Debianhelp.co.uk
Debian Security   [more] [xml]
 2015-04-01 DSA-3211 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery.

 2015-03-31 DSA-3210 wireshark - security update

Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.

 2015-03-30 DSA-3209 openldap - security update

Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol.

 2015-03-29 DSA-3208 freexl - security update

Jodie Cunningham discovered multiple vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.

 2015-03-28 DSA-3207 shibboleth-sp2 - security update

A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash.

 2015-03-28 DSA-3206 dulwich - security update

Multiple vulnerabilities have been discovered in Dulwich, a Python implementation of the file formats and protocols used by the Git version control system. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-03-27 DSA-3205 batik - security update

Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.

 2015-03-24 DSA-3204 python-django - security update

Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to perform a cross-site scripting attack.

 2015-03-22 DSA-3203 tor - security update

Several denial-of-service issues have been discovered in Tor, a connection-based low-latency anonymous communication system.

 2015-03-22 DSA-3202 mono - security update

Researchers at INRIA and Xamarin discovered several vulnerabilities in mono, a platform for running and developing applications based on the ECMA/ISO Standards. Mono's TLS stack contained several problems that hampered its capabilities: those issues could lead to client impersonation (via SKIP-TLS), SSLv2 fallback, and encryption weakening (via FREAK).

 2015-03-22 DSA-3201 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-03-20 DSA-3200 drupal7 - security update

Multiple vulnerabilities have been found in the Drupal content management framework. More information can be found at

 2015-03-20 DSA-3199 xerces-c - security update

Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c, a validating XML parser library for C++. The parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. An unauthenticated attacker could use this flaw to cause an application using the xerces-c library to crash.

 2015-03-20 DSA-3198 php5 - security update

Multiple vulnerabilities have been discovered in the PHP language:

 2015-03-19 DSA-3197 openssl - security update

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:

 2015-03-18 DSA-3196 file - security update

Hanno Boeck discovered that file's ELF parser is suspectible to denial of service.

 2015-03-18 DSA-3195 php5 - security update

Multiple vulnerabilities have been discovered in the PHP language:

 2015-03-17 DSA-3194 libxfont - security update

Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation.

 2015-03-17 DSA-3193 tcpdump - security update

Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code.

 2015-03-17 DSA-3192 checkpw - security update

Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password authentication program, has a flaw in processing account names which contain double dashes. A remote attacker can use this flaw to cause a denial of service (infinite loop).

 2015-03-15 DSA-3191 gnutls26 - security update

Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-03-15 DSA-3190 putty - security update

Patrick Coleman discovered that the Putty SSH client failed to wipe out unused sensitive memory.

 2015-03-15 DSA-3189 libav - security update

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at

 2015-03-15 DSA-3188 freetype - security update

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.

 2015-03-15 DSA-3187 icu - security update

Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.

 2015-03-13 DSA-3186 nss - security update

It was discovered that the Mozilla Network Security Service library (nss) incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.

 2015-03-12 DSA-3185 libgcrypt11 - security update

Multiple vulnerabilities were discovered in libgcrypt:

 2015-03-12 DSA-3184 gnupg - security update

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:

 2015-03-12 DSA-3183 movabletype-opensource - security update

Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-03-11 DSA-3182 libssh2 - security update

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash (denial of service) or otherwise read and use unintended memory areas in this process.

 2015-03-10 DSA-3181 xen - security update

Multiple security issues have been found in the Xen virtualisation solution:

 2015-03-10 DSA-3177 mod-gnutls - security update

Thomas Klute discovered that in mod-gnutls, an Apache module providing SSL and TLS encryption with GnuTLS, a bug caused the server's client verify mode not to be considered at all, in case the directory's configuration was unset. Clients with invalid certificates were then able to leverage this flaw in order to get access to that directory.

 2015-03-05 DSA-3180 libarchive - security update

Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.


Debian Wiki   [more] [xml]
 2015-04-01T21:52:59Z DebianEvents/fr/2015/Minidebconf
Add myself to the participant list
 2015-04-01T20:24:44Z DebianHams/Meetings
 2015-04-01T19:25:48Z LTS/Logos
new logo, logo5

Linuxtoday.com   [more] [xml]
 Wed, 01 Apr 2015 07:00:00 -0700 How to Generate/Encrypt/Decrypt Random Passwords in Linux

 tecmint: In this article, we will share some interesting Linux tips and tricks to generate random passwords and also how to encrypt and decrypt passwords with or without slat method.

 Wed, 01 Apr 2015 06:00:00 -0700 $13 HAT aims Raspberry Pi at real-world I/O projects

 LinuxGizmos: Pimoroni's $13 "Explorer HAT" add-on for the Raspberry Pi can drive motors and touchscreens, integrate sensors, interface with 5V devices, and more.

 Wed, 01 Apr 2015 05:00:00 -0700 How to Use Python SimpleHTTPServer to Create Webserver or Serve Files Instantly

 tecmint: SimpleHTTPServer is a python module which allows you to instantly create a web server or serve your files in a snap.


OSNews   [more] [xml]
 Wed, 01 Apr 2015 18:26:10 GMT Old iPhones can help children with autism
A couple of weeks ago, my daughter Grace lost her iPhone. Grace is a 15-year-old with a diagnosis of autism and a severe speech delay. Some people would call her "non-verbal" but she can say a few words and if people don't understand she shows them a picture. When Gracie was small, she used to have to carry a big book around to hold these pictures, but then the iPhone was invented and a very kind person gave us one to try. I was able to transfer all her pictures onto a folder on that phone and whenever we didn't have a picture, we could take a photograph and add that to her collection. Grace is considered to have an intellectual disability but she had no trouble navigating that iPhone, and she carried it around with her everywhere in an especially strong cover to protect against accidents. With the help of a young Irish gaming developer called Steve Troughton-Smith, I was able to create an App to store and sort those pictures and in honour of my daughter, he called it Grace App. The start of a lovely initiative to donate old iPhones to children with autism. The organisation restores any iOS 6-capable iPhone or iPad to factory settings, loads the Grace application, puts them a tough, donated case, and gives them to a child who uses it to greatly expand his or her communication abilities. It shows just how important technology like smartphones has become for people with disabilities or other problems. It can enable some of them to lead much richer lives, and that really puts a huge smile on my face. The application Grace is available for both iOS and Android, so if you know someone who could benefit from it - let them know.
 Wed, 01 Apr 2015 15:39:11 GMT MS-DOS Mobile
If you've got a Windows Phone, today is your lucky day. On April 1, Microsoft released DOS for mobile: "All the productivity you’ve come to expect from Microsoft in the simplest OS yet." Update: There's also a video ad.
 Tue, 31 Mar 2015 21:26:37 GMT Google unveils lots of new ChromeOS devices
Google has unveiled a whole lot of new Chrome OS devices today - mostly laptops - but there's also a small Chromecast-like dongle that you can slip into any HDMI port and turn that display into a full-on Chrome OS machine. It's only $99, which puts it right into impulse-buy territory. One of the laptops is a convertible with a touchscreen, which seems odd at first because Chrome OS isn't really built with touch in mind. It starts to make more sense, however, when you combine with the news that Google is opening up the App Runtime for Chrome to all Android developers, allowing them to get their Android applications ready for Chrome OS. It seems Google's vision for Chrome OS and Android is becoming clear. A few years from now, Chrome OS or Android will be a distinction without a difference for most people.

DistroWatch.com: News   [more] [xml]
 2015-04-01T22:00:09+00:00 Distribution Release: Emmabuntüs 3 1.01
The Emmabuntüs team has announced the availability of a new release of their lightweight distribution for recycled computers. The new release is based on Xubuntu 14.04.2 LTS and features a range of useful desktop software. "This new release is designed to improve the efficiency of the refurbishing tasks....
 2015-04-01T14:18:41+00:00 Development Release: Simplicity Linux 15.4 Beta
David Purse has announced the availability of the alpha release of Simplicity Linux 15.4, a lightweight Puppy-based distribution featuring the LXDE desktop: "We are pleased to announce that Simplicity Linux 15.4 beta is now available to download. We are releasing Netbook and Desktop betas, both available for the....
 2015-04-01T00:12:56+00:00 Distribution Release: CentOS 7.1-1503
Karanbir Singh has announced the availability of the first point update to CentOS 7, a Linux distribution built by compiling the source code of Red Hat Enterprise Linux 7: "We would like to announce the general availability of CentOS Linux 7 (1503) for 64-bit x86-compatible machines. This is....

powered by zFeeder

 

 

 

 

Translate to Spanish