VMware just created its first Linux OS, and it’s container-friendly (NetworkWorld)

By ris NetworkWorld takes
a look
at two VMWare projects that are aimed at running containers
inside the VM. “VMware has created Photon as an OS that can run in vSphere. VMware says it’s a “lightweight” Linux OS that has only the basic elements required to package applications in containers and run them inside virtual machines. Because of its minimalist feature set, Project Photon is meant to boot up quickly, which is a key advantage of using containers.

Project Photon supports many container image platforms, including those
from Docker (which is both an open source container runtime and the name of
the company that is commercializing it), as well as container images from
CoreOS (called “rkt”) and Pivotal (named “Garden”).” VMWare also
announced a beta version of Project Lightwave, “which is an identity and access management tool meant to provide an extra security layer for containers.

From: LWN

Security advisories for Monday

By ris

Arch Linux has updated chromium (multiple vulnerabilities), flashplugin (multiple vulnerabilities), jdk7-openjdk (multiple vulnerabilities), jre7-openjdk (multiple vulnerabilities), and jre7-openjdk-headless (multiple vulnerabilities).

Debian has updated django-markupfield (information leak) and mysql-5.5 (multiple vulnerabilities).

Debian-LTS has updated file
(memory leak), openldap (multiple vulnerabilities), ppp (denial of service), and wesnoth-1.8 (information leak).

Fedora has updated gnupg2 (F21:
double-free issue), groovy-sandbox (F21:
privilege escalation), jenkins (F21:
multiple vulnerabilities), jenkins-matrix-project-plugin (F21: privilege
escalation), jenkins-script-security-plugin
(F21: privilege escalation), knot (F21; F20:
multiple vulnerabilities), libtasn1 (F21; F20:
denial of service), mediawiki (F21;
F20: multiple vulnerabilities),
owncloud (F21; F20: multiple vulnerabilities),
perl-DBD-Firebird (F21; F20: buffer overflow),
perl-Module-Signature (F21; F20: multiple vulnerabilities),
perl-Test-Signature (F21; F20: multiple vulnerabilities),
php-symfony (F21; F20: two vulnerabilities), postgis (F21: multiple vulnerabilities), python (F21: denial of service), rest
(F21; F20:
denial of service), tcpdump (F20: multiple vulnerabilities), and tor (F21; F20: denial of service).

Mageia has updated perl-DBD-Firebird (buffer overflow), perl-Module-Signature (multiple vulnerabilities), and potrace (denial of service).

openSUSE has updated xen (13.1: multiple vulnerabilities).

Red Hat has updated java-1.6.0-sun (RHEL5,6,7: multiple
vulnerabilities) and java-1.7.0-oracle
(RHEL5,6,7: multiple vulnerabilities).

From: LWN

Ardour 4.0 released

By corbet Version 4.0 of the
Ardour audio editing system is available. This release features Windows
support, more flexible audio support (JACK is no longer required), a lot of
user-interface work, and official OS X and Windows support.

From: LWN

Schaller: Red Hat joins Khronos

By n8willis

At his blog, Christian Schaller announces
that Red Hat has joined the Khronos
, the consortium behind (among other things) the OpenGL
standard. Schaller notes that “the reason we are joining is
because of all the important changes that are happening in Graphics
and GPU compute these days and our wish to have more direct input of
the direction of some of these technologies. Our efforts are likely to
focus on improving the OpenGL specification by proposing some new
extensions to OpenGL, and of course providing input and help with
moving the new Vulkan standard forward.

From: LWN

Friday’s security updates

By n8willis

Arch Linux has updated php (multiple vulnerabilities).

Debian-LTS has updated tzdata (unspecified vulnerability).

Gentoo has updated adobe-flash (multiple vulnerabilities) and xorg-server (multiple vulnerabilities).

openSUSE has updated icecast
(13.1, 13.2:denial of service) and ntop (13.1, 13.2: cross-site scripting).

Red Hat has updated java-1.8.0-oracle (RHEL6,7: multiple vulnerabilities), novnc (RHEL6 OSP; RHEL7 OSP: VNC session hijacking),
openstack-foreman-installer (RHEL6
OSP: root command execution),
openstack-glance (RHEL6 OSP; RHEL7 OSP: denial of service),
openstack-nova (RHEL6 OSP; RHEL7 OSP: multiple vulnerabilities),
openstack-packstack, openstack-puppet-modules (RHEL6 OSP; RHEL7 OSP: root command execution),
openstack-swift (RHEL6 OSP; RHEL7 OSP: metadata constraint bypass),
python-django-horizon, python-django-openstack-auth (RHEL6 OSP; RHEL7 OSP: denial of service), and
redhat-access-plugin-openstack (RHEL6 OSP; RHEL7 OSP: information disclosure).

Ubuntu has updated apport
(14.04, 14.10: privilege escalation).

From: LWN

GNU Hurd 0.6 released

By jake It has been roughly a year and a half since the last release of the GNU Hurd operating
system, so it may be of interest to some readers that GNU Hurd 0.6 has been
released along with
GNU Mach 1.5 (the microkernel that Hurd
runs on) and GNU MIG 1.5 (the Mach Interface Generator, which
generates code to handle remote procedure calls). New features include
procfs and random translators; cleanups and stylistic fixes, some of which
came from static analysis; message dispatching improvements; integer
hashing performance improvements; a split of the init server into a
startup server and an init program based on System V init; and more. “GNU Hurd runs on 32-bit x86 machines. A version running on 64-bit x86
(x86_64) machines is in progress. Volunteers interested in ports to
other architectures are sought; please contact us (see below) if you’d
like to help.

To compile the Hurd, you need a toolchain configured to target i?86-gnu;
you cannot use a toolchain targeting GNU/Linux. Also note that you
cannot run the Hurd “in isolation”: you’ll need to add further components
such as the GNU Mach microkernel and the GNU C Library (glibc), to turn
it into a runnable system.”

From: LWN

Boyer: Fedora 22 and Kernel 4.0

By jake On his blog, Josh Boyer looks at the choice of the 4.0 kernel for Fedora 22. While the underpinnings of the live kernel patching feature have been merged, even when it is fully operational it is probably not something that Fedora (and perhaps other distributions) will use often (or at all). “In reality, we might not ever really leverage the live patching functionality in Fedora itself. It is understandable that people want to patch their kernel without rebooting, but the mechanism is mostly targeted at small bugfixes and security patches. You cannot, for example, live patch from version 4.0 to 4.1. Given that the Fedora kernel rebases both from stable kernel (e.g. 3.19.2 to 3.19.3) and major release kernels over the lifetime of a Fedora release, we don’t have much opportunity to build the live patches.

From: LWN

Security updates for Thursday

By jake

Debian has updated gst-plugins-bad0.10 (code execution), inspircd (code execution from 2012), movabletype-opensource (code execution), and
ppp (denial of service).

Debian-LTS has updated ruby1.9.1
(three vulnerabilities).

Mageia has updated java-1.7.0-openjdk (multiple vulnerabilities),
mono (three SSL/TLS vulnerabilities), and
python-dulwich (two code execution flaws).

openSUSE has updated flash-player
(11.4: 45 vulnerabilities) and rubygem-rest-client (13.2, 13.1: plaintext
password logging).

Oracle has updated java-1.6.0-openjdk (OL5: unspecified
vulnerabilities) and java-1.7.0-openjdk
(OL5: unspecified vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple
vulnerabilities), java-1.6.0-openjdk
(RHEL5,6&7: multiple vulnerabilities), java-1.7.0-openjdk (RHEL5; RHEL6&7: multiple vulnerabilities), and java-1.8.0-openjdk (RHEL6&7: multiple vulnerabilities).

Scientific Linux has updated java-1.6.0-openjdk (SL5,6&7: multiple
vulnerabilities), java-1.7.0-openjdk (SL5; SL6&7: multiple vulnerabilities), and java-1.8.0-openjdk (SL6&7: multiple vulnerabilities).

SUSE has updated flash-player
(SLE11SP3: 22 vulnerabilities).

From: LWN