LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, August 1st, 2016

    Time Event
    1:14p
    The July 2016 Android security bulletin
    The Android
    security bulletin     for July covers the issues that have recently been
    fixed for supported Android devices. "The most severe of these
    issues is a Critical security vulnerability that could enable remote code
    execution on an affected device through multiple methods such as email, web
    browsing, and MMS when processing media files.    " There are several
    dozen CVE numbers listed overall, including 31 Qualcomm-specific
    vulnerabilities dating as far back as 2013.
    2:15p
    OpenSSH 7.3 released
    OpenSSH 7.3 is out. This release fixes a number of security issues (mostly
    related to timing attacks) and adds a handful of new minor features. The
    developers also warn that RSA keys less than 1024 bits will be refused in a
    near-future release.
    2:26p
    Last chance to submit linux.conf.au talks
    The CFP deadline for the 2017 linux.conf.au (January 16-20, Hobart) is
    August 5; the organizers are warning that, contrary to the usual LCA
    tradition, that deadline will not be extended this year. So anybody
    who thinks they may want to speak at LCA should get going on a proposal;
    see the CFP page for
    instructions.
    4:46p
    Security updates for Monday

    Arch Linux has updated imagemagick (information leak) and libidn (multiple vulnerabilities).

    Debian has updated chromium-browser (multiple vulnerabilities), collectd (code execution), libdbd-mysql-perl (code execution), and redis (information leak).

    Debian-LTS has updated collectd (code execution), icedove (code execution), kde4libs (command execution), libdbd-mysql-perl (code execution), openssh (user enumeration via timing side-channel), qemu (multiple vulnerabilities), qemu-kvm (multiple vulnerabilities), redis (information leak), wordpress (multiple vulnerabilities), xen (multiple vulnerabilities), and xmlrpc-epi (denial of service).

    Fedora has updated bind (F24: denial of service), bind99 (F24: denial of service), and php-pecl-zip (F24; F23: buffer overflow).

    Gentoo has updated bsh (code execution).

    Mageia has updated glibc, libtirpc (denial of service) and kernel (multiple vulnerabilities).

    openSUSE has updated Chromium (13.1: multiple vulnerabilities), dropbear (13.1: multiple vulnerabilities), libidn (13.2: multiple vulnerabilities), mupdf (Leap42.1, 13.2: denial of service), php5 (Leap42.1: multiple vulnerabilities), polarssl (13.2: code execution), and sqlite3 (13.2: information leak).

    Oracle has updated kernel 3.8.13 (OL7; OL6: information disclosure) and kernel-uek (OL7; OL6: multiple vulnerabilities).

    SUSE has updated ntp (SLES10-SP4: many vulnerabilities).

    7:18p
    TP-Link agrees to allow third-party firmware in FCC settlement

    The US Federal Communications Commission (FCC) has announced a settlement with network-hardware manufacturer TP-Link, covering both the company's non-compliance with FCC transmission-power regulations and the company's plan to lock-out third-party firmware—including open-source firmware projects like OpenWrt. "While manufacturers of Wi-Fi routers must ensure reasonable safeguards to protect radio parameters, users are otherwise free to customize their routers and we support TP-Link’s commitment to work with the open-source community and Wi-Fi chipset manufacturers to enable third-party firmware on TP-Link routers." Under the settlement agreement, TP-Link will pay a $200,000 fine for shipping WiFi routers that could be configured to run above the permitted power limits, but it will also have to cooperate with open-source firmware projects to make sure they remain installable. TP-Link had moved to block user-installed firmware in March as its first attempt to satisfy the FCC's complaint about non-compliant power settings.

    8:26p
    Klitzke: Why Uber Engineering Switched from Postgres to MySQL
    Evan Klitzke explains
    why Uber Engineering moved away from Postgresql. "The early
    architecture of Uber consisted of a monolithic backend application written
    in Python that used Postgres for data persistence. Since that time, the
    architecture of Uber has changed significantly, to a model of microservices and new data
    platforms. Specifically, in many of the cases where we previously used
    Postgres, we now use Schemaless, a novel
    database sharding layer built on top of MySQL. In this article, we’ll
    explore some of the drawbacks we found with Postgres and explain the
    decision to build Schemaless and other backend services on top of
    MySQL.    " (Thanks to Dimitri John Ledkov)
    9:30p
    GNOME Maps has tiles again
    GNOME Maps recently ran into a tile problem (LWN article) when a service it relied on shut
    down. Jonas Danielsson reports
    that Maps will be getting tiles from Mapbox. "We access Mapbox through a GNOME based redirect, so that we could redirect to something else if a similar situation would arise again."

    << Previous Day 2016/08/01
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org