Debianhelp.co.uk
Debian Security   [more] [xml]
 2016-02-06 DSA-3467 tiff - security update

Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash.

 2016-02-04 DSA-3466 krb5 - security update

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems:

 2016-02-02 DSA-3465 openjdk-6 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography.

 2016-01-31 DSA-3464 rails - security update

Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation.

 2016-01-31 DSA-3463 prosody - security update

It was discovered that insecure handling of dialback keys may allow a malicious XMPP server to impersonate another server.

 2016-01-30 DSA-3462 radicale - security update

Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server.

 2016-01-30 DSA-3461 freetype - security update

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.

 2016-01-30 DSA-3460 privoxy - security update

It was discovered that privoxy, a web proxy with advanced filtering capabilities, contained invalid reads that could enable a remote attacker to crash the application, thus causing a Denial of Service.

 2016-01-28 DSA-3459 mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:

 2016-01-27 DSA-3458 openjdk-7 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography.

 2016-01-27 DSA-3457 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and a buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.

 2016-01-27 DSA-3456 chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser.

 2016-01-27 DSA-3455 curl - security update

Isaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection authenticated as a different user.

 2016-01-27 DSA-3454 virtualbox - security update

Multiple vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.

 2016-01-25 DSA-3453 mariadb-10.0 - security update

Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details:

 2016-01-23 DSA-3452 claws-mail - security update

DrWhax of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail.

 2016-01-20 DSA-3451 fuse - security update

Jann Horn discovered a vulnerability in the fuse (Filesystem in Userspace) package in Debian. The fuse package ships an udev rule adjusting permissions on the related /dev/cuse character device, making it world writable.

 2016-01-20 DSA-3450 ecryptfs-utils - security update

Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges.

 2016-01-19 DSA-3449 bind9 - security update

It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service.

 2016-01-19 DSA-3448 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial-of-service.

 2016-01-17 DSA-3447 tomcat7 - security update

It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section.

 2016-01-14 DSA-3446 openssh - security update

The Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client (an implementation of the SSH protocol suite).

 2016-01-13 DSA-3445 pygments - security update

Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name.

 2016-01-13 DSA-3444 wordpress - security update

Crtc4L discovered a cross-site scripting vulnerability in wordpress, a web blogging tool, allowing a remote authenticated administrator to compromise the site.

 2016-01-13 DSA-3443 libpng - security update

Several vulnerabilities have been discovered in the libpng PNG library. The Common Vulnerabilities and Exposures project identifies the following problems:

 2016-01-13 DSA-3442 isc-dhcp - security update

It was discovered that a maliciously crafted packet can crash any of the isc-dhcp applications. This includes the DHCP client, relay, and server application. Only IPv4 setups are affected.

 2016-01-11 DSA-3441 perl - security update

David Golden of MongoDB discovered that File::Spec::canonpath() in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code.

 2016-01-11 DSA-3440 sudo - security update

When sudo is configured to allow a user to edit files under a directory that they can already write to without using sudo, they can actually edit (read and write) arbitrary files. Daniel Svartman reported that a configuration like this might be introduced unintentionally if the editable files are specified using wildcards, for example:

 2016-01-10 DSA-3439 prosody - security update

Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server. The Common Vulnerabilities and Exposures project identifies the following issues:

 2016-01-09 DSA-3438 xscreensaver - security update

It was discovered that unplugging one of the monitors in a multi-monitor setup can cause xscreensaver to crash. Someone with physical access to a machine could use this problem to bypass a locked session.

 2016-01-09 DSA-3437 gnutls26 - security update

Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.

 2016-01-08 DSA-3436 openssl - security update

Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.


Debian Wiki   [more] [xml]
 2016-02-07T10:16:47Z Sprints/2016/DebianMed2016
 2016-02-07T09:40:29Z FredLeMeur
Debian 4.3.3-7 (2016-01-19)
 2016-02-07T09:35:07Z FredLeMeur/url-010
DebianLive

Linuxtoday.com   [more] [xml]
 Sat, 06 Feb 2016 18:00:00 -0800 Docker Official Images are Moving to Alpine Linux

Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busy box

 Sat, 06 Feb 2016 14:00:00 -0800 MaruOS claims to turn your Android phone into a Linux desktop

Liliputing: Odds are that the smartphone in your pocket is powerful enough to run some desktop apps like office suites, web browsers, and other productivity tools.

 Sat, 06 Feb 2016 10:00:00 -0800 Calligra 2.9.11 Office Suite Launches for Linux with New Krita and Kexi Bugfixes

As expected, Calligra 2.9.11 is only a bugfix release


OSNews   [more] [xml]
 Thu, 04 Feb 2016 23:01:58 GMT New FreeBSD Quarterly Status Report published
The latest FreeBSD Quarterly Status Report is out. Efforts to bring our BSD high standards to new architectures continue, with impressive work on arm64 leading to its promotion to Tier-2 status and a flurry of work bringing up the new RISC-V hardware architecture. Software architecture is also under active development, including system startup and service management. A handful of potential init system replacements are mentioned in this report: launchd, relaunchd, and nosh. Architectural changes originating both from academic research (multipath TCP) and from the realities of industry (sendfile(2) improvements) are also under way. It is heartening to see how FreeBSD provides a welcoming platform for contributions from both research and industry. Everything you need to know to be up to date with FreeBSD.
 Thu, 04 Feb 2016 22:59:24 GMT Google rolling out Marshmallow for Android Wear
Evidence has been mounting over the last few days and it looks like it's finally happening: Android 6.0 for Wear is starting to roll out. Googler Wayne Piekarski just announced on his Google+ feed that OTAs have begun and should continue over the next few weeks. An official blog post by Google lists some of the new features we can expect in the new firmware, including: newly navigation gestures, audio support on speaker-equipped watches, and expanded support for messaging clients. The update itself seems a bit 'eh', but the interesting thing here is that all Android Wear devices will be getting this update to Marshmallow, even the first generation Wear smartwatches. Goes to show that Google does, in fact, know how to do this - now they just need to apply this to phones and tablets.
 Wed, 03 Feb 2016 23:38:58 GMT Microsoft acquires SwiftKey
I'm pleased to announce that Microsoft has entered into a definitive agreement to acquire SwiftKey, whose highly rated, highly engaging software keyboard and SDK powers more than 300 million Android and iOS devices. In this cloud-first, mobile-first world, SwiftKey's technology aligns with our vision for more personal computing experiences that anticipate our needs versus responding to our commands, and directly supports our ambition to reinvent productivity by leveraging the intelligent cloud. SwiftKey estimates that its users have saved nearly 10 trillion keystrokes, across 100 languages, saving more than 100,000 years in combined typing time. Those are impressive results for an app that launched initially on Android in 2010 and arrived on iOS less than two years ago. The 'saved nearly 10 trillion keystrokes' thing sent shivers down my spine.

DistroWatch.com: News   [more] [xml]
 2016-02-07T07:23:12+00:00 Distribution Release: MakuluLinux 10 "Xfce"
Jacque Raymer has announced the release of MakuluLinux 10 "Xfce" edition, a new version of the project's Debian-based distribution for the desktop: "More than 12 months in the making, Makulu 10 Xfce does not disappoint. The focus on this build was stability, speed, social integration, key features that....
 2016-02-06T22:49:00+00:00 Development Release: FreeBSD 10.3-BETA1
Marius Strobl has announced the availability of the initial beta of FreeBSD 10.3: "The first beta build of the 10.3-RELEASE release cycle is now available." The release announcement provides little information about any new features other than the usual bug reporting and system upgrading notes: "If you notice....
 2016-02-06T13:50:16+00:00 Distribution Release: Android-x86 4.4-r5
Chih-Wei Huang has announced the release of Android-x86 4.4-r5, a bug-fix update of an earlier release to fix a "hazy fonts" issue found on some devices. Android-x86 is a project that ports Google's operating system for portable devices to standard desktop and laptop computers. From the release notes:....

powered by zFeeder

 

 

 

 

Translate to Spanish