Security updates for Thursday

By jake

Debian has updated gst-plugins-bad0.10 (code execution), inspircd (code execution from 2012), movabletype-opensource (code execution), and
ppp (denial of service).

Debian-LTS has updated ruby1.9.1
(three vulnerabilities).

Mageia has updated java-1.7.0-openjdk (multiple vulnerabilities),
mono (three SSL/TLS vulnerabilities), and
python-dulwich (two code execution flaws).

openSUSE has updated flash-player
(11.4: 45 vulnerabilities) and rubygem-rest-client (13.2, 13.1: plaintext
password logging).

Oracle has updated java-1.6.0-openjdk (OL5: unspecified
vulnerabilities) and java-1.7.0-openjdk
(OL5: unspecified vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple
vulnerabilities), java-1.6.0-openjdk
(RHEL5,6&7: multiple vulnerabilities), java-1.7.0-openjdk (RHEL5; RHEL6&7: multiple vulnerabilities), and java-1.8.0-openjdk (RHEL6&7: multiple vulnerabilities).

Scientific Linux has updated java-1.6.0-openjdk (SL5,6&7: multiple
vulnerabilities), java-1.7.0-openjdk (SL5; SL6&7: multiple vulnerabilities), and java-1.8.0-openjdk (SL6&7: multiple vulnerabilities).

SUSE has updated flash-player
(SLE11SP3: 22 vulnerabilities).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] Plotting tools for networks, part I

By n8willis

[simple directed graph using fdp]

In the first two installments in this series on plotting tools
(which covered gnuplot and matplotlib),
we introduced tools for creating plots and graphs, and used the terms
interchangeably to refer to the typical scientific plot relating one
set of quantities to another. In this article we use the term “graph”
in its mathematical, graph-theory context, meaning a set of nodes connected by
edges. There is a strong family resemblance among graph-theory graphs,
flowcharts, and network diagrams—so much so that some of the same
tools can be coerced into creating all of them. We will now survey
several mature free-software systems for building these types
of visualizations. At least one of these tools will likely be useful if you
are ever in need of an automated way to diagram source-code
interdependencies, make an organizational chart, visualize a computer
network, or organize a sports tournament. We will start with a
graphical charting tool and a
flexible graphing system that can easily be called by other programs.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Security advisories for Wednesday

By ris

CentOS has updated java-1.6.0-openjdk (C7; C6; C5: multiple vulnerabilities), java-1.7.0-openjdk (C7; C6; C5: multiple vulnerabilities), and java-1.8.0-openjdk (C7; C6: multiple vulnerabilities).

Debian-LTS has updated libvncserver (multiple vulnerabilities) and libx11 (code execution).

Mageia has updated arj (multiple vulnerabilities), asterisk (SSL server spoofing), flash-player-plugin (multiple vulnerabilities), glusterfs (denial of service), librsync (file checksum collision), ntp (two vulnerabilities), qemu (denial of service), quassel (denial of service), shibboleth-sp (denial of service), socat (denial of service), tor (denial of service), and wesnoth (information leak).

Oracle has updated java-1.6.0-openjdk (OL6: multiple
vulnerabilities), java-1.7.0-openjdk (OL6:
multiple vulnerabilities), and java-1.8.0-openjdk (OL6: multiple vulnerabilities).

Red Hat has updated flash-plugin
(RHEL5,6 Supplementary: multiple vulnerabilities).

SUSE has updated Adobe Flash
Player
(SLEWE12, SLED12: multiple vulnerabilities).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] Report from the Python Language Summit

By jake

[Group photo]


The first half of our report from the Python Language
Summit
is now available. Subscribers can click below to access reports from five sessions held before lunch covering topics like the atomicity of Python operations, making Python 3 more attractive to developers, PyParallel, infrastructure for Python development, and Python 3 adoption. We will be adding more reports to this page as they become available.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

OIN Expands the Linux System Definition

By ris Open Invention Network (OIN) has announced that it has
updated its Linux System patent non-aggression coverage. “For this
update, 115 new packages will be added to the Linux System, out of
almost 800 proposed by various parties. Key additions are the reference
implementations of the popular Go and Lua programming languages, Nginx,
Openshift, and development tools like CMake and Maven. This update will
represent an increase of approximately 5% of the total number of packages
covered in the Linux System, a reflection of the incremental and disciplined
nature of the update process.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail