Mandriva Linux Security Advisory 2015-221 - Multiple vulnerabilities have been found and corrected in clamav. The updated packages provides a solution for these security issues.

Mandriva Linux Security Advisory 2015-222 - Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.

Mandriva Linux Security Advisory 2015-224 - Ruby OpenSSL hostname matching implementation violates RFC 6125. The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue.

Mandriva Linux Security Advisory 2015-225 - The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

Mandriva Linux Security Advisory 2015-226 - FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service.

Mandriva Linux Security Advisory 2015-223 - Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

Mandriva Linux Security Advisory 2015-227 - This update provides MariaDB 5.5.43, which fixes several security issues and other bugs.

Mandriva Linux Security Advisory 2015-228 - It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs.

Mandriva Linux Security Advisory 2015-229 - It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code.

Mandriva Linux Security Advisory 2015-230 - Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.

Mandriva Linux Security Advisory 2015-231 - Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

Mandriva Linux Security Advisory 2015-232 - A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Ubuntu Security Notice 4335-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4336-1 - It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 4337-1 - It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. Various other issues were also addressed.

Ubuntu Security Notice 4338-1 - Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice 4339-1 - Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. Various other issues were also addressed.

Ubuntu Security Notice 4340-1 - It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Stephan Zeisberg discovered that CUPS incorrectly handled certain malformed ppd files. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4341-1 - Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4342-1 - Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4343-1 - Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice 4344-1 - It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4345-1 - Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4346-1 - It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4341-3 - USN-4341-1 fixed vulnerabilities in Samba. The updated packages for Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes the problem. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4348-1 - It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. It was discovered that Mailman incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4341-2 - USN-4341-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4349-1 - A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. Various other issues were also addressed.

Ubuntu Security Notice 4350-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

Ubuntu Security Notice 4351-1 - Eli Biham and Lior Neumann discovered that certain Bluetooth devices incorrectly validated key exchange parameters. An attacker could possibly use this issue to obtain sensitive information.

Ubuntu Security Notice 4352-1 - It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service.

Togo won a record number of greenfield investment projects last year.

Global FDI flows recorded a marginal 1% fall in 2019, but the value of announced greenfield investment projects plummets by 22%.

Celebrating its centennial, Albania’s capital is ranked among fDi’s top five mid-sized European Cities of the Future 2020/2021 for Cost Effectiveness

In spite of the uncertainty caused by Brexit, London retains its position as fDi's European City of the Future for 2020/21, while Paris keeps the regional crown.

London has retained its position as fDi’s European City of the Future, while Paris has climbed to second place, knocking Dublin into the third spot. 

London is crowned best major city in Europe in fDi's FDI Strategy category, with Glasgow, Vilnius, Reykjavik and Galway also winning out.

Paris Region has kept its fDi European Region of the Future title, while Dublin Region holds on to second place and North Rhine-Westphalia is in third. 

North Rhine-Westphalia is fDi's top large region for FDI Strategy, with the Basque Country topping the table for mid-sized regions and Ireland South East first among small regions. 

London LEP and Thames Valley Berkshire LEP hold on to their respective first and second places in the Local Enterprise Partnership rankings, while Oxfordshire LEP jumps up eight places to third. 

Red Hat Security Advisory 2019-1821-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

Ubuntu Security Notice 4130-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2019-2925-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2019-2939-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.