Mirror, Mirror on the Wall

Security updates for Thursday

Thu Dec 5 14:01:00 2019
lwn.net

Security updates have been issued by Arch Linux (firefox), Fedora (cyrus-imapd, freeipa, haproxy, ImageMagick, python-pillow, rubygem-rmagick, sqlite, squid, and tnef), openSUSE (haproxy), Oracle (microcode_ctl), and Ubuntu (squid, squid3).

#categories

[$] A static-analysis framework for GCC

Wed Dec 4 22:04:00 2019
lwn.net

One of the features of the Clang/LLVM compiler that has been rather lacking for GCC may finally be getting filled in. In a mid-November post to the gcc-patches mailing list, David Malcolm described a new static-analysis framework for GCC that he wrote. It could be the starting point for a whole range of code analysis for the compiler.

#categories

[$] Creating Kubernetes distributions

Wed Dec 4 19:00:00 2019
lwn.net

Making a comparison between Linux and Kubernetes is often one of apples to oranges. There are, however, some similarities and there is an effort within the Kubernetes community to make Kubernetes more like a Linux distribution. The idea was outlined in a session about Kubernetes release engineering at KubeCon + CloudNativeCon North America 2019. "You might have heard that Kubernetes is the Linux of the cloud and that's like super easy to say, but what does it mean? Cloud is pretty fuzzy on its own," Tim Pepper, the Kubernetes release special interest group (SIG Release) co-chair said. He proceeded to provide some clarity on how the two projects are similar.

#categories

Security updates for Wednesday

Wed Dec 4 16:26:00 2019
lwn.net

Security updates have been issued by CentOS (389-ds-base, ghostscript, kernel, and tcpdump), Debian (libonig), Fedora (clamav, firefox, and oniguruma), openSUSE (calamares, cloud-init, haproxy, libarchive, libidn2, libxml2, and ucode-intel), Scientific Linux (SDL and tcpdump), Slackware (mozilla), and Ubuntu (haproxy, intel-microcode, and postgresql-common).

#categories

Two malicious Python libraries caught stealing SSH and GPG keys (ZDNet)

Wed Dec 4 13:58:00 2019
lwn.net

ZDNet reports that two more malicious modules have been removed from the Python Package Index. "The two libraries were created by the same developer and mimicked other more popular libraries -- using a technique called typosquatting to register similarly-looking names. The first is 'python3-dateutil,' which imitated the popular 'dateutil' library. The second is 'jeIlyfish' (the first L is an I), which mimicked the 'jellyfish' library." The latter of the two had been in PyPI for nearly a year.

#categories

Firefox 71

Tue Dec 3 18:28:00 2019
lwn.net

Firefox 71 is available. New features include improvements to the Lockwise integrated password manager and native MP3 decoding. The release notes have more details.

#categories

Security updates for Tuesday

Tue Dec 3 16:13:00 2019
lwn.net

Security updates have been issued by Arch Linux (intel-ucode and libtiff), Debian (exiv2), Oracle (SDL), Red Hat (kernel, patch, and python-jinja2), and Ubuntu (graphicsmagick, linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-lts-xenial, linux-aws, and sqlite3).

#categories

<<<