LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, April 30th, 2015

    Time Event
    1:04a
    [$] LWN.net Weekly Edition for April 30, 2015
    The LWN.net Weekly Edition for April 30, 2015 is available.
    4:34p
    Thursday's security updates

    Debian has updated curl (information leak), elasticsearch (directory traversal), and icecast2 (denial of service).

    Debian-LTS has updated curl (two vulnerabilities), openjdk-6 (multiple vulnerabilities), php5 (multiple vulnerabilities), and qt4-x11 (multiple vulnerabilities).

    Fedora has updated ax25-tools (F21; F20: denial of service), fcgi (F21; F20: denial of service), FlightGear (F21: unspecified vulnerability), FlightGear-data (F21: unspecified vulnerability), mailman (F21: path traversal attack), mksh (F21; F20: multiple issues), pdns (F21; F20: denial of service), pdns-recursor (F21; F20: denial of service), and qt (F21: multiple vulnerabilities).

    Mandriva has updated glibc (MBS2.0, MBS1.0: two vulnerabilities) and sqlite3 (MBS2.0, MBS1.0: three vulnerabilities).

    openSUSE has updated DirectFB (13.2, 13.1: two vulnerabilities).

    Ubuntu has updated curl (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities), EC2 kernel (10.04: privilege escalation), kernel (14.10; 14.04; 12.04; 10.04: multiple vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: denial of service).

    5:22p
    Debian GNU/Hurd 2015 released
    Debian GNU/Hurd 2015 has been released. "This is a snapshot of
    Debian "sid" at the time of the stable Debian "jessie" release (April
    2015), so it is mostly based on the same sources. It is not an official
    Debian release, but it is an official Debian GNU/Hurd port release.    "
    6:40p
    Unboxing Linux/Mumblehard: Muttering spam from your servers (WeLiveSecurity)
    WeLiveSecurity reports
    that ESET researchers have revealed a family of Linux malware that stayed
    under the radar for more than 5 years. They are calling it
    Linux/Mumblehard. "There are two components in the Mumblehard malware family: a backdoor and a spamming daemon. They are both written in Perl and feature the same custom packer written in assembly language. The use of assembly language to produce ELF binaries so as to obfuscate the Perl source code shows a level of sophistication higher than average.

    Monitoring of the botnet suggests that the main purpose of Mumblehard seems to be to send spam messages by sheltering behind the reputation of the legitimate IP addresses of the infected machines.    "
    8:43p
    Apache SpamAssassin 3.4.1 released
    The Apache SpamAssassin 3.4.1 release is out. "Highlights include: Improved automation to help combat spammers
    that are abusing new top level domains; Tweaks to the SPF support to
    block more spoofed emails; Increased character set normalization to
    make rules easier to develop, block more international spam and stop
    spammers from using alternate character sets to bypass tests;
    Continued refinement to the native IPv6 support; and Improved Bayesian
    classification with better debugging and attachment hashing.    "

    << Previous Day 2015/04/30
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org