Debian Security   [more] [xml]
 2015-09-25 DSA-3368 cyrus-sasl2 - security update

It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service.

 2015-09-24 DSA-3367 wireshark - security update

Multiple vulnerabilities were discovered in the dissectors/parsers for ZigBee, GSM RLC/MAC, WaveAgent, ptvcursor, OpenFlow, WCCP and in internal functions which could result in denial of service.

 2015-09-23 DSA-3366 rpcbind - security update

A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).

 2015-09-23 DSA-3365 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.

 2015-09-21 DSA-3364 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.

 2015-09-20 DSA-3363 owncloud-client - security update

Johannes Kliemann discovered a vulnerability in ownCloud Desktop Client, the client-side of the ownCloud file sharing services. The vulnerability allows man-in-the-middle attacks in situations where the server is using self-signed certificates and the connection is already established. If the user in the client side manually distrusts the new certificate, the file syncing will continue using the malicious server as valid.

 2015-09-18 DSA-3362 qemu-kvm - security update

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

 2015-09-18 DSA-3361 qemu - security update

Several vulnerabilities were discovered in qemu, a fast processor emulator.

 2015-09-15 DSA-3360 icu - security update

It was discovered that the International Components for Unicode (ICU) library mishandles converter names starting with x-, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

 2015-09-13 DSA-3359 virtualbox - security update

This update fixes an unspecified security issue in VirtualBox related to guests using bridged networking via WiFi. Oracle no longer provides information on specific security vulnerabilities in VirtualBox. To still support users of the already released Debian releases we've decided to update these to the respective 4.1.40 and 4.3.30 bugfix releases.

 2015-09-13 DSA-3358 php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

 2015-09-13 DSA-3357 vzctl - security update

It was discovered that vzctl, a set of control tools for the OpenVZ server virtualisation solution, determined the storage layout of containers based on the presence of an XML file inside the container. An attacker with local root privileges in a simfs-based container could gain control over ploop-based containers. Further information on the prerequisites of such an attack can be found at

 2015-09-12 DSA-3356 openldap - security update

Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet.

 2015-09-10 DSA-3355 libvdpau - security update

Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges.

 2015-09-08 DSA-3354 spice - security update

Frediano Ziglio of Red Hat discovered a race condition flaw in spice's worker_update_monitors_config() function, leading to a heap-based memory corruption. A malicious user in a guest can take advantage of this flaw to cause a denial of service (QEMU process crash) or, potentially execute arbitrary code on the host with the privileges of the hosting QEMU process.

 2015-09-05 DSA-3353 openslp-dfsg - security update

Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service (crash).

 2015-09-04 DSA-3352 screen - security update

A vulnerability was found in screen causing a stack overflow which results in crashing the screen server process, resulting in denial of service.

 2015-09-03 DSA-3351 chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser.

 2015-09-02 DSA-3350 bind9 - security update

Hanno Boeck discovered that incorrect validation of DNSSEC-signed records in the Bind DNS server could result in denial of service.

 2015-09-02 DSA-3349 qemu-kvm - security update

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

 2015-09-02 DSA-3348 qemu - security update

Several vulnerabilities were discovered in qemu, a fast processor emulator.

 2015-09-02 DSA-3347 pdns - security update

Pyry Hakulinen and Ashish Shakla at Automattic discovered that pdns, an authoritative DNS server, was incorrectly processing some DNS packets; this would enable a remote attacker to trigger a DoS by sending specially crafted packets causing the server to crash.

 2015-08-31 DSA-3346 drupal7 - security update

Several vulnerabilities were discovered in Drupal, a content management framework:

 2015-08-29 DSA-3345 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems:

Debian Wiki   [more] [xml]
 2015-10-05T08:00:48Z Java/DevJam/2016/Fosdem
New page:
 2015-10-05T02:19:32Z Exim
Typo fix; updated configuration for spamassassin on Jessie (caused by introduction of systemd).
 2015-10-04T22:17:45Z vauss   [more] [xml]
 Mon, 05 Oct 2015 09:00:00 -0700 Solus Operating System Is Being Delayed Due to Bad Karma

The Solus operating system was supposed to launch on October 1, but it looks like it's running a little bit late.

 Mon, 05 Oct 2015 08:00:00 -0700 AV-TEST Laboratory Says Free Anti-Virus Apps on Linux Are the Worst

AV-TEST, an Independent IT-Security Institute, has just published an interesting analysis regarding the anti-virus solutions for the Linux platform provided right now

 Mon, 05 Oct 2015 07:00:00 -0700 GNU Debugger or GDB: A Powerful Source Code Debugging tool for Linux Programs

 tecmint: A debugger plays a vital role in any software development system.

OSNews   [more] [xml]
 Fri, 02 Oct 2015 16:45:41 GMT "Google's Nexus phones are just ads"
I've spent the past couple of days desperately trying to puzzle out the purpose behind Google's newly announced Nexus 5X and 6P smartphones. Unlike predecessors such as the Nexus One and Nexus 5, these phones don't have a clear reason for being, and are not in themselves terribly unique. That's led me (and others) to question Google's overall aim with the Nexus line of pure Android smartphones, and I think I've finally arrived at an answer. The Nexus program is not so much about carrier independence or purity of Android design as it is about presenting Google in an overwhelmingly positive light. In other words, Google, the ultimate ad seller, sells Nexus phones as ads for itself. This article feels a bit like a trainwreck to me. It just doesn't make any sense. Of course Nexus devices are built specifically to put Android and Google's services on a pedestal - has anyone ever claimed otherwise? Has anyone ever seen them as anything but? The tone of the article also tries to somehow posit this as a negative thing, which I don't understand either. Some of the very best Android phones of all time have been Nexus phones, so aren't they a great thing for us consumers? What's the problem here? Making Android profitable for Android phone makers is one of the great challenges of our time. We're all better off when we buy things from sustainable companies that we know will still be around when we have an issue months or years down the line. I wish Google would recognize that and try to do more to support Android as a whole rather than just its own good name. Nexus devices have in the past and can still serve nobler purposes than just making Google look good. No, it's not. The goal of Android is to reach as many people as possible, and do so in a way that benefits us as consumers as much as possible. Expensive Android devices with 50% profit margins don't benefit us at all - they just allow major corporations to suck money out the economy and shadily funnel it to foreign tax havens. We benefit from access to high-quality phones at reasonable prices running Android-proper - and anything that pushes the Samsungs and HTCs of this world to do so is a huge win for consumers.
 Thu, 01 Oct 2015 08:55:56 GMT El Capitan's System Integrity Protection
With El Capitan released, there's one 'feature' that really needs to be highlighted - for better or worse. System Integrity Protection (SIP, sometimes referred to as rootless) is a security feature of OS X El Capitan, the operating system by Apple Inc. It protects certain system processes, files and folders from being modified or tampered with by other processes even when executed by the root user or by a user with root privileges (sudo). Apple says that the root user can be a significant risk factor to the system's security, especially on systems with a single user account on which that user is also the administrator. System Integrity Protection is enabled by default, but can be disabled. Here's Apple's WWDC presentation about SIP, and here's the Ars review's section about it.
 Wed, 30 Sep 2015 23:45:33 GMT Google, Microsoft end global patent fight over phones, Xbox
Google and Microsoft have agreed to end their long-running patent feud over smartphones and video game systems, dropping about 20 lawsuits in the U.S. and Germany. The two companies, which didn't disclose financial terms, have been litigating over technology innovations for five years. Google's former Motorola Mobility unit had been demanding royalties on the Xbox video-gaming system, and Microsoft had sought to block Motorola mobile phones from using certain features. If you've been paying attention, you know why this is taking place now. News   [more] [xml]
 2015-10-05T00:03:10+00:00 DistroWatch Weekly, Issue 630
This week in DistroWatch Weekly: Review: An Android living in your computer News: How Fedora tracks software releases, Ubuntu's redesigned installer, Raspbian enables desktop by default and purchasing computers with Linux Mint pre-installed Questions and answers: Clearing out dot files from the home directory Torrent corner: KaOS, Manjaro....
 2015-10-04T16:54:27+00:00 Distribution Release: Slackel 6.0.4 "Openbox"
The developers of Slackel, a Slackware based desktop distribution, have released Slackel 6.0.4 "Openbox". The new release of the Openbox edition features the 4.1.6 version of the Linux kernel, the ability to choose between the GRUB and LILO boot loaders at install time and many package upgrades. "Slackel....
 2015-10-04T02:32:27+00:00 Distribution Release: OpenIndiana 2015.10
Alexander Pyhalov has announced the release of OpenIndiana 2015.10, the latest update of the distribution originally forked from the now-defunct OpenSolaris operating system: "So, after half a year we have a new ISO image. We synced IPS with the Everycity version, which includes Oracle updates and fixes necessary....

powered by zFeeder





Translate to Spanish