Two vulnerabilities have been discovered in dokuwiki. Access control in
the media manager was insufficiently restricted and authentication could
be bypassed when using Active Directory for LDAP authentication.
Chad Vizino reported a vulnerability in torque, a PBS-derived batch
processing queueing system. A non-root user could exploit the flaw in
the tm_adopt() library call to kill any process, including root-owned
ones on any node in a job.
Sogeti found a denial of service flaw in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, would lead to excessive CPU consumption
(denial of service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default behavior.
Several vulnerabilities were discovered in libtasn1-3, a library that
manages ASN1 (Abstract Syntax Notation One) structures. An attacker
could use those to cause a denial-of-service via out-of-bounds access
or NULL pointer dereference.
Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details:
Jouni Malinen discovered an input sanitization issue in the wpa_cli and
hostapd_cli tools included in the wpa package. A remote wifi system
within range could provide a crafted string triggering arbitrary code
execution running with privileges of the affected wpa_cli or hostapd_cli
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors, buffer
overflows, use-after-frees and other implementation errors may lead to
the execution of arbitrary code, denial of service, the bypass of the
same-origin policy or a loss of privacy.
Mancha discovered a vulnerability in rsyslog, a system for log
processing. This vulnerability is an integer overflow that can be
triggered by malformed messages to a server, if this one accepts data
from untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.
It was reported that MediaWiki, a website engine for collaborative work,
is not allowed. A wiki user could be tricked into performing actions by
from CSS, on security-wise sensitive pages like Special:Preferences and
Special:UserLogin. This update removes the separation of CSS and
Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool
files cause ctags to enter an infinite loop until it runs out of disk
space, resulting in denial of service.
What if Microsoft released an operating system in the chasm between Windows 3.1 and Windows 95? It might look something like Windows 93, an interactive art project by Jankenpopp and Zombectro that you can try right in your browser.
Those who are eager to try out OS X Yosemite on any compatible Intel-based PC can follow a simple guide to install the same using UniBeast tool. The UniBeast tool creates a bootable installer via downloaded version of OS X Yosemite.
The Warpstock annual conference was held on Oct 24 to 26 on St. Louis, Missouri. These conferences are related to the OS/2 and eComStation platform. Currently there are two reviews of the event online at OS2World and at WarpCity2 blog. Between the relevant news there is a new company called "Arca Noae" that will focus on software development for the platform. They are working on ACPI, USB, Network and other drivers for the platform. Additionally Mensys also gave some light why there haven't been activity on the last year. Arca Noae announced driver releases and software subscription products for the users of this platform.
Samuel Baggen has announced the release of Elive 2.4.0, a new beta of the Debian-based distribution with a customised Enlightenment 17 desktop: "The Elive team is proud to announce the release of the beta version 2.4.0. This new version includes: new Linux kernel 3.16; Reiser4 (stable version) officially....
David Purse has announced the release of Simplicity Linux 14.10, a set of Puppy Linux-based distributions with LXDE as the preferred desktop (and now also an experimental edition with KDE): "Simplicity Linux 14.10 is now available for everyone to download. It uses the 3.15.4 kernel. The Netbook....
José Antonio Calvo has announced the release of Zentyal Server 4.0, a new version of the project's Ubuntu-based distribution designed for small business servers: "The Zentyal development team is proud to announce Zentyal Server 4.0, a new release of the open-source Linux small business server with native Microsoft....