Debian Security   [more] [xml]
 2014-09-11 DSA-3024 gnupg - security update

Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys (CVE-2014-5270).

 2014-09-11 DSA-3023 bind9 - security update

Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.

 2014-09-10 DSA-3022 curl - security update

Two vulnerabilities have been discovered in cURL, an URL transfer library. They can be use to leak cookie information:

 2014-09-10 DSA-3020 acpi-support - security update

During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user's environment. This could lead to program malfunction or allow a local user to escalate privileges to the root user due to a programming error.

 2014-09-09 DSA-3021 file - security update

Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash.

 2014-09-04 DSA-3019 procmail - security update

Boris pi Piwinger and Tavis Ormandy reported a heap overflow vulnerability in procmail's formail utility when processing specially-crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss, or possibly execute arbitrary code.

 2014-09-03 DSA-3018 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.

 2014-09-02 DSA-3017 php-cas - security update

Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting.

 2014-09-01 DSA-3016 lua5.2 - security update

A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

 2014-09-01 DSA-3015 lua5.1 - security update

A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

 2014-08-28 DSA-3014 squid3 - security update

Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests.

 2014-08-27 DSA-3013 s3ql - security update

Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.

 2014-08-27 DSA-3012 eglibc - security update

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.

 2014-08-23 DSA-3011 mediawiki - security update

It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.

 2014-08-22 DSA-3010 python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-08-21 DSA-3009 python-imaging - security update

Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.

 2014-08-21 DSA-3008 php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-08-21 DSA-2940 libstruts1.2-java - security update

It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code.

 2014-08-20 DSA-3007 cacti - security update

Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

 2014-08-18 DSA-3006 xen - security update

Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service.

 2014-08-14 DSA-3005 gpgme1.0 - security update

Tomáš Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash (denial of service) or possibly to execute arbitrary code.

Debian Wiki   [more] [xml]
 2014-09-16T16:47:00Z FabianRodriguez
Added Minetest server doc
 2014-09-16T15:55:28Z Teams/DebianPerlGroup/OpenTasks
Check all ''libapp-*-perl'' (and potentially other) packages for real applications
 2014-09-16T15:14:57Z DebianHams   [more] [xml]
 Tue, 16 Sep 2014 11:00:00 -0700 Docker Raises $40M, Plans New Enterprise Tool for 2015

eWEEK: Open-source Docker virtualization container technology gets a big vote of confidence from investors, with Docker Inc.'s receiving a new round of financing.

 Tue, 16 Sep 2014 09:00:00 -0700 The True Measure of a Successful Open Source Project A question I get a lot is, “What makes an open source software project successful?”

 Tue, 16 Sep 2014 08:00:00 -0700 Samsung's first open-source conference kicks off, with Tizen on its mind

 NetworkWorld: The inaugural Samsung Open-Source Conference opens Tuesday morning in Seoul, with keynotes from well-known figures in the open source world and a hackathon focused on Tizen

OSNews   [more] [xml]
 Mon, 15 Sep 2014 18:02:32 GMT Apple releases U2 album removal tool
Apple has released a tool to remove U2's new album from its customers' iTunes accounts six days after giving away the music for free. Some users had complained about the fact that Songs of Innocence had automatically been downloaded to their devices without their permission. It had not been immediately obvious to many of the account holders how to delete the tracks. The US tech firm now offers a one-click removal button. Great headline. Great story. Great everything. This is just great.
 Mon, 15 Sep 2014 13:16:34 GMT Microsoft acquires Mojang for $2.5 billion
Update: In Notch' own words (Pastebin version because his site is being hammered): I'm aware this goes against a lot of what I've said in public. I have no good response to that. I'm also aware a lot of you were using me as a symbol of some perceived struggle. I’m not. I’m a person, and I'm right there struggling with you. I love you. All of you. Thank you for turning Minecraft into what it has become, but there are too many of you, and I can't be responsible for something this big. In one sense, it belongs to Microsoft now. In a much bigger sense, it's belonged to all of you for a long time, and that will never change. It’s not about the money. It's about my sanity. His honesty and openness is very welcome. I bought Minecraft way back in the alpha days (September 29, 2010, to be exact), and I haven't ever regretted it one bit. Thank you for Minecraft, Markus. It's official. Microsoft has acquired Mojang, and thus, Minecraft. From Mojang's announcement: Minecraft has grown from a simple game to a project of monumental significance. Though we're massively proud of what Minecraft has become, it was never Notch’s intention for it to get this big. As you might already know, Notch is the creator of Minecraft and the majority shareholder at Mojang. He's decided that he doesn't want the responsibility of owning a company of such global significance. Over the past few years he's made attempts to work on smaller projects, but the pressure of owning Minecraft became too much for him to handle. The only option was to sell Mojang. He'll continue to do cool stuff though. Don't worry about that. While I'm not particularly happy about Minecraft going to Microsoft - of all places - I fully understand Notch' reasoning. Even my own little one-man translation company is a huge amount of effort to run, both in actual working hours (translating) and all the stuff that comes with owning a company (the administrative and office crap nobody likes to do). I can only imagine that is must be a thousand times more difficult to run a company as successful as Mojang, and I can understand him wanting to get rid of it, get a huge pile of money, and use it do new stuff, free from pressure. So, thank you for Minecraft, Notch, and you and your colleagues deserve this massive break. Congratulations! So, what about Minecraft's future? From Microsoft's announcement: Minecraft fans are loyal, with nearly 90 percent of paid customers on the PC having signed in within the past 12 months. That sentence. That sentence, Microsoft. That sentence tells me all I need to know. If you've paid any attention to the negative developments in gaming over the recent years, that sentence should send chills down your spine.
 Fri, 12 Sep 2014 22:06:04 GMT Windows 9's new Start menu demonstrated on video
Microsoft may have demonstrated its new Start menu earlier this year, but thanks to a recent "Windows 9" leak we're now seeing every single part of the company’s plans for bringing back this popular feature. German site WinFuture has posted a two-minute video that demonstrates how the Start menu works in the next major release of Windows. As you'd expect, it's very similar to what Microsoft demonstrated with traditional apps mixing with modern apps (and their Live Tiles) into a familiar Start menu. It boggles my mind why Microsoft doesn't just remove Metro from the desktop altogether. Is there anyone who wants to run those comically large touch-optimised applications in windows on their desktop? Why not restrict Metro to where it belongs, i.e., mobile? Why all this extra work? It just doesn't seem to make any sense. News   [more] [xml]
 2014-09-16T14:16:52+00:00 OS Release: MINIX 3.3.0
Andy Tanenbaum has announced the release of MINIX 3.3.0, a major new version of the UNIX-like operating system based on a microkernel architecture - now also with support for the ARM processor: "We are pleased to present the MINIX 3.3.0 stable release. The major new features and improvements....
 2014-09-16T09:09:11+00:00 Distribution Release: Raspbian 2014-09-09
Eben Upton has announced the availability of an updated release of Raspbian, a Debian-based distribution designed for the Raspberry Pi single-board mini-computer: "If you head over to the downloads page, you’ll find new versions of our Raspbian image and NOOBS installer. Alongside the usual firmware and kernel improvements,....
 2014-09-16T05:04:18+00:00 Distribution Release: Proxmox 3.3 "Virtual Environment"
Martin Maurer has announced the release of Proxmox 3.3 "Virtual Environment" edition, a Debian-based distribution providing an open-source virtualization management solution for servers: "Proxmox Server Solutions GmbH, developer of the open-source server virtualization solution Proxmox Virtual Environment (VE), today released version 3.3. The series of new features focus....

powered by zFeeder





Translate to Spanish