The InCommon Shibboleth Training team discovered that XMLTooling, a
C++ XML parsing library, did not properly handle an exception when
parsing well-formed but schema-invalid XML. This could allow remote
attackers to cause a denial of service (crash) via crafted XML data.
Jonathan Foote discovered that the BIND DNS server does not properly
handle TKEY queries. A remote attacker can take advantage of this flaw
to mount a denial of service via a specially crafted query triggering an
assertion failure and causing BIND to exit.
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, breakouts of the Java sandbox, information disclosure,
denial of service or insecure cryptography.
Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.0.20. Please see the MariaDB 10.0 Release Notes for further
Fernando Muñoz discovered that invalid HTML input passed to tidy, an
HTML syntax checker and reformatter, could trigger a buffer overflow.
This could allow remote attackers to cause a denial of service (crash)
or potentially execute arbitrary code.
Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.44. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details:
Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor,
a recursive DNS server, fixing
CVE-2015-1868, was insufficient in some
cases, allowing remote attackers to cause a denial of service
(service-affecting CPU spikes and in some cases a crash).
Toshifumi Sakaguchi discovered that the patch applied to pdns, an
authoritative DNS server, fixing
CVE-2015-1868, was insufficient in
some cases, allowing remote attackers to cause a denial of service
(service-affecting CPU spikes and in some cases a crash).
Breno Silveira Soares of Servico Federal de Processamento de Dados
(SERPRO) discovered that the BIND DNS server is prone to a denial of
service vulnerability. A remote attacker who can cause a validating
resolver to query a zone containing specifically constructed contents
can cause the resolver to terminate with an assertion failure, resulting
in a denial of service to clients relying on the resolver.
It was discovered that the texttopdf utility, part of cups-filters, was
susceptible to multiple heap-based buffer overflows due to improper
handling of print jobs with a specially crafted line size. This could
allow remote attackers to crash texttopdf or possibly execute arbitrary
Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast
and reliable load balancing reverse proxy, when HTTP pipelining is used.
A client can take advantage of this flaw to cause data corruption and
retrieve uninitialized memory contents that exhibit data from a past
request or session.
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors,
use-after-frees and other implementation errors may lead to the
execution of arbitrary code or denial of service. This update also
addresses a vulnerability in DHE key processing commonly known as
the LogJam vulnerability.
Johan Olofsson discovered an authentication bypass vulnerability in
Stunnel, a program designed to work as an universal SSL tunnel for
network daemons. When Stunnel in server mode is used with the redirect
option and certificate-based authentication is enabled with verify = 2
or higher, then only the initial connection is redirected to the hosts
specified with redirect. This allows a remote attacker to bypass
It was discovered that the Jackrabbit WebDAV bundle was susceptible to a
XXE/XEE attack. When processing a WebDAV request body containing XML,
the XML parser could be instructed to read content from network
resources accessible to the host, identified by URI schemes such as
http(s) or file. Depending on the WebDAV request, this could not
only be used to trigger internal network requests, but might also be
used to insert said content into the request, potentially exposing it to
the attacker and others.
Microsoft started rolling out Windows 10, its shiny new operating system from 29th of July and there have been reports of bugs and issues with installing the Windows 10 operating system on PC/Laptops. Of course, with new OS come new error messages but this one takes the cake.
Question time: which mail application of which operating system has a dialog that reads "bummer"? Your prize will be a firm handshake, to be administered by yourself or by whoever is standing closest to you.
Hello, it has been some time since my last article, in the meantime I continued to improve things out and since I changed some important parts of the media_kit, I think it's correct to notify the community about new and 'old' features added recently. This is an article mostly written for application developers, but I tried to explain the improvements made with simple words so I hope it will be interesting to anyone.
Of all the alternative operating systems from the golden days (2000-2005 or so), Haiku is one of the very few - possibly the only one - still going strong. And by "going strong" I mean seeing a ton of development seemingly without seeing a sort of definitive release. They're trying to reach zero by endlessly dividing by 2, it seems, getting ever so much closer to zero without actually getting there.
Google may soon offer a new version of its Google Glass wearable later this fall. A new report says that the company will keep the hype down on this release, as it plans to offer it to businesses working in healthcare, manufacturing, and energy.
Like I said over a year ago:
No, I think the real value of Glass lies in an entirely different area Google seems to have been ignoring so far. It's a far less sexy area than the world of designer glasses and paragliders, but one that offers far, far more potential: 'traditional' workplaces. Construction. Road works. Law enforcement. The military. Farmers. Firefighters. Plumbers. Roofers. You name it. People who work with their hands in potentially dangerous environments, who can use the heads-up display for at-a-glance, crucial information while out in the field.
If I can come up with something, anybody can.
Oracle has announced the release of Oracle Linux 6.7, the latest release of the distribution's legacy branch based on Red Hat Enterprise Linux 6.7: "We're happy to announce the general availability of Oracle Linux 6 Update 7, the seventh update release for Oracle Linux 6. You can find....
The Ubuntu Release Team has announced the availability of a new test release of Ubuntu's community distributions. These community distributions are independently maintained while sharing infrastructure and resources with Ubuntu. The new release, version 15.10 Alpha 2, is still under heavy development and is intended for testing purposes....
The developers of Elive, a commercial distribution based on Debian which features the Enlightenment desktop, have released a new test release. Elive 2.6.8 Beta offers better touchpad support, fixes large fonts when using some NVIDIA video cards and makes Zsh the default command line shell. The release announcement....