Debianhelp.co.uk
Debian Security   [more] [xml]
 2015-07-30 DSA-3321 xmltooling - security update

The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service (crash) via crafted XML data.

 2015-07-30 DSA-3320 openafs - security update

It was discovered that OpenAFS, the implementation of the distributed filesystem AFS, contained several flaws that could result in information leak, denial-of-service or kernel panic.

 2015-07-28 DSA-3319 bind9 - security update

Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit.

 2015-07-26 DSA-3318 expat - security update

Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed.

 2015-07-25 DSA-3317 lxc - security update

Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-07-25 DSA-3316 openjdk-7 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.

 2015-07-23 DSA-3315 chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser.

 2015-07-23 DSA-3314 typo3-src - end of life

Upstream security support for Typo3 4.5.x ended three months ago and the same now applies to the Debian packages as well.

 2015-07-23 DSA-3313 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.

 2015-07-22 DSA-3312 cacti - security update

Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems.

 2015-07-20 DSA-3311 mariadb-10.0 - security update

Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details:

 2015-07-19 DSA-3310 freexl - security update

It was discovered that an integer overflow in freexl, a library to parse Microsoft Excel spreadsheets may result in denial of service if a malformed Excel file is opened.

 2015-07-18 DSA-3309 tidy - security update

Fernando Muñoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code.

 2015-07-18 DSA-3308 mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.44. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:

 2015-07-09 DSA-3307 pdns-recursor - security update

Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor, a recursive DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash).

 2015-07-09 DSA-3306 pdns - security update

Toshifumi Sakaguchi discovered that the patch applied to pdns, an authoritative DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash).

 2015-07-08 DSA-3305 python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework:

 2015-07-07 DSA-3304 bind9 - security update

Breno Silveira Soares of Servico Federal de Processamento de Dados (SERPRO) discovered that the BIND DNS server is prone to a denial of service vulnerability. A remote attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause the resolver to terminate with an assertion failure, resulting in a denial of service to clients relying on the resolver.

 2015-07-07 DSA-3303 cups-filters - security update

It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.

 2015-07-06 DSA-3302 libwmf - security update

Insufficient input sanitising in libwmf, a library to process Windows metafile data, may result in denial of service or the execution of arbitrary code if a malformed WMF file is opened.

 2015-07-05 DSA-3301 haproxy - security update

Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast and reliable load balancing reverse proxy, when HTTP pipelining is used. A client can take advantage of this flaw to cause data corruption and retrieve uninitialized memory contents that exhibit data from a past request or session.

 2015-07-04 DSA-3300 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the LogJam vulnerability.

 2015-07-02 DSA-3299 stunnel4 - security update

Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with verify = 2 or higher, then only the initial connection is redirected to the hosts specified with redirect. This allows a remote attacker to bypass authentication.

 2015-07-01 DSA-3298 jackrabbit - security update

It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as http(s) or file. Depending on the WebDAV request, this could not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others.


Debian Wiki   [more] [xml]
 2015-07-30T11:16:10Z ffmpeg
start translation of still images from french
 2015-07-30T11:13:01Z fr/ffmpeg
update still images
 2015-07-30T07:52:49Z it/DebianTesting
Typo on "mailing"

Linuxtoday.com   [more] [xml]
 Thu, 30 Jul 2015 23:00:00 -0700 Explore the night sky with these two open source apps
 Thu, 30 Jul 2015 19:00:00 -0700 What's new in Mageia 5

The main spotlight of Mageia 5 is the support of UEFI systems.

 Thu, 30 Jul 2015 15:00:00 -0700 Does the Chrome web store suck?

 ITworld: Are there serious problems with the Chrome web store itself?


OSNews   [more] [xml]
 Thu, 30 Jul 2015 22:29:47 GMT Windows 10's useful error message
Microsoft started rolling out Windows 10, its shiny new operating system from 29th of July and there have been reports of bugs and issues with installing the Windows 10 operating system on PC/Laptops. Of course, with new OS come new error messages but this one takes the cake. Question time: which mail application of which operating system has a dialog that reads "bummer"? Your prize will be a firm handshake, to be administered by yourself or by whoever is standing closest to you.
 Thu, 30 Jul 2015 22:23:56 GMT Haiku Media Kit: new and old pieces
Hello, it has been some time since my last article, in the meantime I continued to improve things out and since I changed some important parts of the media_kit, I think it's correct to notify the community about new and 'old' features added recently. This is an article mostly written for application developers, but I tried to explain the improvements made with simple words so I hope it will be interesting to anyone. Of all the alternative operating systems from the golden days (2000-2005 or so), Haiku is one of the very few - possibly the only one - still going strong. And by "going strong" I mean seeing a ton of development seemingly without seeing a sort of definitive release. They're trying to reach zero by endlessly dividing by 2, it seems, getting ever so much closer to zero without actually getting there.
 Thu, 30 Jul 2015 22:14:36 GMT Next version of Google Glass aimed at the workplace
Google may soon offer a new version of its Google Glass wearable later this fall. A new report says that the company will keep the hype down on this release, as it plans to offer it to businesses working in healthcare, manufacturing, and energy. Like I said over a year ago: No, I think the real value of Glass lies in an entirely different area Google seems to have been ignoring so far. It's a far less sexy area than the world of designer glasses and paragliders, but one that offers far, far more potential: 'traditional' workplaces. Construction. Road works. Law enforcement. The military. Farmers. Firefighters. Plumbers. Roofers. You name it. People who work with their hands in potentially dangerous environments, who can use the heads-up display for at-a-glance, crucial information while out in the field. If I can come up with something, anybody can.

DistroWatch.com: News   [more] [xml]
 2015-07-31T02:37:20+00:00 Distribution Release: Oracle Linux 6.7
Oracle has announced the release of Oracle Linux 6.7, the latest release of the distribution's legacy branch based on Red Hat Enterprise Linux 6.7: "We're happy to announce the general availability of Oracle Linux 6 Update 7, the seventh update release for Oracle Linux 6. You can find....
 2015-07-30T19:22:11+00:00 Development Release: Ubuntu 15.10 Alpha 2
The Ubuntu Release Team has announced the availability of a new test release of Ubuntu's community distributions. These community distributions are independently maintained while sharing infrastructure and resources with Ubuntu. The new release, version 15.10 Alpha 2, is still under heavy development and is intended for testing purposes....
 2015-07-30T13:52:25+00:00 Development Release: Elive 2.6.8 (Beta)
The developers of Elive, a commercial distribution based on Debian which features the Enlightenment desktop, have released a new test release. Elive 2.6.8 Beta offers better touchpad support, fixes large fonts when using some NVIDIA video cards and makes Zsh the default command line shell. The release announcement....

powered by zFeeder

 

 

 

 

Translate to Spanish