Security advisories for Wednesday

By ris

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).

Debian-LTS has updated openjdk-6 (multiple vulnerabilities).

Fedora has updated dump (F21; F20: code execution) and samba (F21; F20: root code execution).

Gentoo has updated grep (denial of service).

Mageia has updated freetype2 (many vulnerabilities) and samba (root code execution).

openSUSE has updated samba (13.2,
13.1: two vulnerabilities).

Oracle has updated firefox (OL7; OL6: multiple vulnerabilities).

Red Hat has updated firefox
(RHEL5,6,7: multiple vulnerabilities) and thunderbird (RHEL5,6: multiple vulnerabilities).

SUSE has updated Samba
(SLE11 SP3: root code execution).

Ubuntu has updated freetype (many vulnerabilities).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Firefox 36 released

By ris Mozilla has released Firefox 36.0. The release
notes
mention a few new features, including support for the full
HTTP/2 protocol. This version will no longer accept insecure RC4 ciphers
whenever possible and certificates with 1024-bit RSA keys will be phased
out. See the release notes for more information.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] A GNU C Library update

By corbet A traditional feature of the tools track at the Linux Foundation’s
Collaboration
Summit
is an update from the developers of the GNU C Library
(glibc); that tradition was upheld in fine form at the 2015 event. Glibc
developer Roland McGrath noted that while the project is a critical
component in vast numbers of Linux installations, it does not have a lot of
developers working on it. Still, even with a relatively small developer
base, some real progress has been made over the last year.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Tuesday’s security updates

By ris

Debian has updated kernel (multiple vulnerabilities).

Debian-LTS has updated samba (root code execution).

Fedora has updated php (F21: two
vulnerabilities), sox (F21: code
execution), sudo (F20: information
disclosure), and unzip (F20: multiple vulnerabilities).

Oracle has updated samba (OL7; OL6: root
code execution), samba3x (OL5: root code
execution), and samba4 (OL6: root code execution).

Red Hat has updated libyaml
(RHEL6: denial of service), samba (RHEL7; RHEL6.2,
6.4, 6.5
; RHEL6: root code execution),
samba3x (RHEL5; RHEL5.6, 5.9: root code execution), and
samba4 (RHEL6; RHEL6.4, 6.5: root code execution).

Scientific Linux has updated samba (SL7; SL6,7; SL5: root code execution) and samba4 (SL6: root code execution).

SUSE has updated php5 (SLE12: multiple vulnerabilities).

Ubuntu has updated ca-certificates (certificate update), e2fsprogs (code execution), and samba (14.10, 14.04, 12.04: root code execution).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Morevna Production Report #1

By ris The Beautiful Queen Marya Morevna is a Russian folk tale. The Morevna
Project makes anime videos about Morevna, using free software. This progress
report
covers the status of their newest episode. “Our main
animation tool is Synfig Studio and for the past years it was improved a
lot. I guess it’s needles to say, that the new episode will be produced
using the latest development version of Synfig. For current stage of the
project it is important to ensure that the tool is stable enough for
production, so last weeks we were concentrated on fixing the critical
bugs. As result of this work, we
have published the first Release Candidate
for the new stable version
of Synfig Studio, which is going to be numbered as 1.0 by the way.

(Thanks to Paul Wise)

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

GNOME 3.15.90

By ris The first beta in the GNOME 3.15 development series has been
released. GNOME 3.15.90 features a new GNOME shell theme, redesigned
notifications in GNOME shell, codec installation integrated in
gnome-software, a login screen on Wayland, and more.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail