Debianhelp.co.uk
Debian Security   [more] [xml]
 2015-04-25 DSA-3236 libreoffice - security update

It was discovered that missing input sanitising in Libreoffice's filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened.

 2015-04-24 DSA-3235 openjdk-7 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

 2015-04-24 DSA-3234 openjdk-6 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

 2015-04-24 DSA-3233 wpa - security update

The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentially execute arbitrary code.

 2015-04-22 DSA-3232 curl - security update

Several vulnerabilities were discovered in cURL, an URL transfer library:

 2015-04-21 DSA-3231 subversion - security update

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-04-20 DSA-3230 django-markupfield - security update

James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didn't disable the ..raw directive, allowing remote attackers to include arbitrary files.

 2015-04-19 DSA-3229 mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:

 2015-04-16 DSA-3228 ppp - security update

Emanuele Rocca discovered that ppp, a daemon implementing the Point-to-Point Protocol, was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.

 2015-04-15 DSA-3227 movabletype-opensource - security update

John Lightsey discovered a format string injection vulnerability in the localisation of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user.

 2015-04-15 DSA-3226 inspircd - security update

Adam discovered several problems in inspircd, an IRC daemon:

 2015-04-15 DSA-3225 gst-plugins-bad0.10 - security update

Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead to the execution of arbitrary code.

 2015-04-12 DSA-3224 libx11 - security update

Abhishek Arya discovered a buffer overflow in the MakeBigReq macro provided by libx11, which could result in denial of service or the execution of arbitrary code.

 2015-04-12 DSA-3223 ntp - security update

Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol:

 2015-04-12 DSA-3222 chrony - security update

Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server:

 2015-04-12 DSA-3221 das-watchdog - security update

Adam Sampson discovered a buffer overflow in the handling of the XAUTHORITY environment variable in das-watchdog, a watchdog daemon to ensure a realtime process won't hang the machine. A local user can exploit this flaw to escalate his privileges and execute arbitrary code as root.

 2015-04-11 DSA-3220 libtasn1-3 - security update

Hanno Boeck discovered a stack-based buffer overflow in the asn1_der_decoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code.

 2015-04-11 DSA-3219 libdbd-firebird-perl - security update

Stefan Roas discovered a way to cause a buffer overflow in DBD-FireBird, a Perl DBI driver for the Firebird RDBMS, in certain error conditions, due to the use of the sprintf() function to write to a fixed-size memory buffer.

 2015-04-10 DSA-3218 wesnoth-1.10 - security update

Ignacio R. Morelle discovered that missing path restrictions in the Battle of Wesnoth game could result in the disclosure of arbitrary files in the user's home directory if malicious campaigns/maps are loaded.

 2015-04-09 DSA-3217 dpkg - security update

Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file (.dsc). Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian archive.

 2015-04-06 DSA-3216 tor - security update

Several vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system:

 2015-04-06 DSA-3215 libgd2 - security update

Multiple vulnerabilities were discovered in libgd2, a graphics library:

 2015-04-06 DSA-3214 mailman - security update

A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script (such as postfix-to-mailman.py) to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file system.

 2015-04-06 DSA-3213 arj - security update

Multiple vulnerabilities have been discovered in arj, an open source version of the arj archiver. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-04-02 DSA-3212 icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service.

 2015-04-01 DSA-3211 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery.

 2015-03-31 DSA-3210 wireshark - security update

Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.

 2015-03-30 DSA-3209 openldap - security update

Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol.

 2015-03-29 DSA-3208 freexl - security update

Jodie Cunningham discovered multiple vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.

 2015-03-28 DSA-3207 shibboleth-sp2 - security update

A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash.

 2015-03-28 DSA-3206 dulwich - security update

Multiple vulnerabilities have been discovered in Dulwich, a Python implementation of the file formats and protocols used by the Git version control system. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-03-27 DSA-3205 batik - security update

Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.


Debian Wiki   [more] [xml]
 2015-04-26T12:21:41Z Python/Python3Port
 2015-04-26T12:18:59Z de/FrontPage
sync with original.
 2015-04-26T11:24:36Z DebianEdu/Status/Jessie
fix typo

Linuxtoday.com   [more] [xml]
 Sat, 25 Apr 2015 14:00:00 -0700 Btrfs In Linux 4.1 Has Fixes For File-Systems Of 20 Terabytes & Up

Phoronix: It's nearing the end of the Linux 4.1 kernel and Chris Mason has now sent in his pull request of Btrfs file-system updates for this next kernel update.

 Sat, 25 Apr 2015 10:00:00 -0700 How to Install ‘atop’ to Monitor Logging Activity of Linux System Processes

tecmint: Atop is a full screen performance monitor that can report the activity of all processes, even the ones that have been completed

 Sat, 25 Apr 2015 06:00:00 -0700 Use Geofix to Geotag Photos in digiKam

 scribblesandsnaps: Geofix is a simple Python script that lets you use an Android device to record the geographical coordinates of your current position.


OSNews   [more] [xml]
 Sun, 26 Apr 2015 10:26:11 GMT Debian 8 Jessie released
After almost 24 months of constant development the Debian project is proud to present its new stable version 8 (code name Jessie), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team. Jessie ships with a new default init system, systemd. The systemd suite provides many exciting features such as faster boot times, cgroups for services, and the possibility of isolating part of the services. The sysvinit init system is still available in Jessie. Screenshots and a screencast are available.
 Sat, 25 Apr 2015 14:49:47 GMT Steam charging for mods: for and against
It used to be that the only way to make money from a mod was a) make a standalone sequel or remake b) use it as a portfolio to get hired by a studio or c) back in the pre-broadband days, shovel it onto a dodgy CD-ROM (and even then, it almost certainly wasn't the devs who profited). As of last night, that changed. Mod-makers can now charge for their work, via Steam. It's far too soon to know the long-term outcome of Valve offering the option for mod creators to charge for their work, which went live yesterday using Skyrim as a test case. Everyone has an opinion, and I'll try to cover the main angles below, but first I simply want to express simple sadness. Not fatalistic sadness - I'm genuinely curious as to how this will play out, and there's high potential for excitement - but End Of An Era sadness. The backlash Valve is facing over this whole thing is immense. Every gaming website, and sites like Reddit, are swamped with people lashing out against this new Valve policy. This kind of universal backlash is incredibly rare, and it's kind of interesting to see it unfold. Whatever goodwill Valve had with PC gamer - they managed to throw it all away in a day. Absolutely amazing. As for my personal opinion on this matter - I'm used to mods being free, but considering some of the insane amounts of work people have put into incredibly complex, vast, and terrific mods for games like Skyrim, it does seem more than reasonable to give mod makers the possibility to charge for their work. And let's be absolutely clear here: Valve is forcing nobody to charge for their mods - mod makers choose to make their mods for-pay themselves. That being said, introducing money into an previously pretty much money-less scene is bound to have a lot of negative results - for instance, free mods from Nexus are being offered for sale on Steam; not by their authors, but by pirates. As a result, mod makers are removing their content from Nexus to prevent others from profiting off their work. It's a huge mess right now, and it'll be hard for Valve to regain all the goodwill they threw away in just a day.
 Sat, 25 Apr 2015 11:49:54 GMT Ubuntu Desktop to eventually switch to Snappy by default
Ubuntu Desktop will eventually switch to Snappy packages by default, while continuing to provide deb-based images as an alternative, at least for a while. I'm sure this doesn't come as a surprise for some of you, but further details regarding this have been revealed today. They're slowly moving away more and more from Debian packages.

DistroWatch.com: News   [more] [xml]
 2015-04-26T02:20:06+00:00 Distribution Release: Debian GNU/Linux 8.0
The Debian project has announced the release of Debian GNU/Linux 8.0, code name "Jessie". The new stable version is the first Debian release to use systemd as the default init software. It offers support for two new architectures, arm64 and ppc64el, while dropping support for the IA-64 and....
 2015-04-25T14:46:12+00:00 Development Release: Parsix GNU/Linux 7.5 Test 3
The Parsix developers have announced the availability of a new development release. Parsix GNU/Linux 7.5 Test 3 is based on Debian's "Wheezy" package repositories and contains a preview of technology and features to come in the project's next stable release. "Parsix GNU/Linux 7.5 (code name Rinaldo) brings the....
 2015-04-24T17:21:46+00:00 Distribution Release: Ubuntu Studio 15.04
The development team behind Ubuntu Studio has announced the availability of Ubuntu Studio 15.04. The new release ships with the Xfce 4.12 desktop environment and a new meta package which draws in all required dependencies for a multimedia workstation. "Another short term release is out. Not much is....

powered by zFeeder

 

 

 

 

Translate to Spanish