Feed aggregator

The stable release with the new skin is getting closer! We just published the release candidate version 0.8 which fixes some more bugs and completes the work on the new skin Larry. It's now feature complete and everybody is kindly invited to do some more tests with this release and report bugs to our tracker.

Presentation videos from the 2011 Nagios Conference are now available free of charge to customers who have purchased support plans, self-paced training, or Nagios XI licenses. More information is available on the 2011 videos page.

It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)

Raúl Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author (and its URL) of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks.

Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.

Early bird discounts are available for this year's Nagios Conference, with packages starting at just $895. This year we've expanded to a 3-day conference with more presentations, BoF sessions, and networking than before. If you're interested in speaking - act fast. There are just a few speaker slots still open. For more info, visit http://go.nagios.com/conference

Nagios Core 3.4.1 was just released and can be grabbed from the downloads page. The Changelog can be found here. This release fixed a bug that affected 3.4.0. Thanks to Andreas Ericsson and Eric Stanley for the quick bugfix and release.

Comment on Do I really need a consultant? from digirati

Whether we care for it or not, someday in our lives, we would must to carry out term papers and other written affair. It is definitely not apparent but very charismatic to make a inquire about this post. To do that, you need to read a range of articles and books, or you can just order some kind of work and then use check for plagiarism accomplished by http://www.plagiarismsearch.com and save your time like some quick help with the American Dream.

Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.

Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code.

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey:

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches.

We will be releasing a Nagios Core 3.4.1 release shortly to fix a bug that was found in the recent 3.4.0 release. Until the new release is available, we would advise that anyone running the 3.4.0 code rollback to 3.3.1. You can download 3.3.1 on the downloads page.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:

Upon several requests from our community we now moved the Roundcube Webmail source code repository from our privately hosted Subversion server to github. With this step we hope to make it easier for anybody to get the source and to contribute patches and improvements.

It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine.

It was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP's.

Sergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document.

De Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code.