cybernet

Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials. The vulnerability is identified as CVE-2012-2122 and was addressed in MySQL 5.1.63 and 5.5.25 in May. However, many server administrators might not be aware of its impact, because the changelog for those versions contained very little information about the security bug. The vulnerability can only be exploited if MySQL was built on a system where the memcmp() function can return values outside the -128 to 127 range. This is the case for Linux systems that use an SSE-optimized glibc (GNU C library). If MySQL was built on such a system, the code that compares the cryptographic hash of a user-inputted password to the hash stored in the database for a particular account will sometimes allow authentication even if the supplied password is incorrect. The probability of triggerin

NEW YORK (CNNMoney) -- Russian hackers released a giant list of passwords this week, and on Wednesday security researchers identified their likely source: business social networking site LinkedIn. LinkedIn confirmed in a blog post late Wednesday afternoon that some of the stolen passwords correspond to LinkedIn accounts. The company did not offer any information about how the passwords were stolen or the extent of the damage, but it said it is "continuing to investigate" the matter. The 6.5 million leaked passwords were posted Monday on a Russian online forum, camouflaged with a common cryptographic code called SHA-1 hash. It's a format that's considered weak if added precautions aren't taken. Roughly half of the "hashed" passwords have already been decoded and posted online in human-readable text. Several security researchers tweeted Wednesday that they have found their passwords among those that were revealed. Web security firm Sophos

Since 042stab056.5 : [cfq] kernel BUG at block/cfq-iosched.c:386 has been fixed (PCLIN-30890) [fuse] added possibility to disable fuse O_DIRECT with help of fs.fuse_ext_caps sysctl (enabled by default) (debug for PSBM-13075) [fuse] flush writeback data on file close. In particular this fixes checkpointing (PSBM-13226) [fuse] several other bugfixes [quota] remounting of FS with quota on ploop could crash host (PSBM-13231) [fs/writeback] writeback writer throttler algorithm has been enhanced [mount namespaces] mount namespaces support for has been added. This is required for Fedora 17 (PSBM-13004). Note: online migration support has not been added yet [cpt] kernel BUG at kernel/cpt/rst_socket.c:407 (on a self-connected socket restore) fixed (PSBM-13367) [cpt] sleep-in-atomic at dumping cgroup has been fixes (PSBM-13297) [cpt] timerfs irq-safe locking has been fixed [cpt] false positive error messages "_rst_get_object: wrong object type" has been fixed