LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, May 23rd, 2013

    Time Event
    12:40a
    [$] LWN.net Weekly Edition for May 23, 2013
    The LWN.net Weekly Edition for May 23, 2013 is available.
    1:57p
    Thursday's security updates

    Debian has updated request-tracker4 (eight CVE numbers), and the kfreebsd kernel (code execution).

    Fedora has updated python-virtualenv (F17, F18: temporary file and information disclosure vulnerabilities), krb5 (F17, "UDP ping-pong vulnerability" from 2002), and nginx (F18: denial of service and information disclosure).

    openSUSE has updated samba (CIFS share attribute verification failure).

    Oracle has updated kernel (EL5: denial of service).

    Red Hat has updated java-1.5.0-ibm (RHEL5-6: 16 "unspecified" vulnerabilities).

    2:26p
    Introducing Boot to Qt
    The Qt Blog introduces
    "Boot to Qt"    , which is "a light-weight UI stack for embedded
    linux, based on the Qt Framework - Boot to Qt is built on an Android
    kernel/baselayer and offers an elegant means of developing beautiful and
    performant embedded devices.    " Access is invitation-only currently;
    a release is forecast for sometime around the end of the year.
    3:37p
    Sharp: Linux Kernel Internships (OPW) Update
    Sarah Sharp reports
    on the response     to the availability of a set of Outreach Program for
    Women internships working on the Linux kernel. "As coordinator for
    the Linux kernel OPW project, I was really worried about whether applicants
    would be able to get patches into the kernel. Everyone knows that kernel
    maintainers are the pickiest bastards^Wperfectionists about coding style,
    getting the proper Signed-off-by, sending plain text email, etc. I thought
    a couple applicants would be able to complete maybe one or two patches,
    tops. Boy was I wrong!    " In the end, 41 applicants submitted 374
    patches to the kernel, of which 137 were accepted.
    3:45p
    Numerous security issues in X Window System clients
    X.Org has disclosed a long list of vulnerabilities that have been fixed in
    the X Window System client libraries; most of them expose clients to
    attacks by a hostile server. "Most of the time X clients & servers
    are run by the same user, with the server more privileged from the clients,
    so this is not a problem, but there are scenarios in which a privileged
    client can be connected to an unprivileged server, for instance, connecting
    a setuid X client (such as a screen lock program) to a virtual X server
    (such as Xvfb or Xephyr) which the user has modified to return invalid
    data, potentially allowing the user to escalate their privileges.    "
    There are 30 CVE numbers assigned to these vulnerabilities; expect the
    distributor updates to start flowing shortly.

    << Previous Day 2013/05/23
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org