Bugtraq: [SECURITY] [DSA 4052-1] bzr security update

Bugtraq: [SECURITY] [DSA 4052-1] bzr security update

http://ift.tt/2zGlo3R

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA512

– ————————————————————————

Debian Security Advisory DSA-4052-1 security (at) debian (dot) org [email concealed]

http://ift.tt/1kZ5swi Salvatore Bonaccorso

November 29, 2017 http://ift.tt/1S3Txy1

– ————————————————————————

Package : bzr

CVE ID : CVE-2017-14176

Debian Bug : 874429

Adam Collard discovered that Bazaar, an easy to use distributed version

control system, did not correctly handle maliciously constructed bzr+ssh

URLs, allowing a remote attackers to run an arbitrary shell command.

For the oldstable distribution (jessie), this problem has been fixed

in version 2.6.0+bzr6595-6+deb8u1.

For the stable distribution (stretch), this problem has been fixed in

version 2.7.0+bzr6619-7+deb9u1.

We recommend that you upgrade your bzr packages.

For the detailed security status of bzr please refer to its security

tracker page at:

http://ift.tt/2Bw0Axn

Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: http://ift.tt/1kZ5swi

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]

—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlofEEVfFIAAAAAALgAo

aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2

NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND

z0Qm8Q/9F/SkaPBSWFg1Ucjcl1icg3ZxqDNTfHdcO3FFOpFoY+rqGvjoDHkbjKb7

KnmNzxhzmc9954/P0JOYdmgYbNfwa7JQDBHFLrUmh9NiOADMrpBaYG85LcTS9g2A

0H/BwATivhxFPHIdN0GYP57eFOaheSQzq0Kb53PEoOfLQUoRKBwioopjQgqd347y

sx6oVzCTtT6Rjma99GEuXD8M4MYNNA8cTPAqZRUP6xc+m1BCzpCdYGemxq5fBVls

M/lf5WOFsS42aHUijtVuCWmnfD1NwcAxBTmWxP1u8piapzrnaEcLvHxy0j9dqPrb

wJC56eBxi6MFpUrIXb8toLU3cmmrKdg7UjIPu2HxFZfyoerddnKS+KvTmCGf3Lgn

AGwiswKZZ8pNsFTDaaQW49Aegas5clZDq94acZ/9K6qefVskUG2D5g1l1VVE4uat

HfaYCXUek4/BHlHdSVYa9bmXLboAHKa9jnfb8qc0xJffmK8aphiDeHb+l40JumNL

Zc3xf7K6VK7puK0eNPnBOiVfKXVDsPYUIioEJSNELGr3hVcCTl7HTxvjGIkvgUKG

3tRXF2iYyjPTCUqwZ+3+ZWpkTa1en4em91aClbMKDGImEzUTYXb7QZfOUTDn9D3m

9BKF0wTqE3hsKPFqa0MTtVQxDugzJDrLZXnKkZn+NSoHNzJuT9M=

=R/5l

—–END PGP SIGNATURE—–

[ reply ]

Security News

via SecurityFocus Vulnerabilities http://ift.tt/Y0pFEv

November 30, 2017 at 09:14PM

Bugtraq: [SECURITY] [DSA 4051-1] curl security update

Bugtraq: [SECURITY] [DSA 4051-1] curl security update

http://ift.tt/2nn3Msq

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA512

– ————————————————————————

Debian Security Advisory DSA-4051-1 security (at) debian (dot) org [email concealed]

http://ift.tt/1kZ5swi Yves-Alexis Perez

November 29, 2017 http://ift.tt/1S3Txy1

– ————————————————————————

Package : curl

CVE ID : CVE-2017-8816 CVE-2017-8817

Two vulnerabilities were discovered in cURL, an URL transfer library.

CVE-2017-8816

Alex Nichols discovered a buffer overrun flaw in the NTLM authentication

code which can be triggered on 32bit systems where an integer overflow

might occur when calculating the size of a memory allocation.

CVE-2017-8817

Fuzzing by the OSS-Fuzz project led to the discovery of a read out of

bounds flaw in the FTP wildcard function in libcurl. A malicious server

could redirect a libcurl-based client to an URL using a wildcard pattern,

triggering the out-of-bound read.

For the oldstable distribution (jessie), these problems have been fixed

in version 7.38.0-4+deb8u8.

For the stable distribution (stretch), these problems have been fixed in

version 7.52.1-5+deb9u3.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to

its security tracker page at:

http://ift.tt/2BAhHhM

Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: http://ift.tt/1kZ5swi

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]

—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAloekh0ACgkQ3rYcyPpX

RFvPYQf+Mm7HZwKKv7g7s6UV0vmD6/EfKJwGeLgBgs2QKdUjqJOXjtKYRBjHNSFt

ye555SeTlD7wLWYXgJmPSAJxacKVTBo9wMW1gM/KOUELmPCrAQTBcvYiupg01oak

L5M69d/Z+w2uzBoH55Jl/jQ9mDgrzsCUuuyRKBmBHlFRZt9VCd5uCbK1+I7bl2HG

uhFJIn7FSq7q+E1HJ8JTzfnOuuzbJjBYsO/DaJCfdYI9Uh0GVcmxwuVwA3ommLif

pycyVvF7MidbtwV9vzcd20jx40nje8rl6Pkfxw6yI3W567Qv+cJCwTuGrgZLQXJQ

uPsZWlarqHnLb3Wd2h7HuIWC8u/SUA==

=DvR1

—–END PGP SIGNATURE—–

[ reply ]

Security News

via SecurityFocus Vulnerabilities http://ift.tt/Y0pFEv

November 30, 2017 at 09:14PM

Apple’s rocky week with passwords in High Sierra [VIDEO]

Apple’s rocky week with passwords in High Sierra [VIDEO]

http://ift.tt/2AiaZP3

Apple experienced a high-pressure bug report this week – a way to bypass the root password, no less!

Then there was a superquick fix, and a problem with the fix, and a fix for the fix

…so here’s what happened and what we can learn from it:

(Can’t see the video directly above this line? Watch on Facebook instead.)

Note. With most browsers, you don’t need a Facebook account to watch the video, and if you do have an account you don’t need to be logged in. If you can’t hear the sound, try clicking on the speaker icon in the bottom right corner of the video player to unmute.


Security News

via Naked Security http://ift.tt/1pHdTOi

November 30, 2017 at 07:30PM

Car-Cade Build Drives Unthrottled Determination

Car-Cade Build Drives Unthrottled Determination

http://ift.tt/2j551HM

Remember those dashboard-shaped racing games from the ’80s, like Tomy Turnin’ Turbo? [Daniel] has long wanted to bring one of those into the modern age. After finding that someone beat him to it, he went in another direction and built his own mini-cabinet from the ground up, dedicated to Dirt Rally.

The idea was to build the smallest possible computer than can run SteamOS and fit inside of a cabinet printed on a Prusa clone. At first, [Daniel] tried driving a MinnowBoard around. The frame rate was atrocious, so he switched to an ASUS mini-STX board and went from there.

The printed steering wheel and throttle are both analog inputs—each uses a 10kΩ pot connected to a Pimoroni PiCade controller. We love [Daniel]’s lo-tech way of using rubber bands to self-center them. We also love the post-processing he did on the steering wheel to give it that just-right grippy feel (it’s Plasti-Dip rubber paint), because it looks fantastic.

The lovely blue cabinet is an homage to [Daniel]’s Dirt Rally destroyer of choice, the rally blue ’95 Subaru Impreza. He had an arduous print/sand/prime/paint plan all worked out for the prototype, but ultimately printed the parts in different colors to get the look right. [Daniel] went through four different blue filaments alone before he was satisfied.

Motor around the break for a quick walk around the completed cabinet, and park it for the teaser video that scored [Daniel] a swag bag from the Dirt Rally devs through the magic of social media. Now that it’s cold and flu season in the northern hemisphere, maybe you’d prefer to play driving games without touching anything.

Security News

via Hackaday https://hackaday.com

November 30, 2017 at 07:00PM

Internet Of Things (IoT) In Utility Market projected to grow at +20% CAGR: Know about Basic Influencing Factors by …

Internet Of Things (IoT) In Utility Market projected to grow at +20% CAGR: Know about Basic Influencing Factors by …

http://ift.tt/2jzwoJC

IoT is at the center stage of digital transformation. IoT technology can bring exceptional operational efficiency to the utility sector. It can provide more visibility in the challenging operational environment, where the automation process can have a potential role to play. Cost efficiency, reliability, and safety are the desired goals achieved with the IoT application in the utility sector.

Internet Of Things (IoT) In Utility Market estimated to grow at a CAGR of +20% during forecast periodInternet Of Things (IoT) In Utility Market, Internet Of Things (IoT) In Utility, Internet Of Things (IoT) In Utility Market analysis, Internet Of Things (IoT) In Utility Market Research, Internet Of Things (IoT) In Utility Market Strategy, Internet Of Things (IoT) In Utility Market Forecast, Internet Of Things (IoT) In Utility Market growth,  Silver Spring Networks,  Inc., Trilliant,  Inc., OSI Soft Inc., C3 Energy, Energyworx B.V., Cryptosoft, Tibbo Technology Inc., Amplia Soluciones S.L.

This market research report gives an in-depth idea about the Global Internet Of Things (IoT) In Utility market. It highlights the recent market scenario, growth in the past few years, and opportunities present for manufacturers in the future. In this research for the completion of both primary and secondary details, methods and tools are used. The thorough examination has been done in this report to bring about the share and position of global market. In the report, the complete analysis of the growth revenue is offered.

Get Sample copy of this Report @: http://ift.tt/2i3x61p

Companies Profiled in this report includes, Silver Spring Networks,  Inc., Trilliant,  Inc., OSI Soft Inc., C3 Energy, Energyworx B.V., Cryptosoft, Tibbo Technology Inc., Amplia Soluciones S.L.

The emergence of cloud platform, declining cost of IoT components, regional government initiatives for smart grid roll-out, necessity of operational efficiency for utilities are some of the factors driving the demand for IoT in utility industry across the globe.

As leading companies take efforts to maintain their dominance in the global Internet Of Things (IoT) In Utility market, the right way to do so is by adopting new technologies and strategies. The report highlights major technological developments and changing trends adopted by key companies over a period of time. Key companies operating in the global Internet Of Things (IoT) In Utility market are profiled by considering factors such as capacity production, products/services, applications, cost, gross, and revenue.

Access Complete Report @: http://ift.tt/2jzsJf2

Reason to Access Internet Of Things (IoT) In Utility Market Research Report:

This research, highlighting the current situation of the Global Internet Of Things (IoT) In Utility market, focuses on answering some of the important questions faced by stakeholders. By providing answers to all of these questions related to the key drivers and dominant companies, the report’s authors also focus on different factors, which would create new growth opportunities in the global market. Prepared by an expert team, the report on the global Internet Of Things (IoT) In Utility market highlights recent developments, key trends, and new project developments in the market. As leading companies take efforts to maintain their dominance in the global market, the right way to do so is by adopting new technologies and strategies.

Get Discount on This Premium Report now @: http://ift.tt/2i3ioYb

Table of Contents

Global Internet Of Things (IoT) In Utility Market Research Report 2017

Chapter 1 Internet Of Things (IoT) In Utility Market Overview

Chapter 2 Global Economic Impact on Industry

Chapter 3 Global Market Competition by Manufacturers

Chapter 4 Global Production, Revenue (Value) by Region

Chapter 5 Global Supply (Production), Consumption, Export, Import by Regions

Chapter 6 Global Production, Revenue (Value), Price Trend by Type

Chapter 7 Global Market Analysis by Application

Chapter 8 Manufacturing Cost Analysis

Chapter 9 Industrial Chain, Sourcing Strategy and Downstream Buyers

Chapter 10 Marketing Strategy Analysis, Distributors/Traders

Chapter 11 Market Effect Factors Analysis

Chapter 12 Global Market Forecast

Source: Press Release

Security News,IoT News

via IoT – Google News http://ift.tt/2h68U1y

November 30, 2017 at 06:57PM