USN-3079-1: WebKitGTK+ vulnerabilities

Ubuntu Security Notice USN-3079-1

14th September, 2016

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in WebKitGTK+.

Software description

  • webkit2gtk – JavaScript engine library from WebKitGTK+ – GObject introspection

Details

A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16...
Read More

openSUSE Releases Leap Beta, Modifies Road Map

Official Release Scheduled for Nov. 1642 copy

Software testers and Linux enthusiasts can now get the Beta release of openSUSE Leap 42.2, which was released today.

“Leap is for pragmatic and conservative technology adopters,” said Ludwig Nussel, the release manager for openSUSE Leap. “Testing the beta helps make Leap even more mature, so we encourage as many people as possible to test it.”

openSUSE Leap focuses on well-established packages, like systemd 228 and Qt 5.6. The release day for the official version is scheduled for Nov. 16, which is one week after SUSECon.

The road map was slightly modified to provide a more accurate release time line.

The Package Freeze date was shifted from the Beta 2 release on Sept. 21 to the Beta 3 release on Oct. 6...

Read More

USN-3078-1: MySQL vulnerability

Ubuntu Security Notice USN-3078-1

13th September, 2016

mysql-5.5, mysql-5.7 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

MySQL could be made to run programs as an administrator.

Software description

  • mysql-5.5 – MySQL database
  • mysql-5.7 – MySQL database

Details

Dawid Golunski discovered that MySQL incorrectly handled configuration
files. A remote attacker could possibly use this issue to execute arbitrary
code with root privileges.

MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Ubuntu 16.04 LTS has been updated to MySQL 5.7.15.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the foll...

Read More

USN-3077-1: OpenJDK 6 vulnerabilities

Ubuntu Security Notice USN-3077-1

12th September, 2016

openjdk-6 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in OpenJDK 6.

Software description

  • openjdk-6 – Open Source Java implementation

Details

A vulnerability was discovered in the OpenJDK JRE related to data
integrity. An attacker could exploit this to expose sensitive data over the
network or possibly execute arbitrary code. (CVE-2016-3458)

Multiple vulnerabilities were discovered in the OpenJDK JRE related
to availability. An attacker could exploit these to cause a denial
of service. (CVE-2016-3500, CVE-2016-3508)

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure...

Read More

Setup FTP server using VsFtp and Configure Secure FTP connections (Using TLS/SSL) on Ubuntu 16.04 Server

Sponsored Link
vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable. Don’t take my word for it, though. Below, we will see evidence supporting all three assertions. We will also see a list of a few important sites which are happily using vsftpd. This demonstrates vsftpd is a mature and trusted solution.

VsFTPd Features

Despite being small for purposes of speed and security, many more complicated FTP setups are achievable with vsftpd! By no means an exclusive list, vsftpd will handle:

Virtual IP configurations
Virtual users
Standalone or inetd operation
Powerful per-user configurability
Bandwidth throttling
Per-source-IP configurability
Per-source-IP limits
IPv6
Encryption support through SSL integration

Install VsFTPd server on ubunt...

Read More

USN-3075-1: Imlib2 vulnerabilities

Ubuntu Security Notice USN-3075-1

8th September, 2016

imlib2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Imlib2.

Software description

  • imlib2 – Image manipulation and rendering library

Details

Jakub Wilk discovered an out of bounds read in the GIF loader
implementation in Imlib2. An attacker could use this to cause a
denial of service (application crash) or possibly obtain sensitive
information. (CVE-2016-3994)

Yuriy M. Kaminskiy discovered an off-by-one error when handling
coordinates in Imlib2. An attacker could use this to cause a denial of
service (application crash). (CVE-2016-3993)

Yuriy M...

Read More

USN-3074-1: File Roller vulnerability

Ubuntu Security Notice USN-3074-1

8th September, 2016

file-roller vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

File Roller could be made to delete files.

Software description

  • file-roller – archive manager for GNOME

Details

It was discovered that File Roller incorrectly handled symlinks. If a user were
tricked into extracting a specially-crafted archive, an attacker could delete
files outside of the extraction directory.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
file-roller 3.16.5-0ubuntu1.2
Ubuntu 14.04 LTS:
file-roller 3.10.2.1-0ubuntu4.2

To update your system, please follow these instructions: https://wiki.ubuntu...

Read More

Install and configure Elog (Logbook system) on Ubuntu 16.04 Server

Sponsored Link
ELOG is part of a family of applications known as weblogs . Their general purpose is :

to make it easy for people to put information online in a chronological fashion, in the form of short, time-stamped text messages (“entries”) with optional HTML markup for presentation, and optional file attachments (images, archives, etc.)

to make it easy for other people to access this information through a Web interface, browse entries, search, download files, and optionally add, update, delete or comment on entries.

ELOG is a remarkable implementation of a weblog in at least two respects :

its simplicity of use : you don’t need to be a seasoned server operator and/or an experimented database administrator to run ELOG ; one executable file (under Unix or Windows), a simple configuratio...

Read More

Encode user and password into base64 using perl

perl -MMIME::Base64 -e 'print encode_base64("user");'

perl -MMIME::Base64 -e 'print encode_base64("password");'

Read More

Samsung’s Gear S2 Tizen Watch Launches as Android Wear Opens to iOS

samsung-gear-s2Samsung unveiled its Tizen Linux-based Gear S2 smartwatch, which it teased a few weeks ago at the recent Galaxy Note 5 and Edge S6+ launch. The round-faced watch boasts up to three days battery life and features a rotating bezel to augment the touchscreen UI. It will also be available in a slightly thicker 3G model with up to two hours of life that supports voice calls, according to a report from The Verge.

The Gear S2 features a round, 1.2-inch 360×360 AMOLED display with IP68 dust- and water resistance, as well as WiFi, Bluetooth, and NFC. It measures 11.5mm thick, or about a millimeter thicker than the Apple Watch. The 3G version swells to 13.4mm...

Read More