Monday, December 9th, 2013

Time	Event
6:49p	Security advisories for Monday Debian has updated chromium-browser (multiple vulnerabilities) and samba (multiple vulnerabilities). Fedora has updated kernel (F19: multiple vulnerabilities), lynis (F19; F18: broken permissions), php-symfony2-BrowserKit (F18: denial of service), php-symfony2-ClassLoader (F18: denial of service), php-symfony2-Config (F18: denial of service), php-symfony2-Console (F18: denial of service), php-symfony2-CssSelector (F18: denial of service), php-symfony2-DependencyInjection (F18: denial of service), php-symfony2-DomCrawler (F18: denial of service), php-symfony2-EventDispatcher (F18: denial of service), php-symfony2-Filesystem (F18: denial of service), php-symfony2-Finder (F18: denial of service), php-symfony2-Form (F18: denial of service), php-symfony2-HttpFoundation (F18: denial of service), php-symfony2-HttpKernel (F18: denial of service), php-symfony2-Locale (F18: denial of service), php-symfony2-OptionsResolver (F18: denial of service), php-symfony2-Process (F18: denial of service), php-symfony2-PropertyAccess (F18: denial of service), php-symfony2-Routing (F18: denial of service), php-symfony2-Security (F18: denial of service), php-symfony2-Serializer (F18: denial of service), php-symfony2-Templating (F18: denial of service), php-symfony2-Translation (F18: denial of service), php-symfony2-Validator (F18: denial of service), php-symfony2-Yaml (F18: denial of service), and xen (F19; F18: denial of service/privilege escalation). Gentoo has updated festival (code execution from 2010) and openexr (multiple vulnerabilities from 2009). Mageia has updated gimp (code execution), links (integer overflow), openttd (denial of service), and pixman (denial of service). openSUSE has updated krb5 (13.1: two denial of service flaws), ruby19 (13.1, 12.x: code execution), ruby20 (13.1: code execution), and subversion (13.1: two vulnerabilities). Oracle has updated kernel (OL5: information leak). Scientific Linux has updated busybox (SL6: privilege escalation), coreutils (SL6: multiple vulnerabilities), dracut (SL6: information disclosure), evolution (SL6: encrypt email to unintended recipient), gimp (SL5&6: code execution), kernel (SL5: information leak), mod_nss (SL5&6: access with invalid client certificate), nss and nspr (SL5: multiple vulnerabilities), qemu-kvm (SL6: privilege escalation), RDMA stack (SL6: two vulnerabilities), sudo (SL6: privilege escalation), wireshark (SL6: multiple vulnerabilities), and xorg-x11-server (SL6: information disclosure). Ubuntu has updated gimp (13.10, 13.04, 12.10, 12.04 LTS: code execution), kernel (13.10: multiple vulnerabilities), linux-ti-omap4 (13.10: multiple vulnerabilities), and curl (12.10, 12.04 LTS, 10.04 LTS: regression in previous update). (Comment on this)
8:14p	WhisperPush lands in CyanogenMod builds WhisperPush is the CyanogenMod implementation of the "TextSecure" encrypted text messaging protocol; that implementation is just now finding its way into the CyanogenMod 10.2 nightly builds. "Moxie [Marlinspike] has been the lead engineer on the CyanogenMod implementation of TextSecure, making sure the CM version is both secure and compatible with his existing services. Unique to the CM implementation is our SMS middleware functionality. This is the same code that allows for our Google Voice integration into any messaging application." More information can be found on the Open WhisperSystems blog. (Comment on this)

<< Previous Day

2013/12/09 [Calendar]

Next Day >>