The H Week - Android 3.0 preview, Chrome gains share and Linux capabilities not secure

During the past week, Google previewed Android 3.0 and Amazon launched the developer program for its Android App store. The latest browser user statistics showed Chrome gaining ground and the new Linux kernel 2.6.37 was released. A Google expert said he has found flaws in every browser; it was claimed that Flash sandboxes could be bypassed and that Linux privilege control doesn't add security.

Featured

Richard Hillesley speculated on the effect the adoption of the Unity shell will have on the future of Ubuntu and The H closed out its mini-series on the Linux kernel 2.6.37 with a summary of the five previous issues.

• Ubuntu and the price of Unity
• What's new in Linux 2.6.37

Open Source

Google / Android stories were much in the news this week with the preview of Android 3.0, the announcement that statistics show that over 50% of Android devices are now running Android 2.2 or higher and Amazon's opening of a developer programme in preparation for the US launch of its Android App store. Following a report early in the week of misdirected texts, Google said it had found the cause and promised a fix soon. CyanogenMod previewed version 7 of its Android Custom ROM software.

• Google previews Android 3.0 "Honeycomb"
• Amazon launches developer programme for Android software
• Android sends texts to wrong recipients
• Google to fix texting bug
• Google: Most Android devices now running version 2.2
• Gingerbread-based CyanogenMod 7.0 previewed

In the battle of the browsers, Firefox nosed past Internet Explorer in Europe, although both browsers are loosing ground to growth in the use of Google Chrome. It's now confirmed that Ubuntu 11.04 will drop OpenOffice.org in favour of LibreOffice and Apache Object-Oriented Data Technology (OODT) has moved out of the incubator to become a top-level Apache project.

• Firefox overtakes Internet Explorer in Europe
• Ubuntu 11.04 to include LibreOffice
• Apache OODT becomes ASF Top-Level Project

Open Source Releases

• SystemRescueCd 2.0.0 with updated kernels
• HandBrake 0.9.5 adds new presets, some Blu-ray support
• Blender 2.56 beta released - Update
• Parted Magic 5.8 can boot and fully operate from RAM
• digiKam 2.0.0 Beta 1 adds face recognition
• VirtualBSD for easy trial of FreeBSD
• Linux kernel 2.6.37 released
• Drupal 7 released
• KDE SC 4.6 RC2 released for testing
• Puppy Linux 5.2 released

Security

Security news this week was a mixture of some flaws with quite broad implications and a few bugs in specific applications. A Google security specialist said he had found bugs in every browser, at least some of which have been known to Chinese hackers; other security experts claimed that Adobe's Flash sandboxes could be bypassed, at least for local Flash files, and that the Linux privilege control capabilities are ineffective. Various internet resource allocation organisations launched RPKI secured routing. WordPress released version 3.1 with a number of fixes, including one for a recently discovered XSS hole, a buffer overflow problem was found in VLC Media Player and version 1.1 of the Piwik web analysis software was released, fixing a number of critical flaws. New versions of PHP were released to fix a DoS vulnerability reported in an earlier story. In its preview of the next patch day, Microsoft has said it will not be fixing recently exposed vulnerabilities in Windows and Internet Explorer since the patches still require more work.

• WordPress 3.1 RC2 includes recent security fix
• Hole in VLC Media Player
• Security tool uncovers multiple bugs in every browser
• Security Update v1.1 for Piwik web analysis software
• Floating point DoS attack
• Flash Player sandbox can be bypassed
• Expert: Linux capabilities don't add security
• PHP 5.3.5 / 5.2.17: Floating-Point bug fixed
• Proof of ownership for IP addresses
• Microsoft Tuesday patches omit known vulnerabilities

Security Alerts

• Microsoft warns of thumbnail hole in Windows

For all last week's news, see The H's last seven days of news, and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(trk)