LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, October 11th, 2012

    Time Event
    12:41a
    [$] LWN.net Weekly Edition for October 11, 2012
    The LWN.net Weekly Edition for October 11, 2012 is available.
    5:06p
    Fedora is retiring Smolt hardware census (The H)
    The H reports on Fedora's plan to retire the smolt hardware census on November 7.
    "A page on the Fedora wiki dealing with the program's retirement lists several reasons for the decision. It seems that the information collected from the program was not as useful as the developers had hoped. Since the data resulted from an opt-in process, it was always skewed and could not be used to generalise about the distribution's install base. Added to this was the fact that the software had not been maintained for a while and does not work on RHEL 6. It is clear, from the wiki, that the Fedora development team have decided to change their approach to collecting data about their install base."
    5:21p
    Attack code for Firefox 16 privacy vulnerability now available online (ars technica)
    Firefox 16, which was released on October 9, has subsequently been withdrawn due to a privacy leak. Ars technica looks at code that can exploit the flaw, which is not present in Firefox 15. "In short order, he was able to take advantage of his discovery to fashion proof-of-concept code that forced Firefox 16 to identify a visitor's Twitter handle whenever the user was logged in to the site. The eight-line code sample takes about 10 seconds to reveal the username, and it wouldn't be hard for developers to expand on that code to create attacks that extract personal information contained in URLs from other websites."
    6:58p
    Thursday's security updates

    CentOS has updated firefox (C6: multiple vulnerabilities) and thunderbird (C6: multiple vulnerabilities).

    Fedora has updated thunderbird (F17: multiple vulnerabilities), firefox (F17: multiple vulnerabilities), thunderbird-lightning (F17: multiple vulnerabilities), and xulrunner (F17: multiple vulnerabilities).

    Mageia has updated bind (denial of service), firefox (multiple vulnerabilities), thunderbird (multiple vulnerabilities), flash-player-plugin (tons of vulnerabilities), hostapd (denial of service), and roundcubemail (two cross-site scripting flaws).

    Mandriva has updated firefox (multiple vulnerabilities) and libxslt (multiple vulnerabilities).

    openSUSE has updated wireshark (multiple vulnerabilities) and optipng (code execution).

    Oracle has updated thunderbird (OL6: multiple vulnerabilities) and firefox (OL5; OL6: multiple vulnerabilities).

    Red Hat has updated libvirt (RHEL6: denial of service).

    Scientfic Linux has updated libvirt (SL6: denial of service).

    Slackware has updated bind (denial of service).

    SUSE has updated flash-player (SLE10SP4: tons of vulnerabilities).

    Ubuntu has updated ruby1.9.1 (12.04: two access restriction bypass flaws), ruby1.8 (two access restriction bypass flaws), moin (two vulnerabilities), and quagga (denial of service).

    << Previous Day 2012/10/11
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org