LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, November 14th, 2016

    Time Event
    5:12p
    Security advisories for Monday

    CentOS has updated java-1.7.0-openjdk (C6: multiple vulnerabilities), libgcrypt (C6: flawed random number generation), and pacemaker (C6: privilege escalation).

    Debian has updated mariadb-10.0 (multiple vulnerabilities) and terminology (command execution).

    Fedora has updated bind (F24: denial of service), mingw-libwebp (F24: integer overflows), sudo (F24: privilege escalation), and tomcat (F24; F23: multiple vulnerabilities).

    Mageia has updated libwmf (denial of service), monit (cross-site request forgery), python-cryptography (returns empty byte-string), and quagga (stack overrun).

    openSUSE has updated flash-player (13.1: multiple vulnerabilities), mysql-community-server (Leap42.2: multiple vulnerabilities), and opera (Leap42.2; Leap42.1: multiple vulnerabilities).

    Red Hat has updated policycoreutils (RHEL6,7: sandbox escape).

    SUSE has updated flash-player (SLE12-SP1: multiple vulnerabilities) and mysql (SLE11-SP4: three vulnerabilities).

    8:42p
    Topics in live kernel patching
    Getting live-patching capabilities into the mainline kernel has been a multi-year process. Basic patching support was merged for the 4.0 release, but further work has been stalled over disagreements on how the consistency model — the code ensuring that a patch is safe to apply to a running kernel — should work. The addition of kernel stack validation has addressed the biggest of the objections, so, arguably, it is time to move forward. At the 2016 Linux Plumbers Conference, developers working on live patching got together to discuss current challenges and future directions.

    Click below (subscribers only) for the full report from LPC 2016.

    10:10p
    The Linux Foundation's Core Infrastructure Initiative Renews Funding for Reproducible Builds Project
    The Core Infrastructure Initiative (CII) has announced
    continued financial support for the Reproducible Builds Project.
    "The grant extends the contribution to include Debian developers
    Chris Lamb, Mattia Rizzolo, Ximin Luo and Vagrant Cascadian, as well as
    extending funding for Holger Levsen. Furthermore, this contribution adds
    support for Ed Maste, working with FreeBSD.    " (Thanks to Paul Wise)
    10:14p
    KDE neon users may want to reinstall
    The KDE Project has a little
    problem     to report for users of the KDE
    neon     distribution: "The package archive used by KDE neon was
    incorrectly configured allowing anyone to upload packages to it. There is
    no reason to think that anyone actually did so but as a precaution we have
    emptied the archives and removed ISOs built before this date.    " Once
    the process of rebuilding the archive is complete, users are recommended to
    upgrade to the new versions, or, better, simply reinstall.

    << Previous Day 2016/11/14
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org