Several security vulnerabilities were found in botan1.10, a C++
library which provides support for many common cryptographic
operations, including encryption, authentication, X.509v3 certificates
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors and
buffer overflows may lead to the execution of arbitrary code or denial
Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.49. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details:
Hans Jerry Illikainen discovered that libgd2, a library for programmatic
graphics creation and manipulation, suffers of a signedness
vulnerability which may result in a heap overflow when processing
specially crafted compressed gd2 data. A remote attacker can take
advantage of this flaw to cause an application using the libgd2 library
to crash, or potentially, to execute arbitrary code with the privileges
of the user running the application.
Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP
reverse proxy, is vulnerable to HTTP smuggling issues, potentially
resulting in cache poisoning or bypassing of access control policies.
Multiple security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine, which may result in information disclosure,
the bypass of CSRF protections and bypass of the SecurityManager.
Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is
enabled and the sshd PAM configuration is configured to read userspecified
environment variables and the UseLogin option is enabled, a
local user may escalate her privileges to root.
Several vulnerabilities were discovered in Imagemagick, a program suite for
image manipulation. This update fixes a large number of potential security
problems such as null-pointer access and buffer-overflows that might lead
to memory leaks or denial of service. None of these security problems have
a CVE number assigned.
Hans Jerry Illikainen discovered that missing input sanitising in the
BMP processing code of the optipng PNG optimiser may result in denial of
service or the execution of arbitrary code if a malformed file is
Several vulnerabilities were discovered in cgit, a fast web frontend for
git repositories written in C. A remote attacker can take advantage of
these flaws to perform cross-site scripting, header injection or denial
of service attacks.
High-Tech Bridge Security Research Lab discovered that Roundcube, a
webmail client, contained a path traversal vulnerability. This flaw
could be exploited by an attacker to access sensitive files on the
server, or even execute arbitrary code.
Randell Jesup and the Firefox team discovered that srtp, Cisco's
reference implementation of the Secure Real-time Transport Protocol
(SRTP), does not properly handle RTP header CSRC count and extension
header length. A remote attacker can exploit this vulnerability to crash
an application linked against libsrtp, resulting in a denial of service.
softpedia: BlackArch 2016.04.28 adds more than 80 new tools that can be used for penetration testing and security auditing operations. As expected, many of the penetration testing tools included in the BlackArch Linux operating system
After missing the early days of the smartphone revolution, Intel spent in excess of $10 billion over the last three years in an effort to get a foothold in mobile devices.
Now, having gained little ground in phones and with the tablet market shrinking, Intel is essentially throwing in the towel. The company quietly confirmed last week that it has axed several chips from its roadmap, including all of the smartphone processors in its current plans.
This isn't the first time Intel tried to go mobile. It actually had quite a successful line of mobile ARM processors: XScale. These were ARM5 processors that powered a ton of devices, and I think most of us know it from Windows PocketPC devices (and later Palm OS devices). Intel eventually sold XScale to Marvell, because the company wanted to focus on its desktop/laptop and server processors, in 2006 - right before the big mobile revolution happened.
I can't help but wonder if that turned out to be a really dumb move.
A new email from Microsoft's Terry Myerson, Executive Vice President of the Windows and Devices Group, firmly states that the company is devoted to Windows 10 on mobile for 'many years' and that they are currently working on next generation products.
Whenever you have to repeatedly come out and say you're committed to something, you're probably not committed to it.
In 1993, Prince frustrated contract lawyers and computer users everywhere when he changed his name to glyph known as "The Love Symbol." Though he never said so explicitly, it's generally understood that the name change was attempt to stick it to his record label, Warner Bros., which now had to deal with a top-tier artist with a new, unpronounceable, untypeable name. But it wasn't just Warner Bros. that had a problem: The Love Symbol proved frustrating for people who wanted to both speak and write about Prince. Writers, editors, and layout designers at magazines and newspapers wouldn't be able to type the actual name of the Artist Formerly Known As Prince. So Prince did the only thing you could do in that situation: He had a custom-designed font distributed to news outlets on a floppy disk.
This week in DistroWatch Weekly: Review: Ubuntu 16.04 LTSNews: Linux Mint unveils new version of Cinnamon, Debian Wheezy gets long term support, Devuan releases beta, Sabayon supplies ARM images and NetBSD gains ASLR supportQuestions and answers: Compiling a custom kernel for performance gainsTorrent corner: Sabayon, Slackel, TailsReleased last....
The developers of Voyager Live, a desktop distribution based on Xubuntu, have released a new version. The new release, Voyager Live 16.04, is based on Xubuntu 16.04 and ships with the Xfce 4.12 desktop environment. The new release will receive three years of security updates. The release announcement....
The 4MLinux project has announced the release of a new version of the miniature Linux distribution. The new version, 4MLinux 17.0, provides mostly package updates, including Firefox 46 and LibreOffice 5.1.3. "The status of the 4MLinux 17.0 series has been changed to stable. Create your documents with LibreOffice....