Debianhelp.co.uk
Debian Security   [more] [xml]
 2015-05-23 DSA-3272 ipsec-tools - security update

Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause the IKE daemon to crash via specially crafted UDP packets, resulting in a denial of service.

 2015-05-23 DSA-3271 nbd - security update

Tuomas Räsänen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service.

 2015-05-22 DSA-3270 postgresql-9.4 - security update

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.

 2015-05-22 DSA-3269 postgresql-9.1 - security update

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system.

 2015-05-22 DSA-3268 ntfs-3g - security update

Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users.

 2015-05-22 DSA-3267 chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser.

 2015-05-21 DSA-3266 fuse - security update

Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users.

 2015-05-20 DSA-3265 zendframework - security update

Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie.

 2015-05-19 DSA-3264 icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service.

 2015-05-19 DSA-3263 proftpd-dfsg - security update

Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code.

 2015-05-18 DSA-3262 xen - security update

Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests.

 2015-05-15 DSA-3261 libmodule-signature-perl - security update

Multiple vulnerabilities were discovered in libmodule-signature-perl, a Perl module to manipulate CPAN SIGNATURE files. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-05-13 DSA-3260 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service.

 2015-05-13 DSA-3259 qemu - security update

Several vulnerabilities were discovered in the qemu virtualisation solution:

 2015-05-12 DSA-3258 quassel - security update

It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection (e.g. when the backend PostgreSQL server is restarted).

 2015-05-11 DSA-3257 mercurial - security update

Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command.

 2015-05-10 DSA-3256 libtasn1-6 - security update

Hanno Boeck discovered a heap-based buffer overflow flaw in the way Libtasn1, a library to manage ASN.1 structures, decoded certain DER-encoded input. A specially crafted DER-encoded input could cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code.

 2015-05-10 DSA-3255 zeromq3 - security update

It was discovered that libzmq, a lightweight messaging kernel, is susceptible to a protocol downgrade attack on sockets using the ZMTP v3 protocol. This could allow remote attackers to bypass ZMTP v3 security mechanisms by sending ZMTP v2 or earlier headers.

 2015-05-09 DSA-3254 suricata - security update

Kostya Kortchinsky of the Google Security Team discovered a flaw in the DER parser used to decode SSL/TLS certificates in suricata. A remote attacker can take advantage of this flaw to cause suricata to crash.

 2015-05-07 DSA-3253 pound - security update

Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer (SSL) protocol.

 2015-05-06 DSA-3252 sqlite3 - security update

Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code.

 2015-05-05 DSA-3251 dnsmasq - security update

Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and DHCP/TFTP server, did not properly check the return value of the setup_reply() function called during a TCP connection, which is used then as a size argument in a function which writes data on the client's connection. A remote attacker could exploit this issue via a specially crafted DNS request to cause dnsmasq to crash, or potentially to obtain sensitive information from process memory.

 2015-05-04 DSA-3250 wordpress - security update

Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands.

 2015-05-03 DSA-3249 jqueryui - security update

Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its title option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.

 2015-05-02 DSA-3248 libphp-snoopy - security update

It was discovered that missing input saniting in Snoopy, a PHP class that simulates a web browser may result in the execution of arbitrary commands.

 2015-05-02 DSA-3247 ruby2.1 - security update

It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.

 2015-05-02 DSA-3246 ruby1.9.1 - security update

It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.

 2015-05-02 DSA-3245 ruby1.8 - security update

It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.

 2015-05-02 DSA-3244 owncloud - security update

Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more.

 2015-05-01 DSA-3243 libxml-libxml-perl - security update

Tilmann Haak from xing.com discovered that XML::LibXML, a Perl interface to the libxml2 library, did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

 2015-04-30 DSA-3242 chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser:

 2015-04-29 DSA-3241 elasticsearch - security update

John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal.

 2015-04-29 DSA-3240 curl - security update

It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends to the destination server, possibly leaking sensitive information.

 2015-04-29 DSA-3239 icecast2 - security update

Juliane Holzt discovered that Icecast2, a streaming media server, could dereference a NULL pointer when URL authentication is configured and the stream_auth URL is trigged by a client without setting any credentials. This could allow remote attackers to cause a denial of service (crash).

 2015-04-26 DSA-3238 chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser.

 2015-04-26 DSA-3237 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

 2015-04-25 DSA-3236 libreoffice - security update

It was discovered that missing input sanitising in Libreoffice's filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened.


Debian Wiki   [more] [xml]
 2015-05-25T13:40:51Z ReproducibleBuilds/About
new Snowden leak about app store mitm attacks
 2015-05-25T13:01:11Z Teams/RustPackaging
about rust in debian
 2015-05-25T09:42:40Z DebianScience
Created entry for the nanoscale-physics-dev metapackage

Linuxtoday.com   [more] [xml]
 Sun, 24 May 2015 18:00:00 -0700 The benefits of building an open infrastructure

 opensource: Having an infrastructure that's open source and maintained by the community has afforded the OpenStack project many benefits

 Sun, 24 May 2015 14:00:00 -0700 OpenStack Governance Bridges and Hierarchies in the 'Big Tent'

eWEEK: VIDEO: Mark McLoughlin, OpenStack technical director at Red Hat, discusses what the new 'Big Tent' approach will mean for OpenStack distributions.

 Sun, 24 May 2015 10:00:00 -0700 Mark Shuttleworth considering Canonical IPO

 ZDnet: Mark Shuttleworth, founder of Canonical and Ubuntu Linux, revealed that he's considering taking the company public.


OSNews   [more] [xml]
 Sun, 24 May 2015 21:31:56 GMT Intel's contributions in Microsoft Edge
Intel has been contributing to Chakra, the JavaScript engine for Microsoft Edge (and previously Internet Explorer), since 2012, bringing their expertise in web runtime development and JIT code generation. Recently, Intel expanded its efforts by contributing to the larger Microsoft Edge codebase, specifically focused in the areas of graphics and performance optimizations. Intel has been a major contributor to open source browser engines such as WebKit, Blink, and Gecko, and with our expanded collaboration, they are now directly contributing to the Microsoft Edge codebase to deliver an improved browsing experience for Windows 10. Whil this is very interesting, instead of working with just a few partners, Microsoft should've just opened the code for their new rendering engine altogether. At this point, it makes little sense to keep this kind of important code closed. When it comes to open source, the new Microsoft is only a little bit new.
 Sun, 24 May 2015 21:29:17 GMT qboot, a minimal x86 firmware for QEMU
Enter qboot, a minimal x86 firmware that runs on QEMU and, together with a slimmed-down QEMU configuration, boots a virtual machine in 40 milliseconds on an Ivy Bridge Core i7 processor. The code's on github.
 Sun, 24 May 2015 21:26:35 GMT The first first-person shooter
The year was 1973. They were high school seniors in a work-study program with NASA, tasked with testing the limits of the Imlac PDS-1 and PDS-4 minicomputers. Their maze program flickered into life with simple wireframe graphics and few of the trappings of modern games. You could walk around in first person, looking for a way out of the maze, and that's about it. There were no objects or virtual people. Just a maze. But Maze would evolve over the summer and the years that followed. Soon two people could occupy the maze together, connected over separate computers. Then they could shoot each other and even peek around corners. Before long, up to eight people could play in the same maze, blasting their friends across the ARPANET - a forebear to the internet. Two decades before id Software changed the game industry with Wolfenstein 3D and Doom, Colley, Palmer and MIT students Greg Thompson and Dave Lebling invented the first-person shooter. Amazing story.

DistroWatch.com: News   [more] [xml]
 2015-05-25T12:02:50+00:00 Distribution Release: Webconverger 30.0
Kai Hendry has announced the availability of Webconverger 30.0, a major new update of the specialist Linux distribution made for web kiosks. This is the project's first release that is based on Debian GNU/Linux 8.0. From the release announcement: "Webconverger 30 release. As announced on Twitter earlier this....
 2015-05-25T00:20:27+00:00 DistroWatch Weekly, Issue 611
This week in DistroWatch Weekly: Review: Exploring Kubuntu 15.04News: openSUSE adopts Plasma 5, Neil McGovern discusses DPL tasks and recent Linux kernels hit with ext4 bugTips and tricks: Ubuntu's Snappy package managerTorrent corner: Handylinux, PC-BSD, Q4OSReleased last week: PC-BSD 10.1.2Upcoming releases: Fedora 22Opinion poll: Favourite desktopNew distributions: K-Mint....
 2015-05-22T17:11:00+00:00 Distribution Release: Q4OS 1.2.2
The development team behind the Debian-based Q4OS distribution have announced the availability of Q4OS 1.2.2. This new release presents a minor update to the Q4OS 1.2 series and introduces a new graphical package manager, called Software Centre. "We introduce the new 'Software Centre' in this version, now it....

powered by zFeeder

 

 

 

 

Translate to Spanish