Security advisories for Thursday

By jake

CentOS has updated thunderbird (C6; C5:
multiple vulnerabilities).

Debian has updated cups (code
execution), iceweasel (multiple
vulnerabilities), kfreebsd-9 (denial of
service), and libgtk2-perl (code execution).

Fedora has updated libhtp (F20:
denial of service).

Gentoo has updated samba
(multiple vulnerabilities, some from 2012 and 2013).

Mageia has updated apache-poi
(denial of service), cabextract (privilege
escalation), e2fsprogs (two code execution
flaws), firefox, thunderbird (multiple
vulnerabilities), and sympa (information disclosure).

openSUSE has updated cups (13.2,
13.1: code execution)
and snack (13.2, 13.1: code execution from 2012).

Oracle has updated firefox (OL5:
multiple vulnerabilities) and thunderbird
(OL6: multiple vulnerabilities).

Red Hat has announced that RHEL
5.9 support will end on March 31.

Scientific Linux has updated firefox (multiple vulnerabilities) and thunderbird (SL6, SL5: multiple vulnerabilities).

Slackware has updated thunderbird
(multiple vulnerabilities) and firefox
(multiple vulnerabilities).

SUSE has updated java-1_5_0-ibm
(SLE10SP4: many vulnerabilities) and java-1_6_0-ibm (SLE11SP2: two unspecified vulnerabilities).

Ubuntu has updated EC2 kernel
(10.04: two vulnerabilities), firefox
(14.10, 14.04, 12.04: many vulnerabilities), kernel (14.10; 14.04;
12.04; 10.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple
vulnerabilities), linux-lts-utopic (14.04:
multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] What’s new in Krita 2.9

By n8willis

[Perspective transform]

The newest update to the Krita digital
painting application has been released.
Version 2.9 introduces several new user-interface features, updates to the
layers system, and a variety of tool and rendering improvements. The 2.9
development cycle was also the project’s first to be centered around a
crowdfunding campaign.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Security advisories for Wednesday

By ris

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).

Debian-LTS has updated openjdk-6 (multiple vulnerabilities).

Fedora has updated dump (F21; F20: code execution) and samba (F21; F20: root code execution).

Gentoo has updated grep (denial of service).

Mageia has updated freetype2 (many vulnerabilities) and samba (root code execution).

openSUSE has updated samba (13.2,
13.1: two vulnerabilities).

Oracle has updated firefox (OL7; OL6: multiple vulnerabilities).

Red Hat has updated firefox
(RHEL5,6,7: multiple vulnerabilities) and thunderbird (RHEL5,6: multiple vulnerabilities).

SUSE has updated Samba
(SLE11 SP3: root code execution).

Ubuntu has updated freetype (many vulnerabilities).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Firefox 36 released

By ris Mozilla has released Firefox 36.0. The release
notes
mention a few new features, including support for the full
HTTP/2 protocol. This version will no longer accept insecure RC4 ciphers
whenever possible and certificates with 1024-bit RSA keys will be phased
out. See the release notes for more information.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] A GNU C Library update

By corbet A traditional feature of the tools track at the Linux Foundation’s
Collaboration
Summit
is an update from the developers of the GNU C Library
(glibc); that tradition was upheld in fine form at the 2015 event. Glibc
developer Roland McGrath noted that while the project is a critical
component in vast numbers of Linux installations, it does not have a lot of
developers working on it. Still, even with a relatively small developer
base, some real progress has been made over the last year.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail