Debian Security   [more] [xml]
 2015-08-31 DSA-3346 drupal7 - security update

Several vulnerabilities were discovered in Drupal, a content management framework:

 2015-08-29 DSA-3345 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-08-27 DSA-3344 php5 - security update

Multiple vulnerabilities have been discovered in the PHP language:

 2015-08-26 DSA-3343 twig - security update

James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.

 2015-08-20 DSA-3342 vlc - security update

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files.

 2015-08-20 DSA-3341 conntrack - security update

It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets.

 2015-08-19 DSA-3340 zendframework - security update

Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data.

 2015-08-19 DSA-3339 openjdk-6 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.

 2015-08-18 DSA-3338 python-django - security update

Lin Hua Cheng discovered that a session could be created when anonymously accessing the django.contrib.auth.views.logout view. This could allow remote attackers to saturate the session store or cause other users' session records to be evicted.

 2015-08-18 DSA-3337 gdk-pixbuf - security update

Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a malformed image is opened.

 2015-08-17 DSA-3336 nss - security update

Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-08-13 DSA-3335 request-tracker4 - security update

It was discovered that Request Tracker, an extensible trouble-ticket tracking system is susceptible to a cross-site scripting attack via the user and group rights management pages (CVE-2015-5475) and via the cryptography interface, allowing an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected by the second cross-site scripting vulnerability.

 2015-08-12 DSA-3334 gnutls28 - security update

Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName (DN) entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause the application to crash resulting in a denial of service.

 2015-08-12 DSA-3333 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of service.

 2015-08-11 DSA-3332 wordpress - security update

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine.

 2015-08-10 DSA-3331 subversion - security update

Several security issues have been found in the server components of the version control system subversion.

 2015-08-07 DSA-3330 activemq - security update

It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command.

 2015-08-07 DSA-3329 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.

 2015-08-04 DSA-3328 wordpress - security update

Several vulnerabilities have been found in Wordpress, the popular blogging engine.

 2015-08-03 DSA-3327 squid3 - security update

Alex Rousskov of The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not correctly handle CONNECT method peer responses when configured with cache_peer and operating on explicit proxy traffic. This could allow remote clients to gain unrestricted access through a gateway proxy to its backend proxy.

 2015-08-02 DSA-3326 ghostscript - security update

William Robinet and Stefan Cornelius discovered an integer overflow in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or potentially execution of arbitrary code if a specially crafted file is opened.

Debian Wiki   [more] [xml]
 2015-09-01T11:55:19Z Games/GameDataPackager
move up list of game URL, so that it doesn't get lost among other URL's
 2015-09-01T11:09:17Z DebianPureBlends/SoB
Add mathic
 2015-09-01T08:32:14Z DebianWomen/ListSpamCleaning
2015/08 added   [more] [xml]
 Tue, 01 Sep 2015 04:00:00 -0700 Linux and Unix dig Command Examples
 Mon, 31 Aug 2015 23:00:00 -0700 Back to school: 5 open source programs for students and teachers Charlie Reisinger takes a look at a few affordable and stress-free open source software tools to help students and teachers make learning fun.

 Mon, 31 Aug 2015 19:00:00 -0700 Trouble Maker - Breaks Your Linux Machine and Ask You to Fix Broken Linux

 tecmint: This is a nice way of learning to fix a broken Linux System.

OSNews   [more] [xml]
 Mon, 31 Aug 2015 17:08:12 GMT Genode 15.08 runs on top of the Muen separation kernel
The Genode project announced the version 15.08 of their OS framework. The most prominent topics of the current release are the use of Genode as day-to-day operating system by their developers and the added ability to run Genode-based systems on top of the Muen separation kernel. Where monolithic kernel architectures represent one extreme with respect to kernel complexity, separation kernels mark the opposite end. The code complexity of monolithic OS kernels such as Linux is usually counted in terms of millions of lines of code. In stark contrast, modern microkernels such as NOVA and seL4 are comprised of only ten thousand lines of code. Separation kernels go even a step further by reducing the code complexity to only a few thousand lines of code. How is that possible? The answer lies in the scope of functionality addressed by the different types of kernels. The high complexity of monolithic kernels stems from the fact that all major OS functionalities are considered as being in the scope of the kernel. In particular, device drivers and protocol stacks account for most of the code in such kernels. Microkernels disregard such functionalities from the scope of the kernel by moving them to user-level components. The kernel solely retains the functionality that is fundamentally needed to enable those components to work and collaborate. In order to accommodate a wide range of workloads, microkernels typically provide interfaces to user land that enable the dynamic management of low-level resources such as memory, devices, and processing time. Genode's designated role is to supplement microkernels with a scalable and secure user-level OS architecture. In contrast to microkernels, separation kernels disregard dynamic resource management from their scope. All physical resources are statically assigned to a fixed set of partitions at system-integration time and remain unchanged over the lifetime of the system. The flexibility of microkernels is traded for the benefit of further complexity reduction. Their low complexity of just a few thousand lines of code make separation kernels appealing for high-assurance computing. On the other hand, their static nature imposes limitations on their application areas. Muen as a representative of separation kernels is special in two ways. First, whereas most separation kernels are proprietary software solutions, Muen is an open-source project. Second, the kernel is implemented in the safe SPARK programming language, which is able to formally verify the absence of implementation bugs such as buffer overflows, integer-range violations, and exceptions. Thanks to the close collaboration between the Muen developers and the Genode community, the assurance of the Muen separation kernel can now be combined with the rich component infrastructure provided by Genode. From Genode's perspective, Muen is another architecture for their custom base-hw kernel. In fact, with Genode on Muen, a microkernel-based system is running within the static boundaries of one Muen partition. This way, the component isolation enforced by the base-hw kernel and the static isolation boundaries enforced by Muen form two lines of defense for protecting security-critical system functions from untrusted code sandboxed within a Genode subsystem. The second major theme of the current release is the use of Genode as the day-to-day operating system by its developers. Since the beginning of June, one of the core developers is exclusively working with a Genode/NOVA-based system. The key element is VirtualBox with its powerful guest-host integration features. It allows for an evolutionary transition from Linux-centric work flows to the use of native Genode applications. Network connectivity is provided by the Intel wireless stack ported from the Linux kernel. File-system access is based on NetBSD's rump kernels. For using command-line based GNU software directly on Genode, the Noux runtime environment comes in handy. The daily use of Genode as general-purpose OS motivated many recent developments, ranging from the management of kernel memory in NOVA, over new system monitoring facilities, SMP guest support in VirtualBox, to user-facing improvements of the GUI stack. These and many more topics are covered by the comprehensive release documentation.
 Mon, 31 Aug 2015 17:08:06 GMT Sailfish OS 1.1.7 released
This new release - one of the final 1.x released before 2.0 and the tablet hit, I suppose - integrates a whole bunch of options and settings related to the Android application support into the Sailfish settings applications, such as stopping/restarting Alien Dalvik, blocking Android applications from accessing your Sailfish contacts, allowing Android applications to keep running properly in the background, and so on. There's more, so be sure to update.
 Mon, 31 Aug 2015 17:03:53 GMT AnandTech's Windows 10 review
I have been using Windows 10 off and on since October of 2014, and as the operating system on my main computer since January 22nd of this year. I honestly could not see me moving back to an older version ever. The improvements to Windows 10 are both dramatic and subtle, and the improvements keep occurring even this shortly after launch. Better for the desktop, better for the tablet, and a platform than runs on practically any computer system. Windows 10 is here, and Microsoft has made a bold statement with it. It is the return of the old, plus the addition of the new, all in a package that works very well on a huge variety of devices. Just be sure to ignore all the crappy Metro applications, and you'll be fine with Windows 10. News   [more] [xml]
 2015-09-01T04:46:19+00:00 Distribution Release: Linux Lite 2.6
Jerry Bezencon has announced the release of Linux Lite 2.6, an updated build of the project's novice-friendly Ubuntu-based distribution featuring the Xfce desktop - now with a brand-new control centre: "Linux Lite 2.6 final is now available for download. This release cycle has seen a number of improvements....
 2015-08-31T17:34:13+00:00 Distribution Release: LXLE 14.04.3
The developers of LXLE, a lightweight desktop distribution built using packages from the Ubuntu repositories, have announced the availability of LXLE 14.04.3. This update to the 14.04 series includes a number of package updates while some default applications have been changed. "Delays, delays. First with SeaMonkey then Lanshop.....
 2015-08-31T00:05:07+00:00 DistroWatch Weekly, Issue 625
This week in DistroWatch Weekly: Review: Playing with OpenELEC 5.0.8News: Fedora unveils new Wayland features, Tails releases emergency security update, Solus launches fundraiser and KDE releases Plasma 5.4Questions and answers: The LILO boot loaderTorrent corner: Scientific Linux, TailsReleased last week: Quirky 7.1 "Appril", Scientifix Linux 6.7Upcoming releases: Linux....

powered by zFeeder





Translate to Spanish