Debian Security   [more] [xml]
 2014-10-20 DSA-3054 mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:

 2014-10-16 DSA-3053 openssl - security update

Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.

 2014-10-15 DSA-3052 wpa - security update

Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process.

 2014-10-15 DSA-3051 drupal7 - security update

Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.

 2014-10-15 DSA-3050 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, the bypass of the same-origin policy or a loss of privacy.

 2014-10-14 DSA-3049 wireshark - security update

Multiple vulnerabilities were discovered in the dissectors/parsers for RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial of service.

 2014-10-08 DSA-3048 apt - security update

Guillem Jover discovered that the changelog retrieval functionality in apt-get used temporary files in an insecure way, allowing a local user to cause arbitrary files to be overwritten.

 2014-10-08 DSA-3047 rsyslog - security update

Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.

 2014-10-05 DSA-3046 mediawiki - security update

It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS, on security-wise sensitive pages like Special:Preferences and Special:UserLogin. This update removes the separation of CSS and JavaScript module allowance.

 2014-10-04 DSA-3045 qemu - security update

Several vulnerabilities were discovered in qemu, a fast processor emulator:

 2014-10-04 DSA-3044 qemu-kvm - security update

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware:

 2014-10-04 DSA-3042 exuberant-ctags - security update

Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool to build tag file indexes of source code definitions: Certain JavaScript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service.

 2014-10-01 DSA-3041 xen - security update

Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation.

 2014-09-30 DSA-3040 rsyslog - security update

Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.

 2014-09-28 DSA-3039 chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser.

 2014-09-27 DSA-3038 libvirt - security update

Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-09-26 DSA-3037 icedove - security update

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Icedove), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.

 2014-09-26 DSA-3036 mediawiki - security update

It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting.

 2014-09-25 DSA-3035 bash - security update

Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure.

 2014-09-25 DSA-3034 iceweasel - security update

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.

 2014-09-25 DSA-3033 nss - security update

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.

 2014-09-24 DSA-3032 bash - security update

Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell.

 2014-09-23 DSA-3031 apt - security update

The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the http apt method binary, or potentially to arbitrary code execution.

 2014-09-20 DSA-3030 mantis - security update

Multiple SQL injection vulnerabilities have been discovered in the Mantis bug tracking system.

 2014-09-20 DSA-3029 nginx - security update

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position.

Debian Wiki   [more] [xml]
 2014-10-20T22:51:53Z Teams/WxWidgets/Transition2.8to3.0
 2014-10-20T22:24:19Z OutreachProgramForWomen/UlrikeU
 2014-10-20T22:14:15Z TopicDebianDevel
Automatically updated by   [more] [xml]
 Mon, 20 Oct 2014 14:00:00 -0700 The Companies That Support Linux: DataCentred DataCentred is a leading provider of next-generation datacentre and open-source cloud computing services focusing on clients with big research data sets.

 Mon, 20 Oct 2014 13:00:00 -0700 Chief Architect of Cloudera on growth of Hadoop Doug Cutting, Chief Architect ClouderaDoug Cutting is founder of numerous successful open source projects, including Lucene and Hadoop, and currently the chief architect at Cloudera and sits on the Board of the Apache Software Foundation.

 Mon, 20 Oct 2014 12:00:00 -0700 How to monitor a log file on Linux with logwatch

 xmodulo: Log files are not precisely what you would call "light" or "easy" reading, and analyzing raw log files by hand is often time-consuming and tedious.

OSNews   [more] [xml]
 Mon, 20 Oct 2014 20:07:34 GMT Apple releases iOS 8.1 with Apple Pay
Apple’s iOS 8.1 update is now available to download. The biggest addition is the new Apple Pay service which goes live today alongside iOS 8.1. Apple Pay will allow iPhone 6, iPhone 6 Plus, iPad Air 2, and iPad mini 3 owners to pay for goods within compatible apps by simply swiping a finger with Touch ID. iPhone 6 and iPhone 6 Plus owners will also be able to use their phones to tap card readers in participating stores to pay for goods using a combination of Touch ID and NFC. Apple Pay integrates into the existing Passbook feature on iOS 8.1, allowing you to setup and store credit and debit cards. More info at The Verge.
 Thu, 16 Oct 2014 19:05:40 GMT John Siracusa's OS X Yosemite review
Apple officially released OS X Yosemite today, and to mark that occasion - as has become tradition among our people - the only OS X Yosemite review you need, from John Siracusa. OS X and iOS have been trading technologies for some time now. For example, AVFoundation, Apple's modern framework for manipulating audiovisual media, was released for iOS a year before it appeared on OS X. Going in the other direction, Core Animation, though an integral part of the entire iPhone interface, was released first on the Mac. Yosemite's new look continues the pattern; iOS got its visual refresh last year, and now it's OS X's turn. But at this year's Worldwide Developers Conference, Apple made several announcements that point in a new direction: iOS and OS X advancing in lockstep, with new technologies that not only appear on both platforms simultaneously but also aim to weave them together. These new, shared triumphs run the gamut from traditional frameworks and APIs to cloud services to the very foundation of Apple's software ecosystem, the programming language itself. Apple's dramatic leadership restructuring in 2012 put Federighi in charge of both iOS and OS X - a unification of thought that has now, two years later, resulted in a clear unification of action. Even the most ardent Mac fan will admit that iOS 7 was a bigger update than Mavericks. This time around, it's finally a fair fight. Grab some tea or coffee, and enjoy.
 Thu, 16 Oct 2014 18:59:52 GMT Apple introduces 5K Retina iMac
Apple introduced a 5K Retina iMac today. iMac has always been about having a huge, immersive place to see and create amazing things. So making the best possible iMac meant making the best possible display. The new 27‑inch iMac with Retina 5K display has four times as many pixels as the standard 27‑inch iMac display. So you experience unbelievable detail. On an unbelievable scale. At a relatively mere $2500 (a dell 5K display will set you back just as much, and that's just a display), this is an amazing machine. It's not useful for me (certainly not at that price point), but professionals are going to eat this thing up. News   [more] [xml]
 2014-10-20T09:00:04+00:00 DistroWatch Weekly, Issue 581
This week in DistroWatch Weekly: Feature: SparkyLinux 3.5 and Qubes OS 2 News: Fedora gets updated graphics software, FreeBSD shares quarterly report, Kubuntu supplies demo of KDE's Plasma 5.1, Debian's package archive finds new home, compiling Android ROMs, sneak peak at OpenBSD 5.6 Rolling-release trial: Week two Released....
 2014-10-20T01:20:48+00:00 Development Release: Rescatux 0.32 Beta 2
Adrian Gibanel has announced the availability of the second beta release of Rescatux 0.32, a Debian-based live CD designed for rescuing broken Linux installations or fixing boot loaders: "Rescatux 0.32 beta 2 has been released. The biggest improvement in this release is that resetting windows password, promoting a....
 2014-10-19T12:21:46+00:00 Distribution Release: HandyLinux 1.7
Arnault Perret has announced the release of HandyLinux 1.7, a novice-friendly distribution that features an intuitive start menu with application launchers and Internet bookmarks - based on the stable Debian GNU/Linux 7.0. According to the release announcement (in French only, even though the distribution supports English besides the....

powered by zFeeder





Translate to Spanish