LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, March 1st, 2016

    Time Event
    12:17a
    Malcolm: GCC 6: -Wmisleading-indentation vs “goto fail;”
    David Malcolm takes
    a look     at a new compiler warning in GCC 6,
    -Wmisleading-indentation. "At a high level, the underlying implementation looks at control statements (if/else, while, for), and if it sees them guard a single statement without braces, it looks at the followup statement. It complains if both have the same indentation.

    That’s a simplified description – we spent a fair amount of time working on heuristics in the warning, to try to ensure that it warns for all cases that are reasonable to warn for, whilst not complaining unduly for indentation that’s merely bad (rather than being actively misleading). We’ve also tested it with a variety of coding styles: GNU, K&R, Linux kernel, etc.    "
    2:59p
    An OpenSSL advisory and the "DROWN" attack
    The OpenSSL project has disclosed a new
    high-profile vulnerability. This one, known as CVE-2016-800, or "DROWN", affects servers that still
    have the old SSLv2 protocol enabled. Yes, it has its own domain name and
    logo. "DROWN allows attackers to break the encryption and read or
    steal sensitive communications, including passwords, credit card numbers,
    trade secrets, or financial data. Our measurements indicate 33% of all
    HTTPS servers are vulnerable to the attack.    " The solution is to
    just disable SSLv2 completely. Note that there are several other
    vulnerabilities (with a lower presumed severity) fixed in the OpenSSL
    1.0.2g and 1.0.1s releases.
    5:45p
    Security advisories for Tuesday

    CentOS has updated openssl (C6: multiple vulnerabilities).

    Debian has updated openssl (multiple vulnerabilities) and perl (ambiguous environment).

    Debian-LTS has updated linux-2.6 (multiple vulnerabilities), php5 (multiple vulnerabilities), and squid3 (denial of service).

    Fedora has updated botan (F22: three vulnerabilities), code-editor (F22: three vulnerabilities), monotone (F22: three vulnerabilities), okhttp (F23: certificate pining bypass), okio (F23: certificate pining bypass), qca (F22: three vulnerabilities), qt-creator (F22: three vulnerabilities), and subversion (F22: multiple vulnerabilities).

    openSUSE has updated dhcp (Leap42.1: denial of service), KDE Frameworks (Leap42.1: multiple vulnerabilities), and libqt5-qtbase (Leap42.1: two vulnerabilities).

    Ubuntu has updated openssl (multiple vulnerabilities).

    10:26p
    Raspberry Pi 3 is out
    The Raspberry Pi 3 has been
    released     and is on sale now for $35. "For Raspberry Pi 3,
    Broadcom have supported us with a new SoC, BCM2837. This retains the same
    basic architecture as its predecessors BCM2835 and BCM2836, so all those
    projects and tutorials which rely on the precise details of the Raspberry
    Pi hardware will continue to work. The 900MHz 32-bit quad-core ARM
    Cortex-A7 CPU complex has been replaced by a custom-hardened 1.2GHz 64-bit
    quad-core ARM Cortex-A53. Combining a 33% increase in clock speed with
    various architectural enhancements, this provides a 50-60% increase in
    performance in 32-bit mode versus Raspberry Pi 2, or roughly a factor of
    ten over the original Raspberry Pi.    " (Thanks to Forrest Cook)

    << Previous Day 2016/03/01
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org