All posts by ris

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/807073/rss

Security updates have been issued by Arch Linux (crypto++ and thunderbird), Debian (cacti, freeimage, git, and jackson-databind), Fedora (nss), openSUSE (clamav, dnsmasq, munge, opencv, permissions, and shadowsocks-libev), Red Hat (nss, nss-softokn, nss-util, rh-maven35-jackson-databind, and thunderbird), Scientific Linux (nss, nss-softokn, nss-util, nss-softokn, and thunderbird), SUSE (caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, crowbar-ui, etcd, flannel, galera-3, mariadb, mariadb-connector-c, openstack-dashboard-theme-SUSE, openstack-heat-templates, openstack-neutron, openstack-nova, openstack-quickstart, patterns-cloud, python-oslo.messaging, python-oslo.utils, python-pysaml2, libssh, and strongswan), and Ubuntu (git, libpcap, libssh, and thunderbird).

Git v2.24.1 and others

Post Syndicated from ris original https://lwn.net/Articles/806972/rss

The Git project has released Git v2.24.1, v2.23.1, v2.22.2, v2.21.1,
v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and
v2.14.6. “These releases fix various security flaws, which allowed an
attacker to overwrite arbitrary paths, remotely execute code, and/or
overwrite files in the .git/ directory etc.
” The release notes
contained in this announcement have the details.

Google Summer of Code 2020

Post Syndicated from ris original https://lwn.net/Articles/806875/rss

Google Open Source has announced
Google Summer of Code (GSoC) 2020, a program that introduces university
students to open source development. “And the ‘special sauce’ that has
kept this program thriving for 16 years: the mentorship aspect of the
program. Participants gain invaluable experience working directly with
mentors who are dedicated members of these open source communities; mentors
help bring students into their communities while teaching them, guiding
them and helping them find their place in the world of open source.

Applications for interested organizations open on January 14.

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/806957/rss

Security updates have been issued by Debian (firefox-esr, jruby, and squid3), Fedora (librabbitmq, libuv, and xpdf), openSUSE (calamares and opera), Oracle (kernel and nss), Red Hat (httpd24-httpd, kernel, kernel-alt, kpatch-patch, nss-softokn, sudo, and thunderbird), SUSE (apache2-mod_perl, java-1_8_0-openjdk, and postgresql), and Ubuntu (eglibc, firefox, and samba).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/806832/rss

Security updates have been issued by CentOS (SDL), Debian (htmldoc, librabbitmq, nss, openjdk-7, openslp-dfsg, and phpmyadmin), Fedora (chromium, community-mysql, kernel, libidn2, oniguruma, proftpd, and rabbitmq-server), Mageia (ansible, clamav, evince, firefox, graphicsmagick, icu, libcryptopp, libtasn1, libtiff, libvncserver, libvpx, lz4, nss, openexr, openjpeg2, openssl, phpmyadmin, python-psutil, python-twisted, QT, sdl2_image, SDL_image, sysstat, thunderbird, and tnef), Oracle (firefox), Red Hat (java-1.8.0-ibm and nss), Scientific Linux (firefox and kernel), SUSE (kernel), and Ubuntu (nss).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/806296/rss

Security updates have been issued by CentOS (389-ds-base, ghostscript, kernel, and tcpdump), Debian (libonig), Fedora (clamav, firefox, and oniguruma), openSUSE (calamares, cloud-init, haproxy, libarchive, libidn2, libxml2, and ucode-intel), Scientific Linux (SDL and tcpdump), Slackware (mozilla), and Ubuntu (haproxy, intel-microcode, and postgresql-common).

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/806202/rss

Security updates have been issued by Arch Linux (intel-ucode and libtiff), Debian (exiv2), Oracle (SDL), Red Hat (kernel, patch, and python-jinja2), and Ubuntu (graphicsmagick, linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-lts-xenial, linux-aws, and sqlite3).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/806079/rss

Security updates have been issued by Debian (389-ds-base, asterisk, file, nss, proftpd-dfsg, ssvnc, and tnef), Fedora (chromium, djvulibre, freeradius, ImageMagick, jhead, kernel, phpMyAdmin, python-pillow, and rubygem-rmagick), Mageia (bzip2, chromium-browser-stable, curl, dbus, djvulibre, glib2.0, glibc, gnupg2, httpie, libreoffice, libssh2, mosquitto, nginx, python-sqlalchemy, unbound, and zipios++), openSUSE (bluez, clamav, cpio, freerdp, openafs, phpMyAdmin, strongswan, and webkit2gtk3), Red Hat (samba and SDL), Scientific Linux (389-ds-base), and SUSE (haproxy, python-Django, and tightvnc).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/805720/rss

Security updates have been issued by Debian (bsdiff, libvpx, tiff, and xmlrpc-epi), Fedora (freeimage, imapfilter, kernel, mingw-freeimage, and thunderbird), openSUSE (cups and djvulibre), Oracle (SDL), SUSE (ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud, freerdp, mailman, and slurm), and Ubuntu (ruby2.3, ruby2.5).

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/805650/rss

Security updates have been issued by Debian (libxdmcp, nss, php-imagick, and ruby2.1), openSUSE (java-11-openjdk), Red Hat (389-ds-base, kernel, kernel-rt, python-jinja2, qemu-kvm-ma, and tcpdump), SUSE (bluez, clamav, cpio, cups, gcc9, libpng16, libssh2_org, mailman, sqlite3, squid, strongswan, tiff, and webkit2gtk3), and Ubuntu (redmine).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/805527/rss

Security updates have been issued by Debian (chromium, enigmail, isc-dhcp, libice, libofx, and pam-python), Fedora (chromium, ghostscript, mingw-cfitsio, mingw-gdal, mingw-libidn2, and rsyslog), Gentoo (adobe-flash, chromium, expat, and firefox), openSUSE (apache2-mod_perl, haproxy, java-11-openjdk, and ncurses), Oracle (ghostscript, kernel, php:7.2, php:7.3, and sudo), Red Hat (chromium-browser, python27-python, and SDL), and Ubuntu (dpdk and libvpx).

SystemTap 4.2 release

Post Syndicated from ris original https://lwn.net/Articles/805172/rss

SystemTap 4.2 is out. This release features “support for generating
backtraces of different contexts; improved backtrace tapset to include file
names and line numbers; eBPF support extensions including raw tracepoint
access, prometheus exporter, procfs probes and improved looping
structures
“.

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/805083/rss

Security updates have been issued by Debian (angular.js, libapache2-mod-auth-openidc, mosquitto, postgresql-common, and thunderbird), Fedora (chromium, djvulibre, freetds, ghostscript, java-1.8.0-openjdk-aarch32, samba, thunderbird-enigmail, wpa_supplicant, and xen), openSUSE (go1.12, ImageMagick, and ucode-intel), Oracle (ghostscript and kernel), Red Hat (libcomps and sudo), Slackware (kernel), SUSE (microcode_ctl, slurm, and ucode-intel), and Ubuntu (mysql-5.7, mysql-8.0 and python-ecdsa).

Announcing the Bytecode Alliance

Post Syndicated from ris original https://lwn.net/Articles/804648/rss

The Bytecode Alliance is an
industry partnership with the aim of forging WebAssembly’s outside-the-browser
future by collaborating on implementing standards and proposing new
ones. The newly
formed alliance
has “a vision of a WebAssembly ecosystem that is
secure by default, fixing cracks in today’s software
foundations
“. The alliance is currently working on a standalone
WebAssembly runtime, two use-case specific runtimes, runtime components,
and language tooling.

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/804641/rss

Security updates have been issued by Debian (dpdk, intel-microcode, kernel, libssh2, qemu, and webkit2gtk), Fedora (apache-commons-beanutils, bluez, iwd, kernel, kernel-headers, kernel-tools, libell, and microcode_ctl), openSUSE (gdb), Oracle (kernel), Red Hat (kernel and kernel-rt), SUSE (dhcp, evolution, kernel, libcaca, python, python-xdg, qemu, sysstat, ucode-intel, and xen), and Ubuntu (dpdk, intel-microcode, kernel, linux, linux-aws, linux-kvm, linux, linux-lts-trusty, linux-azure, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2, linux-lts-xenial, linux-aws, linux-raspi2, and webkit2gtk).