LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, June 9th, 2016

    Time Event
    12:52a
    [$] LWN.net Weekly Edition for June 9, 2016
    The LWN.net Weekly Edition for June 9, 2016 is available.
    1:32p
    Tschacher: Typosquatting programming language package managers
    Nikolai Tschacher demonstrates
    how easy it is     to run arbitrary code by way of "typosquatting" uploads
    to programming language download sites. "Because everybody can
    upload any package on PyPi, it is possible to create packages which are
    typo versions of popular packages that are prone to be mistyped. And if
    somebody unintentionally installs such a package, the next question comes
    intuitively: Is it possible to run arbitrary code and take over the
    computer during the installation process of a package?    " He tried an
    experiment and was able to run a little program that phoned home from
    thousands of systems.
    4:36p
    Thursday's security updates

    Fedora has updated firefox (F23: multiple vulnerabilities), gnutls (F23: arbitrary file overwrite), and kernel (F23: denial of service).

    Mageia has updated firefox (multiple vulnerabilities).

    openSUSE has updated ImageMagick (13.2: command execution).

    Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities).

    Red Hat has updated firefox (multiple vulnerabilities).

    Scientific Linux has updated file (SL6: multiple vulnerabilities from 2014), icedtea-web (SL6: two vulnerabilities), ntp (SL6: multiple vulnerabilities, one from 2014), openssh (SL6: multiple vulnerabilities), openssl (SL6: multiple vulnerabilities), qemu-kvm (SL6: code execution), and thunderbird (SL6: two vulnerabilities).

    10:50p
    KDE neon User Edition 5.6 Available now (KDE.News)
    The first version of KDE neon, which is a distribution based on Ubuntu 16.04 that is meant to be a stable platform on which to try the latest Plasma desktop, has been released.
    "KDE neon User Edition 5.6 is based on the latest version of Plasma 5.6 and intends to showcase the latest KDE technology on a stable foundation. It is a continuously updated installable image that can be used not just for exploration and testing but as the main operating system for people enthusiastic about the latest desktop software. It comes with a slim selection of apps, assuming the user's capacity to install her own applications after installation, to avoid cruft and meaningless weight to the ISO. The KDE neon team will now start adding all of KDE's applications to the neon archive.

    Since the announcement of the project four months ago the team has been working on rolling out our infrastructure, using current best-practice devops technologies. A continuous integration Jenkins system scans the download servers for new releases and automatically fires up computers with Docker instances to build packages. We work in the open and as a KDE project any KDE developer has access to our packaging Git repository and can make fixes, improvements and inspect our work.    "

    << Previous Day 2016/06/09
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org