Thursday, June 26th, 2014

Time	Event
1:30a	[$] LWN.net Weekly Edition for June 26, 2014 The LWN.net Weekly Edition for June 26, 2014 is available. (Comment on this)
3:27p	Security advisories for Thursday CentOS has updated dovecot (C6: denial of service) and mod_wsgi (C6: two vulnerabilities). Debian has updated gnupg (denial of service). Fedora has updated openstack-neutron (F20: denial of service), samba (F20: three vulnerabilities), and xen (F20; F19: two denial of service flaws). Gentoo has updated denyhosts (denial of service), dnsmasq (two vulnerabilities, one from 2012), and nas (two vulnerabilities). Oracle has updated dovecot (OL6: denial of service) and mod_wsgi (C6: two vulnerabilities). Red Hat has updated dovecot (RHEL6&7: denial of service), mod_wsgi (RHEL6: two vulnerabilities), and python27-mod_wsgi, python33-mod_wsgi (RHSC6&7: privilege escalation). Scientific Linux has updated dovecot (SL6: denial of service) and mod_wsgi (SL6: two vulnerabilities). SUSE has updated novell-qtgui, novell-ui-base (SLE11SP3: privilege escalation) and openstack-keystone (?:). Ubuntu has updated neutron (14.04, 13.10: three vulnerabilities), swift (14.04: cross-site scripting), and php5 (14.04, 13.10: regression in previous security fix). (Comment on this)
4:09p	Where KDE is going - Part 1 (KDE.news) Over at KDE.news, Jos Poortvliet has a look at where KDE is today and where it is going in the future. It is part one of a "mini series". This piece looks at the community, Plasma, Frameworks, design, and applications, while the next will cover governance and how the community has been changing. "Experiences in the world of mobile and web applications have shown that users are far more likely to start using features and appreciate small batches instead of large dumps. Short release cycles can bring bug fixes and improvements to our users much faster. On the other hand, most users of KDE software access their software and updates through the downstream distributions which are on slower release cycles even though they have repositories for updated software. [Therefore] this is a discussion which needs to include the distributions as much as the upstream developers." (Comment on this)
8:27p	Stable kernels 3.15.2, 3.14.9, 3.10.45, and 3.4.95 Greg Kroah-Hartman has announced the release of four stable kernels: 3.15.2, 3.14.9, 3.10.45, and 3.4.95. As usual, they contain changes throughout the tree and users of those kernel series should upgrade. (Comment on this)
9:17p	Decades-Old Vulnerability Threatens 'Internet Of Things' (Dark Reading) Dark Reading writes about a newly-discovered bug that has existed for 20 years in multiple LZO compression implementations. "Patches for the integer overflow bug, which allows an attacker to cripple systems running the so-called Lempel-Ziv-Oberhumer (LZO) code with denial-of-service type attacks as well as remote code execution, were issued the past few days for the Linux kernel, as well as for various open-source media libraries. LZO handles high-speed compression and decompression of IP network traffic and files, typically images, in embedded systems. 'The most popular use is in image data, decompressing photos taken, raw images taken from a camera or video stream,' says Don Bailey, mobile and embedded systems security expert with Lab Mouse Security, who discovered the vulnerability while manually auditing the code." (Comment on this)

<< Previous Day

2014/06/26 [Calendar]

Next Day >>