Language Selection

English French German Italian Portuguese Spanish

Patches for PostgreSQL and OpenEMR

Filed under
Security

"OpenEMR Security Issues"

  • Ring-KDE 3.0.0 Released, Intel Debuts 32TB Ruler-Shaped SSDs, OpenEMR Security Issues, PostgreSQL Updates and New Version of Unigine

    Several security vulnerabilities were discovered recently in OpenEMR, developer of open-source electronic health records and practice management tools, possibly affecting the data of more than 90 million patients. Info Security Magazine reports that the issues "included nine separate SQL injection vulnerabilities, four remote code execution flaws and several arbitrary file read, write and delete bugs. Others included a portal authentication bypass, unauthenticated information disclosure, and cross-site request forgery". Info Security notes that OpenEMR team has since patched "most" of the vulnerabilities.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Mozilla Firefox 64.0

Red Hat Openwashing Leadership, Promoting VirtIO-FS and Explaining HID

  • 5 things you won't learn from The Open Organization Leaders Manual
    Today the open organization community—a global group of writers, consultants, theorists, managers, and other organizational leaders dedicated to helping others understand how open principles can transform organizational culture and design—unveiled the second edition of The Open Organization Leaders Manual. Billed as "a handbook for building innovative and engaged teams," the book is available now as a Creative Commons-licensed eBook and a paperback.
  • Companies behind on digital transformation get ahead with open leaders
    One source of that disruption is digitization. Digitization is reshaping the way we lead, manage, and work. Even in the scope of the last decade, we've seen rapid adjustments to how we live, connect, and receive services. While we've been discussing ad nauseum how (or whether) we should be redefining organizational cultures and business models, the clock has been ticking, and the pace of digitization has not been slowing. In his book The Digital Matrix: New Rules for Business Transformation Through Technology, author Venkat Venkatraman argues that, by 2025, differences between digital and non-digital functions, processes, and business models will no longer exist.
  • VirtIO-FS: A Proposed Better Approach For Sharing Folders/Files With Guest VMs
    Red Hat developers have proposed a new VirtIO-FS component to provide better support for shared folders/files between the host and guest virtual machines.  VirtIO-FS was developed out of the need to share folders/files with guest VMs in a fast, consistent, and secure manner. They designed VirtIO-FS for Kata containers but coud be used with other VMs too. The closest existing project to fulfilling their needs was Virtio-9p, but there were performance issues and other factors leading them to designing this new solution.
  • Peter Hutterer: Understanding HID report descriptors
    This time we're digging into HID - Human Interface Devices and more specifically the protocol your mouse, touchpad, joystick, keyboard, etc. use to talk to your computer. Remember the good old days where you had to install a custom driver for every input device? Remember when PS/2 (the protocol) had to be extended to accommodate for mouse wheels, and then again for five button mice. And you had to select the right protocol to make it work. Yeah, me neither, I tend to suppress those memories because the world is awful enough as it is. As users we generally like devices to work out of the box. Hardware manufacturers generally like to add bits and bobs because otherwise who would buy that new device when last year's device looks identical. This difference in needs can only be solved by one superhero: Committee-man, with the superpower to survive endless meetings and get RFCs approved. Many many moons ago, when USB itself was in its infancy, Committee man and his sidekick Caffeine boy got the USB consortium agree on a standard for input devices that is so self-descriptive that operating systems (Win95!) can write one driver that can handle this year's device, and next year's, and so on. No need to install extra drivers, your device will just work out of the box. And so HID was born. This may only an approximate summary of history. Originally HID was designed to work over USB. But just like Shrek the technology world is obsessed with layers so these days HID works over different transport layers. HID over USB is what your mouse uses, HID over i2c may be what your touchpad uses. HID works over Bluetooth and it's celebrity-diet version BLE. Somewhere, someone out there is very slowly moving a mouse pointer by sending HID over carrier pigeons just to prove a point. Because there's always that one guy. HID is incredibly simple in that the static description of the device can just be bytes burnt into the ROM like the Australian sun into unprepared English backpackers. And the event frames are often an identical series of bytes where every bit is filled in by the firmware according to the axis/buttons/etc.

Today in Techrights

Android Leftovers