LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, February 16th, 2016

    Time Event
    3:32p
    A remote code execution vulnerability in glibc
    The Google Online Security Blog discloses a security issue in the GNU C library; a fix, workarounds, and a proof-of-concept exploit are all provided. "The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack."

    See also: the glibc advisory for this issue.

    5:12p
    Security advisories for Tuesday

    Debian has updated eglibc (multiple vulnerabilities), glibc (multiple vulnerabilities), graphite2 (three vulnerabilities), and libgcrypt11 (key leak).

    Debian-LTS has updated xdelta3 (code execution).

    Red Hat has updated 389-ds-base (RHEL7: denial of service), firefox (RHEL5,6,7: three vulnerabilities), kernel (RHEL7: two vulnerabilities), kernel-rt (RHEL7: two vulnerabilities), polkit (RHEL7: denial of service), and sos (RHEL7: information disclosure).

    SUSE has updated qemu (SLE12-SP1: two vulnerabilities).

    Ubuntu has updated eog (code execution), gtk+2.0, gtk+3.0 (code execution), libgcrypt11, libgcrypt20 (key leak), nettle (15.10, 14.04: improper cryptographic calculations), and samba (regression in previous update).

    6:33p
    Announcing Vulkan 1.0
    Vulkan is a new graphics API
    specification, seemingly meant to supersede OpenGL. Collabora has announced
    the availability of the 1.0 specification — and that the Wayland compositor
    already supports it. "To provide the best possible base for fluid
    modern user interfaces, Collabora have worked extensively on the Wayland
    window system, the underlying Kernel Mode Setting drivers and atomic
    modesetting, and also the EGL specifications and implementations. We are
    proud to continue this work with Vulkan.    " Intel has announced
    an open-source Vulkan driver for its hardware as well.

    << Previous Day 2016/02/16
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org