Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. The Common
Vulnerabilities and Exposures project identifies the following problems:
Tomáš Trnka discovered a heap-based buffer overflow within the gpgsm
status handler of GPGME, a library designed to make access to GnuPG
easier for applications. An attacker could use this issue to cause an
application using GPGME to crash (denial of service) or possibly to
execute arbitrary code.
A denial of service vulnerability was discovered in Drupal, a
fully-featured content management framework. A remote attacker could
exploit this flaw to cause CPU and memory exhaustion and the site's
database to reach the maximum number of open connections, leading to the
site becoming unavailable or unresponsive. More information can be found
Multiple vulnerabilities have been identified in OpenSSL, a Secure
Sockets Layer toolkit, that may result in denial of service
(application crash, large memory consumption), information leak,
protocol downgrade. Additionally, a buffer overrun affecting only
applications explicitly set up for SRP has been fixed (CVE-2014-3512).
Jakub Wilk discovered a remote command execution flaw in reportbug, a
tool to report bugs in the Debian distribution. A man-in-the-middle
attacker could put shell metacharacters in the version number allowing
arbitrary code execution with the privileges of the user running
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail and news client: Multiple memory safety
errors and use-after-frees may lead to the execution of arbitrary code
or denial of service.
Don A. Bailey from Lab Mouse Security discovered an integer overflow
flaw in the way the lzo library decompressed certain archives compressed
with the LZO algorithm. An attacker could create a specially crafted
LZO-compressed input that, when decompressed by an application using the
lzo library, would cause that application to crash or, potentially,
execute arbitrary code.
Martin Holst Swende discovered a flaw in the way chunked requests are
handled in ModSecurity, an Apache module whose purpose is to tighten the
Web application security. A remote attacker could use this flaw to
bypass intended mod_security restrictions by using chunked transfer
coding with a capitalized Chunked value in the Transfer-Encoding HTTP
header, allowing to send requests containing content that should have
been removed by mod_security.
It was discovered that the web interface in CUPS, the Common UNIX
Printing System, incorrectly validated permissions on rss files and
directory index files. A local attacker could possibly use this issue
to bypass file permissions and read arbitrary files, possibly leading
to a privilege escalation.
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution of
arbitrary code, breakouts of the Java sandbox, information disclosure or
denial of service.
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors and
use-after-frees may lead to the execution of arbitrary code or denial
Mobile apps have skyrocketed in popularity and utility since Apple introduced the iPhone App Store in the summer of 2008. Apps now represent 52% of time spent with digital media in the US, according to comScore, up from 40% in early 2013. Apple boasted 75 billion all-time App Store downloads at its developers conference in June, and followed up by declaring July the best month ever for App Store revenue, with a record number of people downloading apps.
Yet most US smartphone owners download zero apps in a typical month, according to comScore's new mobile app report.
Companies like Apple like to boast about the 'app economy', but in reality, the situation is a whole lot less rosy and idealistic than they make it out to be. I think most smartphone buyers download the bare essentials like Facebook, Twitter, Candy Crush, and their local banking application, and call it quits.
Together with the problematic state of application stores, the 'app economy' isn't as sustainable as once thought.
Microsoft is planning to unveil its Windows 8 successor next month at a special press event. Sources familiar with Microsoftâs plans tell The Verge that the software maker is tentatively planning its press event for September 30th to detail upcoming changes to Windows as part of a release codenamed "Threshold." This date may change, but the Threshold version of Windows is currently in development and Microsoft plans to release a preview version of what will likely be named Windows 9 to developers on September 30th or shortly afterwards. The date follows recent reports from ZDNet that suggested Microsoft is planning to release a preview version of Windows 9 in late September or early October.
Microsoft is really stepping up its release schedule. Good.
Two related stories.
Microsoft's Windows Store is a mess. It's full of apps that exist only to scam people and take their money. Why doesn't Microsoft care that their flagship app store is such a cesspool?
It's now been more than two years since Windows 8 was released, and this has been a problem the entire time, and it is getting worse. If Microsoft was trying to offer a safe app store to Windows users, they've failed.
Flappy Bird wasn't the first game to spawn an entire ecosystem of me-too clones, nor will it be the last. And now that the developer of the insanely difficult but addicting game has released the even more insanely difficult and even more addicting (is that even possible?) Swing Copters, well, we're seeing it again.
This applies to all application stores. They are filled to the brim with crapware nobody wants, making the experience of using them pretty unappealing. Since Apple, Google, and Microsoft care about quantity instead of quality, I don't think this will change any time soon.
Anke Boersma has announced the release of KaOS 2014.08, a desktop Linux distribution featuring the just-released KDE 4.14 desktop: "With KDE releasing the new major version, KDE 4.14.0, offering primarily improvements and bug fixes, KaOS is happy to be able to present you a new ISO image with....
Alan Baghumian has announced the availability of the initial test release of Parsix GNU/Linux 7.0, a Debian-based distribution featuring the GNOME 3.12 desktop: "We are happy to announce the immediate availability of the first testing release of Parsix GNU/Linux 7.0-TEST-1, code name 'Nestor'. Parsix GNU/Linux 7.0 brings the....
Bill Reynolds has announced the release of PCLinuxOS 2014.08, the latest update of the project's "KDE", "FullMonty", "MiniMe", "LXDE" and "MATE" editions. Released on 12 August, it was formally announced earlier today: "All official ISO images were updated on 2014-08-12 and are available for direct download or via....