lwn.net

Security updates have been issued by AlmaLinux (kernel), Mageia (x11-server), Red Hat (emacs and webkit2gtk3), SUSE (ffmpeg-7, govulncheck-vulndb, kernel, and skopeo), and Ubuntu (cmark-gfm, erlang, krb5, linux-gcp-6.8, linux-raspi, linux-kvm, lucene-solr, postgresql-12, postgresql-14, postgresql-16, raptor2, spip, tomcat7, and wpa).

Mozilla has issued an update to its terms of use (TOU) that were announced on February 26. It has removed a reference in the TOU to Mozilla's Acceptable Use Policy "because it seems to be causing more confusion than clarity", and has revised the TOU "to more clearly reflect the limited scope of how Mozilla interacts with user data". The new language says:

You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.

Mozilla has also updated its Privacy FAQ to provide more detail about its reasons for the changes.

One of the many new features packed into the 6.13 kernel release was guard pages, a hardening mechanism that makes it possible to inject zero-access pages into a process's address space in an efficient way. That feature only supports anonymous (user-space data) pages, though. To make guard pages more widely useful, Lorenzo Stoakes has put together a patch set enabling the feature for file-backed pages as well; in the process, he examined and resolved a long list of potential problems that extending the feature could encounter. One potential problem was not on his list, though.

Security updates have been issued by Debian (ffmpeg, kernel, linux-6.1, mariadb-10.5, proftpd-dfsg, and xorg-server), Fedora (chromium, cutter-re, iniparser, nodejs22, rizin, webkitgtk, wireshark, xen, and xorg-x11-server), Mageia (binutils and ffmpeg), Oracle (emacs and kernel), Red Hat (emacs and webkit2gtk3), SUSE (azure-cli, bsdtar, gnutls, govulncheck-vulndb, libX11, libxkbfile, libxml2, nodejs-electron, openssh8.4, ovmf, phpMyAdmin, python, python-azure-identity, python311-jupyter-server, tiff, trivy, u-boot, and wireshark), and Ubuntu (opennds and Ruby SAML).