LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, November 12th, 2014

    Time Event
    2:26p
    A proposed policy to remove unfixable packages from Ubuntu
    In response to the recent ownCloud troubles, Martin Pitt has put together a
    proposal allowing for the removal of problematic packages from the Ubuntu
    repositories in the future. "In rare cases, an universe package becomes actively detrimental in stable
    releases: If it is unmaintained in Ubuntu and has unfixed security issues
    or got broken because of changing network protocols/APIs, it is better to
    stop offering it in Ubuntu altogether rather than continuing to encourage
    users to install it.    " Comments are requested.
    3:07p
    [$] High-DPI displays and Linux
    Your editor recently acquired a laptop with a high-DPI screen. This
    acquisition was partially justified, of course, as an opportunity to
    investigate the state of Linux support of high-DPI screens; it turns
    out that, while quite a bit of progress has been made, this problem has not
    yet been fully solved. Click below (subscribers only) for the full
    report.
    5:02p
    Microsoft open-sources the .NET core
    Microsoft has announced
    that the .NET core code is now available under an open-source (MIT)
    license. "As a .NET developer you were able to build & run code on
    more than just Windows for a while now, including Linux, MacOS, iOs and
    Android. The challenge is that the Windows implementation has one code
    base while Mono has a complete separate code base. The Mono community was
    essentially forced to re-implement .NET because no open source
    implementation was available.    " Amusingly, the code has been placed
    on GitHub; the announcement notes that code located there gets far more
    contributions than code on Microsoft's own "CodePlex" site.
    5:55p
    Security advisories for Wednesday

    CentOS has updated gnutls (C7: code execution), kdenetwork (C7: multiple vulnerabilities), kernel (C6: multiple vulnerabilities), and libvncserver (C7; C6: multiple vulnerabilities).

    Debian has updated file (out-of-bounds read flaw) and nss (code execution).

    Fedora has updated deluge (F20: deluge-web is vulnerable to POODLE), mokutil (F20; F19: multiple vulnerabilities), Pound (F20: multiple vulnerabilities), shim-signed (F20; F19: multiple vulnerabilities), and tnftp (F20: command execution).

    Mageia has updated apt (code execution) and php (out-of-bounds read flaw).

    openSUSE has updated ImageMagick (13.2, 13.1, 12.3: multiple vulnerabilities), konversation (13.2: information disclosure), libserf (13.2, 13.1, 12.3: man-in-the-middle attack), pidgin (13.2: multiple vulnerabilities), and sssd (13.2: restriction bypass).

    Oracle has updated gnutls (OL7: code execution), kdenetwork (OL7: multiple vulnerabilities), kernel (OL6: multiple vulnerabilities), and libvncserver (OL7; OL6: multiple vulnerabilities).

    Red Hat has updated gnutls (RHEL7: code execution), kdenetwork (RHEL7: multiple vulnerabilities), kernel (RHEL6: multiple vulnerabilities), and libvncserver (RHEL6,7: multiple vulnerabilities).

    Scientific Linux has updated gnutls (SL7: code execution), kdenetwork (SL7: multiple vulnerabilities), kernel (SL6: multiple vulnerabilities), and libvncserver (SL6,7: multiple vulnerabilities).

    SUSE has updated spacewalk-branding (SUSE Manager1.7: clarify CVE audit).

    Ubuntu has updated cinder (14.04: information disclosure), keystone (14.04: information disclosure), neutron (14.04: denial of service), and nova (14.04: two vulnerabilities).

    << Previous Day 2014/11/12
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org