BBC News - Technology

Linux Today

LWN.net

  • The end of LinuxDevices?
    LinuxDevices.com is carrying a brief note from the "outgoing editor-in-chief" stating that the site's owner has been acquired. "At this point, the future of LinuxDevices.com is uncertain. What we can say for sure is that it has been a pleasure serving our readers -- the best in the business."
  • Slackware updates
    Slackware has been silent for some time (noted in this comment thread). Although we haven't seen any advisories in the LWN mailbox, the changelogs are showing some new updates. Slackware users should update their systems.
  • Stable kernels 3.0.19, 3.2.3 and 2.6.32.56
    Greg KH has released stable kernels 3.0.19, 3.2.3 and 2.6.32.56. All of them have important fixes across the board.

    Update 3.2.4 has now been released to address a compilation problem in 3.2.3.

  • Friday's security updates
    CentOS has updated ghostscript (C6; C5; C4: multiple vulnerabilities), php (C6; C5; C4: remote code execution), and C5: php53 (remote code execution).

    Debian has updated iceweasel (multiple vulnerabilities), iceape (multiple vulnerabilities), and php5 (remote code execution).

    Mandriva has updated mozilla (multiple vulnerabilities).

    Red Hat has updated RHEL5: php53 (remote code execution), RHEL4,5,6: php (remote code execution), ghostscript (RHEL5,6; RHEL4: multiple vulnerabilities), and RHEL5.6: freetype (code execution).

    Scientific Linux has updated SL5: php53 (remote code execution), SL4,5,6: php (remote code execution), and ghostscript (SL5,6; SL4: multiple vulnerabilities).

  • PHP 5.3.10 released with critical security fix
    The PHP 5.3.10 release is out; it contains a fix for a remote code execution bug introduced recently by another security fix. Anybody running 5.3.9 should probably upgrade as soon as possible.
  • Critical PHP vulnerability being fixed (The H)
    The H is reporting that a critical remote code execution bug has been found in PHP that was caused by the recent fix for the widespread denial of service via hash collisions vulnerability. "The cause of the problem is the security update to PHP 5.3.9, which was written to prevent denial of service (DoS) attacks using hash collisions. To do so, the developers limited the maximum possible number of input parameters to 1,000 in php_variables.c using max_input_vars. Because of mistakes in the implementation, hackers can intentionally exceed this limit and inject and execute code. The bug is considered to be critical as code can be remotely injected over the web."
  • Security advisories for Thursday

    CentOS has updated openssl (C4: multiple vulnerabilities).

    Debian has updated tomcat6 (multiple vulnerabilities).

    Fedora has updated BackupPC (F15; F16: cross-site scripting), polipo (F15; F16: denial of service), moodle (F15; F16: multiple vulnerabilities), firefox (F16: multiple vulnerabilities), xulrunner (F16: multiple vulnerabilities), thunderbird (F16: multiple vulnerabilities), thunderbird-lightning (F16: multiple vulnerabilities), gstreamer-plugins-bad-free (F16: multiple vulnerabilities), and libvpx (F16: multiple vulnerabilities).

    Mandriva has updated apache (multiple vulnerabilities).

    Oracle has updated firefox (OL4; OL5; OL6: multiple vulnerabilities), seamonkey (OL4: multiple vulnerabilities), thunderbird (OL4; OL6: multiple vulnerabilities), and openssl (OL4: multiple vulnerabilities).

    Red Hat has updated openssl (RHEL 4: multiple vulnerabilities)

    Scientific Linux has updated thunderbird (SL4&5; SL6: multiple vulnerabilities), firefox (multiple vulnerabilities), seamonkey (SL4: multiple vulnerabilities), and openssl (SL4: multiple vulnerabilities).

  • Seigo: Spark answers
    Aaron Seigo answers questions about the Spark tablet, which is based on Plasma Active, that he announced on January 29. There is more information about the hardware and software, delivery timeframe (May 2012), and pre-orders: "Pre-order registration will open early next week. This was one piece in the puzzle that was taking a bit [longer] than I hoped for to come together, but it's finally slotted in and our distribution partner has got the necessary infrastructure settled. I'll lift the veil off of the pre-order and our distribution strategy when it goes live."
  • Gettys: Bufferbloat demonstration videos
    Jim Gettys says: "If people have heard of bufferbloat at all, it is usually just an abstraction despite having personal experience with it. Bufferbloat can occur in your operating system, your home router, your broadband gear, wireless, and almost anywhere in the Internet. They still think that if experience poor Internet speed means they must need more bandwidth, and take vast speed variation for granted. Sometimes, adding bandwidth can actually hurt rather than help. Most people have no idea what they can do about bufferbloat. So I’ve been working to put together several demos to help make bufferbloat concrete, and demonstrate at least partial mitigation." Definitely useful viewing for anybody who is concerned with the problem and how to begin addressing it.
  • [$] LWN.net Weekly Edition for February 2, 2012
    The LWN.net Weekly Edition for February 2, 2012 is available.