Thursday, February 19th, 2015

Time	Event
1:22a	[$] LWN.net Weekly Edition for February 19, 2015 The LWN.net Weekly Edition for February 19, 2015 is available. (Comment on this)
1:03p	Security updates for Thursday Debian has updated bind9 (denial of service). Debian-LTS has updated linux-2.6 (multiple vulnerabilities, one from 2013). Fedora has updated drupal7-path_breadcrumbs (F21; F20: access restriction bypass). openSUSE has updated perl-YAML-LibYAML (13.2, 13.1: multiple vulnerabilities, one each from 2013 and 2012) and php5 (13.2, 13.1: multiple vulnerabilities). SUSE has updated xntp (SLE10SP4: multiple vulnerabilities). Ubuntu has updated bind9 (14.10, 14.04, 12.04: denial of service). (Comment on this)
4:54p	EFF: Lenovo is breaking HTTPS security on its recent laptops Here is a statement from the Electronic Frontier Foundation on the revelation that Lenovo has been shipping insecure man-in-the-middle malware on its laptops. "Lenovo has not just injected ads in a wildly inappropriate manner, but engineered a massive security catastrophe for its users. The use of a single certificate for all of the MITM attacks means that all HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken." For additional amusement, see Lenovo's statement on the issue. There are a lot of Lenovo users in LWN's audience. Presumably most of them have long since done away with the original software, but those who might have kept it around would be well advised to look into the issue; this site can evidently indicate whether a machine is vulnerable or not. (Comment on this)

<< Previous Day

2015/02/19 [Calendar]

Next Day >>