Linuxkommando.com::linux,ubuntu,software,news,reviews,articles

On the just launched in San Francisco VMworld 2012 presents VMware vCloud in the Cloud Suite version 5.1. Including Vsphere, vCloud Director, vCloud Networking and Security and vCenter Site Recovery Manager – all components carry the new version number.

The virtualization platform Vsphere 5.1 to about 100 improvements and have new features and support VMs with up to 64 virtual CPUs. For 24/7-operation VMware VMotion has expanded so that it is possible to migrate VMs without shared storage in real time. New Vsphere is Data Protection for easier backup, recovery and replication.

Elastic vCloud Director

VCloud Director is a collection of data center software services, the storage, network, security and availability pools and automated in order to operate complete virtual data centers (VDCs). The new version now knows “elastic” VDCs, the more Vsphere cluster span and consist of up to 30,000 VMs.
(more…)

The program’s author has changed Dash Shendy the Web application on the architectural pattern Model-View-Controller (MVC). In addition, the CMS uses the singleton design pattern.

The sets in PHP 5 and MySQL implemented the software security as a priority. Therefore, it validates all input and output strictly and adopt measures to prevent attacks from cross site request forgery (CSRF), perhaps with the help of random tokens and spelling. The hostile takeover of sessions designed to prevent, among other things, the examination of the IP address of the client. In addition, CMS uses the RBAC (Role Based Access Control) order.
(more…)

The Scientific Linux distribution Red Hat-based Branch has updated its fifth
This pulls the RHEL distribution for their model, from which sources they created their free packages. Also updates the Linux, which is used as at CERN, the stackable file system AUFS and firmware for WLAN chips from Ralink and Intel and installed the latest security fixes for Sun’s Java. The network file system Open AFS version 4.1.14 fixes with a small locking bug. Further details can be found in the release notes .
(more…)

Samba developers reported that their product (versions 3.0.x – 3.6.3 inclusive) detected a dangerous remote vulnerability. The code, which is responsible for serializing and deserializing data for RPC-call encountered an error check the size of the array that allows a specially crafted RPC-to execute arbitrary code on the server.

The vulnerability is dangerous because it can use an anonymous user without going through the authentication procedure. Therefore, the developers recommend that all users of Samba upgrade as soon as possible. Due to the exceptional situation, the developers provide patches , even for unsupported versions (up to 3.0. *).
(more…)

Among the major changes:

• long-awaited support for TLS v1.1 and v.1.2 *
• protocol support SCTP ​​, SRP
• Support Next Protocol Negotiation
• Support PSS to setrifikatah, queries, as well as certificate revocation lists (CRL)
• support for TLS / DTLS heartbeat
• RFC 5705 TLS key material exporter

(more…)

Mozilla has developed a new experimental add- Collusion , allowing to find out what services track user’s movement on the World Wide Web. In contrast to the well-known add-on Ghostery, Collusion can not only find a list of “spies” on a separate page, and keep track of the full picture collection of data about the user. Available with the principle of the easiest add-on with the demo page . Also, there is the ability to block unwanted tracking.
(more…)

The company Coverity, the leader of the automated testing of code for errors and vulnerabilities, gave a report , which is a product of the largest joint public-private project to audit the source code of open and proprietary software. The report contains an analysis of more than 37 million lines of code 45 most actively developing projects with open source software, as well as about 300 million lines of code, an unnamed 41-proprietary software.

Key points of the report:

• The average size of open source software is 832,000 lines of code, with 1,000 lines of code were found on average 0.45 defects.

(more…)

A popular tool for launching programs from other users of a security vulnerability, potentially allowing us to obtain the privileges of root.

Bug found in the function sudo_debug (), where the program name (argv [0]) is passed directly to fprintf (). Check availability of vulnerability can be the following simple way:
(more…)

At the end of last year there was an attack by sorting on WPS.

Wireless Protected Setup (WPS) – a standard that was designed to simplify setup a secure wireless network and connect it to devices. In one embodiment, the device is connected to a wireless network uses 8-digit number called a PIN-ohm and generated an access point, which must be entered on the device. As standard, this method should be maintained for WPS certified device to fail.

The danger is that the device can access the wireless network with WPS enabled without the administrator / owner of the network.
(more…)

The Linux kernel is found dangerous vulnerability that allows a local attacker to execute code as root. The problem occurs in kernel since 2.6.39. At the moment, has published threeworking exploit. Vulnerability assigned the number CVE-2012-0056 .

Source of vulnerability is a bug in the implementation proc-interface for direct access to process memory (/ proc / pid / mem). 
(more…)