Resolved Bugs
1194196 – glpi: privilege escalation via user creation with a crafted POST request
1194197 – glpi: privilege escalation via user creation with a crafted POST request [fedora-all]<br
* Fix privilege escalation via user creation with a crafted POST request
Monthly Archives: March 2015
Fedora 22 Security Update: mingw-qt5-qtbase-5.4.1-1.fc22,mingw-qt5-qtdeclarative-5.4.1-1.fc22,mingw-qt5-qtgraphicaleffects-5.4.1-1.fc22,mingw-qt5-qtimageformats-5.4.1-1.fc22,mingw-qt5-qtlocation-5.4.1-1.fc22,mingw-qt5-qtmultimedia-5.4.1-1.fc22,mingw-qt5-qtquick1-5.4.1-1.fc22,mingw-qt5-qtscript-5.4.1-1.fc22,mingw-qt5-qtsensors-5.4.1-1.fc22,mingw-qt5-qtsvg-5.4.1-1.fc22,mingw-qt5-qttools-5.4.1-1.fc22,mingw-qt5-qttranslations-5.4.1-1.fc22,mingw-qt5-qtwebkit-5.4.1-1.fc22,mingw-qt5-qtwinextras-5.4.1-1.fc22
Resolved Bugs
1204798 – mingw-qt5-qtwebkit: qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode [fedora-all]<br
Update to Qt 5.4.1
Fedora 21 Security Update: owncloud-7.0.5-2.fc21
Resolved Bugs
1204823 – owncloud: new security issues fixed upstream in 6.0.7 and 7.0.5 [epel-all]
1204821 – owncloud: new security issues fixed upstream in 6.0.7 and 7.0.5<br
This update provides the new release 7.0.5, which resolves currently undisclosed security vulnerabilities in ownCloud.
It is a minor version update and should apply without any issues or special handling, but as usual, we recommend backing up your data, configuration, and database before updating.
We have also backported a post-7.0.5 fix for a ‘critical’ issue: https://github.com/owncloud/core/issues/14843 .
Fedora 20 Security Update: PyYAML-3.10-11.fc20
Fedora 20 Security Update: tor-0.2.5.11-1.fc20
Fedora 21 Security Update: osc-0.151.1-163.2.1.fc21
Fedora 20 Security Update: ca-certificates-2015.2.3-1.0.fc20
Resolved Bugs
1205305 – Update to version 2.3 as released with NSS 3.18
1205302 – Fix the legacy CA inclusions of upstream 2.1 and 2.2<br
This is an update to the set of CA certificates released with NSS version 3.18
However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details.
If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the “ca-legacy disable” command.
This update corrects the Fedora legacy classification of four root CA certificates, which had trust added or removed in the upstream 2.1 and 2.2 releases.
Denial of Service and Memory Vulnerabilities Patched in Cisco IOS
Cisco released its semiannual set of patches for its Cisco IOS router and switch operating system. The patches address 16 vulnerabilities.
WatchGuard Named Company of the Year at 2015 Network Computing Awards
Company also honored with Best Hardware of the Year award for its powerful Firebox M440 Next Generation and Unified Threat Management Firewall
Backlash against the “Selfie Stickâ€
If you’ve been to a museum or tourist attraction recently you’ll have likely seen the now ubiquitous “selfie stick” in action. Users say the sticks provide better perspective and help avoid the fish-eye view of the hand-held phone camera. You could even argue that it’s also more secure than handing your valuable camera or phone over to a stranger(although I don’t know that there is much from preventing someone dashing by and snatching your stick along with your smartphone).
However the backlash against selfie sticks has appeared almost as quickly as the trend itself.
Many museums and other institutions are now taking the matter into their own hands and banning selfie sticks. For example, the Forbidden City in China joined the Palace of Versailles and Britain’s National Gallery, which both announced bans this past week. London’s National Gallery said it outlawed the “Narcisstick” in order to “protect paintings, individual privacy and the overall visitor experience”.
Earlier this month in the U.S., the Smithsonian museums in Washington also banned selfie sticks. Cameras and pictures are still allowed, but selfie sticks, tripods and monopods are not.
In a statement, the Smithsonian said, “For the safety of our visitors and collections, the Smithsonian prohibits the use of tripods or monopods in our museums and gardens. Effective today, March 3, monopod selfie sticks are included in this policy.” You can see the full statement here.
Other U.S. museums that ban selfie sticks include the Art Institute of Chicago, and New York’s Museum of Modern Art. As do other international favorites such as the Uffizi in Florence and the Colosseum in Rome. A Collosseum spokesperson noted that the twirling around of hundreds of sticks can become unwittingly dangerous when “fully extended with outstretched arms, the devices take up over half the width of the monument’s interior corridors.”
Image courtesy of the BBC
In Canada, the Montreal Museum of Fine Arts and the Pointe-à-Callière Archaeology Museum called the stick the “wand of narcissism” when it placed it on the do not enter list.
The consensus among critics is that selfie sticks are obnoxious and a danger as well as a privacy concern.
The additional field of view that makes the selfie stick such a boon to the photographer also increases the chances that unsuspecting passersby may get caught in the shot.
It’s a safe to say that if you’re traveling this spring or summer, it’s best to check to see what the policies are at the attractions you plan to visit before you consider taking a selfie stick along…
I personally have mixed feelings about selfie sticks. I’ve found them equal parts intrusive, (as I’ve tried to enjoy some art) and practical (as I’ve struggled to capture myself and friends in a unique moment).
For me it comes down to safety and privacy concerns. Crowded tourist attractions and exhibitions are enough of a ruckus without adding selfie sticks to the equation.