Kernel prepatch 4.1-rc5

By corbet The fifth 4.1 prepatch is out for testing.
So we’re on schedule for a normal 4.1 release, if it wasn’t for the
fact that the timing looks like the next merge window would hit our yearly
family vacation. So we’ll see how that turns out, I might end up delaying
the release just to avoid that (or just delay opening the merge
window).

From: LWN

Share

[$] A tale of two data-corruption bugs

By corbet There have been two bugs causing filesystem corruption in the news
recently. One of them, a bug in ext4, has gotten the bulk of the
attention, despite the fact that it is an old bug that is hard to trigger.
The other, however, is recent and able to cause data loss on
filesystems installed on a RAID 0 array. Both are interesting
examples of how things can go wrong, and, thus, merit a closer look.

From: LWN

Share

Nocera: iio-sensor-proxy 1.0 is out!

By n8willis

At his blog, Bastien Nocera announces
the 1.0 release of iio-sensor-proxy,
a framework for accessing the various environmental sensors (e.g.,
accelerometer, magnetometer, proximity, or ambient-light sensors) built
in to recent laptops. The proxy is a daemon that listens to the
Industrial I/O (IIO) subsystem and provides access to the sensor
readings over D-Bus. As of right now, support for ambient-light
sensors and accelerometers is working; other sensor types are in
development. The current API is based on those used by Android and
iOS, but may be expanded in the future. “For future versions,
we’ll want to export the raw accelerometer readings, so that
applications, including games, can make use of them, which might bring
up security issues. SDL, Firefox, WebKit could all do with being
adapted, in the near future.

From: LWN

Share

Friday’s security updates

By n8willis

Arch Linux has updated chromium (multiple vulnerabilities).

Debian has updated chromium-browser (multiple vulnerabilities), fuse (privilege escalation), and ntfs-3g (privilege escalation).

SUSE has updated KVM (SLES11
SP1: multiple vulnerabilities),
SUSE Manager Server 1.7 (SLE11 SP2: multiple vulnerabilities), and Xen (SLE11 SP3: multiple vulnerabilities).

Ubuntu has updated apport
(two privilege escalation vulnerabilities), fuse (privilege escalation), ntfs-3g (privilege escalation), oxide-qt (14.04, 14.10, 15.04: multiple vulnerabilities), and python-dbusmock (14.04, 14.10, 15.04:
code execution).

From: LWN

Share

Announcing qboot, a minimal x86 firmware for QEMU

By jake The announcement of Clear Containers (which guest author Arjan van de Ven described in an LWN article from this week) seems to have sparked some interesting work on QEMU that resulted in qboot: “a minimal x86 firmware that runs on QEMU and, together with
a slimmed-down QEMU configuration, boots a virtual machine in 40
milliseconds on an Ivy Bridge Core i7 processor.
” Paolo Bonzini announced the project (code is available at git://github.com/bonzini/qboot.git), which is quite new: “The first commit to qboot is more or less 24 hours old, so there is
definitely more work to do, in particular to extract ACPI tables from
QEMU and present them to the guest. This is probably another day of
work or so, and it will enable multiprocessor guests with little or no
impact on the boot times. SMBIOS information is also available from QEMU.

From: LWN

Share

Security advisories for Thursday

By jake

Debian has updated libmodule-signature-perl (multiple vulnerabilities).

Debian-LTS has updated dnsmasq
(information disclosure).

Fedora has updated wordpress (F21; F20:
three vulnerabilities).

Oracle has updated docker (OL7; OL6: multiple vulnerabilities).

Red Hat has updated java-1.5.0-ibm (RHEL5&6: multiple vulnerabilities, one from 2005)
and java-1.7.1-ibm (RHEL6&7: multiple vulnerabilities, one
from 2005).

SUSE has updated gstreamer-0_10-plugins-bad (SLE11SP3: code
execution) and xen (SLE12: multiple vulnerabilities).

From: LWN

Share

Security advisories for Wednesday

By ris

Debian has updated icedove
(multiple vulnerabilities), proftpd-dfsg
(unauthenticated copying of files), and zendframework (multiple vulnerabilities).

Fedora has updated dovecot (F21; F20:
denial of service), firefox (F20: multiple
vulnerabilities), libtasn1 (F21: denial of
service), php-ZendFramework2 (F21;
F20: CRLF injection), and thunderbird (F20: multiple vulnerabilities).

Ubuntu has updated kernel (14.10; 14.04;
12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple
vulnerabilities), linux-lts-utopic (14.04:
multiple vulnerabilities), and linux-ti-omap4 (12.04: two vulnerabilities).

From: LWN

Share

[$] PostgreSQL: the good, the bad, and the ugly

By corbet The PostgreSQL development community is working toward the 9.5 release,
currently planned for the third quarter of this year. Development activity
is at peak levels as the planned feature freeze for this release approaches.
While this activity is resulting in the merging of some interesting
functionality, including the long-awaited “upsert” feature,
it is also
revealing some fault lines within the community. The fact that PostgreSQL
lacks the review resources needed to keep up with its natural rate of
change has been understood for years; many other projects suffer from the
same problem. But the pressures on PostgreSQL seem to be becoming more
acute, leading to concerns about fairness in the community and the
durability of the project’s cherished reputation for high-quality software.

From: LWN

Share