LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, April 7th, 2014

    Time Event
    12:03p
    St. Pierre: Xwayland
    Jasper St. Pierre writes about the
    Xwayland back end    , which has been merged into the X server core sooner
    than had been expected. "So, why did it succeed so fast? To put it
    simply, Xwayland has been completely rearchitected to be leaner, cleaner,
    faster, and better than ever before. It’s not done yet; direct rendering
    (e.g. games using OpenGL) and by extension 2D acceleration aren't supported
    yet, but it’s in the pipeline.    " Lots of details can be found in
    the article.
    4:35p
    Security updates for Monday

    Debian has updated mediawiki (multiple vulnerabilities), openssh (two vulnerabilities), and prosody (denial of service).

    Fedora has updated libyaml (F20; F19: code execution), munin (F20; F19: denial of service), openstack-keystone (F19: two vulnerabilities), perl-Authen-Captcha (F20; F19: guessable captchas), perl-YAML-LibYAML (F20; F19: code execution), seamonkey (F19: multiple vulnerabilities), tigervnc (F19: code execution), xalan-j2 (F20; F19: information disclosure/code execution), and xen (F20; F19: denial of service).

    Gentoo has updated cups (privilege escalation).

    Mageia has updated libzip (MG4: denial of service) and php (MG4: two vulnerabilities).

    openSUSE has updated xen (13.1; 12.3: multiple vulnerabilities).

    Scientific Linux has updated httpd (SL6; SL5: multiple vulnerabilities).

    Ubuntu has updated file (all: code execution) and php5 (all: code execution).

    9:23p
    The OpenSSL "heartbleed" vulnerability
    This page has extensive information on
    CVE-2014-0160, an information disclosure vulnerability in OpenSSL otherwise
    known as the "heartbleed bug." "The Heartbleed bug allows anyone on
    the Internet to read the memory of the systems protected by the vulnerable
    versions of the OpenSSL software. This compromises the secret keys used to
    identify the service providers and to encrypt the traffic, the names and
    passwords of the users and the actual content. This allows attackers to
    eavesdrop communications, steal data directly from the services and users
    and to impersonate services and users.    " See also this OpenSSL
    advisory    ; version 1.0.1g contains the fix.

    << Previous Day 2014/04/07
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org