Debian has updated openssl
Fedora has updated csync2 (F20; F21:
file checksum collision),
duplicity (F20; F21: file checksum collision), librsync (F20; F21:
file checksum collision),
libssh2 (F21: denial of service), mapserver (F20; F21: code
php-ZendFramework2 (F22: cross-site forgery), and
rdiff-backup (F20; F21: file checksum collision).
Gentoo has updated openssl
Mageia has updated openssl
(M4: multiple vulnerabilities).
openSUSE has updated krb5
(13.1, 13.2: multiple vulnerabilities).
Oracle has updated kernel (O6; O7: multiple vulnerabilities).
Red Hat has updated qpid (RHEL6 MRG; RHEL7 MRG: multiple vulnerabilities).
SUSE has updated compat-openssl098 (SLEM-LS12; SLED12: multiple vulnerabilities)
and openssl (SLE12: multiple vulnerabilities).
Ubuntu has updated openssl
By jake Over at Opensource.com, Daniel Walsh writes about applying various Linux security technologies to Docker containers. In the article, he looks at using user namespaces and seccomp filters to provide better security for Docker. “One of the problems with all of the container separation modes described here and elsewhere is that they all rely on the kernel for separation. Unlike air gapped computers, or even virtual machines, the processes within the container can talk directly to the host kernel. If the host kernel has a kernel vulnerability that a container can access, they might be able to disable all of the security and break out of the container.
The x86_64 Linux kernel has over 600 system calls, a bug in any one of which could lead to a privilege escalation. Some of the system calls are seldom called, and should be eliminated from access within the container.”
OpenSSL has updates released today, with two vulnerabilities of
“High” severity, as described in its advisory. One of
the High vulnerabilities is a reclassification of the FREAK vulnerability due to the prevalence of
servers with RSA export ciphers available, the other is a denial of service
in OpenSSL 1.0.2.
CentOS has updated freetype (C6:
multiple vulnerabilities) and unzip (C6:
Debian has updated file (denial
Debian-LTS has updated mono
(three SSL/TLS vulnerabilities).
Gentoo has updated python
(multiple vulnerabilities, two from 2013).
Mageia has updated moodle
openSUSE has updated gdm (13.2:
screen lock bypass), glusterfs (13.2:
denial of service), and libssh2_org (13.2,
13.1: information leak).
Oracle has updated unzip (OL7; OL6:
Red Hat has updated postgresql92-postgresql (RHSC1: multiple
vulnerabilities) and unzip (RHEL6&7:
SUSE has updated kernel (SLE12:
By corbet The Fedora project is looking for somebody to become its diversity
advisor. “The Fedora Diversity Advisor will lead initiatives to assess and
promote equality and inclusion within the Fedora contributor and user
communities, and will develop project strategy on diversity issues. The
Diversity Advisor will also be the point of contact for Fedora’s
participation in third-party outreach programs and events.” You
have to get to the bottom of the announcement to read that this is a
volunteer position, though they hope to change that someday.
By corbet The LWN.net Weekly Edition for March 19, 2015 is available.
By corbet The OpenSSH
6.8 release is available. New features include host-key rotation
support (to allow graceful changes to host keys), an option to require two
public keys for authentication, and quite a few more.
By ris Greg Kroah-Hartman has released a set of stable kernel updates: 3.19.2, 3.14.36, and 3.10.72. All contain the usual set of
Debian has updated php5 (multiple vulnerabilities).
Fedora has updated freexl (F21; F20:
denial of service) and libgcrypt (F21: two vulnerabilities).
openSUSE has updated vorbis-tools
(13.2, 13.1: denial of service).
Oracle has updated freetype (OL7; OL6:
Red Hat has updated flash-plugin
(RHEL5,6: multiple vulnerabilities) and freetype (RHEL6,7: multiple vulnerabilities).
Ubuntu has updated libxfont (privilege escalation) and php5 (multiple vulnerabilities).
By corbet The Salt Lake Tribune reports
that the SCO Group’s lawsuit against IBM is once again alive and moving in
Federal court. “In addition to its claims of IBM misappropriation of
code, SCO alleges that IBM executives and lawyers directed the company’s
Linux programmers to destroy source code on their computers after SCO made
its allegations. The company’s other remaining claims are that IBM’s
actions amounted to unfair competition and interference with its contracts
and business relations with other companies.”
By ris Qt 5.5 alpha has been released.
“With Qt 5.5, Canvas 3D is fully supported and a technology preview
of long awaited Qt 3D is included. Qt 5.5 also introduces mapping support
with a Qt Location technology preview. Qt 5.5 Alpha is the first step
towards Qt 5.5 final release planned to be available in May.” Check
out the New Features in
Qt 5.5 page for more details.