CVE-2014-4765 (change_and_configuration_management_database, maximo_asset_management, maximo_asset_management_essentials, maximo_for_government, maximo_for_life_sciences, maximo_for_nuclear_power, maximo_for_oil_and_gas, maximo_for_transportation, maximo_

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message.

CVE-2014-4793 (websphere_mq)

IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.

[$] LWN.net Weekly Edition for October 2, 2014

The LWN.net Weekly Edition for October 2, 2014 is available.

Secure Your Linux Desktop and SSH Login Using Two Factor Google Authenticator

 Nixcraft: It is a little known fact that you can use the TOTP algorithm to secure your user accounts in Linux systems.

Start-Up StackEngine Promises Automation for Docker Container Apps

 The VAR Guy: StackEngine, which says it is building solutions for automating the deployment and maintenance of container-based virtual apps such as Docker's, has announced seed funding.

Android DBMS adds bidirectional sync

 LinuxGizmos: ITTIA has added bidirectional sync to ITTIA DB SQL for Android

How to install OpenLDAP Server on Debian or Ubuntu

How to install OpenLDAP Server on Debian or Ubuntu
This document describes how to install and configure OpenLDAP in Debian/Ubuntu Server. I will use OpenLDAP to configure a corporate organizational structure through OpenLDAP.

[$] Bash gets shellshocked

It's been a crazy week for the Bash shell, its maintainer,
and many Linux distributions that use the shell. A remote code-execution
vulnerability that was reported on September 24 has now morphed
into multiple related vulnerabilities, which have now mostly been fixed and
updates released by distributions. The
vulnerabilities have been dubbed "Shellshock" and the technical (and
mainstream) press has had a field day reporting on the incident.

Using GNOME Boxes to create and access local virtual systems on GNOME 3.14

 LinuxBSDos: GNOME Boxes is a native GNOME 3 application for accessing remote machines and local virtual systems

Security advisories for Wednesday

CentOS has updated kernel
(Xen4CentOS: multiple vulnerabilities), libvirt (Xen4CentOS: memory leak), xen (Xen4CentOS: multiple vulnerabilities, and
xen (Xen4CentOS: information disclosure).

Debian has updated rsyslog
(denial of service) and xen (multiple vulnerabilities).

Fedora has updated

Syndicate content