Debianhelp.co.uk
Debian Security   [more] [xml]
 2015-07-02 DSA-3299 stunnel4 - security update

Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with verify = 2 or higher, then only the initial connection is redirected to the hosts specified with redirect. This allows a remote attacker to bypass authentication.

 2015-07-01 DSA-3298 jackrabbit - security update

It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as http(s) or file. Depending on the WebDAV request, this could not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others.

 2015-06-29 DSA-3297 unattended-upgrades - security update

It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options::* apt configuration.


Debian Wiki   [more] [xml]
 2015-07-02T19:18:23Z ReproducibleBuilds/EpydocIssues
added epydoc
 2015-07-02T19:17:17Z ReproducibleBuilds/ExperimentalToolchain
added epydoc
 2015-07-02T15:12:52Z IRC
Simple cdd should not be discussed on Blends channel

Linuxtoday.com   [more] [xml]
 Fri, 03 Jul 2015 07:00:00 -0700 NoSQL and the next generation of big data

 opensource.com: MongoDB senior solutions architect Henrik Ingo provides insight into MongoDB and explains why it's the platform of choice for big data analytics and for building microservices.

 Fri, 03 Jul 2015 06:00:00 -0700 Compact, rugged IoT gateway runs Linux on Quark

 LinuxGizmos: Adlink's "Matrix MXE-100i" gateway runs Wind River's Linux-based IDP XT IoT gateway stack on an Intel Quark processor, and offers multiple wireless options.

 Fri, 03 Jul 2015 05:00:00 -0700 How to install ownCloud 8 on Debian 8 (Jessie)

 HowToForge: OwnCloud is a OpenSource file sync and share software that can be hosted on your own server.

 Fri, 03 Jul 2015 04:00:00 -0700 Psensor: A Graphical Hardware Temperature Monitoring Tool for Linux

 tecmint: Psensor is a GTK+ (Widget Toolkit for creating Graphical User Interface) based application software.

 Thu, 02 Jul 2015 23:00:00 -0700 Looking at the Cracker Hacker Economy

 FOSSforce: Technology sites top the list of the type of sites most likely to be exploited by cracker hackers, with the number on the rise.

 Thu, 02 Jul 2015 19:00:00 -0700 antiX 15 Officially Released, Based on Debian 8 "Jessie" but Without systemd

 softpedia: The distribution's codename is Killah P and does not include the systemd init system,

 Thu, 02 Jul 2015 15:00:00 -0700 Tickr – An RSS Feed Ticker for The Linux Desktop

MakeTechEasier: Remember RSS? You know, the short headlines and sentences of a few words each. Every major news site and blog has a feed. You can still get news the old fashioned way, only in a much nicer format.

 Thu, 02 Jul 2015 14:00:00 -0700 The Document Foundation announces LibreOffice 4.4.4

The LibreOffice community is growing


OSNews   [more] [xml]
 Thu, 02 Jul 2015 16:46:21 GMT Getting a "free" phone now a lot harder in The Netherlands
Buying a phone in combination with a contract - the mislabeled "free phone" - just became a whole lot more complicated in my home country of The Netherlands. Today, our minister of finance, Jeroen Dijsselbloem (if you follow international news - yes, that one) today announced that he is not going to create an exemption in Dutch finance laws specifically for mobile carriers offering "free" phones on contract. Last year, The Hoge Raad der Nederlanden (our supreme court) ruled that if carriers offer a loan of €250 or higher, they need to abide by the same rules as any other company, institution, or entity providing such loans - meaning, they will have to perform an income check, check if people have prior debts, and in general, if their financial situation is sound enough for them to be able to take on a loan for a smartphone. They will also need to be a lot more transparent and upfront about the fact they are offering a loan, including warnings, the terms, and so on. This, of course, affects carriers a great deal; a lot of expensive, high-end phones, like iPhones or the latest Galaxy phones, are sold in combination with contracts, their true price hidden in monthly payments. Making it harder for consumers to take on these loans hurts their business model. As such, carriers had asked our minister of finance to create an exemption specifically for them - but he refused. Carriers are, of course, not happy. T-Mobile, Vodafone, and KPN - our three major carriers - have already voiced their displeasure. They're complaining they will have to do considerable investments to change their sales model, and that it will become a lot harder for customers to buy high-end phones. To be fair to the carriers, all this does mean consumers will have to reveal a considerable amount of private information to carriers if they want to take out a loan to buy a phone. That being said, there are alternatives: carriers could simply charge the price of the phone upfront. This, of course, is not something they want - they'd much rather be a little bit shady and fuzzy about the true price of smartphones. Samsung, Apple, and other smartphone makers surely won't be happy with this either, as they rely on these somewhat shady deals to peddle their wares. Half of Dutch consumers are already on SIM-only contracts, and this will only push more consumers to cheaper phones. As a Dutchman, I find this great news. My financial means are such that I don't have to worry about this sort of thing, but there are enough people out there for whom this is not the case, and there are certainly quite a few people lured into these seemingly "cheap" phones, only to suffer for it down the line. While I'm sure people living in Libertarian la-la-land will scream bloody murder, the fact of the matter is that if left to their own devices, these companies will abuse people left and right.
 Wed, 01 Jul 2015 21:47:51 GMT Why are people still playing Ultima Online?
Later this year, Ultima Online will turn 18 years old. In the genre of MMOs, that makes the game positively ancient - and it's even more remarkable when you consider that it's still funded via a subscription model. I've never played an Ultima game, much less one that's nearly my age. I wanted to find out what the game is like to play today as a newcomer, and to ask people why they’ve continued visiting Britannia for nearly two decades. I have little to no interest in MMOs, but seeing one of them run for this long is fascinating.
 Wed, 01 Jul 2015 21:44:56 GMT Leaked: what's in Obama's trade deal
A recent draft of the Trans-Pacific Partnership free-trade deal would give U.S. pharmaceutical firms unprecedented protections against competition from cheaper generic drugs, possibly transcending the patent protections in U.S. law. This article focuses on pharmaceuticals, but just imagine what similar restrictions would mean for technology. This is disastrous.

DistroWatch.com: News   [more] [xml]
 2015-07-02T15:00:14+00:00 Distribution Release: 4MLinux 13.0
The 4MLinux project has announced a new release of the independent Linux distribution. The latest release, 4MLinux 13.0, ships with the GNU Compiler Collection 5 and offers miscellaneous desktop improvements. "The status of the 4MLinux 13.0 series has been changed to S. Major changes in the core of....
 2015-07-01T05:08:38+00:00 Development Release: Simplicity Linux 15.7 Beta
David Purse has announced the availability of the beta release of Simplicity Linux 15.7, a lightweight Puppy-based distribution for netbooks and desktops. Due to unresolved issues, the "Desktop" edition is only available in a 32-bit build for now. From the release announcement: "Simplicity Linux 15.7 beta is now....
 2015-06-30T23:49:58+00:00 Development Release: Tanglu 3.0 RC1
Matthias Klumpp has announced the availability of a release candidate for Tanglu, a Debian based distribution for desktop users. Tanglu 3 RC1 introduces experimental support and is presented in three editions (GNOME, KDE and Core). "We are pleased to announce the release of the first release candidate (RC)....

powered by zFeeder

 

 

 

 

Translate to Spanish