LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, August 31st, 2016

    Time Event
    4:48p
    Security advisories for Wednesday

    Arch Linux has updated mupdf (denial of service).

    Debian has updated libarchive (multiple vulnerabilities) and tryton-server (two vulnerabilities).

    Debian-LTS has updated tiff (multiple vulnerabilities).

    Fedora has updated krb5 (F23: denial of service).

    Mageia has updated bsdiff (denial of service), ctdb (privilege escalation), curl (three vulnerabilities), fontconfig (privilege escalation), gnupg/libgcrypt (flawed random number generation), kernel-linus (multiple vulnerabilities), kernel-tmb (multiple vulnerabilities), mupdf (denial of service), nettle/nettle2.7 (information leak), openssh (three vulnerabilities), php (multiple vulnerabilities), phpmyadmin (multiple vulnerabilities), postgresql (two vulnerabilities), and python-django (cross-site scripting).

    openSUSE has updated libqt4 (Leap42.1: unsafe SSL ciphers).

    Red Hat has updated rh-postgresql94-postgresql (RHSCL: two vulnerabilities).

    SUSE has updated firefox (SLE11-SP4: multiple vulnerabilities).

    Ubuntu has updated linux-lts-xenial (14.04: multiple vulnerabilities), linux-raspi2 (16.04: multiple vulnerabilities), and linux-snapdragon (16.04: multiple vulnerabilities).

    5:45p
    Apache OpenOffice CVE-2016-1513 hotfix released
    LWN covered a memory corruption
    vulnerability     (CVE-2016-1513) in Apache OpenOffice that was disclosed
    before a fix was available. Now a hotfix
    for the problem     has been released. "The official Apache OpenOffice security bulletin was announced on July 21, 2016. Affected is Apache OpenOffice 4.1.2 and older on all platforms and all languages. OpenOffice.org versions are also affected.

    The Apache OpenOffice project recommends to update to the latest version 4.1.2 and then to download and install the Zip file from the table below. Please follow the installation instructions in the respective Readme file.    "
    (Thanks to Cesar Eduardo Barros)
    7:11p
    [$] The kernel community confronts GPL enforcement
    Some of the most important discussions associated with the annual Kernel
    Summit do not happen at the event itself; instead, they unfold prior to the
    summit on the planning
    mailing list    . There is value in learning what developers
    feel needs to be talked about and, often, important issues can be resolved
    before the summit itself takes place. That list has just hosted (indeed,
    is still hosting as of this writing) a
    voluminous discussion on license enforcement that was described by some
    participants as being "pointless" or worse. But that discussion has served
    a valuable purpose: it has brought to the light a debate that has long
    festered under the surface, and it has clarified where some of the real
    disagreements lie.

    << Previous Day 2016/08/31
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org