LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, April 7th, 2015

    Time Event
    9:25a
    Kernel prepatch 4.0-rc7
    Linus has released 4.0-rc7 after a delay of
    a couple of days for the holiday. "But it's still pretty small, and
    things are on track for 4.0 next weekend. There's a tiny chance that I'll
    decide to delay 4.0 by a week just because I'm traveling the week after,
    and I might want to avoid opening the merge window. We'll see how I feel
    about it next weekend.    "
    4:34p
    Tuesday's security updates

    Arch Linux has updated tor (denial of service).

    Debian has updated arj (multiple vulnerabilities), libgd2 (denial of service), mailman (path traversal attack), and tor (denial of service).

    Debian-LTS has updated mailman (path traversal attack) and tor (denial of service).

    Fedora has updated chicken (F21; F20: buffer overflow), kernel (F20: multiple vulnerabilities), libxml2 (F21: denial of service), and seamonkey (F21; F20: multiple vulnerabilities).

    Gentoo has updated firefox (multiple vulnerabilities).

    Mandriva has updated cups-filters (MBS2.0: remote command execution), libtasn1 (MBS1.0, MBS2.0: denial of service), and python-django (MBS1.0: cross-site scripting).

    Red Hat has updated kernel (RHEL6.5: multiple vulnerabilities).

    Ubuntu has updated firefox (14.10, 14.04, 12.04: certificate verification bypass) and oxide-qt (14.10, 14.04: multiple vulnerabilities).

    11:10p
    Post-Cryptanalysis, TrueCrypt Alternatives Step Forward (Threat Post)
    Threat Post takes
    a look     at two TrueCrypt forks, VeraCrypt and CipherShed. Although
    TrueCrypt development was discontinued last year, the code underwent a two
    phase audit and passed with a relatively clean bill of health.
    "VeraCrypt and CipherShed have addressed many of the shortcomings
    identified not only by the audit, but by others who have scrutinized the
    TrueCrypt code in recent years. VeraCrypt’s [Mounir] Idrassi, for example,
    said he replaced TrueCrypt’s lone support of the RIPEMD-160 algorithm with
    SHA-256 support for system encryption. He said VeraCrypt has also tried to
    simplify the build process, especially for Linux and Mac OS X systems, so
    that other less common configurations could be used.    " The results of
    the audit of TrueCrypt are available in PDF format; phase
    1     was completed in February 2014, and phase
    2     was completed March 2015.

    << Previous Day 2015/04/07
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org