Feed aggregator

Spatial Agglomeration and Superstar Firms: Firm-level Patterns from Europe and US

Harvard Business School Working Knowledge - Tue, 08/20/2019 - 00:00
Large, productive, or internationalized firms tend to co-locate geographically. This study of the United States and Eurozone shows greater agglomeration around high performance plants, particularly multinationals.by Laura Alfaro, Maggie X. Chen, and Harald Fadinger9292Laura Alfaro6629Working Paper Summaries

Should a Pension Fund Try to Change the World?

Harvard Business School Working Knowledge - Tue, 08/20/2019 - 00:00
Re: Rebecca M. Henderson, George Serafeim9290Rebecca M. Henderson12345George Serafeim15705Cold Call Podcast

[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3

Security Updates from SECLISTS - Mon, 08/19/2019 - 03:39

Posted by Justin Bull on Aug 19

[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3

Happy Sunday everyone.

A security bulletin for you all.

Software:
--------
MediaWiki OAuth2 Client (https://github.com/Schine/MW-OAuth2Client)

Description:
----------
MediaWiki implementation of the PHP League's OAuth2 Client, to allow MediaWiki
to act as a client to any OAuth2 server.

Not Affeted:
------------
0.2 and earlier.

Affected Versions:
---------------
0.3

Fixed...

[SECURITY] [DSA 4503-1] golang-1.11 security update

Security Updates from SECLISTS - Mon, 08/19/2019 - 03:32

Posted by Moritz Muehlenhoff on Aug 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4503-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : golang-1.11
CVE ID : CVE-2019-9512 CVE-2019-9514...

[SECURITY] [DSA 4502-1] ffmpeg security update

Security Updates from SECLISTS - Fri, 08/16/2019 - 17:55

Posted by Moritz Muehlenhoff on Aug 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4502-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ffmpeg
CVE ID : CVE-2019-12730

Several...

Details about recent GNU patch vulnerabilities

Security Updates from SECLISTS - Fri, 08/16/2019 - 06:21

Posted by Imre Rad on Aug 16

I identified several vulnerabilities in the GNU patch utility, some of
them making it possible to execute arbitrary code if the victim opens
a crafted patch file. It also turned out, some of these
vulnerabilities had been silently addressed by the maintainer back
then in 2018 when CVE-2018-1000156 was reported. Some Linux
distributions (like Debian, Ubuntu or Fedora) applied only the primary
patch and thus they remained vulnerable to the attack...

[SECURITY] [DSA 4501-1] libreoffice security update

Security Updates from SECLISTS - Fri, 08/16/2019 - 02:22

Posted by Moritz Muehlenhoff on Aug 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4501-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9850 CVE-2019-9851...

[slackware-security] mozilla-firefox (SSA:2019-226-02)

Security Updates from SECLISTS - Thu, 08/15/2019 - 06:37

Posted by Slackware Security Team on Aug 15

[slackware-security] mozilla-firefox (SSA:2019-226-02)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.0.2esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)

Security Updates from SECLISTS - Wed, 08/14/2019 - 06:01

Posted by Slackware Security Team on Aug 14

[slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.189/*: Upgraded.
These updates fix various bugs and many security issues, and include the
Spectre v1 SWAPGS mitigations.
Be sure to upgrade your initrd after upgrading the kernel packages....

APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4

Security Updates from SECLISTS - Wed, 08/14/2019 - 06:01

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-2 Additional information for
APPLE-SA-2019-7-22-1 iOS 12.4

iOS 12.4 addresses the following:

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with...

APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

Security Updates from SECLISTS - Wed, 08/14/2019 - 05:58

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:

SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume unbounded amounts of memory when
receiving certain traffic patterns and eventually suffer resource
exhaustion
Description: This issue was addressed with improved buffer size...

APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4

Security Updates from SECLISTS - Wed, 08/14/2019 - 05:57

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-4 Additional information for
APPLE-SA-2019-7-22-5 tvOS 12.4

tvOS 12.4 addresses the following:

Bluetooth
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele...

APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3

Security Updates from SECLISTS - Wed, 08/14/2019 - 05:53

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-3 Additional information for
APPLE-SA-2019-7-22-4 watchOS 5.3

watchOS 5.3 addresses the following:

Bluetooth
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele...

APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra

Security Updates from SECLISTS - Wed, 08/14/2019 - 05:49

Posted by Apple Product Security on Aug 14

APPLE-SA-2019-8-13-1 Additional information for
APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update
2019-004 High Sierra, Security Update 2019-004 Sierra

macOS Mojave 10.14.6, Security Update 2019-004 High Sierra,
Security Update 2019-004 Sierra address the
following:

AppleGraphicsControl
Available for: macOS Mojave 10.14.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with...

The Manager's Guide to Leveraging Disruption

Harvard Business School Working Knowledge - Wed, 08/14/2019 - 00:00
Clayton M. Christensen's seminal book, The Innovator's Dilemma, helped ignite the idea of innovative disruption. His Harvard Business School colleagues have been adding to innovation reseach ever since.by Sean Silverthorne9288Sharpening Your Skills

[SECURITY] [DSA 4500-1] chromium security update

Security Updates from SECLISTS - Tue, 08/13/2019 - 17:11

Posted by Salvatore Bonaccorso on Aug 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4500-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
August 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2019-5805 CVE-2019-5806...

[SECURITY] [DSA 4497-1] linux security update

Security Updates from SECLISTS - Tue, 08/13/2019 - 17:08

Posted by Salvatore Bonaccorso on Aug 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4497-1 security () debian org
https://www.debian.org/security/ Ben Hutchings
August 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2015-8553 CVE-2018-5995...

Dlink-CVE-2019-13101

Security Updates from SECLISTS - Tue, 08/13/2019 - 17:04

Posted by Devendra Solanki on Aug 13

A remote vulnerability was discovered on D-Link DIR-600M Wireless N
150 Home Router in multiple respective firmware versions.
The vulnerability provides unauthenticated remote access to the
router's WAN configuration page i.e. "wan.htm", which leads to
disclosure of sensitive user information including but not limited to
PPPoE, DNS configuration etc, also allowing to change
the configuration settings as well.

A metasploit script...

[SECURITY] [DSA 4499-1] ghostscript security update

Security Updates from SECLISTS - Mon, 08/12/2019 - 17:21

Posted by Salvatore Bonaccorso on Aug 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4499-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-10216
Debian Bug...

Pages