LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, March 23rd, 2015

    Time Event
    1:49p
    Kernel prepatch 4.0-rc5
    Linus has released the 4.0-rc5 prepatch,
    saying "There's nothing particularly worrisome going on, although I'm still
    trying to think about the NUMA balancing performance regression. It
    may not be a show-stopper, but it's annoying, and I want it fixed.
    We'll get it, I'm sure.    "
    5:24p
    Security advisories for Monday

    Debian has updated drupal7 (multiple vulnerabilities), iceweasel (multiple vulnerabilities), mono (three SSL/TLS vulnerabilities), php5 (code execution), tor (denial of service), and xerces-c (denial of service).

    Debian-LTS has updated openssl (multiple vulnerabilities), tor (denial of service), and tzdata (timezone updates/leap second update).

    Fedora has updated firefox (F21: multiple vulnerabilities), icu (F20: two vulnerabilities), kernel (F21: multiple vulnerabilities), libXfont (F21: privilege escalation), openssl (F21; F20: multiple vulnerabilities), patch (F21: multiple vulnerabilities), php-ZendFramework2 (F21; F20: cross-site forgery), qt-creator (F21; F20: fails to verify SSH host key), seamonkey (F21: multiple vulnerabilities), and xen (F21; F20: multiple vulnerabilities).

    Gentoo has updated chromium (multiple vulnerabilities).

    Mageia has updated libtiff (multiple vulnerabilities).

    openSUSE has updated kernel (11.4: multiple vulnerabilities), libarchive (13.2, 13.1: two vulnerabilities), openssl (13.2, 13.1: multiple vulnerabilities), seamonkey (13.2, 13.1: multiple vulnerabilities), and firefox (11.4: multiple vulnerabilities).

    Ubuntu has updated firefox (14.10, 14.04, 12.04: multiple vulnerabilities).

    6:17p
    Firefox 36.0.4
    Firefox 36.0.4 has been released. This update includes security and bug
    fixes, support for the full HTTP/2 protocol, and more. The release
    notes     contain the details.
    8:35p
    Windows 10 to make the Secure Boot alt-OS lock out a reality (Ars Technica)

    Ars Technica is one of several news outlets to report on a change announced in Microsoft's Windows 10 plans. Though the headlines (including Ars Technica's) paint a rather bleak scenario, the details are not as clear-cut. The UEFI "Secure Boot" mechanism was introduced with Windows 8, at which time Microsoft's OEM-certification rules mandated that hardware must include a means for the local user to disable Secure Boot. The Windows 10 certification rules does not include the mandated disable switch. Writes Peter Bright: "Should this stand, we can envisage OEMs building machines that will offer no easy way to boot self-built operating systems, or indeed, any operating system that doesn't have appropriate digital signatures. This doesn't cut out Linux entirely—there have been some collaborations to provide Linux boot software with the 'right' set of signatures, and these should continue to work—but it will make it a lot less easy." Note, also, that the only source for this story appears to be a presentation from a Microsoft event in Shenzhen, China. Bright adds that he has contacted Microsoft seeking clarification, but has so far received no reply.

    << Previous Day 2015/03/23
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org