LWN.net's Journal
[Most Recent Entries]
[Calendar View]
Thursday, November 17th, 2016
| Time |
Event |
| 1:05a |
[$] LWN.net Weekly Edition for November 17, 2016
The LWN.net Weekly Edition for November 17, 2016 is available. | | 3:56p |
Security updates for Thursday Arch Linux has updated firefox
(multiple vulnerabilities), libgit2 (two vulnerabilities), python-django (two vulnerabilities), and python2-django (two vulnerabilities).
Debian has updated firefox-esr (multiple vulnerabilities).
Fedora has updated bind99 (F24:
two vulnerabilities), firefox (F24: multiple vulnerabilities),
and kernel (F24: denial of service).
Gentoo has updated libuv
(privilege escalation from 2015).
Mageia has updated nss, firefox (multiple vulnerabilities).
Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities) and nss and nss-util (OL7; OL6; OL5: two
vulnerabilities).
Red Hat has updated openssl
(RHEL6: denial of service). | | 8:02p |
Mission Improbable: Hardening Android for Security And Privacy (Tor blog) The Tor blog has a post about the refresh of its Tor-enabled Android phone prototype, which is now in a workable state though it still has some rough edges. There is also a worrisome trend that the post highlights: " It is unfortunate that Google seems to see locking down Android as the only solution to the fragmentation and resulting insecurity of the Android platform. We believe that more transparent development and release processes, along with deals for longer device firmware support from SoC vendors, would go a long way to ensuring that it is easier for good OEM players to stay up to date. Simply moving more components to Google Play, even though it will keep those components up to date, does not solve the systemic problem that there are still no OEM incentives to update the base system. Users of old AOSP base systems will always be vulnerable to library, daemon, and operating system issues. Simply giving them slightly more up to date apps is a bandaid that both reduces freedom and does not solve the root security problems. Moreover, as more components and apps are moved to closed source versions, Google is reducing its ability to resist the demand that backdoors be introduced. It is much harder to backdoor an open source component (especially with reproducible builds and binary transparency) than a closed source one." | | 8:25p |
LinuxCon + CloudOpen + ContainerCon Become The Linux Foundation Open Source Summit for 2017 The Linux Foundation has announced that it is consolidating three conferences under one name going forward. LinuxCon, CloudOpen, and ContainerCon join together under the "Linux Foundation Open Source Summit" name. For 2017, that encompasses three events: OSS Japan in Tokyo May 31-June 2, OSS North America in Los Angeles September 11-13, and OSS Europe in Prague October 23-25. " The Linux Foundation Open Source Summit in North America and Europe will also contain a brand new event, Community Leadership Conference. Attendees will have access to sessions across all events in a single venue, enabling them to collaborate and share information across a wide range of open source topics and areas of technology. They can take advantage of not only unparalleled educational opportunities, but also an expo hall, networking activities, hackathons, additional co-located events and The Linux Foundation’s diversity initiatives, including free childcare, nursing rooms, non-binary restrooms and a diversity luncheon." |
|