LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Friday, September 2nd, 2016

    Time Event
    7:02a
    Contemplating the possible retirement of Apache OpenOffice
    Outgoing Apache OpenOffice project management committee (PMC) chair Dennis Hamilton has begun the discussion of a possible (note possible at this point) shutdown of the project. "In the case of Apache OpenOffice, needing to disclose security vulnerabilities for which there is no mitigation in an update has become a serious issue. In responses to concerns raised in June, the PMC is currently tasked by the ASF Board to account for this inability and to provide a remedy. An indicator of the seriousness of the Board's concern is the PMC been requested to report to the Board every month, starting in August, rather than quarterly, the normal case. One option for remedy that must be considered is retirement of the project. The request is for the PMC's consideration among other possible options." (Thanks to James Hogarth.)

    Also of interest is this note on how the handling of CVE-2016-1513 went.

    2:08p
    Suspect in kernel.org breakin arrested
    The US Department of Justice has announced
    that it has arrested a suspect in the 2011
    kernel.org breakin    . "[Donald Ryan] Austin is charged with
    causing damage to four servers located in the Bay Area by installing
    malicious software. Specifically, he is alleged to have gained unauthorized
    access to the four servers by using the credentials of an individual
    associated with the Linux Kernel Organization. According to the indictment,
    Austin used that access to install rootkit and trojan software, as well as
    to make other changes to the servers    ."
    3:43p
    Friday's security updates

    Arch Linux has updated chromium (multiple vulnerabilities) and webkit2gtk (multiple vulnerabilities).

    Debian has updated libidn (multiple vulnerabilities).

    Debian-LTS has updated mailman (password disclosure).

    Fedora has updated canl-c (F24; F23: proxy manipulation), krb5 (F23: denial of service), libksba (F24: denial of service), openvpn (F23: information disclosure), tomcat (F24; F23: denial of service), and webkitgtk4 (F23: multiple vulnerabilities).

    openSUSE has updated karchive (SLE12: command execution).

    Oracle has updated ipa (O7; O6: denial of service).

    10:58p
    Z-Wave protocol specification now public

    The Z-Wave wireless home-automation protocol has been released to the public. In years past, the specification was only available to purchasers of the Z-Wave Alliance's development kit, forcing open-source implementations to reverse-engineer the protocol. The official press release notes that there are several such projects, including OpenZWave; Z-Wave support is also vital to higher-level Internet-of-Things abstraction systems like AllJoyn.

    << Previous Day 2016/09/02
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org