Tuesday, December 9th, 2014

Time	Event
3:30p	Fedora 21 released The Fedora 21 distribution release is now available, in three different flavors (cloud, server, and workstation). "Fedora 21 is a game-changer for the Fedora Project, and we think you're going to be very pleased with the results." See the announcement for the highlights found in each of the released spins. (Comment on this)
4:49p	Tuesday's security updates Debian has updated bind9 (denial of service) and kernel (multiple vulnerabilities). Gentoo has updated dovecot (denial of service), libvirt (multiple vulnerabilities), nfs-utils (information disclosure), and qemu (multiple vulnerabilities). SUSE has updated OpenVPN (SLE11 SP3: denial of service). Ubuntu has updated graphviz (format string vulnerability). (Comment on this)
5:14p	"Ubuntu Core" announced Mark Shuttleworth has announced the availability of "Ubuntu Core," a version of the distribution that takes a different approach to package management. "This is in a sense the biggest break with tradition in 10 years of Ubuntu, because Ubuntu Core doesn’t use debs or apt-get. We call it 'snappy' because that’s the new bullet-proof mechanism for app delivery and system updates; it’s completely different to the traditional package-based Ubuntu server and desktop. The snappy system keeps each part of Ubuntu in a separate, read-only file, and does the same for each application. That way, developers can deliver everything they need to be confident their app will work exactly as they intend, and we can take steps to keep the various apps isolated from one another, and ensure that updates are always perfect. Of course, that means that apt-get won’t work, but that’s OK since developers can reuse debs to make their snappy apps, and the core system is exactly the same as any other Ubuntu system – server or desktop." (Comment on this)
6:30p	Linux software nasty slithers out of online watering holes (The Register) The Turla trojan malware has been found to run on Linux, reports The Register. "[Kaspersky researcher Kurt] Baumgartner said the module written in C and C++ was hardened against reverse-engineering through the use of stripped symbol information and hidden network communications, adding it could not be discovered using Netstat. It contained attack capabilities which did not require root privileges including arbitrary remote command execution, incoming packet interception and remote management." (Comment on this)
7:12p	An extensive set of X.org vulnerabilities The X.Org developers have released an advisory warning of a large set of vulnerabilities in the server, some of which date back to the X11R1 release in 1987. "How critical these vulnerabilities are to any given installation depends on whether they run an X server with root privileges or reduced privileges; whether they run X servers exposed to network clients or limited to local connections; and whether or not they allow use of the affected protocol extensions, especially the GLX extension." (Comment on this)

<< Previous Day

2014/12/09 [Calendar]

Next Day >>