Friday, August 7th, 2015

Time	Event
11:13a	An active Firefox exploit Mozilla has posted a warning about a Firefox vulnerability that is currently being actively exploited on the net. "The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the 'same origin policy') and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files." There is a security update for the problem. (Comment on this)
11:54a	Privacy Badger 1.0 The Electronic Frontier Foundation has announced the 1.0 release of the Privacy Badger browser extension. "As you browse the Web, Privacy Badger looks at any third party domains that are loaded on a given site and determines whether or not they appear to be tracking you (e.g. by setting cookies that could be used for tracking, or fingerprinting your browser). If the same third party domain appears to be tracking you on three or more different websites, Privacy Badger will conclude that the third party domain is a tracker and block future connections to it." The extension is distributed under GPLv3; see this page for more information. (Comment on this)
4:54p	Security updates for Friday Arch Linux has updated firefox (information leak) and wordpress (multiple vulnerabilities). Debian has updated kernel (multiple vulnerabilities). Debian-LTS has updated openssh (two vulnerabilities) and remind (buffer overflow). Fedora has updated drupal6-cck (F22; F21: unspecified vulnerability), lighttpd (F22; F21: log injection), mantis (F22; F21: information disclosure), opensaml-java (F22; F21: missing host name verification), opensaml-java-openws (F22; F21: missing host name verification), and openstack-swift (F22: arbitrary object deletion). Oracle has updated kernel 3.8.13 (OL7; OL6: information leak), kernel 2.6.39 (OL6; OL5: two vulnerabilities), and kernel 2.6.32 (OL6; OL5: two vulnerabilities). Ubuntu has updated firefox (15.04, 14.04, 12.04: information leak) and openjdk-6 (12.04: multiple vulnerabilities). (Comment on this)
7:03p	CentOS Linux 6.7 released CentOS Linux 6.7 has been released for x86 and x86_64. "There are many fundamental changes in this release, compared with the past CentOS Linux 6 releases, and we highly recommend everyone study the upstream Release Notes as well as the upstream Technical Notes about the changes and how they might impact your installation. (See the 'Further Reading' section of the CentOS release notes." (Comment on this)
9:29p	Firefox 39.0.3 is out Firefox 39.0.3 has been released. According to the release notes there are various security fixes. This does include a fix for the recently report active exploit. (Comment on this)
11:04p	Ubuntu 14.04.3 LTS released The third update to the 14.04 Long Term Support release is available for Desktop, Server, Cloud, and Core products, as well as other flavors of Ubuntu with long-term support. "We have expanded our hardware enablement offering since 12.04, and with 14.04.3, this point release contains an updated kernel and X stack for new installations to support new hardware across all our supported architectures, not just x86." (Comment on this)

<< Previous Day

2015/08/07 [Calendar]

Next Day >>