Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat versions 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

Administrators need to review the Apache security advisories for CVE-2018-8037 and CVE-2018-1336 and apply the necessary updates.

Debian 9 “Stretch” was released over a year ago and since then, the wildly popular Linux distribution has been downloaded by countless users.

Today, the 5th “point” release becomes available. In other words, Debian Linux “Stetch” has reached an important milestone — version 9.5 stable. The operating system is always improving with security updates and bug fixes, and 9.5 is no exception here. In fact, it includes a patch for Spectre V2. Also of significance, the Debian Installer has been given an update.

“The Debian project is pleased to announce the fifth update of its stable distribution Debian 9 (codename ‘Stretch’). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available,” says The Debian Project.

The project further says, “Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old ‘stretch’ media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won’t have to update many packages, and most such updates are included in the point release.”

Quite frankly, the number of updated packages is quite large — if you are a Debian user, I urge you to read the full changelog here. You can see the long list of changes, not only for 9.5, but all “Stretch” releases.

Despite the developers saying you don’t have to create new install media, if you still want to do so, you can grab an ISO here.

CentOS 6.4 was Released

Valic —  March 10, 2013 — Leave a comment

CentOS team was announced today the release of CentOS-6.4  install media for i386 and x86_64 Architectures.

You should look on those release notes for 6.4  that are available here:  http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.4

CentOS-6.4 is based on the upstream release EL 6.4 and includes packages from all variants. All upstream repositories have been combined into one, to make it easier for end users to work with.

There are some changes in this release, compared with the past CentOS-6 releases, and is highly recommend for everyone to read the Release Notes.

All updates released since upstream 6.4 release are also released to the CentOS-6.4 mirrors

Torrent files for the DVD’s are available at :
http://mirror.centos.org/centos/6.4/isos/i386/CentOS-6.4-i386-bin-DVD1to2.torrent
http://mirror.centos.org/centos/6.4/isos/x86_64/CentOS-6.4-x86_64-bin-DVD1to2.torrent

You can also use a mirror close to you :
http://www.centos.org/modules/tinycontent/index.php?id=30

More info here  http://lists.centos.org/pipermail/centos-announce/2013-March/019276.html

Debian Squeeze: 6.0.7 Released

Valic —  February 24, 2013 — Leave a comment

On February 23rd, 2013 Debian Squeeze version 6.0.7 was released.

This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

Please note that this update does not constitute a new version of Debian 6.0 but only updates some of the packages included. There is no need to throw away 6.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated.

Those who frequently install updates from security.debian.org won’t have to update many packages and most updates from security.debian.org are included in this update.

New installation media and CD and DVD images containing updated packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the aptitude (or apt) package tool (see the sources.list(5) manual page) to one of Debian’s many FTP or HTTP mirrors. A comprehensive list of mirrors is available at:

More info here  http://www.debian.org/News/2013/20130223

Pidgin 2.10.7 was released and it brings numerous fixes, improvements, and a few new features, especially to MSN, Gadu-Gadu, MXit, Sametime, IRC and Yahoo! protocols.

All Pidgin users are urged to upgrade to the newly released 2.10.7 version as soon as possible, as it contains important security updates. Without any further ado, let’s take a look at the actual changes:

• Fixed an issue with the configure script, which will now exit with status 1 if an invalid protocol plugin is specified using the –with-dynamic-prpls and –with-static-prpls arguments;
• Fixes a libpurple crash related to UPnP responses with unusual long values;
• Repaired libpurple issue related to libgcrypt, when compiling with GnuTLS support;
• Fixed UPnP mappings on libpurple, for routers that return empty elements;
• The Tcl plugin for libpurple now uses race-free, saner plugin loading;
• The Tcl signals-test plugin has been fixed for savedstatus-changed in libpurple;
• Improved support for non-X11 GTK+, such as the one from MacPorts;
• Fixed a startup crash related to large contact lists on Gadu-Gadu accounts. Therefore, avatar support has been disabled until version 3.0.0);
• Implemented support for SASL authentication on IRC protocol;
• Topic setter info is now printed when joining an IRC channel;
• Fixed SSL certificate issues when signing into MSN accounts;
• Fixed a MSN crash when a user is removed before its avatar is loaded;
• Fixed a bug that could allow a remote MXit user to specify a local file path to be written to;
• Fixed a bug that could lead to remote code execution or a crash, because the MXit server could send specially crafted data;
• MXit farewell messages are now displayed in a different color;
• Added support for typing notification in MXit;
• Added support for the MXit Relationship Status profile attribute;
• Removed all MXit Hidden Number reference;
• When joining a MXit GroupChat or have a pending invite, other invites are being ignore now;
• Centered the buddy’s name vertically in the buddy-list for MXit protocol;
• Decoding of font-size changes in the markup of received messages has been fixed in MXit;
• The maximum file size that can be transferred on MXit is now 1 MB;
• MXit avatars are no longer downscaled to 96×96;
• Fixed a crash for the Sametime protocol, related to unusual long user IDs send by a malicious server;
• Fixed a double-free in picture/profile loading code for the Yahoo protocol;
• Server-side buddy aliases can now be retrieved on Yahoo accounts;
• Added support for sndio GStreamer backends to the Voice/Video Settings plugin;
• Fixed Contact Availability Detection plugin crash;
• Improved support for non-X11 GTK+, such as the one from MacPorts, on the Message Notification plugin.
You can  Download Pidgin 2.10.7 right now from Softpedia.