lwn.net

Tuesday's security advisories

CentOS has updated jakarta-commons-httpclient (C7; C6; C5: SSL server spoofing).

Debian has updated file (multiple vulnerabilities).

Mageia has updated gtk+3.0 (MG4: screen lock bypass).

openSUSE has updated firefox
(13.1, 12.3: multiple vulnerabilities) and

FSF and Debian join forces to help free software users find the hardware they need

The Free Software Foundation and the Debian Project have announced
cooperation to expand and enhance h-node,
a database to help users learn and share information about computers that
work with free software operating systems. "While other databases
list hardware that is technically compatible with GNU/Linux, h-node lists
hardware as compatible only if it does not require any proprietary software
or firmware. Information about hardware that flunks this test is also
included, so users know what to avoid.

Security advisories for Monday

Fedora has updated squid (F20: denial of service).

Mageia has updated procmail (code execution).

openSUSE has updated enigmail
(13.1, 12.3: information leak).

Red Hat has updated nss
(RHEL4 ELCS: code execution).

Ubuntu has updated cups
(privilege escalation) and eglib

Kernel prepatch 3.17-rc4

The 3.17-rc4 prepatch is out. "For a
short while there, this week was really nice and calm, but that was mostly
because the 'linux-foundation.org' entry fell off the DNS universe, and my
mailbox got very quiet for a few hours. The rest of the week looked pretty
normal."

Glibc 2.20 released

Version 2.20 of the GNU C Library is now available. Significant changes
include support for file-private POSIX
locks
, removal of support for the _BSD_SOURCE and
_SVID_SOURCE feature test macros (see this article for more information), various
performance improvements, and more.

The OpenSSL security policy

The OpenSSL project has posted a policy document
describing how it intends to respond to security incidents. "There
are actually not a large number of serious vulnerabilities in OpenSSL which
make it worth spending significant time keeping our own list of vendors we
trust, or signing framework agreements, or dealing with changes, and
policing the policy. This is a significant amount of effort per issue that
is better spent on other things."

Linus 3.17-rc4

Video from the GNU Tools Cauldron

Videos from the 2014 GNU
Tools Cauldron
(July 18-20, Cambridge, UK) have now been posted.
Topics covered vary from ABI compatibility checking, GCC/LLVM
collaboration, and just-in-time compilation to performance testing and
debugging issues.

Stable kernels 3.16.2, 3.14.18, and 3.10.54

Greg Kroah-Hartman has announced the latest batch of stable kernels: 3.16.2, 3.14.18, and 3.10.54. As usual, these new kernels contain fixes throughout
the tree; users of these series should upgrade.

Call for organizers: 2015 Linux Plumbers Conference

Each year, the Linux Foundation's Technical Advisory Board seeks an
organizing committee for the annual Linux Plumbers Conference. That
process has now begun for the 2015 event, which will be held during the
week of August 17-21 in Seattle, Washington, alongside the LinuxCon North
America event. This is your chance to put your stamp on one of our
community's most important gatherings.

Syndicate content