Bienvenue sur Lilotux !
Webmail Galerie MiKael Xavier Stephane


Le Monde

EELV demande au PS « un projet pour répondre aux angoisses des Français »
Après le revers de la gauche aux départementales, le premier secrétaire du PS a rencontré son homologue d’EELV, ainsi que les responsables des groupes parlementaires des deux camps.
Ben Bernanke devient blogueur
L’ancien président de la Réserve fédérale américaine entend commenter les questions économiques et financières.
La droite a-t-elle vraiment conquis un nombre record de départements ?
Après leur victoire au second tour des élections départementales, dimanche, l'UMP et ses alliés raflent le contrôle de 28 départements à la majorité.
À la France les satellites d’observation, à l’Allemagne les drones
Berlin financera la construction du troisième satellite « espion », développé et fabriqué en France. Paris laisse à l’Allemagne la primauté industrielle pour les drones de surveillance.
Un humoriste sud-africain prend la tête du « Daily Show » américain
Trevor Noah sera le nouveau présentateur de l'émission satirique, dirigée pendant 16 ans par Jon Stewart.
Les suites pour le PS après la défaite des départementales
Après le revers aux élections départementales, les différentes franges du parti socialiste prônent un rassemblement qui leur convient.
LGV Pays basque : la commission d'enquête donne un avis défavorable
Les projets de lignes à grande vitesse Bordeaux-Toulouse et Bordeaux-Dax sont contestés par des associations de défense de l'environnement.
Le FN ne profite pas des triangulaires
Le parti de Marine le Pen n'a gagné que cinq des 278 scrutins où il affrontait deux autres formations politiques. Il est même le seul parti qui perd des voix entre les deux tours en cas de triangulaire.
Ouzbékistan : le président Karimov obtient sans surprise un quatrième mandat
Depuis vingt-six ans, l'ancien apparatchik soviétique n'a cessé d'accroître son emprise sur ce pays de 30 millions d'habitants.
Faites votre classement des universités mondiales
Le palmarès U-Multirank, lancé en 2014 par l'Union européenne, entend donner « une image complète de la diversité de la performance des universités ».

Linux Weekly News

A massive weekend security update pile
The pile of security updates has gotten deep enough that it makes sense to shove them out now. The biggest pile is seemingly Mandriva catching up on numerous updates for its Mandriva Business Server (MBS) line of products.
Debian has updated batik (unauthorized file access), binutils (code execution), dulwich (code execution), libxfont (privilege escalation), php5 (fix regression from previous update), shibboleth-sp2 (denial of service), and xerces-c (denial of service).
Fedora has updated kernel (F21: code execution), mongodb (F21: denial of service), python-requests (F21: cookie stealing), python-urllib3 (F21: cookie stealing), strongswan (F20, F21: denial of service), and webkitgtk4 (F21: late certificate verification).
Mageia has updated docuwiki (cross-site scripting), drupal (authentication bypass), krb5 (denial of service), python-requests (cookie stealing), setup (incorrect file protections), and wireshark (dissector issues).
Mandriva has updated apache (MBS2: 11 CVEs), apache-mod_security (MBS2: restriction bypass), cifs-utils (MBS2: code execution), cups (MBS2: six CVEs), cups-filters (MBS2: nine CVEs), curl (MBS2: seven CVEs), dovecot (MBS2: denial of service), egroupware (MBS2: code execution), elfutils (MBS2: code execution), emacs (MBS2: symbolic link vulnerability), freetype2 (MBS2: 21 CVEs), gnupg (MBS1, MBS2: five CVEs), gnutls (MBS2: five CVEs), imagemagick (MBS2: five CVEs), jbigkit (MBS2: code execution), json-c (MBS2: denial of service), krb5 (MBS1-2: five CVEs), lcms2 (MBS2: denial of service), libcap-ng (MBS2: privilege escalation), libgd (MBS2: denial of service), libevent (MBS2: code execution), libjpeg (MBS2: code execution), libksba (MBS2: denial of service), liblzo (MBS2: code execution), libpng (MBS2: memory overwrite), libpng12 (MBS2: three 2013 CVEs), libsndfile (MBS2: code execution), libssh (MBS2: information disclosure and denial of service), libssh2 (MBS1, MBS2: MITM vulnerability), libtasn1 (MBS2: denial of service), libtiff (MBS2: six CVEs), libvirt (MBS1, MBS2: denial of service and information leak), libvncserver (MBS2: six CVEs), libxfont (MBS2: six CVEs), libxml2 (MBS2: denial of service), lua (MBS2: code execution), mariadb (MBS2: uncountable unexplained CVEs), mpfr (MBS2: code execution), mutt (MBS2: denial of service), net-snmp (MBS2: denial of service), nginx (MBS2: code execution), nodejs (MBS2: multiple unspecified vulnerabilities), not-yet-commons-ssl (MBS2: MITM vulnerability), ntp (MBS2: six CVEs), openldap (MBS1, MBS2: denial of service), openssh (MBS2: restriction and authentication bypass), openvpn (MBS2: denial of service), patch (MBS2: file overwrite), pcre (MBS2: denial of service), perl (MBS2: denial of service), php (MBS1, MBS2: lots of vulnerabilities), postgresql (MBS2: twelve CVEs), ppp (MBS2: privilege escalation), pulseaudio (MBS2: denial of service), python-django (MBS2: five CVEs), python-pillow (MBS2: five CVEs), python-requests (MBS2: cookie stealing), php-ZendFramework (MBS2: eight CVEs), python (MBS2: seven CVEs), python3 (MBS2: five CVEs), python-lxml (MBS2: code injection), python-numpy (MBS2: temporary file vulnerability), readline (MBS2: symbolic link vulnerability), rsync (MBS2: denial of service), rsyslog (MBS2: denial of service), ruby (MBS2: denial of service), samba (MBS1, MBS2: code execution and more), samba4 (MBS2: code execution), sendmail (MBS2: file descriptor access), serf (MBS2: MITM vulnerability), squid (MBS2: five CVEs), stunnel (MBS2: private key disclosure), subversion (MBS2: five CVEs), sudo (MBS2: file disclosure), tcpdump (MBS2: seven CVEs), tomcat (MBS2: eight CVEs), torque (MBS2: kill arbitrary processes), udisks2 (MBS2: code execution), unzip (MBS2: code execution), util-linux (MBS2: command injection), wpa_supplicant (MBS2: command execution), wget (MBS2: symbolic link vulnerability), x11-server (MBS2: thirteen CVEs), and xlockmore (MBS2: lock bypass).
openSUSE has updated mercurial (command injection).
SUSE has updated firefox (SLES10-11: code execution) and mysql (SLES11: 33 vulnerabilities).
[$] Mailman 3.0 to modernize mailing lists
More than a decade after its last major rewrite, the GNU Mailman mailing list manager project aims to release its 3.0 suite in April, during the sprints following PyCon North America. Mailman 3 is a major rewrite that includes a new user membership system, a REST API, an archiver replacement for Pipermail, and a better web interface for subscriptions and settings — but it carries with it a few new dependencies as well. Brave system administrators can try out the fifth beta version now.
Subscribers can click below for the full story from next week's edition.
Two fresh stable kernels
Hot on the heels of yesterday's 3.19.3 release, Greg Kroah- Hartman has released kernels 3.14.37 and 3.10.73. Each contains a bevy of updates and fixes.
Friday's security updates
CentOS has updated setroubleshoot (C6; C7: privilege escalation). Debian has updated batik (information leak). Fedora has updated dokuwiki (F20; F21; F22: access control bypass), drupal7 (F22: multiple vulnerabilities), drupal7-views (F20; F21: multiple vulnerabilities), ettercap (F20; F21: multiple vulnerabilities), mingw-xerces-c (F22: denial of service), nx-libs (F20; F21: multiple vulnerabilities), php (F22: multiple vulnerabilities), and xerces-c (F22: denial of service). Mandriva has updated cabextract (BS1,2: multiple vulnerabilities), cpio (BS1: multiple vulnerabilities; BS2: directory traversal), e2fsprogs (BS1; BS2: multiple vulnerabilities), and openssl (BS1; BS2: multiple vulnerabilities). openSUSE has updated libXfont (13.1, 13.2: multiple vulnerabilities), libzip (13.1, 13.2: denial of service), and tcpdump (13.1, 13.2: multiple vulnerabilities). Oracle has updated ipa and slapi-nis (O7: multiple vulnerabilities), kernel (O7: multiple vulnerabilities), and setroubleshoot (O5; O6; O7: privilege escalation). Red Hat has updated ipa, slapi-nis (RHEL7: multiple vulnerabilities), kernel (RHEL7: multiple vulnerabilities), kernel-rt (RHEL7: multiple vulnerabilities), and setroubleshoot (RHEL5,6,7: privilege escalation). Scientific Linux has updated ipa and slapi-nis (SL7:), kernel (SL7: multiple vulnerabilities), and setroubleshoot (SL5,6,7: privilege escalation). SUSE has updated Xen (SLE12: multiple vulnerabilities).
A new stable kernel release
Greg Kroah-Hartman has announced the release of the 3.19.3 kernel. A variety of important fixes and updates are included.
Valid CSS! Valid HTML 4.01!