Friday, June 10th, 2016

Time	Event
2:48p	Security advisories for Friday Arch Linux has updated gnutls (arbitrary file overwrite), haproxy (denial of service), and lib32-gnutls (arbitrary file overwrite). Debian has updated firefox-esr (multiple vulnerabilities) and p7zip (code execution). Debian-LTS has updated p7zip (code execution) and samba (regression in previous security fix). Fedora has updated docker (F23: privilege escalation) and firefox (F22: multiple vulnerabilities). SUSE has updated bind (two vulnerabilities) and libxml2 (SLE12: multiple vulnerabilities). Ubuntu has updated firefox (multiple vulnerabilities), kernel (16.04; 15.10; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), linux-lts-wily (14.04: multiple vulnerabilities), linux-lts-xenial (14.04: multiple vulnerabilities), linux-raspi2 (16.04; 15.10: multiple vulnerabilities), linux-snapdragon (16.04: code execution), linux-ti-omap4 (12.04: multiple vulnerabilities), and squid3 (?:). (Comment on this)
6:34p	Help Make Open Source Secure (The Mozilla Blog) On The Mozilla blog, Chris Riley announces the "Secure Open Source" (SOS) fund to provide money to help with the security of open-source software. "The SOS Fund will provide security auditing, remediation, and verification for key open source software projects. The Fund is part of the Mozilla Open Source Support program (MOSS) and has been allocated $500,000 in initial funding, which will cover audits of some widely-used open source libraries and programs. But we hope this is only the beginning. We want to see the numerous companies and governments that use open source join us and provide additional financial support. We challenge these beneficiaries of open source to pay it forward and help secure the Internet. Security is a process. To have substantial and lasting benefit, we need to invest in education, best practices, and a host of other areas. Yet we hope that this fund will provide needed short-term benefits and industry momentum to help strengthen open source projects." SOS sounds similar in scope to the Core Infrastructure Initiative (CII) set up by the Linux Foundation. (Comment on this)
8:29p	Grover: Why Rust for Low-level Linux programming? On his blog, Andy Grover makes a case for using the Rust language for new projects instead of C or Python. "Second, there are people like me, people working in C and Python on Linux systems-level stuff — the “plumbing”, who are frustrated with low productivity. C and Python have diametrically-opposed advantages and disadvantages. C is fast to run but slow to write, and hard to write securely. Python is more productive but too slow and RAM-hungry for something running all the time, on every system. We must deal with getting C components to talk to Python components all the time, and it isn’t fun. Rust is the first language that gives a system programmer performance and productivity. These people might see Rust as a chance to increase security, to increase their own productivity, to never have to touch libtool/autoconf ever again, and to solve the C/Python dilemma with a one language solution." (Comment on this)

<< Previous Day

2016/06/10 [Calendar]

Next Day >>