lwn.net

warning: Creating default object from empty value in /var/www/home/chantra/debuntu.org/drupal-6.19/modules/taxonomy/taxonomy.pages.inc on line 34.

musl libc 1.0.0 released

Version 1.0.0 of the "musl" C library implementation has been announced.
Musl is aimed at small size and high efficiency; it is distributed under
the MIT license. See this
page
for an introduction to the project.

[$] LWN.net Weekly Edition for March 20, 2014

The LWN.net Weekly Edition for March 20, 2014 is available.

[$] What's new in OpenSSH 6.5 (and 6.6)

Version 6.5 of the OpenSSH suite was released in late January, bringing
with it a host of new features. A 6.6 release followed, primarily to
provide an important bug fix, but most users will still find the
feature set introduced in OpenSSH 6.5 to be the more significant
enhancement. That feature set includes support for additional key
exchange and signature functions, configuration improvements, and
dropping support for several out-of-date options that are no longer
regarded as secure.

Security updates for Wednesday

CentOS has updated firefox (C6:
multiple vulnerabilities) and php (C5:
vulnerabilities from 2006 and 2009).

Debian has updated iceweasel (multiple vulnerabilities).

Fedora has updated catfish (F20; F19:
privilege escalation), pylint (F20:
multiple unspecified temporary file vulnerabil

The full-disclosure mailing list shuts down

John Cartwright, the administrator of the venerable full-disclosure
security-oriented mailing list, has announced that it is shutting down. "The list has had its fair share of trolling, flooding,
furry porn, fake exploits and DoS attacks over the years, but none of
those things really affected the integrity of the list itself.
However, taking a virtual hatchet to the list archives on the whim of
an individual just doesn't feel right. That 'one of our own' would
undermine the efforts of the last 12 years is really the straw that
broke the camel's back."

[$] Debian and CAcert

CAcert is an SSL/TLS certificate
authority (CA) that seeks to be community driven and to provide
certificates for free (gratis), which stands in sharp contrast to the other
existing
CAs. But, in order for CAcert-signed certificates to be accepted by web
browsers and other TLS-using applications, the CAcert root certificate must
be included
in the "trusted certificate store" that operating systems use to determine
which CAs to trust.

10,000 Linux servers hit by malware (ars technica)

Ars technica takes
a look
at an ongoing criminal operation infecting more than 10,000 Unix
and Linux servers with malware that sends spam and redirects end users to
malicious Web pages.

Tuesday's security advisories

CentOS has updated mutt (C6: code
execution), ruby193-rubygem-actionpack
(CSC: multiple vulnerabilities), and samba
(C5: multiple vulnerabilities).

Debian has updated python2.7
(multiple vulnerabilities).

Fedora has updated wireshark (F20; F19: multiple vulnerabilities).

Mandri

GNU Guile 2.0.10 released

Version 2.0.10 of the GNU Guile language, an implementation of the "Scheme"
Lisp dialect, is out. New features include
better GDB integration, HTTP proxy support,
better runtime error reporting, a new vector operations library, and a lot
of changes to support the upcoming "R7RS" version of the Scheme language
(information about which can be found on scheme-reports.org).

Security advisories for Monday

Mageia has updated freetype2
(MG4: two vulnerabilities), libpng (MG4: denial of service), udisks (privilege escalation), and webmin (unspecified vulnerabilities).

Mandriva has updated oath-toolkit
(replays one time passwords) and webmin (multiple vulnerabilities).

openSUSE has updated fla

Syndicate content