LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, April 23rd, 2015

    Time Event
    1:34a
    [$] LWN.net Weekly Edition for April 23, 2015
    The LWN.net Weekly Edition for April 23, 2015 is available.
    1:40p
    Security updates for Thursday

    Arch Linux has updated glibc (code execution).

    Fedora has updated chrony (F21: three vulnerabilities), gnupg2 (F20: denial of service), java-1.7.0-openjdk (F20: unspecified), java-1.8.0-openjdk (F21: unspecified), kernel (F21; F20: denial of service), ntp (F20: two vulnerabilities), python (F20: denial of service from 2013), spatialite-tools (F21: three vulnerabilities), and sqlite (F21: three vulnerabilities).

    Oracle has updated kvm (OL5: two vulnerabilities).

    2:09p
    Wi-Fi software security bug could leave Android, Windows, Linux open to attack (Ars Technica)
    Ars Technica reports
    on a wpa_supplicant bug
    that might leave Linux and other systems open to remote code execution.
    "That's because the code fails to check the length of incoming SSID
    information and writes information beyond the valid 32 octets of data to
    memory beyond the range it was allocated. SSID information 'is transmitted
    in an element that has a 8-bit length field and potential maximum payload
    length of 255 octets,' [wpa_supplicant maintainer Jouni] Malinen wrote,
    and the code 'was not sufficiently verifying the payload length on one of
    the code paths using the SSID received from a peer device. This can result
    in copying arbitrary data from an attacker to a fixed length buffer of 32
    bytes (i.e., a possible overflow of up to 223 bytes). The overflow can
    override a couple of variables in the struct, including a pointer that gets
    freed. In addition, about 150 bytes (the exact length depending on
    architecture) can be written beyond the end of the heap
    allocation.'    "
    5:12p
    Ubuntu 15.04 (Vivid Vervet) released
    The Ubuntu 15.04 release is out. "Ubuntu Server 15.04 includes the Kilo release of OpenStack, alongside
    deployment and management tools that save devops teams time when
    deploying distributed applications - whether on private clouds, public
    clouds, x86 or ARM servers, or on developer laptops. Several key server
    technologies, from MAAS to Ceph, have been updated to new upstream
    versions with a variety of new features.

    This release also includes the first release of snappy Ubuntu Core, a
    new distribution model based on transactional updates.    " LWN looked at Snappy in January.

    << Previous Day 2015/04/23
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org