New file-sharing protocols and interfaces called Upspin have been released to open source. Built by Google, Upspin returns access control and data security to the user.
Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.
A critical vulnerability in glibc, the GNU C library, affects all Linux machines and many web frameworks, opening the door to remote code execution.
Socat published a security advisory warning users that a hard-coded 1024 Diffie-Hellman prime number was not prime, and that an attacker could listen and recover secrets from a key exchange.
FreeBSD has patched a kernel panic vulnerability is versions compiled to support IPv6 and SCTP.
The Linux security team today patched a critical privilege escalation vulnerability in the Linux kernel discovered by startup Perception Point.
Most applications, including Firefox, are not vulnerable to a pair of memory corruption vulnerabilities patched in the libpng PNG reference library.
Bugzilla users should upgrade to current versions after a privilege escalation vulnerability was reported and patched.
Netflix released Sleepy Puppy, a cross-site scripting payload management framework, to open source. The tool finds XSS vulnerabilities in secondary applications.
The Core Infrastructure Initiative, which has funded OpenSSL among other open source security projects, announced a badge program that evaluates secure development best practices.