Friday’s security updates

By n8willis

Debian has updated cinder
(file disclosure) and drupal7 (multiple vulnerabilities).

Fedora has updated mbedtls
(F21: multiple vulnerabilities) and python-django14 (F20: cross-site scripting).

Mageia has updated cups
(M4: multiple vulnerabilities), ffmpeg
(M4: multiple vulnerabilities), openssl (M4: multiple vulnerabilities), and redis (M4: code execution).

SUSE has updated IBM Java (SLES10 SP4; SLE11: multiple vulnerabilities).

From: LWN

The launch of WebAssembly

By corbet Luke Wagner of Mozilla has announced
the existence of the WebAssembly project. The purpose is to define a
low-level language to run in web browsers; it will then serve as a
compilation target for higher-level languages. Developers from most of the
major browser engines are working on the project. “For existing
Emscripten/asm.js users, targeting WebAssembly will be as easy as flipping
a flag. Thus, it is natural to view WebAssembly as the next evolutionary
step of asm.js (a step many have requested and anticipated).

From: LWN

Security updates for Thursday

By jake

CentOS has updated cups (C7; C6: three vulnerabilities).

Debian has updated kernel (three vulnerabilities).

Debian-LTS has updated linux-2.6
(multiple vulnerabilities going back to 2011) and openssl (multiple vulnerabilities).

Fedora has updated mbedtls (F20:
code execution), python-requests (F21:
cookie stealing), and python-urllib3 (F21:
proper openssl support).

openSUSE has updated busybox
(13.2, 13.1: code execution) and strongswan
(13.2, 13.1: information disclosure).

Oracle has updated cups (OL7; OL6:
three vulnerabilities).

Red Hat has updated cups
(RHEL6&7: three vulnerabilities).

Scientific Linux has updated cups
(SL6&7: three vulnerabilities).

From: LWN

[$] Micro Python on the pyboard

By jake A 2013 Kickstarter
project
brought us Micro Python, which is a version
of Python 3 for microcontrollers, along with the pyboard to
run it on. Micro Python is a complete rewrite of the interpreter that
avoids some of the CPython (the canonical Python interpreter written in C)
implementation details that don’t work well on microcontrollers.
I recently got my hands on a pyboard and decided to give it—and
Micro Python—a try.

From: LWN

Cool new features coming to Blender 2.75 (Opensource.com)

By ris Opensource.com takes
a look
at the upcoming release of Blender 2.75. “One of the biggest features merged into Blender this go-round were from the multiview branch. In short, Blender now fully supports the ability to create stereoscopic 3D images. With the increased pervasiveness of 3D films and televisions—not to mention VR headsets in gaming—a lot of people are interested in generating images that play nice in this format. And now Blender can.

From: LWN

[$] Leap-second issues, 2015 edition

By corbet The leap second is an occasional ritual wherein Coordinated Universal Time
(UTC) is held back for one second to account for the slowing of the Earth’s
rotation. The last leap second happened on June 30, 2012; the next is
scheduled for June 30 of this year. Leap seconds are thus infrequent
events. One might easily imagine that infrequent events involving time
discontinuities would be likely to expose software problems, and, sure
enough, the 2012 leap second had
its share of issues
. The 2015 leap second looks to be a calmer affair,
but it appears that it will not be entirely problem-free.

From: LWN

Tuesday’s security advisories

By ris

CentOS has updated abrt (C7:
multiple vulnerabilities), openssl (C7; C6:
multiple vulnerabilities), and wpa_supplicant (C7: two vulnerabilities).

Debian has updated p7zip (directory traversal).

Oracle has updated openssl (OL7; OL6: multiple vulnerabilities).

Red Hat has updated openssl
(RHEL6,7: multiple vulnerabilities).

Scientific Linux has updated openssl (SL6,7: multiple vulnerabilities).

SUSE has updated kernel (SLE12: multiple vulnerabilities).

Ubuntu has updated kernel (15.04; 14.10;
14.04; 12.04: privilege escalation), linux-lts-trusty (12.04: privilege
escalation), linux-lts-utopic (14.04:
privilege escalation), linux-lts-vivid
(14.04: privilege escalation), and linux-ti-omap4 (12.04: privilege escalation).

From: LWN

Best practices to build bridges between tech teams (Opensource.com)

By ris Opensource.com has an interview
with Robyn Bergeron
, about her current position as Operations Advocate
at Elastic, and past roles (such as Fedora Project Leader). “The ELK stack (that’s Elasticsearch, Logstash, and Kibana), being incredibly flexible and adaptable to many use cases, appeals to both operations folks and developers—but my love for it really has grown from seeing how fantastically it has allowed folks working in ops to not just start more rapidly identifying that “something broke,” but also to be able to visually identify the patterns that lead to those broken things. Getting to a point where you’re not just on fire all the time fixing technology, and instead fixing the processes that lead to fires, or implementing ways to proactively avoid fires, is not just redeeming, but frees up time to do other things besides firefighting.

People love breaking that loop, and it’s fabulous being an advocate for something that is literally making people’s work-life balance and general happiness levels better. I’ve been in those fires. It’s not fun. It makes me happy to see users feeling awesome.”

From: LWN