LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, October 1st, 2014

    Time Event
    2:21p
    [$] How implementation details become ABI: a case study
    One of the final changes that went into the mainline kernel repository
    before the 3.17-rc7 release was this
    fix from Mikhail Efremov    . It affects some low-level code within the
    virtual filesystem layer that manages name changes in the dentry structure
    — the structure that handles the mapping between file names and in-kernel
    inode structures. How that change came to be necessary makes a good lesson
    in how unintended behaviors can become part of the kernel's ABI over time.
    5:32p
    Security advisories for Wednesday

    CentOS has updated kernel (Xen4CentOS: multiple vulnerabilities), libvirt (Xen4CentOS: memory leak), xen (Xen4CentOS: multiple vulnerabilities, and xen (Xen4CentOS: information disclosure).

    Debian has updated rsyslog (denial of service) and xen (multiple vulnerabilities).

    Fedora has updated python (F20: buffer overflow).

    Mageia has updated bash (multiple vulnerabilities).

    Mandriva has updated perl-Email-Address (denial of service) and xerces-j2 (unspecified vulnerability).

    Red Hat has updated openstack-glance (RHEL OSP for RHEL7; RHEL OSP for RHEL6: denial of service), openstack-neutron (RHEL OSP for RHEL6: privilege escalation), and python-django-horizon (RHEL OSP for RHEL7; RHEL OSP for RHEL6: cross-site scripting).

    SUSE has updated mozilla-nss (SLES10 SP4: signature forgery).

    Ubuntu has updated libvirt (information disclosure/denial of service).

    7:37p
    [$] Bash gets shellshocked
    It's been a crazy week for the Bash shell, its maintainer,
    and many Linux distributions that use the shell. A remote code-execution
    vulnerability that was reported on September 24 has now morphed
    into multiple related vulnerabilities, which have now mostly been fixed and
    updates released by distributions. The
    vulnerabilities have been dubbed "Shellshock" and the technical (and
    mainstream) press has had a field day reporting on the incident. It all
    revolves around a somewhat dubious Bash feature, but the widespread use of Bash
    in places where it may not really make sense contributed to the severity of
    the bug.

    << Previous Day 2014/10/01
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org