lwn.net

warning: Creating default object from empty value in /var/www/home/chantra/debuntu.org/drupal-6.19/modules/taxonomy/taxonomy.pages.inc on line 34.

[$] LWN.net Weekly Edition for April 10, 2014

The LWN.net Weekly Edition for April 10, 2014 is available.

[$] Project updates from Libre Graphics Meeting 2014

Last week we took a brief look at the many new projects that were
represented on the initial day of Libre Graphics Meeting (LGM) 2014 in
Leipzig.

Security advisories for Wednesday

Debian has updated tomcat7 (multiple vulnerabilities).

Fedora has updated ca-certificates (F19: certificate update),
kernel (F20; F19: denial of service), mediawiki (F20; F19:
cross-site request forgery), NetworkManager-ssh (F19: update to v0.

[$] Much ado about debugging

Recently, an interaction problem between systemd and the kernel was
reported. After a calm discussion, developers of both projects found ways
in which behavior could be improved and set about coding up the solutions.
The technical press was filled with glowing reports on another success of
collaborative problem solving... or, perhaps, most of the preceding text is
entirely fictional and the systemd "debug flag" problem spiraled out of
control in several ways at once.

Fedora status on "Heartbleed"

Fedora has not yet issued updates for CVE-2014-0160, aka
"Heartbleed", however there are updated, unsigned, OpenSSL packages
available for F19 and F20. There are also signed packages available.

Tuesday's security advisories

CentOS has updated openssl (C6: information disclosure).

Debian has updated openssl
(information disclosure) and openssl
(contains a reminder to restart services).

Gentoo has updated crack (code execution), libproxy (code execution), mesa (code execution),

MongoDB 2.6 released

Version
2.6
of the MongoDB document database system is available. "We
re-wrote the entire query execution engine to improve scalability, and took
our first step in building a sophisticated query planner by introducing
index intersection. We’ve made the codebase easier to maintain, and made it
easier to implement new features.

The OpenSSL "heartbleed" vulnerability

This page has extensive information on
CVE-2014-0160, an information disclosure vulnerability in OpenSSL otherwise
known as the "heartbleed bug." "The Heartbleed bug allows anyone on
the Internet to read the memory of the systems protected by the vulnerable
versions of the OpenSSL software. This compromises the secret keys used to
identify the service providers and to encrypt the traffic, the names and
passwords of the users and the actual content.

Security updates for Monday

Debian has updated mediawiki (multiple vulnerabilities), openssh (two vulnerabilities), and prosody (denial of service).

Fedora has updated libyaml (F20; F19: code
execution), munin (F20; F19: denial of service),

St. Pierre: Xwayland

Jasper St. Pierre writes about the
Xwayland back end
, which has been merged into the X server core sooner
than had been expected. "So, why did it succeed so fast? To put it
simply, Xwayland has been completely rearchitected to be leaner, cleaner,
faster, and better than ever before. It’s not done yet; direct rendering
(e.g. games using OpenGL) and by extension 2D acceleration aren't supported
yet, but it’s in the pipeline." Lots of details can be found in
the article.

Syndicate content