Debian Security   [more] [xml]
 2015-01-27 DSA-3142 eglibc - security update

Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library:

 2015-01-27 DSA-3141 wireshark - security update

Multiple vulnerabilities were discovered in the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial of service.

 2015-01-27 DSA-3140 xen - security update

Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation.

 2015-01-25 DSA-3139 squid - security update

Matthew Daley discovered that squid, a web proxy cache, does not properly perform input validation when parsing requests. A remote attacker could use this flaw to mount a denial of service attack, by sending specially crafted Range requests.

 2015-01-25 DSA-3138 jasper - security update

An off-by-one flaw, leading to a heap-based buffer overflow (CVE-2014-8157), and an unrestricted stack memory use flaw (CVE-2014-8158) were found in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.

 2015-01-24 DSA-3137 websvn - security update

James Clawson discovered that websvn, a web viewer for Subversion repositories, would follow symlinks in a repository when presenting a file for download. An attacker with repository write access could thereby access any file on disk readable by the user the webserver runs as.

 2015-01-24 DSA-3136 polarssl - security update

A vulnerability was discovered in PolarSSL, a lightweight crypto and SSL/TLS library. A remote attacker could exploit this flaw using specially crafted certificates to mount a denial of service against an application linked against the library (application crash), or potentially, to execute arbitrary code.

 2015-01-23 DSA-3135 mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:

 2015-01-20 DSA-3134 sympa - security update

A vulnerability has been discovered in the web interface of sympa, a mailing list manager. An attacker could take advantage of this flaw in the newsletter posting area, which allows sending to a list, or to oneself, any file located on the server filesystem and readable by the sympa user.

 2015-01-20 DSA-3133 privoxy - security update

Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy.

 2015-01-19 DSA-3132 icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service.

 2015-01-18 DSA-3131 xdg-utils - security update

John Houwer discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.

 2015-01-16 DSA-3130 lsyncd - security update

It was discovered that lsyncd, a daemon to synchronize local directories using rsync, performed insufficient sanitising of filenames which might result in the execution of arbitrary commands.

 2015-01-15 DSA-3129 rpm - security update

Two vulnerabilities have been discovered in the RPM package manager.

 2015-01-15 DSA-3128 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.

 2015-01-14 DSA-3127 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service.

 2015-01-12 DSA-3126 php5 - security update

It was discovered that libmagic as used by PHP, would trigger an out of bounds memory access when trying to identify a crafted file.

 2015-01-11 DSA-3125 openssl - security update

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:

 2015-01-10 DSA-3124 otrs2 - security update

Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered a privilege escalation vulnerability in otrs2, the Open Ticket Request System. An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.

 2015-01-09 DSA-3123 binutils - security update

Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, path traversal attack or denial of service.

 2015-01-08 DSA-3122 curl - security update

Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in a way that was not intended, or insert additional request headers into the request.

 2015-01-08 DSA-3121 file - security update

Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files.

 2015-01-06 DSA-3120 mantis - security update

Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.

 2015-01-06 DSA-3119 libevent - security update

Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

 2015-01-05 DSA-3118 strongswan - security update

Mike Daskalakis reported a denial of service vulnerability in charon, the IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establish IPsec protected links.

 2014-12-31 DSA-3117 php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

 2014-12-30 DSA-3116 polarssl - security update

It was discovered that a memory leak in parsing X.509 certificates may result in denial of service.

 2014-12-29 DSA-3115 pyyaml - security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash.

 2014-12-29 DSA-3114 mime-support - security update

Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code.

Debian Wiki   [more] [xml]
 2015-01-28T08:15:58Z DebianPureBlends/SoB
Add qmapshack to sponsor table
 2015-01-28T02:54:43Z ReproducibleBuilds/SphinxIssues
 2015-01-28T01:55:07Z PHP/SymfonyComponents
Update php-email-validator status (still WIP)   [more] [xml]
 Tue, 27 Jan 2015 19:00:00 -0800 Clamping down on users with rbash

 ITworld: One way to restrict what users can do on your Linux systems is by using rbash -- the restricted Bourne Again shell --

 Tue, 27 Jan 2015 16:42:00 -0800 Setting up a private Docker registry

Why would you want to set up a private registry?

 Tue, 27 Jan 2015 15:00:00 -0800 Ghost Vulnerability in glibc Affects All Linux Systems

 ThreatPost: A critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000.

OSNews   [more] [xml]
 Tue, 27 Jan 2015 23:20:44 GMT Microsoft Surface sales increase by 24%
The Surface line has officially crossed the billion dollar mark for revenue demonstrating a 24% growth from the previous quarter. In other words, the big holiday season looks to have been successful in pushing the Surface Pro 3, which drove the growth, into more hands than ever. The Surface Pro is an amazingly well-built product. I'm glad it's finding modest success.
 Tue, 27 Jan 2015 23:15:46 GMT Apple Watch will be released in April
Apple CEO Tim Cook just announced that the Apple Watch will begin shipping in April. Cook revealed the shipping timeframe during Apple's quarterly earnings call with investors; the company enjoyed a blockbuster quarter backed by massive iPhone sales and huge growth in China. Now it will look to carry that success forward with the launch of Apple Watch, its first major new product since the debut of iPad in 2010. "We’re making great progress in the development of it," Cook said. He also revealed that Apple is encouraged by the response from developers and app makers so far, saying "We’re seeing some incredible innovation." The Apple Watch could be a crappy product, but with these kinds of iPhone sales numbers, even a dud would be a huge success. These numbers are beyond my comprehension.
 Tue, 27 Jan 2015 23:05:03 GMT Mezzano: operating system written in Common Lisp
Mezzano, an operating system written in Common Lisp. What is says on the tin. Instructions for building this for VirtualBox are also available. News   [more] [xml]
 2015-01-28T03:07:49+00:00 Distribution Release: GParted Live 0.21.0-1
Curtis Gedak has announced the release of a new stable version of GParted Live, a Debian-based live CD featuring a range of software for disk partitioning and data rescue tasks: "The GParted team is proud to announce a new stable release of GParted Live. This live image contains....
 2015-01-26T07:13:17+00:00 Development Release: Evolve OS Beta 1
Ikey Doherty has announced the availability of the first beta release of Evolve OS, a desktop Linux distribution built from scratch, with a home-made desktop called "Budgie" and a custom package manager forked from Pardus Linux: "The Evolve OS team is proud to announce the release of Evolve....
 2015-01-26T01:38:40+00:00 DistroWatch Weekly, Issue 594
This week in DistroWatch Weekly: Reviews: First thoughts on KaOS 2014.12 News: Getting involved with Ubuntu, Snappy Ubuntu Core for embedded devices, Debian releases new installer for "Jessie", using DragonFly BSD's Slider, Fedora fixes PackageKit, features coming to Fedora 22, and FreeBSD's quarterly status report Questions and....

powered by zFeeder





Translate to Spanish