Language Selection

English French German Italian Portuguese Spanish

Patches for PostgreSQL and OpenEMR

Filed under
Security

"OpenEMR Security Issues"

  • Ring-KDE 3.0.0 Released, Intel Debuts 32TB Ruler-Shaped SSDs, OpenEMR Security Issues, PostgreSQL Updates and New Version of Unigine

    Several security vulnerabilities were discovered recently in OpenEMR, developer of open-source electronic health records and practice management tools, possibly affecting the data of more than 90 million patients. Info Security Magazine reports that the issues "included nine separate SQL injection vulnerabilities, four remote code execution flaws and several arbitrary file read, write and delete bugs. Others included a portal authentication bypass, unauthenticated information disclosure, and cross-site request forgery". Info Security notes that OpenEMR team has since patched "most" of the vulnerabilities.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Programming: Sublime Text Editor, RcppArmadillo, Django, Python and C

  • Sublime Text Editor For Debian/Ubuntu/Linux Mint
    Programmers/Developers always love rich-feature text editor, they can be more productive using such application. Sublime Text Editor has been around since 2008 and widely used by many programmers. It is written using C++ and Python programming language, the best thing about this editor is that it's cross-platform and available for Linux, Mac and Windows. Sublime-Text editor natively support numerous amount of programming and markup languages, more functionality can be added using plugins, the plugins are mostly built by its community and maintained user free-software licenses.
  • RcppArmadillo 0.9.300.2.0
    A new RcppArmadillo release based on a new Armadillo upstream release arrived on CRAN and Debian today. Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 583 other packages on CRAN.
  • William Lachance: New ideas, old buildings
    Last week, Brendan Colloran announced Iodide, a new take on scientific collaboration and reporting that I’ve been really happy to contribute to over the past year-and-a-bit. I’ve been describing it to people I meet as kind of "glitch meets jupyter " but that doesn’t quite do it justice. I’d recommend reading Brendan’s blog post (and taking a look at our demonstration site) to get the full picture. One question that I’ve heard asked (including on Brendan’s post) is why we chose a rather conventional and old technology (Django) for the server backend. Certainly, Iodide has not been shy about building with relatively new or experimental technologies for other parts (e.g. Python on WebAssembly for the notebooks, React/Redux for the frontend). Why not complete the cycle by using a new-fangled JavaScript web server like, I don’t know, NestJS? And while we’re at it, what’s with iodide’s ridiculous REST API? Don’t you know GraphQL is the only legitimate way to expose your backend to the world in 2019? The great urban theorist of the twentieth century, Jane Jacobs has a quote I love:
  • Setup your Raspberry Pi Model B as Google Colab (Feb '19) to work with Tensorflow, Keras and OpenCV
  • Getting started with the updated VS Code Yeoman extension for Camel projects
  • Plot the Aroon Up and the Aroon Down lines with Python
  • Linux C Programming Tutorial Part 15 - 2's Complement and Negative numbers
  • Using multiprocessing - a simple introduction.

From Trusty to Bionic - my Ultrabook story

I am happy with how the upgrade went, given that I've actually bumped the system two major releases. Apart from small issues, there was nothing cardinal in the move. No data loss, no complications, no crashes. All my stuff remains intact, and so does Windows 8, living happily together and sharing the disk with Ubuntu. Mission accomplished. But we ain't done. I need to make the system as usable as possible. Which means Unity testing - and Plasma testing, of course, duh! Indeed, this remains a productivity box, and as such, it must fulfill some very stringent requirements. It must be stable, fast and elegant. It must work with me every step of the way, and it must allow me to transparently and seamlessly use various programs that I need. On this particular machine, that would be video editing with Kdenlive, that would be image processing with GIMP, the use of encryption and VPN tools, tons of writing on the superbly ergonomic Asus keyboard. But all that and more - coming soon. For now, thank you Trusty for five sweet, loyal years. May you ReST in ethernet peace. Read more

Software: Avidemux, Cockpit and NVMe VFIO in Linux

  • Avidemux 2.7.3 Released with Various Decoder Fixes (Ubuntu PPA)
    Avidemux video editor released a new bug-fix version just 11 days after the last, with decoder fixes and misc small improvements
  • Cockpit Project: Cockpit 190
    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 190.
  • NVMe VFIO Mediated Device Support Being Hacked On For Lower Latency Storage In VMs
    Maxim Levitsky of Red Hat sent out a "request for comments" patch series this week introducing NVMe VFIO media storage device support for the Linux kernel. Levitsky is pursuing faster virtualization of storage while striving for low latency and that led to the creation of a VFIO-based mediated device driver to pass an NVMe partition or namespace to a guest. This NVMe VFIO mediated device support would allow virtualized guests to run their unmodified/standard NVMe device drivers, including the Windows drivers, while still allowing the NVMe device to be shared between the host and guest.

Fedora: Parental Controls, FPgM, Ambassadors/Translation Sprint, Modularity Test Day and Delays

  • Allan Day: Parental Controls and Metered Data Hackfest
    This week I participated in the Parental Controls and Metered Data Hackfest, which was held at Red Hat’s London office. Parental controls and metered data already exist in Endless and/or elementary OS in some shape or form. The goal of the hackfest was to plan how to upstream the features to GNOME. It’s great to see this kind of activity from downstreams so I was very happy to contribute in my capacity as an upstream UX designer. There have been a fair few blog posts about the event already, so I’m going to try and avoid repeating what’s already been written…
  • FPgM report: 2019-12
    Fedora 30 Beta is No-Go. Another Go/No-Go meeting will be held on Thursday. I’ve set up weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else. The Fedora 30 Beta Go/No-Go and Release Readiness meetings are next week.
  • Not posting here means not there is nothing done
    I looking with fears to this strange ideas Mindshare has for the future of the Ambassadors. You can not write reports if you not have an event, so I telling here now how hard it is in this country to organize an event. Since October 2018 I search for a place which would host the next Translation Sprint. We have tons of co-working spaces or NGO’s which have space available. But is always the same I asked e.g. Open Institute, answer we can host you just on Saturday. And I had actually to write there several times and even make calls because I got no answer for the first contact. The same on The Desk, we can host you only on Saturday. This makes no sense in Cambodia, it is a regular working day, because they have 28 holidays. So most people have to work until 2pm. What sucked on this one, I was working on it since end of January. So first meeting was setup for 11th March, I went there but nobbody there to meet me. This is normal cambodian working style I dont tell I am busy and cant meet you and give you an alternative time. Well the promised mail with an alternative time never arrived, so I had to ask for it again. Second meeting was then this Monday, I spent an hour with them with the useless result of “just Saturday”. But there is light on the horizon OpenDevelopment might host us but here just on Sunday, which is for us better then just Saturday. So six months, hundreds of mails and several meetings and achieved nothing. How easy is it to setup a Fedora Womans Day in the Pune office, compared to this and then just travel around the world to visit other events and this is then called “active”
  • Fedora 30 Modularity Test Day 2019-03-26
  • Fedora 30 Beta Won't Be Released Next Week Due To Their Arm Images Lacking A Browser