Debianhelp.co.uk
Debian Security   [more] [xml]
 2014-08-21 DSA-3009 python-imaging - security update

Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.

 2014-08-21 DSA-3008 php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-08-21 DSA-2940 libstruts1.2-java - security update

It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code.

 2014-08-20 DSA-3007 cacti - security update

Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

 2014-08-18 DSA-3006 xen - security update

Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service.

 2014-08-14 DSA-3005 gpgme1.0 - security update

Tomáš Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash (denial of service) or possibly to execute arbitrary code.

 2014-08-11 DSA-3004 kde4libs - security update

Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation.

 2014-08-10 DSA-3003 libav - security update

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15

 2014-08-10 DSA-3002 wireshark - security update

Multiple vulnerabilities were discovered in the dissectors for Catapult DCT2000, IrDA, GSM Management, RLC ASN.1 BER, which could result in denial of service.

 2014-08-09 DSA-3001 wordpress - security update

Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/08/wordpress-3-9-2/.

 2014-08-09 DSA-3000 krb5 - security update

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-08-09 DSA-2999 drupal7 - security update

A denial of service vulnerability was discovered in Drupal, a fully-featured content management framework. A remote attacker could exploit this flaw to cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections, leading to the site becoming unavailable or unresponsive. More information can be found at https://www.drupal.org/SA-CORE-2014-004.

 2014-08-07 DSA-2998 openssl - security update

Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed (CVE-2014-3512).

 2014-08-05 DSA-2997 reportbug - security update

Jakub Wilk discovered a remote command execution flaw in reportbug, a tool to report bugs in the Debian distribution. A man-in-the-middle attacker could put shell metacharacters in the version number allowing arbitrary code execution with the privileges of the user running reportbug.

 2014-08-03 DSA-2996 icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.

 2014-08-03 DSA-2995 lzo2 - security update

Don A. Bailey from Lab Mouse Security discovered an integer overflow flaw in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.

 2014-07-31 DSA-2994 nss - security update

Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library:

 2014-07-31 DSA-2993 tor - security update

Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks.

 2014-07-29 DSA-2992 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation:

 2014-07-27 DSA-2991 modsecurity-apache - security update

Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header, allowing to send requests containing content that should have been removed by mod_security.

 2014-07-27 DSA-2990 cups - security update

It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

 2014-07-24 DSA-2989 apache2 - security update

Several security issues were found in the Apache HTTP server.

 2014-07-24 DSA-2988 transmission - security update

Ben Hawkes discovered that incorrect handling of peer messages in the Transmission bittorrent client could result in denial of service or the execution of arbitrary code.

 2014-07-23 DSA-2987 openjdk-7 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

 2014-07-23 DSA-2986 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.


Debian Wiki   [more] [xml]
 2014-08-22T21:25:50Z Python/GitPackaging
 2014-08-22T20:56:27Z DebianDevelopment
Switch remaining http URLs to https
 2014-08-22T20:48:55Z Javascript/Nodejs/Tasks/Nodeunit

Linuxtoday.com   [more] [xml]
 Fri, 22 Aug 2014 13:00:00 -0700 Linus Torvalds still wants the Linux desktop

 ZDnet: Linux runs everything, everywhere, but Linus Torvalds still wants it to rule on one place it doesn't: The desktop.

 Fri, 22 Aug 2014 12:00:00 -0700 The New Stack and Linux Foundation Survey: OpenStack and Docker are The Most Popular Open Source Projects

The New Stack: OpenStack is the most popular open source cloud project, followed by Docker and KVM, according to a survey of more than 550 respondents

 Fri, 22 Aug 2014 11:00:00 -0700 Linux distro KaOS 2014.08 is here with KDE 4.14.0

Betanews: The Linux desktop community has reached a sad state.


OSNews   [more] [xml]
 Fri, 22 Aug 2014 16:09:36 GMT Most smartphone users download zero apps per month
Mobile apps have skyrocketed in popularity and utility since Apple introduced the iPhone App Store in the summer of 2008. Apps now represent 52% of time spent with digital media in the US, according to comScore, up from 40% in early 2013. Apple boasted 75 billion all-time App Store downloads at its developers conference in June, and followed up by declaring July the best month ever for App Store revenue, with a record number of people downloading apps. Yet most US smartphone owners download zero apps in a typical month, according to comScore's new mobile app report. Companies like Apple like to boast about the 'app economy', but in reality, the situation is a whole lot less rosy and idealistic than they make it out to be. I think most smartphone buyers download the bare essentials like Facebook, Twitter, Candy Crush, and their local banking application, and call it quits. Together with the problematic state of application stores, the 'app economy' isn't as sustainable as once thought.
 Fri, 22 Aug 2014 12:36:18 GMT Microsoft set to unveil Windows 9 on September 30th
Microsoft is planning to unveil its Windows 8 successor next month at a special press event. Sources familiar with Microsoft’s plans tell The Verge that the software maker is tentatively planning its press event for September 30th to detail upcoming changes to Windows as part of a release codenamed "Threshold." This date may change, but the Threshold version of Windows is currently in development and Microsoft plans to release a preview version of what will likely be named Windows 9 to developers on September 30th or shortly afterwards. The date follows recent reports from ZDNet that suggested Microsoft is planning to release a preview version of Windows 9 in late September or early October. Microsoft is really stepping up its release schedule. Good.
 Thu, 21 Aug 2014 21:59:00 GMT Copycats and crapware in application stores
Two related stories. Microsoft's Windows Store is a mess. It's full of apps that exist only to scam people and take their money. Why doesn't Microsoft care that their flagship app store is such a cesspool? It's now been more than two years since Windows 8 was released, and this has been a problem the entire time, and it is getting worse. If Microsoft was trying to offer a safe app store to Windows users, they've failed. And: Flappy Bird wasn't the first game to spawn an entire ecosystem of me-too clones, nor will it be the last. And now that the developer of the insanely difficult but addicting game has released the even more insanely difficult and even more addicting (is that even possible?) Swing Copters, well, we're seeing it again. This applies to all application stores. They are filled to the brim with crapware nobody wants, making the experience of using them pretty unappealing. Since Apple, Google, and Microsoft care about quantity instead of quality, I don't think this will change any time soon.

DistroWatch.com: News   [more] [xml]
 2014-08-20T21:16:16+00:00 Distribution Release: KaOS 2014.08
Anke Boersma has announced the release of KaOS 2014.08, a desktop Linux distribution featuring the just-released KDE 4.14 desktop: "With KDE releasing the new major version, KDE 4.14.0, offering primarily improvements and bug fixes, KaOS is happy to be able to present you a new ISO image with....
 2014-08-19T14:40:11+00:00 Development Release: Parsix GNU/Linux 7.0 Test 1
Alan Baghumian has announced the availability of the initial test release of Parsix GNU/Linux 7.0, a Debian-based distribution featuring the GNOME 3.12 desktop: "We are happy to announce the immediate availability of the first testing release of Parsix GNU/Linux 7.0-TEST-1, code name 'Nestor'. Parsix GNU/Linux 7.0 brings the....
 2014-08-18T18:22:44+00:00 Distribution Release: PCLinuxOS 2014.08
Bill Reynolds has announced the release of PCLinuxOS 2014.08, the latest update of the project's "KDE", "FullMonty", "MiniMe", "LXDE" and "MATE" editions. Released on 12 August, it was formally announced earlier today: "All official ISO images were updated on 2014-08-12 and are available for direct download or via....

powered by zFeeder

 

 

 

 

Translate to Spanish