LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, November 5th, 2015

    Time Event
    1:15a
    [$] LWN.net Weekly Edition for November 5, 2015
    The LWN.net Weekly Edition for November 5, 2015 is available.
    7:30p
    Security advisories for Thursday

    CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities), nspr (C7; C6; C5: code execution), nss (C7; C6; C5: code execution), and nss-util (C7; C6: code execution).

    Debian has updated iceweasel (multiple vulnerabilities).

    Fedora has updated firefox (F23; F22: multiple vulnerabilities), nspr (F23; F22: code execution), nss (F23; F22: code execution), nss-softokn (F23; F22: code execution), nss-util (F23; F22: code execution), ntp (F21: multiple vulnerabilities), php-horde-horde (F22; F21: cross-site request forgeries), php-horde-imp (F22; F21: cross-site request forgeries), php-horde-ingo (F22; F21: cross-site request forgeries), and php-horde-passwd (F22; F21: cross-site request forgeries).

    Mageia has updated drupal (open redirect), firefox, nspr, and nss (multiple vulnerabilities), and springframework (open file redirect).

    openSUSE has updated postgresql92 (13.1: information disclosure) and wpa_supplicant (13.1: denial of service).

    Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities), kernel 2.6.32 (OL6; OL5: privilege escalation), kernel 3.8.13 (OL7; OL6: privilege escalation), kernel 2.6.39 (OL6: privilege escalation), nss and nspr (OL5: code execution), and nss, nss-util, and nspr (OL7; OL6: code execution).

    Scientific Linux has updated firefox (multiple vulnerabilities), kernel (SL7: two vulnerabilities, one from 2014), libreswan (SL7: denial of service), nss and nspr (SL5: code execution), and nss, nss-util, and nspr (SL6&7: code execution).

    Ubuntu has updated firefox (multiple vulnerabilities), nspr (code execution), and nss (code execution).

    9:11p
    The kernel of the argument (Washington Post)
    Here's a
    lengthy Washington Post feature     on the security (or lack thereof) of
    the Linux kernel; it features a number of familiar names. "Even many
    Linux enthusiasts see a problem with this from a security perspective:
    There is no systemic mechanism for identifying and remedying problems
    before hackers discover them, or for incorporating the latest advances in
    defensive technologies. And there is no chief security officer for the
    Linux kernel.    "
    10:55p
    Kernel Self Protection Project
    Kees Cook has announced the Kernel
    Self Protection Project    , which is meant to be "a community of people to work on the various kernel
    self-protection technologies (most of which are found in PaX and
    Grsecurity)    ". This is an outgrowth of his Kernel Summit talk about incorporating
    hardening and self-protection features into the mainline kernel. "Between the companies that recognize the critical nature of this work,
    and with Linux Foundation's Core Infrastructure Initiative happy to
    start funding specific work in this area, I think we can really make a
    dent.    " He is looking for others who are also interested in doing some of this work.

    << Previous Day 2015/11/05
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org