[Most Recent Entries] [Calendar View]
Wednesday, January 9th, 2013
| Time | Event |
| 1:58p | Two new (one "critical") Ruby on Rails vulnerabilities Two new vulnerabilities (CVE-2013-0156, CVE-2013-0155) have been reported in the Ruby on Rails web framework. CVE-2013-0156 is considered a critical vulnerability that should be patched or worked around immediately ("allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application"), while CVE-2013-0155 can alter some SQL queries when JSON parameter parsing is used. They are different than the SQL injection we reported on January 3. More information on -0156 can be found in this analysis. |
| 5:45p | [$] XBMC comes to Android ![[XBMC v12 on Android's main menu]](http://lwn.net/images/2013/01-xbmc-android-menu-sm.png)
Version 12 of the XBMC media-playback application is currently in the final stages of development; release candidate 3 was released on January 3. There are multiple enhancements to the codebase, but one of the biggest stories is that XBMC v12 will officially add support for Android. An Android port naturally makes XBMC available on tablets and handsets, but, just as importantly, it enables running on numerous set-top boxes, "smart TVs," and the increasingly-popular smart TV dongle — device classes currently dominated by proprietary applications produced by entertainment companies. |
| 5:53p | Wednesday's security advisories CentOS has updated xulrunner (C6: multiple vulnerabilities), thunderbird (C6: multiple vulnerabilities), and firefox (C6: multiple vulnerabilities). Debian has updated zendframework (information leak). Fedora has updated php-pear-CAS (F17; F16: missing CN validation of CAS server certificate) and v8 (F16: multiple vulnerabilities). Gentoo has updated haproxy (code execution), tor (multiple vulnerabilities), dhcpcd (code execution), bzip2 (code execution), isc dhcp (multiple vulnerabilities), and dokuwiki (multiple vulnerabilities). Mandriva has updated firefox (multiple vulnerabilities). Oracle has updated thunderbird (OL6: multiple vulnerabilities) and firefox (OL6: multiple vulnerabilities). Red Hat has updated firefox (multiple vulnerabilities), thunderbird (multiple vulnerabilities), openshift-origin-node-util (multiple vulnerabilities), and flash-plugin (code execution). Ubuntu has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities). |
| 9:44p | Fedora 18 Beta for ARM The Fedora ARM team has announced that the Fedora 18 Beta release for ARM is now available. "The Beta release includes pre-built images for Versatile Express (QEMU), Trimslice (Tegra), Pandaboard (OMAP4), GuruPlug (Kirkwood), and Beagleboard (OMAP3) hardware platforms. The Fedora 18 Beta for ARM now includes an install tree in the yum repository which may be used to PXE-boot a kickstart-based install on systems that support it, such as the Calxeda EnergyCore (HighBank)." |
| << Previous Day |
2013/01/09 [Calendar] |
Next Day >> |