Debian Security   [more] [xml]
 2015-07-07 DSA-3304 bind9 - security update

Breno Silveira Soares of Servico Federal de Processamento de Dados (SERPRO) discovered that the BIND DNS server is prone to a denial of service vulnerability. A remote attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause the resolver to terminate with an assertion failure, resulting in a denial of service to clients relying on the resolver.

 2015-07-07 DSA-3303 cups-filters - security update

It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.

 2015-07-06 DSA-3302 libwmf - security update

Insufficient input sanitising in libwmf, a library to process Windows metafile data, may result in denial of service or the execution of arbitrary code if a malformed WMF file is opened.

 2015-07-05 DSA-3301 haproxy - security update

Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast and reliable load balancing reverse proxy, when HTTP pipelining is used. A client can take advantage of this flaw to cause data corruption and retrieve uninitialized memory contents that exhibit data from a past request or session.

 2015-07-04 DSA-3300 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the LogJam vulnerability.

 2015-07-02 DSA-3299 stunnel4 - security update

Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with verify = 2 or higher, then only the initial connection is redirected to the hosts specified with redirect. This allows a remote attacker to bypass authentication.

 2015-07-01 DSA-3298 jackrabbit - security update

It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as http(s) or file. Depending on the WebDAV request, this could not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others.

 2015-06-29 DSA-3297 unattended-upgrades - security update

It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options::* apt configuration.

 2015-06-29 DSA-3296 libcrypto++ - security update

Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.

 2015-06-24 DSA-3295 cacti - security update

Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

 2015-06-23 DSA-3294 wireshark - security update

Multiple vulnerabilities were discovered in the dissectors for WCCP and GSM DTAP, which could result in denial of service.

 2015-06-20 DSA-3293 pyjwt - security update

Tim McLean discovered that pyjwt, a Python implementation of JSON Web Token, would try to verify an HMAC signature using an RSA or ECDSA public key as secret. This could allow remote attackers to trick applications expecting tokens signed with asymmetric keys, into accepting arbitrary tokens. For more information see:

 2015-06-19 DSA-3292 cinder - security update

Bastian Blank from credativ discovered that cinder, a storage-as-a-service system for the OpenStack cloud computing suite, contained a bug that would allow an authenticated user to read any file from the cinder server.

 2015-06-18 DSA-3291 drupal7 - security update

Several vulnerabilities were found in drupal7, a content management platform used to power websites.

 2015-06-18 DSA-3290 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption.

 2015-06-15 DSA-3289 p7zip - security update

Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory.

 2015-06-13 DSA-3288 libav - security update

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at;a=blob;f=Changelog;hb=refs/tags/v11.4

 2015-06-13 DSA-3287 openssl - security update

Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.

 2015-06-13 DSA-3286 xen - security update

Multiple security issues have been found in the Xen virtualisation solution:

 2015-06-13 DSA-3285 qemu-kvm - security update

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

 2015-06-13 DSA-3284 qemu - security update

Several vulnerabilities were discovered in qemu, a fast processor emulator.

 2015-06-09 DSA-3283 cups - security update

It was discovered that CUPS, the Common UNIX Printing System, is vulnerable to a remotely triggerable privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on the CUPS server.

 2015-06-08 DSA-3282 strongswan - security update

Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links.

Debian Wiki   [more] [xml]
 2015-07-08T05:41:50Z SimonKainz
 2015-07-07T20:49:36Z I18n/FrenchSpamClean
add june 2015
 2015-07-07T20:15:28Z RaspberryPi2
added link how to add u-boot to the basic Debian install   [more] [xml]
 Tue, 07 Jul 2015 15:00:00 -0700 Do you prefer a modern desktop environment or something more traditional?

 EveryDayLinuxUser: Do you prefer the modern desktop environments with maybe less flexibility but perhaps better desktop integration?

 Tue, 07 Jul 2015 14:00:00 -0700 Open-source video editor Shotcut now with better 4K support

 ItRunsOnLinux: The developers of the Open-source video editor Shotcut made some huge improvements to the application and it gets better 4K support.

 Tue, 07 Jul 2015 13:00:00 -0700 openSUSE Leap 42 Is a New Version That Will Change the openSUSE Project

 softpedia: The project is undergoing some major changes, and they had to illustrate that with a name that sells it.

OSNews   [more] [xml]
 Tue, 07 Jul 2015 12:49:46 GMT Jolla announces focus shift
And so, a day before I leave for Italy for my Summer vacation, we've got some... News about Jolla. The company just put out a press release, announcing a focus shift. Jolla Ltd., the Finnish mobile company and developer of open mobile operating system Sailfish OS, today announced a change in its company structure and management as further action toward company's strategy to focus on Sailfish OS licensing and development. As of today, the company Jolla Ltd. will concentrate on the development and licensing business of the independent and open mobile operating system Sailfish OS. A new company will be established to continue Jolla's device business, where the company sees a specific interest from privacy-aware consumers and corporations around the world. The press release - of course - frames this as happy news, but years of experience in covering technology (or just years of not living under a rock, really) has taught me that moves like this are never borne out of desire, but out of necessity. Combined with several delays of Jolla's tablet and of Sailfish 2.0, it's hard not to conclude the company (companies?) is facing bleak times. I haven't exactly kept my displeasure with the slow pace of progress regarding Sailfish development a secret, and I've had worries about the company's future for a long time now. The Jolla phone is now 19 months old, and it wasn't exactly flagship-quality to begin with when it was first released in December 2013. While there's been considerable updates to Sailfish 1.0, it, too, is now 19 months old. In addition, the promised support for paid applications never arrived. One also has to wonder just how wise it was to focus on building a tablet. Tablets don't get replaced very often, and they are a far smaller market than smartphones. In addition, adding a whole new form factor to support is surely to negatively affect the smartphone experience. Had the company instead focused on releasing a new phone, we might have had it sooner - no new form factor to develop - and we'd have a replacement for the under-performing original Jolla phone. Hindsight, though, right? Regarding the tablet: Jolla is committed to deliver the Jolla Tablet to its Indiegogo crowdfunding contributors and is working hard to start first shipments as soon as possible. "The software (Sailfish OS) part of the work is in good shape but we have been slowed down by supply issues of certain hardware components. We expect to solve this issue very soon," Mr. Saarnio says. I hope the company can stay afloat long enough to ensure we get our tablets (I ordered one within minutes of the announcement). Maybe things are not as bleak as I make them out to be here, but I'm not exactly getting the positive vibes.
 Mon, 06 Jul 2015 22:34:10 GMT Hacking Team hacked, attackers claim 400GB in dumped data
On Sunday, while most of Twitter was watching the Women's World Cup - an amazing game from start to finish - one of the world's most notorious security firms was being hacked. Specializing in surveillance technology, Hacking Team is now learning how it feels to have their internal matters exposed to the world, and privacy advocates are enjoying a bit of schadenfreude at their expense. Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies. Feels poetic.
 Mon, 06 Jul 2015 22:30:28 GMT Revisiting how we build Firefox
Big changes afoot for Firefox. We intend to move Firefox away from XUL and XBL, but the discussion of how to do that is in the early stages. There are a ton of unanswered questions: what technologies/best practices for web development should we adopt in its place? How does this affect add-on developers? Is there space for a native-code main-window on desktop like we have on Android? How much time should we spend on this vs. other quality issues? What unanswered questions have we not asked yet? This clearly isn't a small endeavour, but the rationale given seems sound to me. News   [more] [xml]
 2015-07-06T00:08:13+00:00 DistroWatch Weekly, Issue 617
This week in DistroWatch Weekly: Review: Exploring Alpine Linux 3.2.0News: Fedora running on MIPS processors, FreeBSD 8.4's life extended, the OctoPkg package manager and Solus unveils daily buildsQuestions and answers: The source of Ubuntu's packagesTorrent corner: antiX, DragonFly BSD, Linux Mint, OpenMediaVault, VectorLinuxReleased last week: Linux Mint 17.2,....
 2015-07-03T16:14:18+00:00 Development Release: Parsix GNU/Linux 8.0 Test 1
The developers of Parsix GNU/Linux, a desktop oriented Debian-based distribution, have announced the availability of a new development release. The new release offers users an updated kernel, experimental UEFI support and the GNOME 3.16 desktop. "Parsix GNU/Linux 8.0 (code name Mumble) brings stable GNOME 3.16 desktop environment, a....
 2015-07-02T15:00:14+00:00 Distribution Release: 4MLinux 13.0
The 4MLinux project has announced a new release of the independent Linux distribution. The latest release, 4MLinux 13.0, ships with the GNU Compiler Collection 5 and offers miscellaneous desktop improvements. "The status of the 4MLinux 13.0 series has been changed to S. Major changes in the core of....

powered by zFeeder





Translate to Spanish