LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, July 31st, 2014

    Time Event
    12:54a
    [$] LWN.net Weekly Edition for July 31, 2014
    The LWN.net Weekly Edition for July 31, 2014 is available.
    4:43p
    Thursday's security updates

    Debian has updated nss (multiple vulnerabilities) and tor (traffic confirmation attack).

    Fedora has updated cups (F20: privilege escalation).

    Mandriva has updated dbus (BS1.0: two denial of service flaws), file (BS1.0: denial of service), live (BS1.0: code execution), php-ZendFramework (BS1.0: SQL injection), and sendmail (BS1.0: denial of service).

    openSUSE has updated apache2-mod_wsgi (13.1: off-by-one error), firefox (13.1, 12.3: multiple vulnerabilities), gpg2 (11.4: denial of service), memcached (11.4: multiple vulnerabilities), Mozilla (11.4: multiple vulnerabilities), ntp (13.1, 12.3: denial of service), php5 (13.1, 12.3: multiple vulnerabilities), ppc64-diag (13.1; 12.3: two vulnerabilities), pulseaudio (13.1, 12.3: denial of service), samba (11.4: two vulnerabilities), php5 (11.4: code execution), and xalan-j2 (11.4: information disclosure/code execution).

    Red Hat has updated openstack-keystone (RHELOS3&4: privilege escalation).

    Ubuntu has updated kde4libs (14.04 LTS, 12.04 LTS: ), tomcat6, tomcat7 (14.04 LTS, 12.04 LTS, 10.04 LTS: multiple vulnerabilities), and unity (14.04 LTS: command execution).

    6:53p
    This thumbdrive hacks computers. (Ars Technica)
    Ars Technica takes
    a look     at an exploit that transforms keyboards, Web cams, and other
    types of USB-connected devices into highly programmable attack platforms. "Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices."
    11:10p
    Stable kernel updates
    Stable kernels 3.15.8, 3.14.15, 3.10.51, and 3.4.101 have been released. All contain
    important fixes.

    << Previous Day 2014/07/31
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org