Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 7 hours 51 min ago

Mandriva: 2015:210: qemu

Monday 27th of April 2015 06:23:00 AM
LinuxSecurity.com: Updated qemu packages fix security vulnerabilities: A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use [More...]

Mandriva: 2015:209: php

Monday 27th of April 2015 06:17:00 AM
LinuxSecurity.com: Updated php packages fix security vulnerabilities: Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783). Buffer Overflow when parsing tar/zip/phar in phar_set_inode [More...]

Fedora 20 zarafa-7.1.12-1.fc20

Monday 27th of April 2015 04:55:00 AM
LinuxSecurity.com: Zarafa Collaboration Platform 7.1.12 final [48726]================================================== * ZCP-10149: Include Documentation hint for usage of NFS and -o nolock option * ZCP-10233: Zarafa-mr-accept script complains in certain cases about php timezone functions * ZCP-10578: missing prerequisites for the reverse proxy in the administrator manual * ZCP-10639: Incorrect message when trying to add an archive * ZCP-10919: a remote admin in multi tenant mode cannot resolve users * ZCP-11061: Bandwidth requirement documentation * ZCP-11413: Monitor complains on unused config options. * ZCP-11418: Compat features do not work with outlook 2010 and windows 8 * ZCP-11468: Document for a user who wants to use webapp, but is experiencing problems by using an unsupported browser, an easier area to locate the list of supported browsers * ZCP-11664: Remove "you" wording from the WebApp User Manual * ZCP-11713: Japanese e-mail breaks the body text * ZCP-11744: zarafa-restore error in documentation * ZCP-11786: zarafa-ws is trying to put files in /usr/share/doc/zarafa * ZCP-11869: Documentation is not clear about Multitenant Public Folder attribute * ZCP-11929: differences between "Managing tenant (company) spaces" and zarafa-admin * ZCP-11931: Outlook Client: synchronisation of an offline profile makes zarafa-server unresponsive * ZCP-11937: Setting out of office for the first time sets language to Catalan * ZCP-11949: Update documentation to stress that one server must have one database. * ZCP-12081: AB Provider UID is defined multiple times and may cause the server to read invalid memory * ZCP-12110: Segfault zarafa-server 7.1.8 R1 * ZCP-12257: include location of the ads plugin in the manual * ZCP-12371: Add additional LDAP logging when using extended log level * ZCP-12409: zarafa-search crashes with ssl * ZCP-12424: Dagent in LMTP mode violates RFC5321 * ZCP-12461: ECDatabaseMySQL defined twice * ZCP-12488: storing attachments in files on disk is not optimal implemented * ZCP-12491: Last date of a serial MR is ignored * ZCP-12492: Private mails sent from Exchange are not marked private. * ZCP-12501: Component documentation * ZCP-12534: Sending a mail to a group: The receivers do not see the group correctly. * ZCP-12549: remove mail subject from spooler.log * ZCP-12550: Zarafa-hidden does not work for cached outlook in ZCP 7.1.10 * ZCP-12566: gsoap code gets our license attached in community distribution of zcp * ZCP-12568: ldap_uri slows down webapp and server after switching the LDAP-Server * ZCP-12574: meeting request copy to delegate - german umlauts broken * ZCP-12592: Update unsecure swfupload.swf * ZCP-12596: senddocument.php allows unauthorized upload of files * ZCP-12597: OL2013 15.0.4641.1001 shows private appointments * ZCP-12600: Sync seems to fail for larger objects * ZCP-12608: Compatibility package does not install correctly with OEM version of Outlook 2013 in every case * ZCP-12611: Cannot move appointment to different calendar * ZCP-12618: Move temporary patch definitions file to systemwide central location * ZCP-12629: zarafa-server binary does not check for existence of sockets and pids when started manually * ZCP-12657: Optimization of dagent incoming e-mail processing * ZCP-12660: Change runlevel of zarafa-licensed to start before zarafa-server * ZCP-12671: Add new OL2013 version 15.0.4659.1000 client to compatibility component * ZCP-12676: IMAP Failed to read line: Interrupted system call * ZCP-12692: Stores should not be orphaned when user_safe_mode is active, even if they are back when correcting backend * ZCP-12696: SMTP RFC store violation * ZCP-12698: compile fail with recent g++ (4.9) * ZCP-12716: mails send with x-mailer "CDO for windows 2000" loses attachments. * ZCP-12720: SMTP RFC store violation * ZCP-12754: Document that its a bad idea to switch the connection type inside a profile * ZCP-12755: Add new OL2013 version 15.0.4667.1000 client to compatibility component * ZCP-12762: remove userquota_soft_template & userquota_hard_template from documentation * ZCP-12766: zarafa-mailbox-permissions doesn't remove rules for --remove-all-permissions * ZCP-12788: Updating the name of a non-active user will change it to a active user * ZCP-12790: Message with attachments converted from uuencoded to attachments with uudecode.py * ZCP-12791: zarafa-server crashing due to ldap.cfg error * ZCP-12801: Attachments aren't written into the database * ZCP-12824: zarafa server still logs indexer instead of search. * ZCP-12845: storing attachments in files on disk is not optimal implemented * ZCP-12847: Change changelog author for debian/rhel packages * ZCP-12850: ECDatabaseMySQL defined twice * ZCP-12851: zarafa-gateway: NOOP returns with wrong return code * ZCP-12852: Reading an encypted or signed email will change the receive date of the email to server time * ZCP-12865: zarafa-gateway.cfg man page missing description of imap_max_fail_commands. * ZCP-12877: meeting request copy to delegate - german umlauts broken * ZCP-12889: Segfault zarafa-server 7.1.8 R1 * ZCP-12892: Last date of a serial MR is ignored * ZCP-12898: zarafa-webaccess no login after update to 7.1.10 on Ubuntu 10.04 * ZCP-12901: mails send with x-mailer "CDO for windows 2000" loses attachments. * ZCP-12908: zarafa-server crashing due to ldap.cfg error * ZCP-12910: Monitor complains on unused config options. * ZCP-12914: Add comment in monitor.cfg for companyquota_warning_template * ZCP-12918: zarafa spooler queues mails forever if smtpd rejects the mail * ZCP-12920: As a user I want to be able to sort the global addresses book by Chinese character * ZCP-12921: Chinese character broken once received * ZCP-12922: remove userquota_soft_template & userquota_hard_template from documentation * ZCP-12923: Building from source fails when xmlto / libical / bison is missing * ZCP-12926: ECChannel::HrSelect doesn't handle EINTR as it should * ZCP-12930: zarafa-dagent segfault when deliver special mail * ZCP-12934: When reporting this traceback, please include Linux distribution name, system architecture and Zarafa version. * ZCP-12944: another chinese decode issue * ZCP-12945: Add new OL2013 version 15.0.4675.1003 client to compatibility component * ZCP-12949: Update documentation for unsupported Oracle Packages * ZCP-12950: zarafa-dagent segfault when deliver special mail * ZCP-12968: ECChannel::HrSelect doesn't handle EINTR as it should * ZCP-12994: Disabling imap on a pop3 users breaks certain mail. * ZCP-12995: Example command given in "Out of office management" is incomplete * ZCP-13015: add SSL settings for zcp 7.1 * ZCP-13019: Update documentation for Debian language pack installation * ZCP-13020: zarafa-admin tool mismatch password gives wrong notification * ZCP-13024: allowed to create SYSTEM user * ZCP-13026: Add new OL2013 version 15.0.4693.1000 client to compatibility component * ZCP-13030: Add new OL2010 version 14.0.7143.5000 client to compatibility component * ZCP-13035: Rather use SSLCERT_FILE & SSLCERT_PASS when setting up SSO for WebApp/WebAccess * ZCP-13039: Add comment in monitor.cfg for companyquota_warning_template * ZCP-13046: Improve z-push documentation in admin manual * ZCP-13047: man page zarafa-admin --hook-store --copyto-public could use some extra information * ZCP-13055: Zarafa outlook client 7.1.11-48011 does not work well with zarafa auto updater * ZCP-13060: zarafa server still logs indexer instead of search. * ZCP-13061: Sync seems to fail for larger objects * ZCP-13062: Merge the compatibility package installation into the MSI typical install mode * ZCP-13082: patch: wrong charset in HTML * ZCP-13120: Add new OL2013 version 15.0.4701.1000 client to compatibility component * ZCP-13123: Simplification of installation targets of compat package for manifest and c2r installations * ZCP-13143: Spooler.log gives wrong messages notifications * ZCP-13153: Outlook: answering on a message in 'send items' results in a message with empty Reply-To: header. * ZCP-13154: it would be helpful if phpmapi would produce a logfile * ZCP-13155: WebAccess /etc/zarafa/webaccess/config.php is not a symlink * ZCP-13158: Upgrade OpenSSL to 1.0.1m on Win32 * ZCP-13176: zarafa-server binary does not check for existence of sockets and pids when started manually * ZCP-13177: patch: wrong charset in HTML * ZCP-13179: it would be helpful if phpmapi would produce a logfile * ZCP-13180: Spooler.log gives wrong messages notifications * ZCP-13187: Message with attachments converted from uuencoded to attachments with uudecode.py * ZCP-13190: Setting out of office for the first time sets language to Catalan * ZCP-13191: When reporting this traceback, please include Linux distribution name, system architecture and Zarafa version. * ZCP-13192: Incorrect message when trying to add an archive * ZCP-13194: remove mail subject from spooler.log * ZCP-6294: allowed to create SYSTEM user * ZCP-6443: zarafa-admin tool mismatch password gives wrong notification * ZCP-7085: Updating the name of a non-active user will change it to an active user * ZCP-7296: Extension on the administrator manual

Fedora 21 wpa_supplicant-2.0-13.fc21

Monday 27th of April 2015 04:49:00 AM
LinuxSecurity.com: This update addresses a security vulnerability identified as CVE-2015-1863 . More information on this vulnerability is provided by upstream at https://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt . An extract:Attacker (or a system controlled by the attacker) needs to be within radio range of the vulnerable system to send a suitably constructed management frame that triggers a P2P peer device information to be created or updated.The vulnerability is easiest to exploit while the device has started an active P2P operation (e.g., has ongoing P2P_FIND or P2P_LISTEN control interface command in progress). However, it may be possible, though significantly more difficult, to trigger this even without any active P2P operation in progress.

Fedora 21 cherokee-1.2.103-6.fc21

Monday 27th of April 2015 04:47:00 AM
LinuxSecurity.com: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds

Fedora 20 cherokee-1.2.103-6.fc20

Monday 27th of April 2015 04:44:00 AM
LinuxSecurity.com: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds

Fedora 20 php-5.5.24-1.fc20

Monday 27th of April 2015 04:41:00 AM
LinuxSecurity.com: 16 Apr 2015, **PHP 5.5.24**Apache2handler:* Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (Gerrit Venema)Core:* Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence)* Fixed bug #67626 (User exceptions not properly handled in streams). (Julian)* Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk)* Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)* Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski)* Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString). (Stas)* Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing). (Nikita)* Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator). (Nikita)* Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability). (Stas)* Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (Stas)Curl:* Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)* Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)Date:* Export date_get_immutable_ce so that it can be used by extensions. (Derick Rethans)* Fixed bug #69336 (Issues with "last day of "). (Derick Rethans)Enchant:* Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds). (Anatol)Fileinfo:* Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (Anatol Belski)Filter:* Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used). (Jeff Welch)* Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff Welch)Mbstring:* Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E). (Masaki Kagaya)OPCache* Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)* Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)OpenSSL:* Fixed bug #67403 (Add signatureType to openssl_x509_parse).* Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)Phar:* Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike)* Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)* Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)* Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike)* Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)* Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (Stas)Postgres:* Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)SPL:* Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)SOAP:* Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (thomas at shadowweb dot org, Laruence)SQLITE:* Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception). (Dan Ackroyd)* Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3). (Anatol)

Fedora 21 zarafa-7.1.12-1.fc21

Monday 27th of April 2015 04:39:00 AM
LinuxSecurity.com: Zarafa Collaboration Platform 7.1.12 final [48726]================================================== * ZCP-10149: Include Documentation hint for usage of NFS and -o nolock option * ZCP-10233: Zarafa-mr-accept script complains in certain cases about php timezone functions * ZCP-10578: missing prerequisites for the reverse proxy in the administrator manual * ZCP-10639: Incorrect message when trying to add an archive * ZCP-10919: a remote admin in multi tenant mode cannot resolve users * ZCP-11061: Bandwidth requirement documentation * ZCP-11413: Monitor complains on unused config options. * ZCP-11418: Compat features do not work with outlook 2010 and windows 8 * ZCP-11468: Document for a user who wants to use webapp, but is experiencing problems by using an unsupported browser, an easier area to locate the list of supported browsers * ZCP-11664: Remove "you" wording from the WebApp User Manual * ZCP-11713: Japanese e-mail breaks the body text * ZCP-11744: zarafa-restore error in documentation * ZCP-11786: zarafa-ws is trying to put files in /usr/share/doc/zarafa * ZCP-11869: Documentation is not clear about Multitenant Public Folder attribute * ZCP-11929: differences between "Managing tenant (company) spaces" and zarafa-admin * ZCP-11931: Outlook Client: synchronisation of an offline profile makes zarafa-server unresponsive * ZCP-11937: Setting out of office for the first time sets language to Catalan * ZCP-11949: Update documentation to stress that one server must have one database. * ZCP-12081: AB Provider UID is defined multiple times and may cause the server to read invalid memory * ZCP-12110: Segfault zarafa-server 7.1.8 R1 * ZCP-12257: include location of the ads plugin in the manual * ZCP-12371: Add additional LDAP logging when using extended log level * ZCP-12409: zarafa-search crashes with ssl * ZCP-12424: Dagent in LMTP mode violates RFC5321 * ZCP-12461: ECDatabaseMySQL defined twice * ZCP-12488: storing attachments in files on disk is not optimal implemented * ZCP-12491: Last date of a serial MR is ignored * ZCP-12492: Private mails sent from Exchange are not marked private. * ZCP-12501: Component documentation * ZCP-12534: Sending a mail to a group: The receivers do not see the group correctly. * ZCP-12549: remove mail subject from spooler.log * ZCP-12550: Zarafa-hidden does not work for cached outlook in ZCP 7.1.10 * ZCP-12566: gsoap code gets our license attached in community distribution of zcp * ZCP-12568: ldap_uri slows down webapp and server after switching the LDAP-Server * ZCP-12574: meeting request copy to delegate - german umlauts broken * ZCP-12592: Update unsecure swfupload.swf * ZCP-12596: senddocument.php allows unauthorized upload of files * ZCP-12597: OL2013 15.0.4641.1001 shows private appointments * ZCP-12600: Sync seems to fail for larger objects * ZCP-12608: Compatibility package does not install correctly with OEM version of Outlook 2013 in every case * ZCP-12611: Cannot move appointment to different calendar * ZCP-12618: Move temporary patch definitions file to systemwide central location * ZCP-12629: zarafa-server binary does not check for existence of sockets and pids when started manually * ZCP-12657: Optimization of dagent incoming e-mail processing * ZCP-12660: Change runlevel of zarafa-licensed to start before zarafa-server * ZCP-12671: Add new OL2013 version 15.0.4659.1000 client to compatibility component * ZCP-12676: IMAP Failed to read line: Interrupted system call * ZCP-12692: Stores should not be orphaned when user_safe_mode is active, even if they are back when correcting backend * ZCP-12696: SMTP RFC store violation * ZCP-12698: compile fail with recent g++ (4.9) * ZCP-12716: mails send with x-mailer "CDO for windows 2000" loses attachments. * ZCP-12720: SMTP RFC store violation * ZCP-12754: Document that its a bad idea to switch the connection type inside a profile * ZCP-12755: Add new OL2013 version 15.0.4667.1000 client to compatibility component * ZCP-12762: remove userquota_soft_template & userquota_hard_template from documentation * ZCP-12766: zarafa-mailbox-permissions doesn't remove rules for --remove-all-permissions * ZCP-12788: Updating the name of a non-active user will change it to a active user * ZCP-12790: Message with attachments converted from uuencoded to attachments with uudecode.py * ZCP-12791: zarafa-server crashing due to ldap.cfg error * ZCP-12801: Attachments aren't written into the database * ZCP-12824: zarafa server still logs indexer instead of search. * ZCP-12845: storing attachments in files on disk is not optimal implemented * ZCP-12847: Change changelog author for debian/rhel packages * ZCP-12850: ECDatabaseMySQL defined twice * ZCP-12851: zarafa-gateway: NOOP returns with wrong return code * ZCP-12852: Reading an encypted or signed email will change the receive date of the email to server time * ZCP-12865: zarafa-gateway.cfg man page missing description of imap_max_fail_commands. * ZCP-12877: meeting request copy to delegate - german umlauts broken * ZCP-12889: Segfault zarafa-server 7.1.8 R1 * ZCP-12892: Last date of a serial MR is ignored * ZCP-12898: zarafa-webaccess no login after update to 7.1.10 on Ubuntu 10.04 * ZCP-12901: mails send with x-mailer "CDO for windows 2000" loses attachments. * ZCP-12908: zarafa-server crashing due to ldap.cfg error * ZCP-12910: Monitor complains on unused config options. * ZCP-12914: Add comment in monitor.cfg for companyquota_warning_template * ZCP-12918: zarafa spooler queues mails forever if smtpd rejects the mail * ZCP-12920: As a user I want to be able to sort the global addresses book by Chinese character * ZCP-12921: Chinese character broken once received * ZCP-12922: remove userquota_soft_template & userquota_hard_template from documentation * ZCP-12923: Building from source fails when xmlto / libical / bison is missing * ZCP-12926: ECChannel::HrSelect doesn't handle EINTR as it should * ZCP-12930: zarafa-dagent segfault when deliver special mail * ZCP-12934: When reporting this traceback, please include Linux distribution name, system architecture and Zarafa version. * ZCP-12944: another chinese decode issue * ZCP-12945: Add new OL2013 version 15.0.4675.1003 client to compatibility component * ZCP-12949: Update documentation for unsupported Oracle Packages * ZCP-12950: zarafa-dagent segfault when deliver special mail * ZCP-12968: ECChannel::HrSelect doesn't handle EINTR as it should * ZCP-12994: Disabling imap on a pop3 users breaks certain mail. * ZCP-12995: Example command given in "Out of office management" is incomplete * ZCP-13015: add SSL settings for zcp 7.1 * ZCP-13019: Update documentation for Debian language pack installation * ZCP-13020: zarafa-admin tool mismatch password gives wrong notification * ZCP-13024: allowed to create SYSTEM user * ZCP-13026: Add new OL2013 version 15.0.4693.1000 client to compatibility component * ZCP-13030: Add new OL2010 version 14.0.7143.5000 client to compatibility component * ZCP-13035: Rather use SSLCERT_FILE & SSLCERT_PASS when setting up SSO for WebApp/WebAccess * ZCP-13039: Add comment in monitor.cfg for companyquota_warning_template * ZCP-13046: Improve z-push documentation in admin manual * ZCP-13047: man page zarafa-admin --hook-store --copyto-public could use some extra information * ZCP-13055: Zarafa outlook client 7.1.11-48011 does not work well with zarafa auto updater * ZCP-13060: zarafa server still logs indexer instead of search. * ZCP-13061: Sync seems to fail for larger objects * ZCP-13062: Merge the compatibility package installation into the MSI typical install mode * ZCP-13082: patch: wrong charset in HTML * ZCP-13120: Add new OL2013 version 15.0.4701.1000 client to compatibility component * ZCP-13123: Simplification of installation targets of compat package for manifest and c2r installations * ZCP-13143: Spooler.log gives wrong messages notifications * ZCP-13153: Outlook: answering on a message in 'send items' results in a message with empty Reply-To: header. * ZCP-13154: it would be helpful if phpmapi would produce a logfile * ZCP-13155: WebAccess /etc/zarafa/webaccess/config.php is not a symlink * ZCP-13158: Upgrade OpenSSL to 1.0.1m on Win32 * ZCP-13176: zarafa-server binary does not check for existence of sockets and pids when started manually * ZCP-13177: patch: wrong charset in HTML * ZCP-13179: it would be helpful if phpmapi would produce a logfile * ZCP-13180: Spooler.log gives wrong messages notifications * ZCP-13187: Message with attachments converted from uuencoded to attachments with uudecode.py * ZCP-13190: Setting out of office for the first time sets language to Catalan * ZCP-13191: When reporting this traceback, please include Linux distribution name, system architecture and Zarafa version. * ZCP-13192: Incorrect message when trying to add an archive * ZCP-13194: remove mail subject from spooler.log * ZCP-6294: allowed to create SYSTEM user * ZCP-6443: zarafa-admin tool mismatch password gives wrong notification * ZCP-7085: Updating the name of a non-active user will change it to an active user * ZCP-7296: Extension on the administrator manual

Mandriva: 2015:208: setup

Monday 27th of April 2015 04:14:00 AM
LinuxSecurity.com: Updated setup package fixes security vulnerability: An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them [More...]

Mandriva: 2015:207: perl-Module-Signature

Monday 27th of April 2015 03:59:00 AM
LinuxSecurity.com: Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty [More...]

Mandriva: 2015:206: asterisk

Monday 27th of April 2015 03:41:00 AM
LinuxSecurity.com: Updated asterisk packages fix security vulnerability: When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate [More...]

Mandriva: 2015:205: tor

Monday 27th of April 2015 03:26:00 AM
LinuxSecurity.com: Updated tor packages fix security vulnerabilities: disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible (CVE-2015-2928). [More...]

Debian: 3233-1: wpa: Summary

Friday 24th of April 2015 11:38:00 AM
LinuxSecurity.com: Security Report Summary

Ubuntu: 2571-1: Firefox vulnerability

Friday 24th of April 2015 07:04:00 AM
LinuxSecurity.com: Firefox could be made to crash or run programs as your login if itopened a malicious website.

Slackware: 2015-111-05: mozilla-firefox: Security Update

Friday 24th of April 2015 05:58:00 AM
LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]

Fedora 21 php-5.6.8-1.fc21

Thursday 23rd of April 2015 12:12:00 PM
LinuxSecurity.com: 16 Apr 2015, **PHP 5.6.8**Core:* Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence)* Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk)* Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)* Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski)* Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString). (Stas)* Fixed bug #69210 (serialize function return corrupted data when sleep has non-string values). (Juan Basso)* Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing). (Nikita)* Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator). (Nikita)* Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability). (Stas)* Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (Stas)Apache2handler:* Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (Gerrit Venema)cURL:* Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)* Fixed bug #68739 (Missing break / control flow). (Laruence)* Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)Date:* Fixed bug #69336 (Issues with "last day of "). (Derick Rethans)Enchant:* Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds). (Anatol)Ereg:* Fixed bug #68740 (NULL Pointer Dereference). (Laruence)Fileinfo:* Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (Anatol Belski)Filter:* Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used). (Jeff Welch)* Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff Welch)OPCache:* Fixed bug #69297 (function_exists strange behavior with OPCache on disabled function). (Laruence)* Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)* Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)OpenSSL* Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling in stream_select() contexts) (Chris Wright)* Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly) (Daniel Lowrey)* Fixed bug #69215 (Crypto servers should send client CA list) (Daniel Lowrey)* Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)Phar:* Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike)* Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)* Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)* Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike)* Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)* Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (Stas)Postgres:* Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)SPL:* Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)SOAP:* Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (Laruence)Sqlite3:* Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception). (Dan Ackroyd)* Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)* Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)

Fedora 22 qt-4.8.6-28.fc22

Thursday 23rd of April 2015 12:11:00 PM
LinuxSecurity.com: Security fix for CVE-2015-1859, CVE-2015-1858, CVE-2015-1860

Fedora 22 ruby-2.2.2-11.fc22

Thursday 23rd of April 2015 12:11:00 PM
LinuxSecurity.com: Fixes CVE-2015-1855 ruby: OpenSSL extension hostname matching implementation violates RFC 6125

Fedora 22 sqlite-3.8.9-1.fc22

Thursday 23rd of April 2015 12:10:00 PM
LinuxSecurity.com: Update of sqlite to latest upstream version, with spatialite-tools rebuild.

Fedora 22 spatialite-tools-4.2.0-10.fc22

Thursday 23rd of April 2015 12:10:00 PM
LinuxSecurity.com: Update of sqlite to latest upstream version, with spatialite-tools rebuild.

More in Tux Machines

Leftovers: Gaming

Leftovers: Screenshots and Screencasts

Android Leftovers

GCC 4.9.2 vs. GCC 5 Benchmarks On An Intel Xeon Haswell

For those craving some more GCC 5 compiler benchmark numbers following last week's release of GCC 5.1, here's some new comparison numbers between GCC 4.9.2 stable and the near-final release candidate of GCC 5.1. Pardon for this light article due to still finishing up work on migrating to the new Phoronix web server while separately working to take care of thermal issues coming about in the new Linux benchmarking server room. Read more