Debian Security   [more] [xml]
 2015-03-03 DSA-3179 icedove - security update

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure.

 2015-03-02 DSA-3178 unace - security update

Jakub Wilk discovered that unace, an utility to extract, test and view .ace archives, contained an integer overflow leading to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ace archive, an attacker could cause a denial of service (application crash) or, possibly, execute arbitrary code.

 2015-02-26 DSA-3176 request-tracker4 - security update

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-02-25 DSA-3175 kfreebsd-9 - security update

Mateusz Kocielski and Marek Kroemeke discovered that an integer overflow in IGMP processing may result in denial of service through malformed IGMP packets.

 2015-02-25 DSA-3174 iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure.

 2015-02-25 DSA-3173 libgtk2-perl - security update

It was discovered that libgtk2-perl, a Perl interface to the 2.x series of the Gimp Toolkit library, incorrectly frees memory which GTK+ still holds onto and might access later, leading to denial of service (application crash) or, potentially, to arbitrary code execution.

 2015-02-25 DSA-3172 cups - security update

Peter De Wachter discovered that CUPS, the Common UNIX Printing System, did not correctly parse compressed raster files. By submitting a specially crafted raster file, a remote attacker could use this vulnerability to trigger a buffer overflow.

 2015-02-23 DSA-3171 samba - security update

Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection.

 2015-02-23 DSA-3170 linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.

 2015-02-23 DSA-3169 eglibc - security update

Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library:

 2015-02-22 DSA-3168 ruby-redcloth - security update

Kousuke Ebihara discovered that redcloth, a Ruby module used to convert Textile markup to HTML, did not properly sanitize its input. This allowed a remote attacker to perform a cross-site scripting attack by injecting arbitrary JavaScript code into the generated HTML.

 2015-02-22 DSA-3167 sudo - security update

Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the TZ environment variable or to open files that the user would not otherwise be able to open. The later could potentially cause changes in system behavior when reading certain device special files or cause the program run via sudo to block.

 2015-02-22 DSA-3166 e2fsprogs - security update

Jose Duart of the Google Security Team discovered a buffer overflow in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem.

 2015-02-21 DSA-3165 xdg-utils - security update

Jiri Horner discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.

 2015-02-21 DSA-3164 typo3-src - security update

Pierrick Caillon discovered that the authentication could be bypassed in the Typo 3 content management system. Please refer to the upstream advisory for additional information:

 2015-02-19 DSA-3163 libreoffice - security update

It was discovered that LibreOffice, an office productivity suite, could try to write to invalid memory areas when importing malformed RTF files. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTF files.

 2015-02-18 DSA-3162 bind9 - security update

Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) or "dnssec-lookaside auto;".

 2015-02-11 DSA-3161 dbus - security update

Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw to trick dbus-daemon into thinking that systemd failed to activate a system service, resulting in an error reply back to the requester.

 2015-02-11 DSA-3160 xorg-server - security update

Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service.

 2015-02-10 DSA-3159 ruby1.8 - security update

It was discovered that the REXML parser, part of the interpreter for the Ruby language, could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash).

 2015-02-09 DSA-3158 unrtf - security update

Michal Zalewski and Hanno Boeck discovered several vulnerabilities in unrtf, a RTF to other formats converter, leading to a denial of service (application crash) or, potentially, the execution of arbitrary code.

 2015-02-09 DSA-3157 ruby1.9.1 - security update

Multiple vulnerabilities were discovered in the interpreter for the Ruby language:

 2015-02-06 DSA-3155 postgresql-9.1 - security update

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system.

 2015-02-05 DSA-3154 ntp - security update

Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-02-03 DSA-3153 krb5 - security update

Multiple vulnerabilities have been found in krb5, the MIT implementation of Kerberos:

 2015-02-03 DSA-3152 unzip - security update

A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact.

 2015-02-03 DSA-3151 python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems:

 2015-02-02 DSA-3150 vlc - security update

Fabian Yamaguchi discovered multiple vulnerabilities in VLC, a multimedia player and streamer:

 2015-02-02 DSA-3149 condor - security update

Florian Weimer, of Red Hat Product Security, discovered an issue in condor, a distributed workload management system. Upon job completion, it can optionally notify a user by sending an email; the mailx invocation used in that process allowed for any authenticated user able to submit jobs, to execute arbitrary code with the privileges of the condor user.

Debian Wiki   [more] [xml]
 2015-03-04T03:48:00Z PaulWise
 2015-03-04T00:02:41Z snd-cs46xx
Drop link to removed package changelog.
 2015-03-03T22:51:10Z Sprints/2015/DebianPerlSprint
my confirmed plans   [more] [xml]
 Tue, 03 Mar 2015 19:00:00 -0800 Oracle VirtualBox Updates to run on Linux 4.0 Kernel

InternetNews: The open-source VirtualBox virtualization project is out with its 4.3.24 update today providing a number of important updates and bug fixes.

 Tue, 03 Mar 2015 15:00:00 -0800 Keep Tabs on Your Stuff with the What's in My Bag Web App
 Tue, 03 Mar 2015 14:00:00 -0800 The Cat That Has Linux's Tongue

 FOSSforce: When I first decided that I wanted to use text to speech on a daily basis, I began researching and testing the available applications.

OSNews   [more] [xml]
 Wed, 04 Mar 2015 00:06:35 GMT No reboot patching comes to Linux 4.0
With Linux 4.0, you may never need to reboot your operating system again. One reason to love Linux on your servers or in your data-center is that you so seldom needed to reboot it. True, critical patches require a reboot, but you could go months without rebooting. Now, with the latest changes to the Linux kernel you may be able to go years between reboots.
 Tue, 03 Mar 2015 18:44:50 GMT Pebble Time Steel, smartstraps unveiled
Following the hugely successful campaign for the new Pebble Time, Pebble is back with two new products: smartstraps and a whole new Pebble, the Pebbble Time Steel. Let's start with smartstraps - an idea so simple it's almost silly that Google and Apple didn't come up with it first. Rather than trying to shove every sensor and doohickey into the Pebble Time, we decided to keep the watch simple and functional and give our incredible maker and developer community the opportunity to build from there. Up until now, if you wanted it all you had to compromise... On battery life, size, design or feature set. Not anymore. That's why we created Pebble smartstraps. It's simple: straps can now contain electronics and sensors to interface directly with apps running on Pebble Time. Second, the Pebble Time Steel. It's a more luxurious, metal version of the Pebble Time, but aside from its more premium feel and design, it also sports a larger battery (10 days of use instead of 7 days) and its screen is bonded with the glass. For the rest, it's identical to the Time. I can't believe I'm saying this, but I'm totally loving the gold version with the red band - for a square watch, it simply looks really, really good. In fact, for me, that specific model is the first Pebble I'd consider wearing. It combines an attractive design with Pebble's superior (over Wear and the Apple Watch) functionality. This could be a winner.
 Tue, 03 Mar 2015 18:44:04 GMT Apple Pay: a new frontier for scammers
Criminals in the US are using the new Apple Pay mobile payment system to buy high-value goods - often from Apple Stores - with stolen identities and credit card details. Banks have been caught by surprise by the level of fraud, and the Guardian understands that some are scrambling to ensure that better verification and checking systems are put in place to prevent the problem running out of control, with around two million Americans already using the system. The crooks have not broken the secure encryption around Apple Pay's fingerprint-activated wireless payment mechanism. Instead, they are setting up new iPhones with stolen personal information, and then calling banks to “provision” the victim’s card on the phone to use it to buy goods. Criminals, uh, find a way. News   [more] [xml]
 2015-03-02T12:43:55+00:00 Distribution Release: Porteus Kiosk 3.3.0
Tomasz Jokiel has announced the release of Porteus Kiosk 3.3.0, a lightweight Gentoo-based distribution designed for web kiosks: "I'm happy to announce Porteus Kiosk 3.3.0 which is now available for download. This is a major kiosk release which brings a number of new features, package upgrades and security....
 2015-03-02T01:23:30+00:00 DistroWatch Weekly, Issue 599
This week in DistroWatch Weekly: Reviews: First look at Sabayon 15.02News: Debian works toward reproducible builds, Linux Mint tests its upcoming Debian Edition, new YaST modules coming to openSUSE and the Linux kernel gets a version bumpTips and Tricks: Choosing good passwordsTorrent Corner: ArchBang, Greenie, KaOS, Tails,....
 2015-03-01T14:42:28+00:00 Development Release: Simplicity Linux 15.4 Alpha
David Purse has announced the availability of Simplicity Linux 15.4 beta, a lightweight Puppy-based distribution - now also available in a 64-bit flavour: "Simplicity Linux 15.4 alpha is now available for download. This release cycle marks the start of a new chapter for Simplicity: you can now get....

powered by zFeeder





Translate to Spanish