LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, December 3rd, 2012

    Time Event
    4:37p
    The first "shim" UEFI secure bootloader released
    Matthew Garrett has announced the
    availability of the first "usable" version of the "shim" UEFI secure
    bootloader. "If you want, you're then free to impose any level of
    additional signing restrictions - it's entirely possible to use this
    signing as the basis of a complete chain of trust, including kernel
    lockdowns and signed module loading. However, since the end-user has
    explicitly indicated that they trust your code, you're under no obligation
    to do so. You should make it clear to your users what level of trust
    they'll be able to place in their system after installing your key, if only
    to allow them to make an informed decision about whether they want to or
    not.    "
    5:20p
    GNU Guile 2.0.7 released
    Version 2.0.7 of the GNU Guile language is out. It adds an implementation
    of "curly infix
    expressions    ," per-port reader options, a number of extension loading
    improvements, and something known as "nested futures": "Futures may now be nested: a future can itself spawn and then `touch'
    other futures. In addition, any thread that touches a future that has
    not completed now processes other futures while waiting for the touched
    future to completed.    "
    5:45p
    Security advisories for Monday
    Debian has updated libssh (multiple vulnerabilities) and libxml2 (code execution).

    Fedora has updated kernel (F17: memory leak), mod_security (F17: multipart/invalid part ruleset bypass), mod_security_crs (F17: multipart/invalid part ruleset bypass), sticky-notes (cross-site scripting), claws-mail (F17; F16: user credential leak) and claws-mail-plugins (F17; F16: user credential leak).

    Mageia has updated weechat (shell injection), wireshark (multiple vulnerabilities), libxml2 (code execution) and lynx (man in the middle attack).

    Mandriva has updated libxml2 (code execution).

    SUSE has updated java-1_6_0-ibm (multiple vulnerabilities).

    Ubuntu has updated firefox (fixes a regression in a previous update).

    5:50p
    Nmap 6.25 released
    Version 6.25 of the Nmap network scanner is out; it contains a lot of new
    stuff. "Nmap 6.25 contains
    hundreds of improvements, including 85 new NSE scripts, nearly 1,000 new OS
    and service detection fingerprints, performance enhancements such as the
    new kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8
    improvements, and much more.    "
    9:10p
    One more 3.7 prepatch
    Linus has, contrary to his original plan, sent out one more 3.7 prepatch in
    the form of 3.7-rc8. "I really
    didn't want it to come to this, but I was uncomfortable doing the 3.7
    release yesterday due to last-minute issues, and decided to sleep on it.
    And today, I ended up even *less* comfortable about it due to the
    resurrection of a kswapd issue, so I decided that I'm going to do another
    -rc after all.    " As he points out, that implies that the 3.8 merge
    window will run close to the holidays.
    10:34p
    Stable kernels released
    Greg KH has released stable kernels 3.6.9,
    3.4.21 and 3.0.54. All contain many important fixes.

    << Previous Day 2012/12/03
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org