lwn.net

Freenode server compromised

The freenode infrastructure team found a server
issue
that indicated that an IRC server may have been compromised.
"We immediately started an investigation to map the extent of the
problem and located similar issues with several other machines and have
taken those offline. For now, since network traffic may have been sniffed,
we recommend that everyone change their NickServ password as a
precaution." (Thanks to Paul Wise)

Security advisories for Monday

Fedora has updated curl (F20: two
cookie-handling vulnerabilities), GraphicsMagick (F19: code execution), libreoffice (F20: file disclosure), and procmail (F20: code execution).

Mageia has updated dump (denial
of service/possible code execution), glibc
(two vulnerabilities),

LedgerSMB 1.4.0 released

Version 1.4.0 of the LedgerSMB accounting system is out. It features a new
contact management subsystem, a reworked report generation subsystem,
better integration with other business applications, and more. The
announcement left out download information; those who are interested can
find the software at ledgersmb.org.

Kernel prepatch 3.17-rc5

The fifth 3.17 prepatch is out. "So
I should probably have delayed this until Wednesday for sentimental
reasons: that will be 23 years since I uploaded the 0.01 source tree. But
I'm not an overly sentimental person, so screw that. I'm doing my normal
Sunday release." Linus noted that this is a relatively large set of
changes, so any thoughts of doing an early 3.17 release (to avoid conflicts
between the merge window and his travel plans) have to be put aside.

Klumpp: Listaller: Back to the future!

At his blog, Matthias Klumpp provides an update on recent work in Listaller, the cross-distribution framework for third-party package installation. The core issue is that Listaller currently relies on PackageKit's plugin infrastructure, which is going away. As a result, Klumpp has started work on a substantial rewrite of Listaller that will integrate with AppStream and other up-to-date tools.

Friday's security updates

Debian has updated bind9
(denial of service) and gnupg (key disclosure).

SUSE has updated glibc (SLES10 SP4; SLES11 SP1:
multiple vulnerabilities) and firefox (SLES10 SP3; SLES10 SP4: multiple vulnerabilities).

Ubuntu has updated thunde

Hertzog: Freexian’s first report about Debian Long Term Support

On his blog, Raphaël Hertzog reports on the first few months of work on Debian Long Term Support (LTS). Official support for Debian 6.0 (Squeeze) ended in May and the LTS is an effort to continue the support until February 2016 (five years after the original release). Hertzog's company, Freexian, is collecting subscriptions to pay Debian developers to work on the LTS.

Yao: The State of ZFS on Linux

At the ClusterHQ blog, Richard Yao looks at the current status of the ZFSOnLinux (ZoL) project. He argues that ZoL is ready for production use for a number of different reasons, all of which boil down to the belief that the ZFS filesystem port to Linux has achieved the same level of data integrity, runtime stability, and features as have the other platforms where ZFS runs.

Thursday's security advisories

Debian has updated curl (two
cookie-handling vulnerabilities) and file
(regression in previous security update).

Fedora has updated qemu (F20:
information leak).

openSUSE has updated glibc (13.1,
12.3: three vulnerabilities) and procmail
(13.1, 12.3: code execution).

Oracle has updated kernel 2.6.39 (

[$] LWN.net Weekly Edition for September 11, 2014

The LWN.net Weekly Edition for September 11, 2014 is available.

Syndicate content