GHOST Attack

Another exploit has been discovered which affects many Linux servers. The moniker is GHOST. During a code audit performed internally at Qualys, we discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it …

All Bugzilla Accounts Upgraded to 4.4.5

Bugzilla 4.4.5 is a security release which addresses the following issue: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla’s JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. For more details see: https://bugzilla.mozilla.org/show_bug.cgi?id=1036213 …

December Downtime, Revised

Please be advised that there will be an extended system outage starting December 10 03:00 UTC (Dec 9 22:00 New York, Dec 10 14:00 Sydney).
This downtime will last approximately 10 hours.
During this time all equipment will be moved to a new data cente…