Security updates have been issued by Arch Linux (firefox), Debian (chromium and firefox-esr), Oracle (ipmitool and telnet), Red Hat (firefox and qemu-kvm), Scientific Linux (firefox, krb5-appl, and qemu-kvm), Slackware (firefox), SUSE (gmp, gnutls, libnettle and runc), and Ubuntu (firefox, gnutls28, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, and linux-azure, linux-gcp, linux-gke-5.0, linux-oem-osp1, linux-oracle-5.0).
Firefox 75.0 has been released. New features include improvements
to the address bar, making search easier, all trusted Web PKI Certificate
Authority certificates known to Mozilla will be cached locally, and Firefox
is available as a Flatpak. See the release notes
for more details.
Security updates have been issued by Fedora (kernel, kernel-headers, and kernel-tools), openSUSE (glibc and qemu), Red Hat (chromium-browser, container-tools:1.0, container-tools:rhel8, firefox, ipmitool, kernel, kernel-rt, krb5-appl, ksh, nodejs:10, nss-softokn, python, qemu-kvm, qemu-kvm-ma, telnet, and virt:rhel), Scientific Linux (ipmitool and telnet), SUSE (ceph and firefox), and Ubuntu (haproxy, linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, and linux, linux-hwe).
Security updates have been issued by Debian (firefox-esr, gnutls28, and libmtp), Fedora (cyrus-sasl, firefox, glibc, squid, and telnet), Gentoo (firefox), Mageia (dcraw, firefox, kernel, kernel-linus, librsvg, and python-nltk), openSUSE (firefox, haproxy, icu, and spamassassin), Red Hat (nodejs:10, openstack-manila, python-django, python-XStatic-jQuery, and telnet), Slackware (firefox), SUSE (bluez, exiv2, and libxslt), and Ubuntu (firefox).
Firefox 74.0.1 has been released with two
security fixes. CVE-2020-6819 is a use-after-free when running the
nsDocShell destructor and CVE-2020-6820 is a use-after-free when handling a
ReadableStream. In both cases there have been targeted attacks in the wild
abusing these flaws. These issues have also been fixed in Firefox ESR 68.6.1.
Security updates have been issued by Debian (mediawiki and qbittorrent), Gentoo (gnutls), Mageia (bluez, kernel, python-yaml, varnish, and weechat), Oracle (haproxy and nodejs:12), SUSE (exiv2, haproxy, libpng12, mgetty, and python3), and Ubuntu (libgd2).
GNU Guix is a transactional package manager and an advanced distribution of
the GNU system which uses the Linux-libre kernel. The project has announced
that Guix now runs natively on GNU/Hurd and the Linux-libre kernel is deprecated. “Running on the Hurd was always a goal for Guix, and supporting multiple kernels is a huge maintenance burden. As such it is expected that the upcoming Guix 1.1 release will be the last version featuring the Linux-Libre kernel. Future versions of Guix System will run exclusively on the Hurd, and we expect to remove Linux-Libre entirely by Guix 2.0.”
Security updates have been issued by Arch Linux (chromium, kernel, linux-hardened, linux-lts, and pam-krb5), Debian (haproxy, libplist, and python-bleach), Fedora (tomcat), Gentoo (ghostscript-gpl, haproxy, ledger, qtwebengine, and virtualbox), Red Hat (haproxy, nodejs:12, qemu-kvm-rhev, and rh-haproxy18-haproxy), SUSE (memcached and qemu), and Ubuntu (apport).
The LXD system container and virtual manager, LXC container runtime, and
LXCFS FUSE filesystem projects have released version 4.0 LTS. LTS versions
of these intertwined projects are released every 2 years and receive 5
years of security and bugfix support.
Security updates have been issued by Debian (apng2gif, gst-plugins-bad0.10, and libpam-krb5), Fedora (coturn, libarchive, and phpMyAdmin), Mageia (chromium-browser-stable, nghttp2, php, phpmyadmin, sympa, and vim), openSUSE (GraphicsMagick, ldns, phpMyAdmin, python-mysql-connector-python, python-nltk, and tor), Red Hat (advancecomp, avahi, bash, bind, bluez, buildah, chromium-browser, cups, curl, docker, dovecot, doxygen, dpdk, evolution, expat, file, gettext, GNOME, httpd, idm:DL1, ImageMagick, kernel, kernel-rt, lftp, libosinfo, libqb, libreoffice, libsndfile, libxml2, mailman, mariadb, mod_auth_mellon, mutt, nbdkit, net-snmp, nss-softokn, okular, php, podman, polkit, poppler and evince, procps-ng, python, python-twisted-web, python3, qemu-kvm, qemu-kvm-ma, qt, rsyslog, samba, skopeo, squid, systemd, taglib, texlive, unzip, virt:8.1, wireshark, and zziplib), Slackware (gnutls and httpd), and SUSE (glibc, icu, kernel, and mariadb).
The Free Software Foundation is focusing
on the shortage of medical equipment and using 3D printers to make
more. “That’s why we’re looking into what we can make with our
in-office Respects Your Freedom (RYF)-certified 3D printers, and we’re
talking to the brand new Mass General Brigham Center for COVID Innovation
so they can direct our efforts. We’re also gathering resources for our
“HACKERS and HOSPITALS” plan at the LibrePlanet wiki page, and if you have expertise, 3D printers, or supplies to contribute, please contact Michael via [email protected] If you do not have the means to produce medical gear and you still want to help, research can be done from anywhere with only a computer and an Internet connection. Add any projects that are freely licensed working towards helping with COVID-19 to the wiki!”
The Mozilla Open Source Support Program (MOSS) has launched
a COVID-19 Solutions Fund, which will provide awards of up to $50,000 each
to open source technology projects which are responding to the COVID-19
pandemic in some way. “As part of the COVID-19 Solutions Fund, we will accept applications that are hardware (e.g., an open source ventilator), software (e.g., a platform that connects hospitals with people who have 3D printers who can print parts for that open source ventilator), as well as software that solves for secondary effects of COVID-19 (e.g., a browser plugin that combats COVID related misinformation).”
Security updates have been issued by Debian (tinyproxy), Fedora (okular), Gentoo (ffmpeg, libxls, and qemu), openSUSE (GraphicsMagick), Red Hat (qemu-kvm-rhev), SUSE (cloud-init and spamassassin), and Ubuntu (bluez, libpam-krb5, linux-raspi2, linux-raspi2-5.3, and Timeshift).
Security updates have been issued by Debian (php-horde-form and tika), Fedora (dcraw and libmodsecurity), Gentoo (libidn2 and screen), openSUSE (cloud-init, cni, cni-plugins, conmon, fuse-overlayfs, podman, opera, phpMyAdmin, python-mysql-connector-python, ruby2.5, strongswan, and tor), Oracle (ipmitool), Scientific Linux (ipmitool), SUSE (spamassassin and tomcat), and Ubuntu (twisted and webkit2gtk).
Security updates have been issued by Debian (e2fsprogs, ruby2.1, and weechat), Fedora (java-1.8.0-openjdk and webkit2gtk3), openSUSE (apache2-mod_auth_openidc, glibc, mcpp, nghttp2, and skopeo), Oracle (libvncserver and thunderbird), and SUSE (keepalived).