icap (denial
of service), chromium (denial of service), and libxml2 (denial of service).

Mageia has updated

Kernel prepatch 3.17-rc6

Linus has released the 3.17-rc6 kernel
prepatch, saying: "It's been quiet - enough so that coupled with my
upcoming travel, this might just be the last -rc, and final 3.17 might be
next weekend."

Wayland and Weston 1.6.0 released

The version 1.6.0 releases of the Wayland display manager and Weston
compositor are available. Wayland improvements include better error
handling and an improved self-testing infrastructure. On the Weston side,
they have made a number of xdg-shell protocol changes ("Yes, we broke
it again since 1.5.0"), some keyboard repeat improvements, a switch to
libinput by default, and more.

Friday's security advisories

Debian has updated apt
(regression in previous security update).

Fedora has updated apache-poi
(F20: two XML handling flaws), asterisk (F20; F19:
denial of service), haproxy (F20:
unspecified vulnerabilities), kernel (F20:
three vulnerabilities), pdns-recursor (

Simply Secure announces itself

A new organization to "make security easy and fun" has announced itself in a blog post entitled "Why Hello, World!". Simply Secure is targeting the usability of security solutions: "If privacy and security aren’t easy and intuitive, they don’t work.

Thursday's security advisories

Debian has updated icedove (two
vulnerabilities) and libav (multiple
unspecified vulnerabilities).

openSUSE has updated curl (13.1,
12.3: two cookie-handling vulnerabilities).

Oracle has updated automake (OL5:
code execution from 2012), bind97 (OL5:
three vulnerabilities, two from 2013), conga

[$] LWN.net Weekly Edition for September 18, 2014

The LWN.net Weekly Edition for September 18, 2014 is available.

Some stable kernel updates

Greg Kroah-Hartman has made some progress on the stable patch backlog with
the release of
3.16.3,
3.14.19, and
3.10.55.

[$] X and SteamOS

<img src="http://lwn.net/images/2014/lcna-packard-sm.jpg" border=0 hspace=5 align="right"
alt="[Keith Packard]" width=130 height=150>

In a talk entitled "SteamOS Magic", longtime X developer Keith Packard
looked at the new Linux "distribution" and the effort to turn the Linux
desktop into a gaming console. It turns out that, with a fairly small
amount of code, Steam and SteamOS creator, Valve, was able to take the
existing X-based desktop and
turn it into a "living-room experience".

Security advisories for Wednesday

Debian has updated apt (multiple vulnerabilities) and dbus (multiple vulnerabilities).

Red Hat has updated krb5 (RHEL5: code execution).

SUSE has updated procmail
(SLE11 SP3: code execution) and kernel
(SLES11 SP1: multiple vulnerabilities).

Ubuntu has updated apt (multi

Syndicate content