Debianhelp.co.uk
Debian Security   [more] [xml]
 2014-07-22 DSA-2985 mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:

 2014-07-22 DSA-2984 acpi-support - security update

CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script.

 2014-07-20 DSA-2983 drupal7 - security update

Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting. More information can be found at https://www.drupal.org/SA-CORE-2014-003.

 2014-07-19 DSA-2982 ruby-activerecord-3.2 - security update

Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.

 2014-07-18 DSA-2981 polarssl - security update

A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute the denial of service attack against its clients.

 2014-07-17 DSA-2980 openjdk-6 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

 2014-07-17 DSA-2979 fail2ban - security update

Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service.

 2014-07-11 DSA-2978 libxml2 - security update

Daniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution.

 2014-07-11 DSA-2977 libav - security update

Don A. Baley discovered an integer overflow in the lzo compression handler which could result in the execution of arbitrary code.

 2014-07-10 DSA-2976 eglibc - security update

Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings.

 2014-07-09 DSA-2975 phpmyadmin - security update

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-07-08 DSA-2974 php5 - security update

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-07-07 DSA-2973 vlc - security update

Multiple buffer overflows have been found in the VideoLAN media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code.

 2014-07-06 DSA-2972 linux - security update

Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

 2014-07-02 DSA-2971 dbus - security update

Several vulnerabilities have been discovered in dbus, an asynchronous inter-process communication system. The Common Vulnerabilities and Exposures project identifies the following problems:

 2014-06-29 DSA-2970 cacti - security update

Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool.

 2014-06-27 DSA-2969 libemail-address-perl - security update

Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.

 2014-06-27 DSA-2968 gnupg2 - security update

Jean-René Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop.

 2014-06-25 DSA-2967 gnupg - security update

Jean-René Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop.

 2014-06-23 DSA-2966 samba - security update

Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server:


Debian Wiki   [more] [xml]
 2014-07-24T08:21:57Z FreedomBox/TargetedHardware
Update Olimex offers (Add A20 and A10 boards, and drop obsolete A10S boards).
 2014-07-23T22:20:16Z victory/po-debconf
 2014-07-23T21:37:20Z GuillaumeDelacour

Linuxtoday.com   [more] [xml]
 Wed, 23 Jul 2014 19:00:00 -0700 Banana Pi review - tastier than Raspberry?

 LinuxUser: Does the first of the true Raspberry Pi clones have what it takes to come out from the shadow of its highly-successful inspiration?

 Wed, 23 Jul 2014 15:00:00 -0700 KDE's Semantic Desktop: Nepomuk vs. Baloo

 xmodulo: One of the most disliked features of the early KDE SC 4 releases was the developers' attempt to establish the semantic desktop.

 Wed, 23 Jul 2014 14:00:00 -0700 Backtick (`) symbol in Linux Shell Scripting

 nextstep4it: The backtick allows you to assign the output of a shell command to a variable.


OSNews   [more] [xml]
 Wed, 23 Jul 2014 08:26:09 GMT The bottomless money pit that is Windows Phone
Microsoft CEO Satya Nadella has confirmed that his company will amalgamate all major versions of Windows into one operating system. Speaking on the company's quarterly earnings call today, Nadella told analysts Microsoft will "streamline the next version of Windows from three operating systems into one single converged operating system." Describing the implications of the change, Nadella said "this means one operating system that covers all screen sizes." Not exactly news, but it's good to have it explicitly out in the open like this. And if they're going to want to keep focusing on consumers, they're going to need some pretty big changes. They sold fewer than half a million Surface devices in the last quarter, and only 5.8 million Lumia devices. That last figure is misleading, though, as it only covers two months due to the Nokia deal. Even adding another month, it's safe to say it's well below 10 million. This actually raises an interesting question: has Microsoft actually ever made any profit off Windows Phone? Especially taking into account the huge amount of money they had to pour into Nokia's devices division every quarter just to keep it alive? And now they also need to earn the costs of the acquisition back. At some point, someone is going to have to make the tough calls here. What is the future of Windows Phone - and how long will that future be? How long will Microsoft be able to pour resources into the bottomless money pit that is Windows Phone?
 Wed, 23 Jul 2014 07:47:11 GMT Xiaomi's Hugo Barra: we're not an Apple rip-off
Yesterday, former Google-executive Hugo Barra, now Xiaomi's global vice president, had a talk with The Verge. Barra is only a year into his job as leader of Mi's internationalization efforts, but he's already "sick and tired" of hearing his company derided as an Apple copycat. He sees Mi as "an incredibly innovative company" that never stops trying to improve and refine its designs, and the allegations of it copying Apple are "sweeping sensationalist statements because they have nothing better to talk about." This morning, John Gruber: Scroll down on the Mi 3 "features" page and you'll see this image, named "detail-camera.jpg". Take a good look at the camera in that image, then look at the app icon for the current version of Aperture. It's a simple copy-paste-skew job of the lens, and not a very good one. Two panels down on the page, they use it again, horizontally flipped. (Shockingly, they cropped out the "Designed by Apple in California".) Hilarious.
 Wed, 23 Jul 2014 07:40:56 GMT 'iOS: About diagnostic capabilities'
Update: Zdziarski put up a more detailed response. Apple responded to the backdoor story. Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer. Zdziarski, the author of the article that started this all, is not impressed. I don’t buy for a minute that these services are intended solely for diagnostics. The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a back door to bypass it? Apple response doesn't actually deny or contradict anything Zdziarski stated, so in the end, it all comes down to trust. Apple claims they only use these tools for "diagnostics" (which is a stretch considering the extensive and pervasive nature of the data they expose, but alas), and it's up to us to decide whether we trust them or not. If you still trust Apple - or Google, or Microsoft, or any other major technology company, for that matter - at this point, then I admire your child-like innocence.

DistroWatch.com: News   [more] [xml]
 2014-07-23T14:18:21+00:00 Distribution Release: Oracle Linux 7.0
Oracle has announced the release of Oracle Linux 7.0, a distribution rebuilt from source code of Red Hat Enterprise Linux 7, but featuring a custom "unbreakable" kernel: "Oracle is pleased to announce the general availability of Oracle Linux 7. Oracle Linux 7 offers the latest innovations and improvements....
 2014-07-22T23:39:54+00:00 Distribution Release: Tails 1.1
An updated version of Tails, a Debian-based distribution known for its strong privacy features and pre-configured for anonymous web browsing, has been released: "Tails, The Amnesic Incognito Live System, version 1.1, is out. All users must upgrade as soon as possible - this release fixes numerous security issues.....
 2014-07-22T16:35:42+00:00 Distribution Release: Kali Linux 1.0.8
Mati Aharoni has announced the release of Kali Linux 1.0.8, a minor update of the project's Debian-based distribution with specialist tools for penetration testing and forensic analysis: "The long awaited Kali Linux USB EFI boot support feature has been added to our binary ISO builds, which has prompted....

powered by zFeeder

 

 

 

 

Translate to Spanish