LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, July 12th, 2016

    Time Event
    4:19p
    Tuesday's security advisories

    CentOS has updated thunderbird (C7; C6; C5: code execution).

    Debian-LTS has updated drupal7 (open redirect vulnerability) and graphicsmagick (two vulnerabilities).

    Fedora has updated expat (F22: multiple vulnerabilities), gnutls (F24: certificate verification vulnerability), gsi-openssh (F24: support GSI authentication), httpd (F24: authentication bypass), krb5 (F22: buffer overflow), mbedtls (F23: three vulnerabilities), pdfbox (F23: XML External Entity (XXE) attacks), pypy3 (F23; F22: two vulnerabilities), python (F22: startTLS stripping attack), python3 (F22: startTLS stripping attack), and samba (F24: crypto downgrade).

    Oracle has updated thunderbird (OL7; OL6: multiple vulnerabilities).

    Ubuntu has updated libgd2 (multiple vulnerabilities), nspr (denial of service), and nss (denial of service).

    8:14p
    Herman: Shipping Rust in Firefox
    Dave Herman reports
    that with Firefox 48, Mozilla will ship its first Rust component to all
    desktop platforms. "One of the first groups at Mozilla to make use
    of Rust was the Media Playback team. Now, it’s certainly easy to see that
    media is at the heart of the modern Web experience. What may be less
    obvious to the non-paranoid is that every time a browser plays a seemingly
    innocuous video (say, a chameleon popping
    bubbles    ), it’s reading data delivered in a complex format and created
    by someone you don’t know and don’t trust. And as it turns out, media
    formats are known to have been used to trick decoders into exposing nasty security vulnerabilities that exploit memory management bugs in Web browsers’ implementation code.

    This makes a memory-safe programming language like Rust a compelling addition to Mozilla’s tool-chest for protecting against potentially malicious media content on the Web.    "
    11:18p
    SPI 2015 Annual Report
    Software in the Public Interest has announced its 2015 Annual
    Report     (PDF), covering the 2015 calendar year. The annual report
    covers SPI's finances, elections, board members, committees, associated
    projects, and other significant changes throughout the year.

    << Previous Day 2016/07/12
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org