Security advisories for Wednesday

By ris

Debian-LTS has updated linux-2.6 (multiple vulnerabilities).

Red Hat has updated kernel
(RHEL5.9: privilege escalation).

SUSE has updated java-1_7_0-ibm
(SLE12: multiple vulnerabilities).

Ubuntu has updated aptdaemon
(15.04, 14.10, 14.04, 12.04: information leak), devscripts (14.10, 14.04, 12.04: directory
traversal), and wpa, wpasupplicant (15.04,
14.10, 14.04, 12.04: multiple vulnerabilities).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] Leap-second issues, 2015 edition

By corbet The leap second is an occasional ritual wherein Coordinated Universal Time
(UTC) is held back for one second to account for the slowing of the Earth’s
rotation. The last leap second happened on June 30, 2012; the next is
scheduled for June 30 of this year. Leap seconds are thus infrequent
events. One might easily imagine that infrequent events involving time
discontinuities would be likely to expose software problems, and, sure
enough, the 2012 leap second had
its share of issues
. The 2015 leap second looks to be a calmer affair,
but it appears that it will not be entirely problem-free.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Tuesday’s security advisories

By ris

CentOS has updated abrt (C7:
multiple vulnerabilities), openssl (C7; C6:
multiple vulnerabilities), and wpa_supplicant (C7: two vulnerabilities).

Debian has updated p7zip (directory traversal).

Oracle has updated openssl (OL7; OL6: multiple vulnerabilities).

Red Hat has updated openssl
(RHEL6,7: multiple vulnerabilities).

Scientific Linux has updated openssl (SL6,7: multiple vulnerabilities).

SUSE has updated kernel (SLE12: multiple vulnerabilities).

Ubuntu has updated kernel (15.04; 14.10;
14.04; 12.04: privilege escalation), linux-lts-trusty (12.04: privilege
escalation), linux-lts-utopic (14.04:
privilege escalation), linux-lts-vivid
(14.04: privilege escalation), and linux-ti-omap4 (12.04: privilege escalation).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Best practices to build bridges between tech teams (Opensource.com)

By ris Opensource.com has an interview
with Robyn Bergeron
, about her current position as Operations Advocate
at Elastic, and past roles (such as Fedora Project Leader). “The ELK stack (that’s Elasticsearch, Logstash, and Kibana), being incredibly flexible and adaptable to many use cases, appeals to both operations folks and developers—but my love for it really has grown from seeing how fantastically it has allowed folks working in ops to not just start more rapidly identifying that “something broke,” but also to be able to visually identify the patterns that lead to those broken things. Getting to a point where you’re not just on fire all the time fixing technology, and instead fixing the processes that lead to fires, or implementing ways to proactively avoid fires, is not just redeeming, but frees up time to do other things besides firefighting.

People love breaking that loop, and it’s fabulous being an advocate for something that is literally making people’s work-life balance and general happiness levels better. I’ve been in those fires. It’s not fun. It makes me happy to see users feeling awesome.”

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Security updates for Monday

By ris

Debian has updated libav (two
vulnerabilities), openssl (multiple
vulnerabilities), qemu (multiple
vulnerabilities), qemu-kvm (two vulnerabilities), sqlite3 (denial of service), and xen (multiple vulnerabilities).

Debian-LTS has updated p7zip (directory traversal).

Fedora has updated armacycles-ad (F22; F21; F20: multiple vulnerabilities), filezilla (F22: multiple vulnerabilities), fuse (F20: privilege escalation), libreswan (F20: denial of service), nss (F20: cipher-downgrade attacks), nss-softokn (F20: cipher-downgrade attacks),
nss-util (F20: cipher-downgrade attacks),
ntfs-3g (F20: privilege escalation), and xen (F22; F21: multiple vulnerabilities).

openSUSE has updated flash-player
(11.4: multiple vulnerabilities), coreutils
(13.2: memory handling error), cups (13.2,
13.1: three vulnerabilities), dpkg (13.2,
13.1: integrity-verification bypass), and php5 (13.2, 13.1: information disclosure).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

TeX Live 2015 is available

By n8willis

The 2015 edition of the TeX Live software distribution, the “easy way to get up and running with the TeX document production system,” has been released. DVDs are in production for members of the TeX Users Group (TUG), though many will probably prefer the downloadable release. The changes included in this edition include the merging of several LaTeX fixes from external packages into LaTeX itself, JPEG Exif support in pdfTeX, and image-handling fixes in XeTeX.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail