Language Selection

English French German Italian Portuguese Spanish

Other Security Advisories

Filed under
Security

Less critical

Description:
Gentoo has issued an update for phpmyadmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attack.

Solution:
Update to "dev-db/phpmyadmin-2.6.2_rc1" or later.

Link

Hightly Critical

Description:
SUSE has issued an update for kdelibs3. This fixes some vulnerabilities, which can be exploited to cause a DoS (Denial of Service), spoof the URL displayed in an address bar and status bar, or potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Link

Moderately critical

Description:
Andreas Constantinides has reported a vulnerability in the zOOm Media Gallery module for Mambo, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "catid" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability has been reported in version 2.1.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Link

More in Tux Machines

Leftovers: Software Development

  • fakecloud
  • A new version of pristine-tar
  • Getting RSS feeds for news websites that don’t provide them
    On the technical side, this seems to be one of the most stable pieces of software I ever wrote. It never crashed or otherwise failed since I started running it, and fortunately I also didn’t have to update the HTML parsing code yet because of website changes. It’s written in Haskell, using the Scotty web framework, Cereal serialization library for storing the history of the past articles, http-conduit for fetching the websites, and html-conduit for parsing the HTML. Overall a very pleasant experience, thanks to the language being very convenient to write and preventing most silly mistakes at compile-time, and the high quality of the libraries.
  • Quick Highlight
    Martin Blanchard put together a new “quick highlight” plugin for Builder this last week. It was a great example of how to submit a new feature, so I just wanted to highlight it here. Post to bugzilla, attach a patch, and we will review quickly and help with any additional integration that might be necessary.

Android Leftovers

Today in Techrights