LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, June 4th, 2014

    Time Event
    3:46p
    Security advisories for Wednesday

    CentOS has updated gnutls (C6: code execution), gnutls (C5: multiple vulnerabilities), libtasn1 (C6: multiple vulnerabilities), and squid (C6: denial of service).

    Debian has updated chkrootkit (privilege escalation).

    Fedora has updated gnutls (F20: code execution) and libtasn1 (F20: multiple vulnerabilities).

    openSUSE has updated libcap-ng (11.4: privilege escalation) and libxml2 (13.1, 12.3: revert fix for CVE-2014-0191).

    Oracle has updated gnutls (OL6: code execution), gnutls (OL5: multiple vulnerabilities), libtasn1 (OL6: multiple vulnerabilities), and squid (OL6: denial of service).

    Red Hat has updated gnutls (RHEL5: multiple vulnerabilities), gnutls (RHEL6: code execution), kernel (RHEL6.3 EUS: two vulnerabilities), libtasn1 (RHEL6: multiple vulnerabilities), and squid (RHEL6: denial of service).

    Scientific Linux has updated gnutls (SL5: multiple vulnerabilities), gnutls (SL6: code execution), libtasn1 (SL6: multiple vulnerabilities), and squid (SL6: denial of service).

    Ubuntu has updated chkrootkit (privilege escalation).

    4:53p
    Patch All The Things! New "Cupid" Technique Exploits Heartbleed Bug (PCMagazine)
    Cupid is an exploit for the Heartbleed bug in OpenSSL that can target both
    servers and endpoints running Linux and Android, reports
    PCMagazine. "Luis Grangeia, a researcher at SysValue, created a
    proof-of-concept code library that he calls "Cupid." Cupid consists of two
    patches to existing Linux code libraries. One allows an "evil server" to
    exploit Heartbleed on vulnerable Linux and Android clients, while the other
    allows an "evil client" to attack Linux servers. Grangeia has made the source code freely available, in hopes that other researchers will join in to learn more about just what kind of attacks are possible.    "
    6:49p
    [$] PGCon 2014: Clustering and VODKA

    The eighth annual PostgreSQL developer conference, known as PGCon, concluded on May 24th in Ottawa, Canada. This event has stretched into five days of meetings, talks, and discussions for 230 members of the PostgreSQL core community, which consists both of contributors and database administrators. PGCon serves to focus the whole PostgreSQL development community on deciding what's going to be in next year's PostgreSQL release as well as on showing off new features that contributors have developed. This year's conference included meetings of the main PostgreSQL team as well as for the Postgres-XC team, a keynote by Dr. Richard Hipp, and new code to put VODKA in your database.

    Subscribers can click below for the full report from guest author Josh Berkus.

    << Previous Day 2014/06/04
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org