Other Projects Participating In This Winter's Women Outreach Program

While we've covered the X.Org Foundation's inaugural participation in the GNOME OPW women outreach program given our focus at Phoronix on the Linux graphics stack, women looking for other open-source projects to get involved with in the months ahead have a large choice for this winter OPW cycle...

Role of Open Source in WordPress Popularity

HowToSpotter: Almost every person associated with the web industry realizes the fact that open source solutions tend to produce better and cost-effective results.

Zalewski on the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)

Those interested in the more recently discovered bash vulnerabilities will
likely want to have a look at this detailed posting from Michal Zalewski.
Then make sure your systems are updated. "I initially shared the findings privately with vendors, but because of
the intense scrutiny that this codebase is under, the ease of
reproducing these results with an open-source fuzzer, and the
now-broad availability of upstream mitigations, there seems to be
relatively little value in continued secrecy."

Scribbleton Has a Ton of Potential

LinuxInsider: Think of this as an easy-to-use database to create links between words, phrases and pages.

CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.

CVE-2014-6414 (neutron)

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.

CVE-2014-3621

The catalog url replacement in Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

OpenWRT "Barrier Breaker" 14.07 released

The long-awaited OpenWRT 14.07 release is out. It includes an update to
the 3.10 kernel, a new init system (procd), improved IPv6 support, support
for system snapshots and rollbacks, support for dynamic firewall rules, a
new MDNS daemon, DNSSEC validation support, and more.

OpenWRT "Barrier Breaker" 14.07 released

The long-awaited OpenWRT 14.07 release is out. It includes an update to the 3.10 kernel, a new init system (procd), improved IPv6 support, support for system snapshots and rollbacks, support for dynamic firewall rules, a new MDNS daemon, DNSSEC validation support, and more.

The long-awaited OpenWRT 14.07 release is out. It includes an update to the 3.10 kernel, a new init system (procd), improved IPv6 support, support for system snapshots and rollbacks, support for dynamic firewall rules, a new MDNS daemon, DNSSEC validation support, and more.

Security updates for Thursday

Oracle has updated libvirt (OL7:
two vulnerabilities).

Red Hat has updated libvirt
(RHEL7: two vulnerabilities).

Syndicate content