Debianhelp.co.uk
Debian Security   [more] [xml]
 2014-09-01 DSA-3016 lua5.2 - security update

A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

 2014-09-01 DSA-3015 lua5.1 - security update

A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

 2014-08-28 DSA-3014 squid3 - security update

Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests.

 2014-08-27 DSA-3013 s3ql - security update

Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.

 2014-08-27 DSA-3012 eglibc - security update

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.

 2014-08-23 DSA-3011 mediawiki - security update

It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.

 2014-08-22 DSA-3010 python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-08-21 DSA-3009 python-imaging - security update

Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.

 2014-08-21 DSA-3008 php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-08-21 DSA-2940 libstruts1.2-java - security update

It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code.

 2014-08-20 DSA-3007 cacti - security update

Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

 2014-08-18 DSA-3006 xen - security update

Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service.

 2014-08-14 DSA-3005 gpgme1.0 - security update

Tomáš Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash (denial of service) or possibly to execute arbitrary code.

 2014-08-11 DSA-3004 kde4libs - security update

Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation.

 2014-08-10 DSA-3003 libav - security update

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15

 2014-08-10 DSA-3002 wireshark - security update

Multiple vulnerabilities were discovered in the dissectors for Catapult DCT2000, IrDA, GSM Management, RLC ASN.1 BER, which could result in denial of service.

 2014-08-09 DSA-3001 wordpress - security update

Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/08/wordpress-3-9-2/.

 2014-08-09 DSA-3000 krb5 - security update

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-08-09 DSA-2999 drupal7 - security update

A denial of service vulnerability was discovered in Drupal, a fully-featured content management framework. A remote attacker could exploit this flaw to cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections, leading to the site becoming unavailable or unresponsive. More information can be found at https://www.drupal.org/SA-CORE-2014-004.

 2014-08-07 DSA-2998 openssl - security update

Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed (CVE-2014-3512).

 2014-08-05 DSA-2997 reportbug - security update

Jakub Wilk discovered a remote command execution flaw in reportbug, a tool to report bugs in the Debian distribution. A man-in-the-middle attacker could put shell metacharacters in the version number allowing arbitrary code execution with the privileges of the user running reportbug.

 2014-08-03 DSA-2996 icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.

 2014-08-03 DSA-2995 lzo2 - security update

Don A. Bailey from Lab Mouse Security discovered an integer overflow flaw in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.


Debian Wiki   [more] [xml]
 2014-09-02T16:33:20Z ReproducibleBuilds
another use case
 2014-09-02T15:20:17Z DebianArt/Themes/Lines
 2014-09-02T14:28:10Z Games/Sponsors/Queue
Add Powermanga to queue

Linuxtoday.com   [more] [xml]
 Tue, 02 Sep 2014 08:00:00 -0700 Who's to blame when products fail?

Linux Magazine: "maddog" takes exception to attempts to blame Open Source for some recent product failures.

 Tue, 02 Sep 2014 07:00:00 -0700 OpenStack Manila project Approved for Incubation

InternetNews: "Stated simply, the goal of the Manila project is to do for shared filesystem storage what Cinder has done for blocks storage"

 Tue, 02 Sep 2014 06:00:00 -0700 Splitting a File Elegantly

LinuxRain: Is there a simpler way to split the file by last name using AWK, without sorting?


OSNews   [more] [xml]
 Mon, 01 Sep 2014 19:09:40 GMT Say hello to those who hate the NSA, but invade women's privacy
Over the weekend someone released hundreds of revealing photos of celebrities that appear to have been stolen from private storage. In response to this, a bunch of anonymous guys on the internet copied them and posted them all over the town square, because the internet is written in ink and if you are ever a victim once in your life the internet will remind you of it forever. These men are the detritus of human society for whom the internet provides a warm blanket, so let's remove the warm blanket for a minute. If the NSA spies on us, it's a massive violation of privacy and omg government and #impeachobama. When some (hopefully not for much longer) anonymous hacker breaks into the personal, private accounts of dozens of famous women, steals their most private photographs, and posts them online, these same men shouting from the rooftops about the NSA retreat to their bunkers, share the photos as much as they can, and do much more I'd rather not imagine right now. Props to The Verge for this article.
 Mon, 01 Sep 2014 19:00:55 GMT FreeRTOS 8.1.0 released
Version 8.1.0 of FreeRTOS was released a few days ago. Probably the most important feature is support for non contiguous heap space (heap_5.c), needed for allocation of memory (for creation of tasks, queues, semaphores, etc. and also user applications).
 Mon, 01 Sep 2014 10:23:12 GMT AnandTech founder leaves site, joins Apple
Anand Lal Shimpi, the editor and publisher of the well-regarded AnandTech site, is going to work at Apple. An Apple rep confirmed that the company was hiring Shimpi, but wouldn't provide any other details. Last night, via a post on the site he founded in 1997, Shimpi said he was "officially retiring from the tech publishing world," but didn't say what he was doing next. "I won't stay idle forever. There are a bunch of challenges out there :)", he wrote. This is great news for him, and after 17 years of some of the best technology journalism in the world, he certainly deserves a change of pace. Still, the rest of us lose a great voice, one of the best technology journalists of all time. Inside Apple, nobody hears you scream.

DistroWatch.com: News   [more] [xml]
 2014-09-02T12:02:33+00:00 Distribution Release: Tails 1.1.1
Version 1.1.1 of Tails, a Debian-based specialist distribution and live CD designed for anonymous web browsing, is out and ready for download: "Tails, The Amnesic Incognito Live System, version 1.1.1, is out. All users must upgrade as soon as possible - this release fixes numerous security issues. Notable....
 2014-09-02T03:55:42+00:00 Distribution Release: Emmabuntüs 3-1.00
Patrick d'Emmabuntüs has announced the release of Emmabuntüs 3, a Xubuntu-based distribution designed for refurbished computers that are destined for humanitarian organisations: "The Emmabuntüs team is pleased to announce for September 1st 2014, the new Emmabuntüs 3 release 1.00, based on Xubuntu 14.04.1. Our goals: facilitate the work....
 2014-09-01T23:51:21+00:00 Distribution Release: Robolinux 7.6.2
John Martinson has announced the release of Robolinux 7.6.2, the latest update of the distribution that features a pre-configured VirtualBox for running Windows seamlessly alongside Robolinux: "We are pleased to announce Robolinux Xfce and GNOME version 7.6.2 with several improvements and enhancements. The fast as greased-lightning Robolinux Xfce....

powered by zFeeder

 

 

 

 

Translate to Spanish