Debianhelp.co.uk
Debian Security   [more] [xml]
 2014-07-11 DSA-2977 libav - security update

Don A. Baley discovered an integer overflow in the lzo compression handler which could result in the execution of arbitrary code.

 2014-07-10 DSA-2976 eglibc - security update

Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings.

 2014-07-09 DSA-2975 phpmyadmin - security update

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-07-08 DSA-2974 php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-07-07 DSA-2973 vlc - security update

Multiple buffer overflows have been found in the VideoLAN media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code.

 2014-07-06 DSA-2972 linux - security update

Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

 2014-07-02 DSA-2971 dbus - security update

Several vulnerabilities have been discovered in dbus, an asynchronous inter-process communication system. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-06-29 DSA-2970 cacti - security update

Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool.

 2014-06-27 DSA-2969 libemail-address-perl - security update

Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.

 2014-06-27 DSA-2968 gnupg2 - security update

Jean-René Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop.

 2014-06-25 DSA-2967 gnupg - security update

Jean-René Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop.

 2014-06-23 DSA-2966 samba - security update

Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server:

 2014-06-22 DSA-2965 tiff - security update

Murray McAllister discovered a heap-based buffer overflow in the gif2tiff command line tool. Executing gif2tiff on a malicious tiff image could result in arbitrary code execution.

 2014-06-21 DSA-2964 iodine - security update

Oscar Reparaz discovered an authentication bypass vulnerability in iodine, a tool for tunneling IPv4 data through a DNS server. A remote attacker could provoke a server to accept the rest of the setup or also network traffic by exploiting this flaw.

 2014-06-17 DSA-2963 lucene-solr - security update

Multiple vulnerabilities were found in Solr, an open source enterprise search server based on Lucene, resulting in information disclosure or code execution.

 2014-06-17 DSA-2962 nspr - security update

Abhiskek Arya discovered an out of bounds write in the cvt_t() function of the NetScape Portable Runtime Library which could result in the execution of arbitrary code.

 2014-06-16 DSA-2961 php5 - security update

It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.

 2014-06-16 DSA-2960 icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.

 2014-06-14 DSA-2959 chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser.

 2014-06-12 DSA-2958 apt - security update

Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via "apt-get source". This only affects use cases where source packages are downloaded via this command; it does not affect regular Debian package installation and upgrading.

 2014-06-12 DSA-2957 mediawiki - security update

Omer Iqbal discovered that Mediawiki, a wiki engine, parses invalid usernames on Special:PasswordReset as wikitext when $wgRawHtml is enabled. On such wikis this allows an unauthenticated attacker to insert malicious JavaScript, a cross site scripting attack.

 2014-06-11 DSA-2956 icinga - security update

Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking.

 2014-06-11 DSA-2955 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service.


Debian Wiki   [more] [xml]
 2014-07-13T03:25:15Z DanielKahnGillmor
dkg is a DD!
 2014-07-13T01:53:44Z SELinux/Setup
false positive bug# added
 2014-07-12T20:55:15Z FAQsFromDebianUser
In sid it is possible to install google-earth-stable, but you need remove lsb-core dependency

Linuxtoday.com   [more] [xml]
 Fri, 11 Jul 2014 19:00:00 -0700 Operating System U: a new Linux, Wayland based operating system

The Mukt: OSu is Linux-based. It boasts a Wayland display server, which I love because it squashes clunky xorg extensions and renders directly.

 Fri, 11 Jul 2014 15:00:00 -0700 Who Are the Docker Developers?

The New Stack: After we gathered a list of contributors, we wanted to know what organizations they belonged to, and whether there were organizations more active than others.

 Fri, 11 Jul 2014 14:00:00 -0700 11 ways LXLE Linux will make you forget all about XP

PC World: A brand-new LXLE 14.04 made its debut a few weeks ago, and it’s packed with new features while remaining lightweight and speedy.


OSNews   [more] [xml]
 Sat, 12 Jul 2014 00:44:43 GMT Pixar's Ed Catmull central figure in the wage-fixing scandal
If you think only Apple, Google, Intel, and several other technology companies flagrantly broke the law by illegally robbing their employees of wages - think again. As it turns out, the digital animation industry - centering around Steve Jobs' Pixar, unsurprisingly - was just as bad. [Pixar's] Catmull's deposition and emails from the lawsuit confirm that he was instrumental in operating a secret wage-theft cartel that violated the Sherman Antitrust Act. But it's even worse than you think. The cartel orchestrated in large part by Catmull robbed potential wages and job opportunities from thousands of animation industry workers at other studios, including DreamWorks, Lucasfilm, Robert Zemeckis’ ImageMovers, the now-defunct Orphanage, and Walt Disney Animation Studios. Pando Daily has the meat on this story (here and here). The wage fixing scandal is way, way more sprawling than anyone could have originally anticipated. The sad thing is that the criminals behind this illegal behaviour - Steve Jobs, Tim Cook, Eric Schmidt, George Lucas, Ed Catmull, and many, many more - will never have to face any serious consequences for their crimes.
 Fri, 11 Jul 2014 21:57:30 GMT Samsung delays its first Tizen phone yet again
Samsung has delayed its first Tizen phone yet again (this one). The official launch was to come at Thursday's event for Tizen developers in Moscow, complete with market-ready products. But, in an echo of Samsung's most recent failure to launch a Tizen smartphone - in Japan earlier this year - the launch was canceled just days earlier. Samsung provided no concrete date for the rollout of the commercial version of the phone at the developer summit but said in a statement Thursday that "the smartphone will appear on the Russian market later, when we can offer our users a fullest portfolio of applications". While few people will care about this delay, there is one small group to whom this will be devastating news. In all seriousness, nobody - not even Samsung itself - sees Tizen as a serious option or competitor to Android, and this news only serves to make that even clearer. Certain people keep trying to posit Tizen as some sort of huge threat to Android or as a sign that Samsung is seriously considering dumping Android (presumably thereby crippling Android and Google), but anyone with even the remotest bit of sense realises this makes about as much sense as a software patent. No amount of wishful thinking is going to make Tizen happen.
 Fri, 11 Jul 2014 16:51:19 GMT Xplain: explaining X for the rest of us
However, I still field plenty of questions from lots of people about this, and a lot of the time, it's extremely simple stuff: "What is X?" "How does it interact with my graphics card and mouse/keyboard?" "What do apps use X for?" "What is Wayland, and how does it fit into the picture?" "What problems did X have that made us want to write new display server technologies?" These sort of questions were what inspired me to write "The Linux Graphics Stack" in the first place, but there's really never been a comprehensive, historical writeup of our display server technologies in general. So, I chose to spend my free time at Red Hat writing it. A very fun look at what X actually is - including embedded X server sessions running in your browser using HTML5 canvas. Fancy.

DistroWatch.com: News   [more] [xml]
 2014-07-12T09:04:25+00:00 Distribution Release: Chitwanix OS 1.5
Chitwanix OS is a Linux distribution developed by a community of Linux developers in Nepal. Based on Ubuntu and featuring a desktop environment called Sagarmatha (a fork of Cinnamon), the distribution's second stable release, version 1.5, was announced today: "The team is proud to announce the release of....
 2014-07-09T14:29:53+00:00 Development Release: Red Hat Enterprise Linux 5.11 Beta
Red Hat has announced the availability of the beta release of Red Hat Enterprise Linux (RHEL) 5.11. This is expected to be the last release of the 5.x series of RHEL whose 10-year support cycle will terminate in 2017. From the release announcement: "When Red Hat Enterprise Linux....
 2014-07-09T07:24:21+00:00 Distribution Release: Kwort Linux 4.1
David Cortarello has announced the release of Kwort Linux 4.1, a lightweight CRUX-based distribution with Openbox and a custom package manager called kpkg: "Kwort Linux 4.1 is out. This new version is fast, stable, and simple as always. Everything has been built from scratch in a clean way.....

powered by zFeeder

 

 

 

 

Translate to Spanish