lwn.net

Change of heart: Inkscape starts encouraging paid development (Libre Graphics World)

Libre Graphics World (LGW) has taken
a look
at the newly announced funded-development
policy
adopted by the Inkscape
project.

Paquier: Postgres 9.5 feature highlight: Row-Level Security and Policies

The (distant) PostgreSQL 9.5 release is expected to have a new row-level
security feature. This
article from Michael Paquier
describes how to make use of it.
"This row control mechanism is controlled using a new query called
CREATE POLICY (of course its flavor ALTER POLICY to update an existing
policy and DROP POLICY to remove a policy exist as well). By default,
tables have no restrictions in terms of how rows can be added and
manipulated.

Friday's security updates

Fedora has updated cups
(F19: information disclosure).

Mandriva has updated libvirt
(BS1: multiple vulnerabilities) and phpmyadmin (BS1: cross-site scripting).

Ubuntu has updated file
(10.04, 12.04, 14.04: code execution), openssl (12.04: protocol downgrade), and openvpn (12.04: information

Schaller: Fedora Workstation Progress Report (Wayland and more)

Christian Schaller has a lengthy update on the progress of Fedora 21. He looks at a number of different features, including Wayland, GNOME 3.14, software installation (dnf and "Software"), and more. "This also highlights one of the advantages of the new Fedora product model where we have one clear desktop product we are targeting, that we can define operating system standards for things like application metadata and apply them to the system as a whole.

Karlitschek: A possible future for PHP

On his blog, ownCloud founder Frank Karlitschek ponders the future of PHP. He doesn't regret choosing PHP for ownCloud, but does note that the language suffers from its mid-1990s roots, which he would like to see cleaned up and fixed at some point—in a fully compatible way.

Zalewski on the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)

Those interested in the more recently discovered bash vulnerabilities will
likely want to have a look at this detailed posting from Michal Zalewski.
Then make sure your systems are updated. "I initially shared the findings privately with vendors, but because of
the intense scrutiny that this codebase is under, the ease of
reproducing these results with an open-source fuzzer, and the
now-broad availability of upstream mitigations, there seems to be
relatively little value in continued secrecy."

OpenWRT "Barrier Breaker" 14.07 released

The long-awaited OpenWRT 14.07 release is out. It includes an update to
the 3.10 kernel, a new init system (procd), improved IPv6 support, support
for system snapshots and rollbacks, support for dynamic firewall rules, a
new MDNS daemon, DNSSEC validation support, and more.

Security updates for Thursday

Oracle has updated libvirt (OL7:
two vulnerabilities).

Red Hat has updated libvirt
(RHEL7: two vulnerabilities).

[$] LWN.net Weekly Edition for October 2, 2014

The LWN.net Weekly Edition for October 2, 2014 is available.

[$] Bash gets shellshocked

It's been a crazy week for the Bash shell, its maintainer,
and many Linux distributions that use the shell. A remote code-execution
vulnerability that was reported on September 24 has now morphed
into multiple related vulnerabilities, which have now mostly been fixed and
updates released by distributions. The
vulnerabilities have been dubbed "Shellshock" and the technical (and
mainstream) press has had a field day reporting on the incident.

Syndicate content