PHPmailer 3rd party library — DRUPAL-SA-PSA-2016-004

Advisory ID: DRUPAL-SA-PSA-2016-004
Project: PHPMailer (third-party library)
Version: 7.x, 8.x
Date: 2016-December-26
Security risk: 23/25 ( Highly Critical) AC:None/A:User/CI:All/II:All/E:Exploit/TD:All
Vulnerability: Arbitrary PHP code execution
The PHPMailer and SMTP modules (and maybe others) add support for sending e-mails using the 3rd party PHPMailer library.
In general the Drupal project does not create advisories for 3rd party libraries. Drupal site maintainers should pay attention to the notifications provided by those 3rd party libraries as outlined in PSA-2011-002 – External libraries and plugins. However, given the extreme criticality of this issue and the timing of its release we are issuing a Public Service Announcement to alert potentially affected Drupal site maintainers.

CVE identifier(s) issued
Versions affected
All versions of the external PHPMailer library < 5.2.18.
Drupal core is not affected. If you do not use the contributed PHPMailer third party library, there is nothing you need to do.
Upgrade to the newest version of the phpmailler library.
If you are using the

Original URL:

Original article

FreeDOS 1.2 Is Finally Released

Very long-time Slashdot reader Jim Hall — part of GNOME’s board of directors — has a Christmas gift. Since 1994 he’s been overseeing an open source project that maintains a replacement for the MS-DOS operating system, and has just announced the release of the “updated, more modern” FreeDOS 1.2!

[Y]ou’ll find a few nice surprises. FreeDOS 1.2 now makes it easier to connect to a network. And you can find more tools and games, and a few graphical desktop options including OpenGEM. But the first thing you’ll probably notice is the all-new new installer that makes it much easier to install FreeDOS. And after you install FreeDOS, try the FDIMPLES program to install new programs or to remove any you don’t want. Official announcement also available at the FreeDOS Project blog.
FreeDOS also lets you play classic DOS games like Doom, Wolfenstein 3D, Duke Nukem, and Jill of the Jungle

Original URL:

Original article

HandBrake 1.0.0 Released

Saturday, Dec 24, 2016″How does a project get to be a year late? … One day at a time.” – Fred Brooks

After more than 13 years of development, the HandBrake Team is delighted to present HandBrake 1.0.0. Thank you to all of our many contributors over the years for making HandBrake what it is today.

We again remind everyone that the HandBrake Website is the only official source for HandBrake. Downloads are not mirrored on any third-party services, excepting the Linux PPA. For more information on downloading and installing HandBrake safely, please read Where to get HandBrake.

On that note, we are also excited to announce the new online HandBrake Documentation beta, available in English.
The new docs are less technical in nature, providing easy to read step-by-step workflows for making videos that even new HandBrake users can understand.
Visit the new HandBrake 1.0.0 Documentation.

If you happen to discover any reproducible bugs or issues,

Original URL:

Original article

Raspberry Pi releases an OS to breathe new life into old PCs

Built on top of Debian, the OS is light enough to run most old machines, provided you have at least 512MB of RAM. “Because we’re using the venerable i386 architecture variant it should run even on vintage machines like my ThinkPad X40 (above),” Upton said.It’s easy to try out, but Upton urges you back up machines that may have valuable data. After downloading the image, you burn it either to a DVD or USB stick, then enable booting of those devices. You can normally do that by tweaking your PC’s BIOS or by holding the “C” key down when you boot up a Mac.From there, it’ll run the OS with no need to install anything. If you booted on a USB stick, you’ll get the option to run “with persistence,” meaning any changes or files will stick for the next session. If you’d rather just play around and start fresh

Original URL:

Original article

Open source CyanogenMod is shutting down… but forked Lineage will rise from its ashes

For Android hackers and tweakers, CyanogenMod represents mobile OS nirvana — an open source alternative to Google’s official Android, complete with frequent updates. The bad news for fans is that Cyanogen, the company behind the operating system, is closing down operations: with virtually no warning. Coming at a time of year when few people are paying much attention to what is going on in the world of tech, the announcement that nightly builds will be discontinued by the end of the year comes after staff layoffs earlier in the year, and premature rumors that the company was shutting up shop.… [Continue Reading]

Original URL:

Original article

Alpine Linux 3.5.0 released

We are pleased to announce the release of Alpine Linux 3.5.0, the first in
the v3.5 stable series.

New features and noteworthy changes

Switch from OpenSSL to LibreSSL
Support for aarch64 (uboot only for now)
Support for ZFS as root
PostgreSQL update to 9.6.x. See the PostgreSQL documentation for upgrade
Samba 4.5.3
GTK+3.0 3.22.5
glib 2.50.2
Support for R, JRuby and OCaml
Better python3 support
The nodejs package was renamed to nodejs-current and moved to the community
repository. The nodejs-lts package was renamed to nodejs. This means that
you get the LTS version if you do apk add nodejs.
Desktop applications that have been upgraded in v3.5 include:

xorg-server 1.18.4

Thanks GIGABYTE for donating two ARM buildservers (xgene and thunderx platforms).
Thanks to everyone sending in patches, bug reports, new and updated aports.
The full list of changes can be found in the
git log and
bug tracker.

Commit statistics

5742 commits made by 133 contributors

1711 Natanael Copa
1036 Francesco Colista
710 Jakub Jirutka
486 Carlo Landmeter
308 Timo Teräs
272 Sören Tempel

Original URL:

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: