LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, January 7th, 2013

    Time Event
    3:26p
    An analysis of Debian wiki security breach
    The Debian project disclosed that the
    security of its wiki system had been compromised. An analysis of that
    compromise and its implications has now been posted. "We have
    completed our audit of the original server hosting wiki.debian.org and have
    concluded that the penetration did not yield escalated privileges for the
    attacker(s) beyond the 'wiki' service account. That said, it is clear that
    the attacker(s) have captured the email addresses and corresponding
    password hashes of all wiki editors. The attacker(s) were particularly
    interested in the password hashes belonging to users of Debian, Intel,
    Dell, Google, Microsoft, GNU, any .gov and any .edu.    "
    5:35p
    Monday's security advisories
    Debian has updated rails (input validation error), weechat (multiple vulnerabilities), nss (certificate removal), cups (privilege escalation), and gnupg (memory access violations).

    Fedora has updated drupal7 (F17; F16: multiple vulnerabilities), drupal6 (F17; F16: multiple vulnerabilities), freeciv (F17; F16: denial of service), inkscape (F17; F16: denial of service), backuppc (F17: cross-site scripting), dovecot (F16: denial of service), and php-symfony2-HttpKernel (F16: multiple vulnerabilities).

    Mageia has updated squashfs-tools (two code execution flaws), jetty (denial of service), gnupg (memory access violations), and cups (unauthorized access to administration interface).

    openSUSE has updated mariadb 12.2; 12.1: code execution) and mysql-community-server (code execution).

    8:11p
    Some new minor site features
    Regular LWN readers might be aware of the fact that we report from a fair number of conferences. The curious can now see just how many (and what we report on) in the new LWN.net conference coverage index. It turns out that even we were surprised by just how many events we've been to. Needless to say, we're not done; the conference index will be kept current as we report from future events (next stop: linux.conf.au).

    Part of getting to future conferences, of course, is remembering to get our speaking proposals in on time. On the suspicion that we are not the only ones with this kind of problem, we have extended the LWN Events Calendar to include a calendar dedicated to call-for-proposals deadlines. If you have been thinking about presenting your work to the community and would like to know whose deadlines you are about to miss, the CFP deadline calendar should be a helpful resource.

    << Previous Day 2013/01/07
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org