|
Navigation
Search
Top: LWN.net
|
PC / Tech. > LWN.net
Friday January 18, 2019. 04:55 PM
Security updates have been issued by Debian (drupal7), Fedora (electrum and perl-Email-Address), Mageia (gthumb), openSUSE (gitolite, kernel, krb5, libunwind, LibVNCServer, live555, mutt, wget, and zeromq), SUSE (krb5, mariadb, nodejs4, nodejs8, soundtouch, and zeromq), and...
Thursday January 17, 2019. 06:04 PM
The kernel's page cache works to improve performance by minimizing disk I/O and increasing the sharing of physical memory. But, like other performance-enhancing techniques that involve resources shared across security boundaries, the page cache can be abused as a way to...
Stable kernels 4.20.3, 4.19.16, 4.14.94, 4.9.151, and 4.4.171 have been released. They all contain important fixes and users should upgrade.
Security updates have been issued by CentOS (libvncserver), Debian (sssd), Fedora (kernel and kernel-headers), Red Hat (ansible, openvswitch, pyOpenSSL, python-django, and redis), and Ubuntu (policykit-1).
Wednesday January 16, 2019. 09:59 PM
Low-end devices bound for developing countries, such as those running the Android Go edition, lack encryption support because the hardware doesn't provide any cryptographic acceleration. That means users in developing countries have no protection for the data on their...
Security updates have been issued by Debian (systemd and wireshark), Fedora (openssh, php-horde-Horde-Form, and unrtf), Mageia (aria2, libvncserver, x11vnc, and nss), Oracle (kernel and libvncserver), Scientific Linux (libvncserver), SUSE (kernel, soundtouch, webkit2gtk3,...
While the kernel has had support for asynchronous I/O (AIO) since the 2.5 development cycle, it has also had people complaining about AIO for about that long. The current interface is seen as difficult to use and inefficient; additionally, some types of I/O are better...
It is that time of year again: Google is looking for mentor projects for the 2019 Summer of Code. 'GSoC is a global program that draws university student developers from around the world to contribute to open source. Each student spends three months working on a coding...
Tuesday January 15, 2019. 06:23 PM
'User tracking' is generally contentious in free-software communities—even if the 'tracking' is not really intended to do so. It is often distributions that have the most interest in counting their users, but Linux users tend to be more privacy conscious than users of more ...
Security updates have been issued by Arch Linux (irssi and systemd), CentOS (systemd), Debian (xen and zeromq3), Fedora (gnutls, kernel, kernel-headers, kernel-tools, and nbdkit), Oracle (libvncserver and systemd), Red Hat (libvncserver), and Ubuntu (haproxy, libarchive, and ...
An advisory from Harry Sintonen describes several vulnerabilities in the scp clients shipped with OpenSSH, PuTTY, and others. 'Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which...
Monday January 14, 2019. 05:43 PM
Security updates have been issued by Arch Linux (python-django and python2-django), Debian (sqlite3, systemd, and vlc), Fedora (mingw-nettle and polkit), Mageia (graphicsmagick, python-django, spice-vdagent, and to), openSUSE (aria2, discount, gpg2, GraphicsMagick, gthumb,...
The second 5.0 prepatch is out for testing. 'So the merge window had somewhat unusual timing with the holidays, and I was afraid that would affect stragglers in rc2, but honestly, that doesn't seem to have happened much. rc2 looks pretty normal.'
Sunday January 13, 2019. 05:06 PM
The stable-kernel machine has churned out another set of releases: 4.20.2, 4.19.15, 4.14.93, 4.9.150, 4.4.170, and 3.18.132 have all been released with a large set of important fixes.
Friday January 11, 2019. 07:05 PM
In January 2038, the 32-bit time_t value used on many Unix-like systems will run out of bits and be unable to represent the current time. This may seem like a distant problem, but, as Tom Scott recently observed, the year-2038 apocalypse is now closer to the present than the ...
Version 5.0 of the Metasploit penetration-testing framework is out. 'Metasploit 5.0 offers a new data service, introduces fresh evasion capabilities, supports multiple languages, and builds upon the Framework’s ever-growing repository of world-class offensive security...
Security updates have been issued by Arch Linux (systemd and wireshark-cli), Debian (libsndfile and tmpreaper), Fedora (beep, electrum, gnutls, haproxy, krb5, mupdf, php-horde-Horde-Image, python-django, and wget), Mageia (libarchive and terminology), openSUSE (libraw,...
Thursday January 10, 2019. 06:29 PM
What if you announced a board election and nobody ran? That is the quandary the openSUSE project faced as recently as January 4, when the nomination deadline loomed and no candidates for the three open seats had come forward. The situation has since changed, and openSUSE...
Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald. 'We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average. We will...
|
25 sources
Current Date
Jan, Fri 18 - 21:45 CET
|
