LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Friday, August 5th, 2016

    Time Event
    12:04a
    The GNU C Library version 2.24 is now available
    The 2.24 version of the GNU C Library (glibc) has been released. It comes
    with lots of bug fixes, including five for security vulnerabilities (four
    stack overflows and a memory leak). Some deprecated features have
    been removed, as well as deprecating the readdir_r() and
    readdir64_r() functions in favor of readdir() and
    readdir64(). There are also additions to the math library
    (nextup*() and nextdown*()) to return the next
    representable value toward either positive or negative infinity.
    4:08p
    Friday's security updates

    Arch Linux has updated firefox (multiple vulnerabilities), jdk7-openjdk (multiple vulnerabilities), jre7-openjdk (multiple vulnerabilities), and jre7-openjdk-headless (multiple vulnerabilities).

    Debian has updated openjdk-7 (multiple vulnerabilities).

    Debian-LTS has updated curl (multiple vulnerabilities) and mysql-5.5 (multiple vulnerabilities).

    Fedora has updated collectd (F23; F24: code execution), dietlibc (F23; F24: insecure default PATH), perl (F24: privilege escalation), perl-DBD-MySQL (F24: code execution), and python-autobahn (F24: insecure origin validation).

    openSUSE has updated MozillaFirefox, mozilla-nss (13.2, Leap 42.1: multiple vulnerabilities).

    Oracle has updated kernel (O7; O6: multiple vulnerabilities; O7; O6; O6; O5: privilege escalation) and squid (O6: code execution).

    Scientific Linux has updated squid (SL6: code execution).

    SUSE has updated kernel (SLE12-LP: multiple vulnerabilities).

    Ubuntu has updated firefox (12.04, 14.04, 16.04: multiple vulnerabilities), libreoffice (12.04: code execution), oxide-qt (14.04, 16.04: multiple vulnerabilities), and qemu, qemu-kvm (12.04, 14.04, 16.04: multiple vulnerabilities).

    11:48p
    Let's Encrypt will be trusted by Firefox 50

    The Let's Encrypt project, which provides a free SSL/TLS certificate authority (CA), has announced that Mozilla has accepted the project's root key into the Mozilla root program and will be trusted by default as of Firefox 50. This is a step forward from Let's Encrypt's earlier status. "In order to start issuing widely trusted certificates as soon as possible, we partnered with another CA, IdenTrust, which has a number of existing trusted roots. As part of that partnership, an IdenTrust root 'vouches for' the certificates that we issue, thus making our certificates trusted. We’re incredibly grateful to IdenTrust for helping us to start carrying out our mission as soon as possible. However, our plan has always been to operate as an independently trusted CA. Having our root trusted directly by the Mozilla root program represents significant progress towards that independence." The project has also applied for inclusion the CA trust roots maintained by Apple, Microsoft, Google, Oracle, and Blackberry. News on those programs is still pending.

    << Previous Day 2016/08/05
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org