Security advisories for Wednesday

Debian has updated apt (multiple vulnerabilities) and dbus (multiple vulnerabilities).

Red Hat has updated krb5 (RHEL5: code execution).

SUSE has updated procmail
(SLE11 SP3: code execution) and kernel
(SLES11 SP1: multiple vulnerabilities).

Ubuntu has updated apt (multi

Garrett: ACPI, kernels and contracts with firmware

Matthew Garrett writes
about the challenges
faced by the developers working on ACPI-based ARM
systems. "Somebody is going to need to take responsibility for
tracking ACPI behaviour and incrementing the exported interface whenever it
changes, and we need to know who that's going to be before any of these
systems start shipping. The alternative is a sea of ARM devices that only
run specific kernel versions, which is exactly the scenario that ACPI was
supposed to be fixing."

[$] OpenSSL's new security policy

The OpenSSL project is
widely known due to its broad adoption as the SSL/TLS library of choice for
open-source software—though, in April, it also became widely
known because of a particularly vicious security vulnerability. To a large
degree, the project weathered the storm, but the project has also
undertaken some changes in the wake of the incident.

openSUSE statement on the recent Merger announcement

SUSE's parent entity, the Attachmate Group has entered into an agreement to
merge with Micro Focus, prompting some to wonder about how that might
affect openSUSE. SUSE's President and General Manager, Nils Brauckmann has
contacted the openSUSE Board with a reassuring message. "Business as
Usual: There are no changes planned for the SUSE business structure and

SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn (The Register)

The Register reports
that SUSE Linux owner Attachmate Group is being purchased by Micro Focus
International. "Micro Focus is taking Attachmate Group in exchange for 86.60 million shares, in a deal described as a merger. The combined companies will create a “leading global infrastructure software company” with revenue of $1.4bn, Micro Focus said. The deal is expected to close in November."

New MINIX release for x86 and ARM is BSD compatible

Andrew Tanenbaum has announced the release of MINIX 3.3.0, a major new
release of the OS. "It is based on a tiny (13 KLoC) microkernel with the
operating system running as a set of protected user-mode processes. Each
device driver is also a separate process. If a driver fails, it is
automatically and transparently restarted without rebooting and without
applications even noticing, making the system self-healing. In addition
to the x86, the ARM Cortex A8 is now supported, with ports to the
BeagleBoard and BeagleBone available.

Tuesday's security updates

CentOS has updated axis (C6; C5: SSL hostname verification bypass).

openSUSE has updated php5 (13.1,
12.3: multiple vulnerabilities), ppp (13.1,
12.3: privilege escalation), python-django
(13.1, 12.3: multiple vulnerabilities), and flash-player (11.4: multiple vulnerabilities).


The road to Rust 1.0

The Rust Programming Language Blog has an article
describing recent changes to the language
and what remains to be done
for the eventual 1.0 release. "The key to all these changes has been
a focus on the core concepts of ownership and borrowing. Initially, we
introduced ownership as a means of transferring data safely and efficiently
between tasks, but over time we have realized that the same mechanism
allows us to move all sorts of things out of the language and into

RPM 4.12.0 released

Version 4.12.0 of the RPM
package manager is out. New features include weak dependencies
("suggests," "recommends," "supplements," and "enhances" tags), a new
rpm2archive utility to turn a package into a tar archive,
lots of internal improvements, the removal of the "collections" feature,
and, for those who think it is wise, the ability to put files larger than
4GB into a package.

Intel's Edison Brings Yocto Linux to Wearables (Linux.com)

Linux.com takes
a look
at Intel's Edison
computing module. "Linux-based platforms for wearables include Android Wear, Samsung's Tizen SDK for Wearables, and now Intel's Yocto Linux and Intel Atom-based Edison computing module. The Edison was released last week in conjunction with the Intel Developer Forum.

Syndicate content