Kernel prepatch 4.0-rc6

By corbet Linus has released 4.0-rc6 right on
schedule. “Things are calming down nicely, and there are fixes all
over. The NUMA balancing performance regression is fixed, and things are
looking up again in general. There were a number of i915 issues and a KVM
double-fault thing that meant that for a while there I was pretty sure that
this would be a release that will go to rc8, but that may be
unnecessary.

From: LWN

How the current intellectual property landscape impacts open source

Meet Doug Kim. He’s a computer engineer-turned-lawyer who chairs the Intellectual Property Practice Group at McNair Law Firm in Columbia, South Carolina. Doug’s practice includes patent preparation and prosecution, trademark, service mark preparation and prosecution, and securing copyright registrations in areas that include Geographical Information Systems (GIS), software, books, music, product packaging, and distribution. He has expertise in software, method, and mechanical patents as well as open source licensing.read more

From: LXer

Security advisories for Monday

By ris

CentOS has updated postgresql
(C6: multiple vulnerabilities).

Debian has updated freexl (code execution).

Fedora has updated drupal6 (F21; F20:
multiple vulnerabilities), drupal7 (F21; F20:
multiple vulnerabilities), libssh2 (F20:
information leak), mingw-xerces-c (F21; F20:
denial of service), php (F21: multiple
vulnerabilities), tcpdump (F21: multiple vulnerabilities), and xerces-c (F21; F20: denial of service).

Gentoo has updated busybox
(multiple vulnerabilities).

Mandriva has updated apache-mod_wsgi (MBS2.0: privilege
escalation), bash (MBS2.0: multiple
vulnerabilities), bind (MBS2.0: denial of
service), binutils (MBS2.0: multiple
vulnerabilities), clamav (MBS2.0: multiple
vulnerabilities), coreutils (MBS1.0,
MBS2.0: code execution), ctags (MBS2.0:
denial of service), ctdb (MBS2.0: insecure
temporary files), dbus (MBS2.0: multiple
vulnerabilities), drupal (MBS1.0: multiple
vulnerabilities), ejabberd (MBS2.0:
incorrectly allows unencrypted connections), erlang (MBS2.0: command injection), ffmpeg (MBS2.0: multiple vulnerabilities), firebird (MBS2.0: denial of service), freerdp (MBS2.0: two vulnerabilities), gcc (MBS2.0: code execution), git (MBS2.0: code execution), glibc (MBS2.0: multiple vulnerabilities), glpi (MBS2.0: multiple vulnerabilities), grub2 (MBS2.0: code execution), gtk+3.0 (MBS2.0: screen lock bypass), icu (MBS2.0: multiple vulnerabilities), ipython (MBS2.0: code execution), jasper (MBS2.0: multiple vulnerabilities), jython (MBS2.0: code execution), libarchive (MBS1.0, MBS2.0: directory
traversal), libtiff (MBS1.0: multiple
vulnerabilities), libxfont (MBS1.0:
multiple vulnerabilities), setup (MBS2.0:
information disclosure), tcpdump (MBS1.0:
multiple vulnerabilities), and wireshark
(MBS1.0: multiple vulnerabilities).

openSUSE has updated freetype2
(13.2, 13.1: many vulnerabilities), gnutls
(13.2, 13.1: certificate algorithm consistency checking issue), and rubygem-bundler (13.2, 13.1: installs malicious gem files).

Red Hat has updated kernel-rt
(RHE MRG for RHEL6: two vulnerabilities), libxml2 (RHEL7: denial of service), and postgresql (RHEL6, RHEL7: multiple vulnerabilities).

Scientific Linux has updated libxml2 (SL7: denial of service) and postgresql (SL6, SL7: multiple vulnerabilities).

From: LWN

How to secure SSH login with one-time passwords on Linux

As someone says, security is a not a product, but a process. While SSH protocol itself is cryptographically secure by design, someone can wreak havoc on your SSH service if it is not administered properly, be it weak passwords, compromised keys or outdated SSH client. As far as SSH authentication is concerned, public key authentication…

From: LXer