Linux Weekly News

Subscribe to Linux Weekly News feed is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 1 min 42 sec ago

Behind the Masq: Yet more DNS, and DHCP, vulnerabilities (Google Security Blog)

Mon, 10/02/2017 - 09:28
The Google Security Blog discloses the results of a security audit of the Dnsmasq name resolver. "We discovered seven distinct issues (listed below) over the course of our regular internal security assessments. Once we determined the severity of these issues, we worked to investigate their impact and exploitability and then produced internal proofs of concept for each of them. We also worked with the maintainer of Dnsmasq, Simon Kelley, to produce appropriate patches and mitigate the issue." Version 2.78 contains the fixes. Anybody running an OpenWRT/LEDE router likely has a vulnerable version of Dnsmasq and will want to look into updating.

Kernel prepatch 4.14-rc3

Sun, 10/01/2017 - 19:34
The 4.14-rc3 kernel prepatch is out for testing. "So 4.14 continues to be a somewhat painful release, and I'm starting to at least partly blame the fact that it's meant to be an LTS release."

A security review of three NTP implementations

Sun, 10/01/2017 - 16:22
The Core Infrastructure Initiative commissioned security audits of three network time protocol (NTP) implementations (ntpd, NTPSec, and Chrony) and has released the results. "From a security standpoint (and here at the CII we are security people), Chrony was the clear winner between these three NTP implementations. Chrony does not have all of the bells and whistles that ntpd does, and it doesn’t implement every single option listed in the NTP specification, but for the vast majority of users this will not matter. If all you need is an NTP client or server (with or without reference clock), which is all that most people need, then its security benefits most likely outweigh any missing features."

Linux kernel LTS releases are now good for 6 years (ars technica)

Sun, 10/01/2017 - 10:18
Ars technica reports on an announcement that the kernel's long-term support releases will now be maintained for six years instead of two. "A six-year support window will give Google, SoC Vendors, and OEMs plenty of time to develop a device and get it to market, while still leaving about four years for end-user ownership. Google currently provides two years of major OS updates on its phones and three years of security updates, but if it wanted to extend that, an announcement like this would seem like an important first step." The releases page now shows 4.4 being maintained through February 2022.

[$] Catching up with RawTherapee 5.x

Sat, 09/30/2017 - 18:14
Free-software raw photo editor RawTherapee released a major new revision earlier this year, followed by a string of incremental updates. The 5.x series, released at a rapid pace, marks a significant improvement in the RawTherapee's development tempo — the project's preceding update had landed in 2014. Regardless of the speed of the releases themselves, however, the improved RawTherapee offers users a lot of added functionality and may shake up the raw-photo-processing workflow for many photographers.

EFF: The War on General-Purpose Computing Turns on the Streaming Media Box Community

Sat, 09/30/2017 - 09:55
The EFF highlights a number of attacks against distributors of add-ons for the Kodi streaming media system. "These lawsuits by big TV incumbents seem to have a few goals: to expand the scope of secondary copyright infringement yet again, to force major Kodi add-on distributors off of the Internet, and to smear and discourage open source, freely configurable media players by focusing on the few bad actors in that ecosystem. The courts should reject these expansions of copyright liability, and TV networks should not target neutral platforms and technologies for abusive lawsuits."