LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, July 27th, 2016

    Time Event
    4:14p
    Security advisories for Wednesday

    CentOS has updated java-1.7.0-openjdk (C7; C6; C5: multiple vulnerabilities), samba (C7: crypto downgrade), and samba4 (C6: crypto downgrade).

    Debian has updated libgd2 (denial of service), mariadb-10.0 (multiple vulnerabilities), and php5 (multiple vulnerabilities).

    Debian-LTS has updated libgd2 (denial of service).

    Mageia has updated apache (HTTP redirect), harfbuzz (multiple vulnerabilities), libgd (three vulnerabilities), libidn (multiple vulnerabilities), libupnp (unauthenticated access), libxml2 (multiple vulnerabilities), mariadb (multiple vulnerabilities), mupdf (denial of service), php/xmlrpc-epi/timezone (multiple vulnerabilities), sudo (race condition), tomcat/apache-commons-fileupload (denial of service), and virtualbox (allows local users to affect availability).

    Red Hat has updated java-1.7.0-openjdk (RHEL5,6,7: multiple vulnerabilities) and kernel (RHEL6.7: privilege escalation).

    Scientific Linux has updated samba (SL7: crypto downgrade) and samba4 (SL6: crypto downgrade).

    Ubuntu has updated kde4libs (15.10, 14.04, 16.04: command execution) and openjdk-8 (16.04: multiple vulnerabilities).

    5:10p
    A statement from the Tor project
    Shari Steele has posted a statement from the
    Tor project     on the results of an investigation into the allegations of
    harassment (and worse) within Tor and how the project will respond. "I am
    pleased, therefore, to announce that both the Tor Project and the Tor
    community are taking active steps to strengthen our ability to handle
    problems of unprofessional behavior. Specifically, the Tor Project has
    created an anti-harassment policy, a conflicts of interest policy,
    procedures for submitting complaints, and an internal complaint review
    process. They were recently approved by Tor’s board of directors, and they
    will be rolled out internally this week.    "
    8:18p
    Stable kernel updates
    Greg Kroah-Hartman has released stable kernels 4.6.5, 4.4.16,
    and 3.14.74. All of them contain important
    fixes.
    9:24p
    [$] One-time passwords and GnuPG with Nitrokey

    A few years ago, the hardware vendor Yubico made a bit of a splash when it introduced its YubiKey line of inexpensive hardware security tokens powered by open-source software. With its most recent product release, however, Yubico has dropped open source and started deploying only proprietary software in its devices. Consequently, many community members have started looking for a viable replacement that will adhere to open-source principles. At present, one of the leading contenders for Yubico's departed customers is Nitrokey, which manufactures a line of hardware tokens capable of generating one-time passwords (OTPs), storing and using OpenPGP keys, and several other features. The devices made by Nitrokey run open-source software and are open hardware as well.

    << Previous Day 2016/07/27
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org