By corbet A traditional feature of the tools track at the Linux Foundation’s
Summit is an update from the developers of the GNU C Library
(glibc); that tradition was upheld in fine form at the 2015 event. Glibc
developer Roland McGrath noted that while the project is a critical
component in vast numbers of Linux installations, it does not have a lot of
developers working on it. Still, even with a relatively small developer
base, some real progress has been made over the last year.
Debian has updated kernel (multiple vulnerabilities).
Debian-LTS has updated samba (root code execution).
Red Hat has updated libyaml
(RHEL6: denial of service), samba (RHEL7; RHEL6.2,
6.4, 6.5; RHEL6: root code execution),
samba3x (RHEL5; RHEL5.6, 5.9: root code execution), and
samba4 (RHEL6; RHEL6.4, 6.5: root code execution).
SUSE has updated php5 (SLE12: multiple vulnerabilities).
By ris The Beautiful Queen Marya Morevna is a Russian folk tale. The Morevna
Project makes anime videos about Morevna, using free software. This progress
report covers the status of their newest episode. “Our main
animation tool is Synfig Studio and for the past years it was improved a
lot. I guess it’s needles to say, that the new episode will be produced
using the latest development version of Synfig. For current stage of the
project it is important to ensure that the tool is stable enough for
production, so last weeks we were concentrated on fixing the critical
bugs. As result of this work, we
have published the first Release Candidate for the new stable version
of Synfig Studio, which is going to be numbered as 1.0 by the way.”
(Thanks to Paul Wise)
Debian has updated e2fsprogs
(incomplete fix for code execution), eglibc (multiple vulnerabilities), ruby-redcloth (cross-site scripting), samba (root code execution), sudo (information disclosure), typo3-src (authentication bypass), and xdg-utils (command execution).
Fedora has updated apache-poi (F21: XML-handling flaws), apache-poi (F20: denial of service), cups (F21: buffer overflow),
drupal6-views (F21; F20: multiple vulnerabilities), e2fsprogs (F20: code execution), sudo (F21: information disclosure), and tomcat (F21: multiple vulnerabilities).
Mageia has updated bind (denial of service).
openSUSE has updated glibc (13.2,
13.1: multiple vulnerabilities).
SUSE has updated java-1_6_0-ibm
(SLES10 SP4: multiple unspecified vulnerabilities),
java-1_7_0-ibm (SLE11 SP3; SLES11 SP2: multiple unspecified
vulnerabilities), and samba (SLE12: root code execution).
By corbet The Samba 4.1.17, 4.0.25 and 3.6.25
releases are available; they fix an unpleasant code-execution
vulnerability. See this
Red Hat security blog entry for more information. “CVE-2015-0240
is a security flaw in the smbd file server daemon. It can be exploited by a
malicious Samba client, by sending specially-crafted packets to the Samba
server. No [authentication] is required to exploit this flaw. It can result in
remotely controlled execution of arbitrary code as root.”