All posts by ris

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/786106/rss

Security updates have been issued by Debian (cacti and libxslt), Fedora (pcsc-lite and samba), Gentoo (gnutls, phpmyadmin, and tiff), openSUSE (apache2, clamav, dovecot23, nodejs10, SDL, and webkit2gtk3), Red Hat (mod_auth_mellon and rh-python36-python), SUSE (firefox, nspr, nss and python), and Ubuntu (libxslt and webkit2gtk).

Security updates for Thursday

Post Syndicated from ris original https://lwn.net/Articles/785676/rss

Security updates have been issued by Arch Linux (apache, evolution, gnutls, and thunderbird), Debian (wpa), Gentoo (git), Mageia (dovecot, flash-player-plugin, gpac, gpsd, imagemagick, koji, libssh2, libvirt, mariadb, ming, mumble, ntp, python, python3, squirrelmail, and wget), openSUSE (apache2), Red Hat (httpd24-httpd and httpd24-mod_auth_mellon), SUSE (libqt5-qtbase, openldap2, tar, and xmltooling), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 and wpa).

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/785367/rss

Security updates have been issued by Debian (poppler, proftpd-dfsg, suricata, and systemd), Fedora (kernel, kernel-headers, kernel-tools, and wget), Gentoo (clamav, emerge-delta-webrsync, and mailman), openSUSE (bash), Red Hat (kernel and openssh), Scientific Linux (python), SUSE (gnuplot, libtcnative-1-0, and sqlite3), and Ubuntu (clamav, lua5.3, openjdk-7, samba, systemd, and wget).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/785238/rss

Security updates have been issued by Debian (roundup, samba, tryton-server, and wget), Fedora (evolution-data-server, evolution-ews, glpi, ntp, poppler, pspp, and wget), Mageia (advancecomp, cfitsio, firefox, ghostscript, gnutls, libjpeg, libpng, ocaml, python-yaml, ruby-ox, SDL12, and thunderbird), openSUSE (adcli, sssd, go1.11, liblouis, nodejs6, openssl, ovmf, sqlite3, sysstat, thunderbird, tiff, and znc), Red Hat (chromium-browser and python), Slackware (httpd, openjpeg, and wget), SUSE (bash, clamav, dovecot22, kernel, php53, SDL, and xen), and Ubuntu (clamav and samba).

Security updates for Friday

Post Syndicated from ris original https://lwn.net/Articles/785060/rss

Security updates have been issued by Debian (pdns), Fedora (firefox, freerdp, ghostscript, gnome-boxes, gnutls, libarchive, libssh2, pidgin-sipe, poppler, and remmina), openSUSE (gd, ImageMagick, ldb, libcaca, ntp, openssl-1_1, ovmf, thunderbird, w3m, and wavpack), SUSE (apache2, firefox, and libvirt), and Ubuntu (advancecomp and apache2).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/784806/rss

Security updates have been issued by Debian (apache2), Fedora (edk2 and tomcat), openSUSE (ansible, ghostscript, lftp, libgxps, libjpeg-turbo, libqt5-qtimageformats, libqt5-qtsvg, libssh2_org, openssl-1_0_0, openwsman, pdns, perl-Email-Address, putty, python-azure-agent, python-cryptography, python-pyOpenSSL, python-Flask, thunderbird, tor, unzip, and wireshark), Scientific Linux (freerdp), Slackware (wget), SUSE (bluez, file, firefox, libsndfile, netpbm, thunderbird, and xen), and Ubuntu (busybox, firebird2.5, kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle, linux-hwe, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-aws, linux-raspi2, and policykit-1).

The Debian Project mourns the loss of Innocent de Marchi

Post Syndicated from ris original https://lwn.net/Articles/784677/rss

The Debian Project sadly announced the passing of Innocent de Marchi. “Innocent was a math teacher and a free software developer. One of his
passions was tangram puzzles, which led him to write a tangram-like game
that he later packaged and maintained in Debian. Soon his contributions
expanded to other areas, and he also worked as a tireless translator
into Catalan.

VMware Suit Concludes in Germany

Post Syndicated from ris original https://lwn.net/Articles/784673/rss

Software Freedom Conservancy reports
that the Hamburg Higher Regional Court affirmed the lower court’s decision,
which dismissed Christoph Hellwig’s case against VMWare in
Germany. Hellwig will not pursue the case further in German courts.

Conservancy’s staff also spent a significant amount of time and resources
at each stage of the proceedings — most recently, analyzing what this
ruling could mean for future enforcement actions. The German court made a
final decision in this case on procedure and standing, not on
substance. While we are disappointed that the courts did not take the
opportunity to deliver a clear pro-software-freedom ruling, this ruling
does not set precedent and the implications of the decision are
limited. This matter certainly would proceed differently with different
presentation of plaintiffs or in another jurisdiction.

In addition to VMware committing to removing vmklinux from their kernel, this case also succeeded in sparking significant discussion about the community-wide implications for free software when some companies playing by the rules while others continually break them. Our collective insistence, that licensing terms are not optional, has now spurred other companies to take copyleft compliance more seriously. The increased focus on respecting licenses post-lawsuit and providing source code for derivative works — when coupled with VMware’s reluctant but eventual compliance — is a victory, even if we must now look to other jurisdictions and other last-resort legal actions to adjudicate the question of the GPL and derivative works of Linux.

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/784665/rss

Security updates have been issued by CentOS (firefox, libssh2, and thunderbird), Debian (firmware-nonfree, kernel, and libssh2), Fedora (drupal7, flatpak, and mod_auth_mellon), Gentoo (burp, cairo, glusterfs, libical, poppler, subversion, thunderbird, and unbound), openSUSE (yast2-rmt), Red Hat (freerdp), and SUSE (bash, ed, libarchive, ntp, and sqlite3).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/784563/rss

Security updates have been issued by Debian (chromium, drupal7, gpsd, libav, libdatetime-timezone-perl, php5, rails, thunderbird, twig, tzdata, and wordpress), Fedora (edk2, flatpak, fuse, ghostscript, gnutls, golang-googlecode-go-crypto, grub2, mxml, poppler, and systemd), Mageia (file, kernel, live, mplayer, vlc, openjpeg2, pdns, and poppler), openSUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, kernel, ovmf, and ucode-intel), SUSE (adcli, sssd, GraphicsMagick, kernel, liblouis, libssh2_org, nodejs6, openssl, ovmf, SDL, sysstat, tiff, various KMPs, and xen), and Ubuntu (dovecot and gpac).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/784114/rss

Security updates have been issued by Debian (openjdk-7), Fedora (cfitsio, firefox, librsvg2, and pdns), openSUSE (firefox), Red Hat (firefox), Scientific Linux (firefox), SUSE (gd, grub2, ImageMagick, kernel, libcaca, libmspack, ntp, ovmf, w3m, and wavpack), and Ubuntu (php7.0, php7.2, qemu, and xmltooling).