Monday, August 29th, 2016

Time	Event
9:32a	Kernel prepatch 4.8-rc4 The 4.8-rc4 kernel prepatch is out. "Everything looks normal, and it's been a bit quieter than rc3 too, so hopefully we're well into the "it's calming down" phase. Although with the usual timing-related fluctuation (different maintainers stagger their pulls differently), it's hard to tell a trend yet." (Comment on this)
12:29p	Böck: Multiple vulnerabilities in RPM – and a rant Hanno Böck performed some fuzz testing on the dpkg and RPM package managers and reported the results; it seems that one of the projects has been rather more responsive than the other in fixing these issues. "The development process of RPM seems to be totally chaotic, it's neither clear where one reports bugs nor where one gets the latest code and security bugs don't get fixed within a reasonable time. There's been some recent events that make me feel especially worried about this..." It seems that some of the maintenance issues with RPM may not have improved greatly since they were reported here ten years ago. (Comment on this)
4:20p	Security advisories for Monday Arch Linux has updated wireshark-cli (multiple vulnerabilities). Debian has updated mupdf (two denial of service flaws). Debian-LTS has updated eog (out-of-bounds write), quagga (two vulnerabilities), ruby-actionpack-3.2 (multiple vulnerabilities), and ruby-activesupport-3.2 (denial of service). Fedora has updated lcms2 (F24: heap memory leak), uClibc (F24: code execution), and webkitgtk4 (F24: multiple vulnerabilities). openSUSE has updated Firefox (13.1: buffer overflow), firefox, nss (Leap42.1, 13.2: buffer overflow), phpMyAdmin (Leap42.1, 13.2; 13.1: multiple vulnerabilities), and typo3-cms-4_5 (Leap42.1, 13.2: three vulnerabilities). Oracle has updated java-1.6.0-openjdk (OL7; OL6; OL5: multiple vulnerabilities) and kernel 4.1.12 (OL7; OL6: multiple vulnerabilities). (Comment on this)

<< Previous Day

2016/08/29 [Calendar]

Next Day >>