The H Week - Linux kernel hole, Novell sale moves ahead and Siemens industrial control systems suffer a worm
In the past week, The H published two features and reported on a new technique to boost Hadoop queries, the reappearance of a preview version of 64-bit Adobe Flash Player 10, a dropped patch that exposed an old Linux kernel hole and on the sale of Novell. The Haystack anti-censorship project was shamed by bugs that could expose its users, Intel's HDCP master key was anonymously published and a worm was found to have infected 15 Siemens industrial control systems.
Featured
The H published two features this week: in his regular column Glyn Moody discussed innovation in open source and our Linux Kernel expert Thorsten Leemhuis mused on the future of Linux distribution development cycles.
Open Source
Mozilla reported that the new JägerMonkey engine promises to boost the JavaScript speed of their Firefox browser, announced that the Firefox 4 Beta 6 has been renamed as Beta 7 and turned off update notifications while solving a stability problem.
- JavaScript: Firefox catching up thanks to JägerMonkey
- Mozilla renames Firefox 4 Beta 6 to Beta 7
- Mozilla turns off update notification as it works on stability problem
At the VLDB conference German researchers presented a technique to radically boost the speed of Hadoop queries.
After a lot of prompting Dell finally released the GPL code for its Streak tablet device. Oracle reaffirmed its commitment to continued open source Java support and development and the Diaspora project released the first version of the source for its open social networking software.
- Dell releases Streak GPL sources
- Oracle sticks to Sun's open source strategy for Java
- "Facebook killer" Diaspora source code released
Linux related news - The Fedora developers have decided to postpone the implementation of systemd in Fedora 14 and have reverted to Upstart. Having withdrawn the Linux specific preview of the Flash 64-bit plug-in a few months ago Adobe have now issued new, cross platform, preview code. A Linux kernel hole was re-discovered that was originally patched in 2007. It reappeared in the kernel when the developers removed the patch, apparently as far back as 2008.
- Fedora 14 to use Upstart not systemd
- Adobe previews 64-bit Flash Player
- Hole in Linux kernel provides root rights
In business news - The Apache Software Foundation announced the appointment of new Executive Officers, Sonatype acquired funding and a new CEO and Opsera sold off its Enterprise Services division in order to concentrate on Opsview development and support. The sale of Novell appears to be moving ahead and the SCO Group sought to liquidate more of its assets to finance its continuing court battles. Oracle published strong results for the first quarter of its 2011 accounting year.
- Apache Software Foundation announces new Executive Officers
- Maven maker Sonatype gets new CEO and $11.6M funding
- Opsera now focussed on Opsview
- Opsera teams up with Canonical for Opsview on Ubuntu
- Report: Novell to be sold in two parts
- SCO Group auctions UNIX division
- Oracle publishes promising first quarter results
Open Source Releases
This week saw quite a number of releases and updates. Notably the first version of the OpenSolaris fork, OpenIndiana, stability updates for Mozila Firefox and Thunderbird and a new browser benchmark called Kraken.
- Tiny Core Linux 3.1 released
- Smalltalk web framework Seaside reaches version 3.0
- SystemRescueCd 1.6.0 released
- Shotwell 0.7.2 update addresses crucial bugs
- Illumos Foundation launches OpenIndiana
- Video editor Kdenlive 0.7.8 offers improved colour correction
- F-Spot 0.8.0 photo manager released
- Mozilla releases Firefox stability updates
- XBMC 10.0 Beta 2 released
- Mozilla releases Thunderbird updates
- Mozilla releases new "Kraken" browser benchmark
Security
Microsoft published instructions for using EMET to block the Adobe Reader zero day exploit. Critical bugs were revealed in Haystack: the anti-censorship software that was supposed to protect the identities of online critics of the Iranian government. A weakness was found in ASP.NET which could affect approximately 25% of web applications and Samba, the file and print server software, received an update to fix a buffer overrun vulnerability.
- Microsoft tool blocks attacks on Adobe Reader hole
- Critical bugs stop Haystack anti-censorship project - Update
- Cookies from ASP.NET servers can be cracked
- Security update for Samba 3.5 - Update
The code for Intel's HDCP master key leaked this week and Intel responded, saying that although genuine the key code would only be of use to hardware manufacturers attempting to avoid paying the HDCP licence fees. Intel said it would take action against any manufacturers that tried to use the leaked code.
Following the example of Microsoft and Adobe, business management specialist SAP introduced a regular patch day.
OpenX seemed to respond quickly to the report on Monday of a critical hole in its ad server software, now found to have been open for about a year, by, on Thursday, publishing an update to patch an unspecified vulnerability.
Reports came in this week of a worm, known as Stuxnet, that has infiltrated Siemens industrial controllers and is apparently capable of re-programming Programmable Logic Controllers inside these systems.
Security Alerts
- Year-old vulnerability endangers OpenX ad server
- Attackers exploit additional zero-day vulnerability in Adobe Flash and Reader
- Web sites distribute malware via hacked OpenX servers
- Patch Tuesday: Microsoft closes worm holes
- Google closes 10 holes in Chrome 6
- Apple closes back door in QuickTime 7
To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.
(trk)