| 1:37p |
An X.Org security advisory
It turn out that the X.org server, versions 1.19.0 and after, contain an
easily exploitable privilege escalation vulnerability. Anybody who is
running a system that has X installed setuid root, and which has untrusted
users on it, will want to install the update. "X.Org recommends the
use of a display manager to start X sessions, which does not require Xorg
to be installed setuid." |
| 2:37p |
Security updates for Friday
Security updates have been issued by Arch Linux (firefox), CentOS (firefox), Debian (389-ds-base, openjdk-8, thunderbird, and xorg-server), Fedora (firefox), openSUSE (GraphicsMagick, jhead, mysql-community-server, ntp, postgresql96, python-cryptography, rust, tomcat, webkit2gtk3, and zziplib), Scientific Linux (firefox), and SUSE (clamav, firefox, ImageMagick, libgit2, net-snmp, smt, wpa_supplicant, and xorg-x11-server). |
| 6:50p |
[$] 4.20/5.0 Merge window part 1
Linus Torvalds has returned as the keeper of the mainline kernel
repository, and the merge window for the next release which, depending on
his mood, could be
called either 4.20 or 5.0, is well underway. As of this writing, 5,735
non-merge changesets have been pulled for this release; experience suggests
that we are thus at roughly the halfway point. |