Kernel prepatch 4.0-rc7

By corbet Linus has released 4.0-rc7 after a delay of
a couple of days for the holiday. “But it’s still pretty small, and
things are on track for 4.0 next weekend. There’s a tiny chance that I’ll
decide to delay 4.0 by a week just because I’m traveling the week after,
and I might want to avoid opening the merge window. We’ll see how I feel
about it next weekend.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Linux Australia server breach

By ris Linux Australia has reported
a breach
on the Conference Management (Zookeepr) hosting server. This
server hosted the conference systems for linux.conf.au 2013, 2014 and 2015,
and for PyCon Australia 2013 and 2014. “The database dumps which
occurred during the breach include information provided during conference
registration – First and Last Names, physical and email addresses, and any
phone contact details provided, as well as a hashed version of the user
password. As Zookeepr uses a third party credit card payment gateway for
credit card processing, the database dumps do not contain any credit card
or banking details.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Security advisories for Monday

By ris

Arch Linux has updated firefox (certificate verification bypass), java-batik (information leak), and thunderbird (multiple vulnerabilities).

Fedora has updated firefox (F20:
multiple vulnerabilities), freeipa (F21:
two vulnerabilities), glpi (F21; F20: privilege escalation), lasso (F21; F20:
denial of service), mingw-libzip (F21; F20: code
execution), mingw-qt5-qtbase (F21;
F20: denial of service),
mingw-qt5-qtdeclarative (F21; F20: denial of service),
mingw-qt5-qtgraphicaleffects (F21;
F20: denial of service),
mingw-qt5-qtimageformats (F21; F20: denial of service),
mingw-qt5-qtlocation (F21; F20: denial of service),
mingw-qt5-qtmultimedia (F21; F20: denial of service),
mingw-qt5-qtquick1 (F21; F20: denial of service),
mingw-qt5-qtscript (F21; F20: denial of service),
mingw-qt5-qtsensors (F21; F20: denial of service),
mingw-qt5-qtsvg (F21; F20: denial of service),
mingw-qt5-qttools (F21; F20: denial of service),
mingw-qt5-qttranslations (F21; F20: denial of service),
mingw-qt5-qtwebkit (F21; F20: denial of service),
mingw-qt5-qtwinextras (F21; F20: denial of service), moodle (F21; F20:
multiple vulnerabilities), osc (F21;
F20: command injection), patch (F20: multiple vulnerabilities),
PyYAML (F21; F20: denial of service), rt (F21: multiple vulnerabilities), slapi-nis (F21: multiple vulnerabilities), thunderbird (F21: multiple vulnerabilities), and tor (F21; F20: denial of service).

Mageia has updated cups-filters
(remote command execution), novnc (VNC
session hijacking), and php, libzip
(multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: two vulnerabilities).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

10 Years of Git: An Interview with Git Creator Linus Torvalds (Linux.com)

By corbet Linux.com talks
with Linus Torvalds
about the development of Git. “Just to pick
an example: the concept of ‘merging’ was generally considered to be
something really quite painful and hard in most SCM’s. You’d plan your
merges, because they were big deals. That’s not acceptable to me, since I
commonly do tens of merges a day when in the merge window, and even then,
the biggest overhead shouldn’t be the merge itself, it should be testing
the result. The ‘git’ part of the merge is just a couple of seconds, it
should take me much longer just to write the merge explanation
message.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Tor Summer of Privacy

By n8willis

The Tor Project and the Electronic Freedom Foundation (EFF) have announced
a mentoring program entitled the “Tor Summer of Privacy” (TorSoP). Akin to the
Google Summer of Code, TorSoP will provide financial support and
mentorship for a group of students to work on privacy-related free
software. Three student positions are available this year;
applications will be accepted through April 10. More details
(including project ideas) are provided on the TorSoP page.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Rust 1.0 beta released

By n8willis

The Rust team at Mozilla Research has announced the first beta release of Rust 1.0. The release notes detail a number of important changes, but the announcement adds some additional noteworthy items. “The Beta release also marks a turning point in our approach to stability. During the alpha cycle, the use of unstable APIs and language features was permitted, but triggered a warning. As of the Beta release, the use of unstable APIs will become an error (unless you are using Nightly builds or building from source).” A new continuous-integration infrastructure has also been deployed. The final release is currently expected around May 15.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Friday’s security updates

By n8willis

Arch Linux has updated libtasn1 (denial of service).

Debian has updated icedove
(multiple vulnerabilities).

Fedora has updated drupal7-ctools (F20; F21: multiple vulnerabilities),
firefox (F21: multiple vulnerabilities), icu (F21: multiple vulnerabilities), and texlive (F20: arbitrary file removal).

Mageia has updated firefox,
thunderbird
(M4: multiple vulnerabilities), iceape (M4: multiple vulnerabilities), libtasn1 (M4: denial of service), mercurial (M4: command injection), mongodb (M4: denial of service), and python-django (M4: multiple vulnerabilities).

Mandriva has updated icu
(BS1: multiple vulnerabilities) and subversion (BS1, BS2: multiple vulnerabilities).

SUSE has updated kernel
(SLE12: multiple vulnerabilities).

Ubuntu has updated thunderbird (12.04, 14.04, 14.10: multiple vulnerabilities).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail