Resolved Bugs
1123870 – CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)<br
updated to 8u45-b14. fixes rhbz#1123870
Monthly Archives: May 2015
Fedora 22 Security Update: cabal-install-1.18.1.0-1.fc22,haskell-platform-2014.2.0.0.2-4.fc22
Force cabal upload to always use digest auth and never basic auth
Note this only affects uploading of new source tarballs to
Hackage by Haskell upstream package maintainers.
It is safer to upload packages via the Hackage web interface.
Fedora 22 Security Update: cabal-install-1.18.1.0-1.fc22
Force cabal upload to always use digest auth and never basic auth
Note this only affects uploading of new source tarballs to
Hackage by Haskell upstream package maintainers.
Fedora 22 Security Update: rawtherapee-4.2-9.fc22
Resolved Bugs
1221257 – CVE-2015-3885 rawtherapee: dcraw: input sanitization flaw leading to buffer overflow [fedora-all]<br
Security fix for CVE-2015-3885 (dcraw input sanitization), bz #1221257
Fedora 22 Security Update: phpMyAdmin-4.4.6.1-1.fc22
Resolved Bugs
1221418 – phpMyAdmin-4.4.6.1 is available
1221580 – CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup
1221581 – CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub<br
phpMyAdmin 4.4.6.1 (2015-05-13)
===============================
– [security] CSRF vulnerability in setup
– [security] Vulnerability allowing man-in-the-middle attack
Fedora 22 Security Update: xen-4.5.0-9.fc22
Fedora 22 Security Update: rawstudio-2.1-0.1.20150511git983bda1.fc22
Resolved Bugs
920897 – [abrt] rawstudio-2.0-7.fc18: _dbus_watch_invalidate: Process /usr/bin/rawstudio was killed by signal 11 (SIGSEGV)
1087078 – [abrt] rawstudio: gtk_tree_model_get_valist(): rawstudio killed by SIGSEGV
1094093 – [abrt] rawstudio: _g_log_abort(): rawstudio killed by SIGABRT
1098750 – [abrt] rawstudio: png_longjmp(): rawstudio killed by SIGABRT
1118854 – [abrt] rawstudio: rs_lens_db_editor_update_lensfun(): rawstudio killed by SIGSEGV
1120094 – rawstudio: Insecure use of temporary file [fedora-all]
1176297 – [abrt] rawstudio: get_alignment(): rawstudio killed by SIGSEGV
1221249 – CVE-2015-3885 dcraw: input sanitization flaw leading to buffer overflow
1221256 – CVE-2015-3885 rawstudio: dcraw: input sanitization flaw leading to buffer overflow [fedora-all]
1120093 – CVE-2014-4978 rawstudio: Insecure use of temporary file<br
Rawstudio from github https://github.com/rawstudio/rawstudio/ .
CentOS-7 disk images for AArch64 Platforms
We've produced a disk image intended to help hardware vendors and enthusiasts who are interested in bringing CentOS to their AArch64 based platform. This allows a vendor to bypass the installer or to edit the disk image before booting in order to test kernel modules or options. It is intended for development purposes only, and will only continue through the alpha and beta test phases. ## Download http://buildlogs.centos.org/centos/7/isos/aarch64/ ## Considerations * This image is 12GB when uncompressed. Please ensure you have enough free space * The default root password is 'centos'. Please see the readme in the above directory for the kickstart used to create the image. * You will need to add the appropriate boot information in a UEFI entry after using this image, since the installer traditionally handles this. ## Burning the image to disk You may simply dd this image to disk, however for the sake of ensuring that it is written correctly, we recommend the following command. Please replace the image-name and target device with the appropriate values for your environment. ``` dd if=<image-name.img> of=/dev/sdX bs=2m conv=fsync && sync; ``` ## Growing the disk image. The root partition of this image was intentionally placed at the end of the image so that it could be easily grown. A simple command for growing the image is listed below ``` sudo sgdisk -e -d4 -n4:0:0 /dev/<your-device> ``` ## Examining and editing the image The kpartx tool is very handy for manipulating disk images. Some example commands are below. Please read the documentation for kpartx before you modify the disk image. * kpartx -l CentOS-7-1503-aarch64.img # List partitions in the image * kpartx -a -v CentOS-7-1503-aarch64.img # Add partition mappings * mount /dev/mapper/loop1p1 /mnt # mount the first partition to /mnt * umount /mnt # unmount /mnt, obviously. * kpartx -d -v CentOS-7-1503-aarch64.img # remove partition mappings
Technology mistakes to stop making today
We love our fans and followers on Twitter because they frequently alert us to great resources. It happened today when we received a tweet from @LoveNerds4Ever letting us know that Avast Antivirus was mentioned on a Sacramento (California) News10 video segment. Thanks, Shawna!
@avast_antivirus You were mentioned! “Tech Mistakes” Ryan Eldridge #NerdsOnCallComputerRepair on #News10Sacramento https://t.co/pFAdSIN0N2
— Shawna M. Bell (@LoveNerds4Ever) May 14, 2015
The guest on this video segment is Ryan Eldridge, co-founder of Nerds on Call, a computer repair Business in Sacramento. He spoke to reporter Keba Arnold about technology mistakes that people typically make. These simple, but oh, so important points, are ones that we continually try to make, and Ryan puts it all together in one good video. Watch it now.
The security recommendations that Ryan makes:
- Run updates on your computer and mobile phone. Program updates and security patches are very important to keep your device up to date and running optimally.
- Download apps and programs from places you know and trust. On your mobile phone this would be the Google Play Store or Amazon App Store. For your computer, he says it’s a little bit harder, but suggest that you visit download.com, CNET’s well-known download site where you can read user reviews and see the reputation of the app before you download.
- Ryan reminds computer users that when they get a new device antivirus software may be pre-installed, but it is a trial for a limited time. After it expires, you need to get protected with a quality antivirus product. Ryan recommends Avast Free Antivirus for your computer, your Mac, and your mobile phone.
- Ms. Arnold confesses that she has one email address that acts as a catch-all for everything. Ryan says this is a no-no because if a hacker breaks into that email address, then he has access to everything. Ryan suggests that you have separate email addresses for friends and family, work, one for shopping, and one for banking.
- Passwords, admittedly are a pain in the you-know-what. Ryan suggests using an algorithm, or a kind of personal code, to construct your own passwords. For example, you can use a line from your favorite song, say Somewhere Over the Rainbow. Use the first letter of each word, use letters from the website name, and end with a series of numbers. Each password will be unique and known only to you.
And Ryan, we have a tip for you! Small businesses like yours need security protection too, and consumer antivirus like Avast Free Antivirus, doesn’t do the trick when you need to manage multiple devices, platforms, and people in remote locations. Adding to our collection of free products is the new Avast for Business. Avast for Business is free to use for as long as you want and for an unlimited number of admins and devices.
Fedora EPEL 6 Security Update: phpMyAdmin-4.0.10.10-1.el6
Resolved Bugs
1221588 – phpMyAdmin-4.0.10.10 is available
1221580 – CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup
1221581 – CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub<br
phpMyAdmin 4.0.10.10 (2015-05-13)
=================================
– [security] CSRF vulnerability in setup
– [security] Vulnerability allowing Man-in-the-middle attack