LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Friday, July 15th, 2016

    Time Event
    3:21p
    Friday's security updates

    Debian has updated php5 (multiple vulnerabilities).

    Debian-LTS has updated clamav (fix for previously released update) and drupal7 (privilege escalation).

    Fedora has updated openjpeg2 (F24: multiple vulnerabilities) and sqlite (F24: information leak).

    Mageia has updated graphicsmagick (M5: multiple vulnerabilities), pdfbox (M5: XML External Entity (XEE) attack), sqlite3 (M5: information leak:), thunderbird (M5: multiple vulnerabilities), and util-linux (M5: denial of service).

    openSUSE has updated flash-player (13.1: multiple vulnerabilities), LibreOffice (Leap 42.1: multiple vulnerabilities), libvirt (13.2; Leap 42.1: authentication bypass), and xerces-c (13.2: multiple vulnerabilities).

    Red Hat has updated atomic-openshift (RHOSE 3.2: information leak).

    Ubuntu has updated ecryptfs-utils (15.10, 16.04: information leak), kernel (14.04; 15.10: denial of service), libarchive (12.04, 14.04, 15.10, 16.04: code execution), linux-lts-trusty (12.04: denial of service), linux-lts-utopic (14.04: denial of service), linux-lts-vivid (14.04: denial of service), linux-lts-wily (14.04: denial of service), and linux-raspi2 (15.10: denial of service).

    10:16p
    Notes from the fourth RISC-V workshop

    The lowRISC project, which is an effort to develop a fully open-source, Linux-powered system-on-chip based on the RISC-V architecture, has published notes from the fourth RISC-V workshop. Notably, the post explains, the members of the RISC-V foundation voted to keep the RISC-V instruction-set architecture (ISA) and related standards open and license-free to all parties. There are also accounts included of the work on RISC-V interrupts, heterogeneous multicore RISC-V processors, support for non-volatile memory, and Debian's RISC-V port.

    11:20p
    Ubuntu forums compromised
    Canonical has disclosed
    that the Ubuntu forum system has been compromised. "The attacker had
    the ability to inject certain formatted SQL to the Forums database on the
    Forums database servers. This gave them the ability to read from any table
    but we believe they only ever read from the ‘user’ table. They used this
    access to download portions of the ‘user’ table which contained usernames,
    email addresses and IPs for 2 million users. No active passwords were
    accessed.    "

    << Previous Day 2016/07/15
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org