[$] A GNU C Library update

By corbet A traditional feature of the tools track at the Linux Foundation’s
Collaboration
Summit
is an update from the developers of the GNU C Library
(glibc); that tradition was upheld in fine form at the 2015 event. Glibc
developer Roland McGrath noted that while the project is a critical
component in vast numbers of Linux installations, it does not have a lot of
developers working on it. Still, even with a relatively small developer
base, some real progress has been made over the last year.

From: LWN

Share

Tuesday’s security updates

By ris

Debian has updated kernel (multiple vulnerabilities).

Debian-LTS has updated samba (root code execution).

Fedora has updated php (F21: two
vulnerabilities), sox (F21: code
execution), sudo (F20: information
disclosure), and unzip (F20: multiple vulnerabilities).

Oracle has updated samba (OL7; OL6: root
code execution), samba3x (OL5: root code
execution), and samba4 (OL6: root code execution).

Red Hat has updated libyaml
(RHEL6: denial of service), samba (RHEL7; RHEL6.2,
6.4, 6.5
; RHEL6: root code execution),
samba3x (RHEL5; RHEL5.6, 5.9: root code execution), and
samba4 (RHEL6; RHEL6.4, 6.5: root code execution).

Scientific Linux has updated samba (SL7; SL6,7; SL5: root code execution) and samba4 (SL6: root code execution).

SUSE has updated php5 (SLE12: multiple vulnerabilities).

Ubuntu has updated ca-certificates (certificate update), e2fsprogs (code execution), and samba (14.10, 14.04, 12.04: root code execution).

From: LWN

Share

Morevna Production Report #1

By ris The Beautiful Queen Marya Morevna is a Russian folk tale. The Morevna
Project makes anime videos about Morevna, using free software. This progress
report
covers the status of their newest episode. “Our main
animation tool is Synfig Studio and for the past years it was improved a
lot. I guess it’s needles to say, that the new episode will be produced
using the latest development version of Synfig. For current stage of the
project it is important to ensure that the tool is stable enough for
production, so last weeks we were concentrated on fixing the critical
bugs. As result of this work, we
have published the first Release Candidate
for the new stable version
of Synfig Studio, which is going to be numbered as 1.0 by the way.

(Thanks to Paul Wise)

From: LWN

Share

GNOME 3.15.90

By ris The first beta in the GNOME 3.15 development series has been
released. GNOME 3.15.90 features a new GNOME shell theme, redesigned
notifications in GNOME shell, codec installation integrated in
gnome-software, a login screen on Wayland, and more.

From: LWN

Share

Security advisories for Monday

By ris

CentOS has updated samba (C7; C6: root
code execution), samba3x (C5: root code
execution), and samba4 (C6: root code execution).

Debian has updated e2fsprogs
(incomplete fix for code execution), eglibc (multiple vulnerabilities), ruby-redcloth (cross-site scripting), samba (root code execution), sudo (information disclosure), typo3-src (authentication bypass), and xdg-utils (command execution).

Fedora has updated apache-poi (F21: XML-handling flaws), apache-poi (F20: denial of service), cups (F21: buffer overflow),
drupal6-views (F21; F20: multiple vulnerabilities), e2fsprogs (F20: code execution), sudo (F21: information disclosure), and tomcat (F21: multiple vulnerabilities).

Mageia has updated bind (denial of service).

openSUSE has updated glibc (13.2,
13.1: multiple vulnerabilities).

SUSE has updated java-1_6_0-ibm
(SLES10 SP4: multiple unspecified vulnerabilities),
java-1_7_0-ibm (SLE11 SP3; SLES11 SP2: multiple unspecified
vulnerabilities), and samba (SLE12: root code execution).

From: LWN

Share

Remote code execution flaw in Samba

By corbet The Samba 4.1.17, 4.0.25 and 3.6.25
releases
are available; they fix an unpleasant code-execution
vulnerability. See this
Red Hat security blog entry
for more information. “CVE-2015-0240
is a security flaw in the smbd file server daemon. It can be exploited by a
malicious Samba client, by sending specially-crafted packets to the Samba
server. No [authentication] is required to exploit this flaw. It can result in
remotely controlled execution of arbitrary code as root.

From: LWN

Share