LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Friday, November 20th, 2015

    Time Event
    3:11p
    Nmap 7 released
    Version 7 of the Nmap security scanner
    has been released. "It is the product of three and a half years of
    work, nearly 3200 code commits, and more than a dozen point releases since
    the big Nmap 6 release in May 2012. Nmap turned 18 years old in September
    this year and celebrates its birthday with 171 new NSE scripts, expanded
    IPv6 support, world-class SSL/TLS analysis, and more user-requested
    features than ever.    "
    3:23p
    Detectify: Chrome Extensions – AKA Total Absence of Privacy
    The "Detectify Labs" site has put up a
    lengthy analysis     of the user tracking taking place in many Chrome
    browser extensions. "Google, claiming that Chrome is the safest web
    browser out there, is actually making it very simple for extensions to hide
    how aggressively they are tracking their users. We have also discovered
    exactly how intrusive this sort of tracking actually is and how these
    tracking companies actually do a lot of things trying to hide it. Due to
    the fact that the gathering of data is made inside an extension, all other
    extensions created to prevent tracking (such as Ghostery) are completely
    bypassed.    " At the end they note that the situation with Firefox is
    not a whole lot better.
    3:26p
    Pitivi 0.95 released
    The Pitivi
    0,95 release     is out, bringing a lot of changes to this longstanding
    video editor project. "This one packs a lot of bugfixes and
    architectural work to further stabilize the GES backend. In this blog post,
    I’ll give you an overview of the new and interesting stuff this release
    brings, coming out from a year of hard work. It’s pretty epic and you’re in
    for a few surprises, so I suggest listening to this song while you’re
    reading this blog post.    "
    3:43p
    Garrett: If it's not practical to redistribute free software, it's not free software in practice
    Matthew Garrett continues
    his campaign     against Canonical's "intellectual
    property rights policy    ". "The reality is that if Debian had had
    an identical policy in 2004, Ubuntu wouldn't exist. The effort required to
    strip all Debian trademarks from the source packages would have been
    immense, and this would have had to be repeated for every release. While
    this policy is in place, nobody's going to be able to take Ubuntu and build
    something better.    "
    5:42p
    Friday's security updates

    Debian has updated lxc (code execution).

    Debian-LTS has updated nspr (code execution).

    Mageia has updated dovecot (M5: denial of service), gcc (M5: predictable random values), kernel (M5: multiple vulnerabilities), latex2rtf (M5: code execution), libpng/libpng12 (M5: denial of service), and uglify-js (M5: malicious code obfuscation).

    openSUSE has updated krb5 (13.1, 13.2: memory corruption) and libksba (13.1, 13.2: denial of service).

    Red Hat has updated autofs (RHEL7: privilege escalation), binutils (RHEL7: multiple vulnerabilities), chrony (RHEL7: multiple vulnerabilities), cpio (RHEL7: code execution), cups-filters (RHEL7: multiple vulnerabilities), curl (RHEL7: multiple vulnerabilities), file (RHEL7: multiple vulnerabilities), glibc (RHEL7: multiple vulnerabilities; RHEL7: privilege escalation), grep (RHEL7: heap buffer overrun), grub2 (RHEL7: Secure Boot circumvention), kernel (RHEL7: multiple vulnerabilities), kernel-rt (RHEL7: multiple vulnerabilities), krb5 (RHEL7: multiple vulnerabilities), libssh2 (RHEL7: denial of service), net-snmp (RHEL7: denial of service), netcf (RHEL7: denial of service), NetworkManager (RHEL7: multiple vulnerabilities), ntp (RHEL7: multiple vulnerabilities), openhpi (RHEL7: world writable /var/lib/openhpi directory), openldap (RHEL7: unintended cipher usage), openssh (RHEL7: multiple vulnerabilities), pacemaker (RHEL7: privilege escalation), pcs (RHEL7: denial of service), python (RHEL7: multiple vulnerabilities), realmd (RHEL7: unsanitized input), rest (RHEL7: denial of service), rubygem-bundler, rubygem-thor (RHEL7: code execution), squid (RHEL7: certificate validation bypass), sssd (RHEL7: memory leak), tigervnc (RHEL7: multiple vulnerabilities), unbound (RHEL7: denial of service), wireshark (RHEL7: multiple vulnerabilities), and xfsprogs (RHEL7: information leak).

    Ubuntu has updated libpng (multiple vulnerabilities).

    9:33p
    Poettering: Introducing sd-event
    Lennart Poettering introduces the
    sd-event API     for the implementation of event loops. "sd-event.h, of
    course, is not the first event loop API around, and it doesn't implement
    any really novel concepts. When we started working on it we tried to do our
    homework, and checked the various existing event loop APIs, maybe looking
    for candidates to adopt instead of doing our own, and to learn about the
    strengths and weaknesses of the various implementations
    existing. Ultimately, we found no implementation that could deliver what we
    needed, or where it would be easy to add the missing bits: as usual in the
    systemd project, we wanted something that allows us access to all the
    Linux-specific bits, instead of limiting itself to the least common
    denominator of UNIX.    "

    << Previous Day 2015/11/20
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org