Thursday, March 9th, 2017

Time	Event
1:05a	[$] LWN.net Weekly Edition for March 9, 2017 The LWN.net Weekly Edition for March 9, 2017 is available. (Comment on this)
2:29p	Security updates for Thursday Security updates have been issued by CentOS (firefox and kvm), Debian (kernel and wget), Fedora (drupal7-views, firefox, GraphicsMagick, knot, and knot-resolver), Oracle (firefox), Red Hat (firefox), Scientific Linux (firefox), and Ubuntu (kde4libs and linux-aws). (Comment on this)
4:56p	Critical vulnerability under “massive” attack imperils high-impact sites (Ars Technica) Ars Technica is reporting that a recently patched vulnerability in the Apache Struts 2 web framework is being actively exploited in the wild. "It's not clear why the vulnerability is being exploited so widely 48 hours after a patch was released. One possibility is that the Apache Struts maintainers didn't adequately communicate the risk. Although they categorize the vulnerability security rating as high, they also describe it as posing a 'possible remote code execution' risk. Outside researchers, meanwhile, have said the exploits are trivial to carry out, are highly reliable, and require no authentication. It's also easy to scan the Internet for vulnerable servers. It's also possible to exploit the bug even if a Web application doesn't implement file upload functionality." (Comment on this)

<< Previous Day

2017/03/09 [Calendar]

Next Day >>