LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, December 19th, 2016

    Time Event
    5:27p
    OpenSSH 7.4 released
    OpenSSH 7.4 is out. It is primary a bugfix release, and four CVE numbers have been assigned for the
    issues it fixes. This release also removes server-side support for the
    ancient v1 SSH protocol, adds a new proxy multiplexing mode, makes it
    possible to disable all forwarding forevermore, and more.
    5:37p
    Monday's security updates

    Arch Linux has updated qt5-webengine (multiple vulnerabilities).

    CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).

    Debian has updated php5 (unknown), samba (multiple vulnerabilities), tomcat7 (multiple vulnerabilities), and tomcat8 (multiple vulnerabilities).

    Debian-LTS has updated game-music-emu (multiple vulnerabilities), icedove (multiple vulnerabilities), libupnp (code execution), libupnp4 (code execution), most (command execution), nagios3 (two vulnerabilities), php5 (multiple vulnerabilities), tomcat6 (privilege escalation), tomcat6 (regression in previous update), and tomcat7 (privilege escalation).

    Fedora has updated firefox (F23: denial of service), gd (F24: three vulnerabilities), golang (F23: denial of service), kernel (F25; F24: out of bounds stack read), perl-DBD-MySQL (F23: two vulnerabilities), unzip (F25; F24: buffer overflows), and xen (F23: multiple vulnerabilities).

    openSUSE has updated firefox (42.2, 42.1, 13.2: multiple vulnerabilities), gc (13.2: code execution), and lxc (42.2, 42.1, 13.2: directory traversal).

    SUSE has updated kernel (SLE12-SP1: two vulnerabilities) and xen (SLE11-SP4: multiple vulnerabilities).

    Ubuntu has updated apt (16.10: regression in previous update).

    11:11p
    What's new in Tor 0.2.9.8?
    The Tor blog looks at some
    features     in Tor 0.2.9.8, the first stable version of the 0.2.9.x
    series. The post covers Single Onion Services, Shared Randomness, and a
    mandatory ntor handshake. The changelog
    has more details.
    11:40p
    Project Wycheproof
    Google has announced
    the release of a set of security tests that check cryptographic software
    libraries for known weaknesses, called Project Wycheproof.
    "Our first set of tests are written in Java, because Java has a common cryptographic interface. This allowed us to test multiple providers with a single test suite. While this interface is somewhat low level, and should not be used directly, we still apply a "defense in depth" argument and expect that the implementations are as robust as possible. For example, we consider weak default values to be a significant security flaw. We are converting as many tests into sets of test vectors to simplify porting the tests to other languages."

    << Previous Day 2016/12/19
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org