Security advisories for Wednesday

By ris

Arch Linux has updated bind (denial of service) and flashplugin (code execution).

Debian has updated bind9 (denial of service).

Debian-LTS has updated linux-ftpd-ssl (segmentation fault).

openSUSE has updated flash-player
(13.2, 13.1: code execution).

Oracle has updated abrt (OL6: multiple vulnerabilities).

Scientific Linux has updated abrt
(SL6: multiple vulnerabilities).

Slackware has updated bind
(denial of service), cups (code execution), firefox (multiple vulnerabilities), and ntp (denial of service).

SUSE has updated bind (SLE11SP3:
denial of service) and Xen (SLES10SP4: two vulnerabilities).

Ubuntu has updated bind9 (15.04,
14.10, 14.04, 12.04: denial of service) and libwmf (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] Self-hosting projects with Gogs

By n8willis In May, we noted the problems that
GIMP and other free-software projects have encountered of late with
the SourceForge project-hosting service. While there are plenty of alternative
hosting providers to choose from, some developers will likely always
prefer to self-host their projects—precisely because an outside
service provider can make just such an abrupt or surprising about-face. Gogs is one option for those taking the
self-hosting approach:
it provides a web-based front-end to a GitHub-like hosting service.
Gogs offers quite a few features, but its choice of GitHub-like qualities may not be to everyone’s tastes.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

ownCloud 8.1 released

By corbet The ownCloud
8.1 release
is out. “This release marks significant under the
hood improvements, such as increasing scalability and performance of
syncing and file operations while making ownCloud a better platform for
developers to build upon. Security enhancements, integrated documentation
links, more control in the admin panel over external storage, LDAP and
encryption make ownCloud more secure and easier to use.
” See the
release notes
for details.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Security updates for Tuesday

By ris

Arch Linux has updated ntp (denial of service).

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).

Debian has updated cups-filters (code execution) and libwmf (code execution).

Gentoo has updated exiv2 (denial of service), icu (code execution), libvncserver (multiple vulnerabilities), libxml2 (denial of service), sqlite (three vulnerabilities), tor (denial of service), and unrtf (code execution).

Red Hat has updated abrt (RHEL6:
multiple vulnerabilities) and kernel
(RHEL6.4: privilege escalation).

Ubuntu has updated haproxy
(15.04, 14.10: information leak), kernel (15.04; 14.10;
14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple
vulnerabilities), linux-lts-utopic (14.04:
multiple vulnerabilities), linux-lts-vivid
(14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: privilege escalation).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail