Linux

Thursday's security updates

Linux Weekly News - cs, 2014-10-16 17:11

CentOS has updated thunderbird (C5: multiple vulnerabilities).

Debian has updated drupal7 (SQL injection) and wpa (code execution).

Fedora has updated php-ZendFramework2 (F21: multiple vulnerabilities) and rsyslog (F20; F21: denial of service).

Oracle has updated firefox (O7: multiple vulnerabilities), java-1.6.0-openjdk (O5: multiple vulnerabilities), and java-1.7.0-openjdk (O5; O7: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL5, RHEL6: multiple vulnerabilities) and thunderbird (RHEL5, RHEL6: multiple vulnerabilities).

Slackware has updated openssl (multiple vulnerabilities).

Ubuntu has updated mysql-5.5 (12.04, 14.04: multiple vulnerabilities).

Kategóriák: Linux

Tiny $51 Tor router runs OpenWRT

LinuxToday - cs, 2014-10-16 15:45
Kategóriák: Linux

Red Hat Enterprise Linux 6.6 arrives

LinuxToday - cs, 2014-10-16 14:45
Kategóriák: Linux

POODLE Flaw Found in Legacy SSL 3.0 Encryption

LinuxToday - cs, 2014-10-16 13:45
Kategóriák: Linux

[$] LWN.net Weekly Edition for October 16, 2014

Linux Weekly News - cs, 2014-10-16 01:46
The LWN.net Weekly Edition for October 16, 2014 is available.
Kategóriák: Linux

The Divisive Linux Community

LinuxToday - sze, 2014-10-15 23:45
Kategóriák: Linux

[$] A damp discussion of network queuing

Linux Weekly News - sze, 2014-10-15 23:01
Very few presenters at technical conferences come equipped with gallons of water and a small inflatable swimming pool to contain it. But that is just how Stephen Hemminger showed up at the 2014 Linux Plumbers Conference. Stephen was there to talk about the current state of the fight against bufferbloat; while there was some good news to share, the sad fact is that, in a number of areas, we are still all wet.
Kategóriák: Linux

ROSA Desktop Fresh R4 KDE review

LinuxToday - sze, 2014-10-15 18:45
Kategóriák: Linux

Stable kernel updates

Linux Weekly News - sze, 2014-10-15 18:14
Greg Kroah-Hartman has released four kernel updates: 3.17.1, 3.16.6, 3.14.22, and 3.10.58. All contain the usual set of important fixes.
Kategóriák: Linux

Security advisories for Wednesday

Linux Weekly News - sze, 2014-10-15 18:07

CentOS has updated firefox (C7; C5: multiple vulnerabilities), java-1.6.0-openjdk (C7; C5: multiple vulnerabilities), and java-1.7.0-openjdk (C7; C5: multiple vulnerabilities).

Debian has updated wireshark (yet another pile of dissector flaws).

openSUSE has updated rsyslog (13.1; 12.3: two vulnerabilities).

Oracle has updated java-1.6.0-openjdk (OL7: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), java-1.6.0-openjdk (RHEL5,6,7: multiple vulnerabilities), java-1.7.0-openjdk (RHEL6,7; RHEL5: multiple vulnerabilities), and java-1.8.0-openjdk (RHEL6: multiple vulnerabilities).

SUSE has updated rsyslog (SLES11 SP3: two vulnerabilities).

Ubuntu has updated firefox (14.04, 12.04: multiple vulnerabilities), thunderbird (14.04, 12.04: multiple vulnerabilities), and wpa, wpasupplicant (14.04, 12.04, 10.04: command execution).

Kategóriák: Linux

The POODLE vulnerability

Linux Weekly News - sze, 2014-10-15 17:05
Google has disclosed a new SSL vulnerability that goes by the name POODLE. In essence: a man-in-the-middle attacker can force a connection to drop back to the obsolete SSL 3.0 protocol, then recover plaintext data. "Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks." The OpenSSL project has issued an advisory describing its response to a few vulnerabilities, POODLE included.
Kategóriák: Linux