Debian Security   [more] [xml]
 2014-11-25 DSA-3076 wireshark - security update

Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service.

 2014-11-20 DSA-3075 drupal7 - security update

Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues:

 2014-11-18 DSA-3074 php5 - security update

Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.

 2014-11-16 DSA-3073 libgcrypt11 - security update

Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.

 2014-11-11 DSA-3072 file - security update

Francisco Alonso of Red Hat Product Security found an issue in the file utility: when checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.

 2014-11-11 DSA-3071 nss - security update

In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain.

 2014-11-07 DSA-3070 kfreebsd-9 - security update

Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure.

 2014-11-07 DSA-3069 curl - security update

Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation.

 2014-11-07 DSA-3068 konversation - security update

It was discovered that Konversation, an IRC client for KDE, could be crashed when receiving malformed messages using FiSH encryption.

 2014-11-06 DSA-3067 qemu-kvm - security update

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

 2014-11-06 DSA-3066 qemu - security update

Several vulnerabilities were discovered in qemu, a fast processor emulator.

 2014-11-06 DSA-3065 libxml-security-java - security update

James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures.

 2014-11-04 DSA-3064 php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.34, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information:

 2014-11-02 DSA-3063 quassel - security update

An out-of-bounds read vulnerability was discovered in Quassel-core, one of the components of the distributed IRC client Quassel. An attacker can send a crafted message that crash to component causing a denial of services or disclosure of information from process memory.

 2014-11-01 DSA-3062 wget - security update

HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the user's system when Wget runs in recursive mode against a malicious FTP server. Arbitrary file creation may override content of user's files or permit remote code execution with the user privilege.

 2014-10-31 DSA-3061 icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service.

 2014-10-31 DSA-3060 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service:

 2014-10-29 DSA-3059 dokuwiki - security update

Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.

 2014-10-27 DSA-3058 torque - security update

Chad Vizino reported a vulnerability in torque, a PBS-derived batch processing queueing system. A non-root user could exploit the flaw in the tm_adopt() library call to kill any process, including root-owned ones on any node in a job.

Debian Wiki   [more] [xml]
 2014-11-26T04:45:55Z CrossToolchains
 2014-11-25T19:45:28Z ArchitectureSpecificsMemo
 2014-11-25T19:41:09Z Cloud/CreateDockerImage   [more] [xml]
 Tue, 25 Nov 2014 19:00:00 -0800 Docker Update Fixes Pair of Critical Security Flaws

eWEEK: Docker, however, isn't immune from security vulnerabilities, as a pair of recent updates illustrate.

 Tue, 25 Nov 2014 15:00:00 -0800 2014: Year of open source miracles Software bugs aren't an open source problem, they are a software management problem.

 Tue, 25 Nov 2014 14:00:00 -0800 Fedora 21 Innovates in Docker Cloud Virtualization with Project Atomic

 The VAR Guy: Fedora 21 will feature significant innovations in Docker container-based virtualization and cloud app deployment as a result of Project Atomic

OSNews   [more] [xml]
 Tue, 25 Nov 2014 23:38:14 GMT Apple could ditch Google for Bing or Yahoo next year
Google risks losing its spot as the default search provider in Apple's Safari browser next year, according to a report from The Information. The latest extension of a deal that's put Google Search in the hands of iPhone owners since 2007 is set to expire in 2015, and Mountain View rivals Microsoft and Yahoo are already making a case for change with Apple's leadership. Per the report, each company has pitched Apple SVP Eddy Cue on the idea of replacing Google as the default iOS search provider; Microsoft wants Bing to be the default option out of the box, and Yahoo is vying for the same spot. This will be an interesting claim of Apple's claim that they care about consumers. If they renew the deal, they place their customer's interests first, because their customers massively prefer Google Search. However, if they ditch Google and replace it with some inferior nonsense like Bing or Yahoo, they care more about their personal vendetta than their customers' best interests. If they go the privacy angle, switching to Bing or Yahoo is even more laughable, since those companies track just as much as Google does. If Apple opts for DDG as default - well, then they earn some respect.
 Tue, 25 Nov 2014 20:49:57 GMT God's lonely programmer
TempleOS is more than an exercise in retro computing, or a hobbyist's space for programming close to the bare metal. It's the brainchild - perhaps the life's work - of 44-year-old Terry Davis, the founder and sole employee of Trivial Solutions. For more than a decade Davis has worked on it; today, TempleOS is 121,176 lines of code, which puts it on par with Photoshop 1.0. (By comparison, Windows 7, a full-fledged modern operating system designed to be everything to everyone, filled with decades of cruft, is ​about 40 million lines.) If you read just one article today, make sure it's this one.
 Tue, 25 Nov 2014 20:46:52 GMT FreeBSD improves arm64 support
The FreeBSD Foundation published a report yesterday on the status of FreeBSD running on 64-bit ARM processors. Work to port FreeBSD to the 64-bit ARM architecture has been progressing quickly and it is now possible to boot a FreeBSD installation into single user mode on the young architecture. The kernel bring-up portion of the project is nearing completion; FreeBSD/arm64 boots to single-user mode on ARM's reference simulator. Work is underway on the remaining kernel drivers, and on userland support. This project's overall goal is to bring FreeBSD/arm64 to a Tier-1 status, including release media and prebuilt package sets. More information about the arm64 port can be found on the FreeBSD wiki. News   [more] [xml]
 2014-11-26T03:15:56+00:00 BSD Release: DragonFly BSD 4.0.1
Justin Sherrill has announced the release of DragonFly BSD 4.0.1, the first stable 4.0 build of the project's UNIX-like operating system created in 2003 by Matthew Dillon as a fork of FreeBSD 4.8: "Version 4.0.1 released 25 November 2014. Version 4 of DragonFly brings Haswell graphics support, 3D....
 2014-11-24T17:29:59+00:00 Distribution Release: siduction 14.1.0
Ferdinand Thommes has announced the release of siduction 14.1.0, a set of Debian-based desktop Linux distributions with separate Cinnamon, GNOME, KDE, LXDE, LXQt and Xfce editions: "We are very happy to present the final release of siduction 2014.1 'Indian Summer'. siduction is a distribution based on Debian’s unstable....
 2014-11-24T09:00:18+00:00 DistroWatch Weekly, Issue 586
This week in DistroWatch Weekly: Feature: Observing Scientific Linux 7.0 News: Debian votes on init coupling, Ubuntu MATE combines classic desktop with Ubuntu packages, Mageia 3 approaches end of life, FreeBSD Foundation receives generous donation, Linux Voice releases first issue for free download Questions and answers: Blocking network....

powered by zFeeder





Translate to Spanish