Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
LinuxSecurity.com is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Updated: 3 hours 15 min ago

ArchLinux: 201902-15: python2-django: denial of service

Wednesday 13th of February 2019 12:16:00 AM
The package python2-django before version 1.11.19-1 is vulnerable to denial of service.

ArchLinux: 201902-14: python-django: denial of service

Wednesday 13th of February 2019 12:14:00 AM
The package python-django before version 2.1.6-1 is vulnerable to denial of service.

ArchLinux: 201902-12: lib32-libcurl-compat: arbitrary code execution

Tuesday 12th of February 2019 11:53:00 PM
The package lib32-libcurl-compat before version 7.64.0-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-13: lib32-curl: arbitrary code execution

Tuesday 12th of February 2019 11:53:00 PM
The package lib32-curl before version 7.64.0-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-11: lib32-libcurl-gnutls: arbitrary code execution

Tuesday 12th of February 2019 11:52:00 PM
The package lib32-libcurl-gnutls before version 7.64.0-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-10: libcurl-gnutls: arbitrary code execution

Tuesday 12th of February 2019 11:51:00 PM
The package libcurl-gnutls before version 7.64.0-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-9: curl: arbitrary code execution

Tuesday 12th of February 2019 11:50:00 PM
The package curl before version 7.64.0-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-8: aubio: denial of service

Tuesday 12th of February 2019 06:46:00 PM
The package aubio before version 0.4.9-1 is vulnerable to denial of service.

ArchLinux: 201902-7: libu2f-host: arbitrary code execution

Tuesday 12th of February 2019 06:45:00 PM
The package libu2f-host before version 1.1.7-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-6: runc: privilege escalation

Tuesday 12th of February 2019 06:43:00 PM
The package runc before version 1.0.0rc6-1 is vulnerable to privilege escalation.

ArchLinux: 201902-5: rdesktop: multiple issues

Tuesday 12th of February 2019 06:41:00 PM
The package rdesktop before version 1.8.4-1 is vulnerable to multiple issues including arbitrary code execution, denial of service and information disclosure.

ArchLinux: 201902-4: spice: arbitrary code execution

Tuesday 12th of February 2019 01:13:00 AM
The package spice before version 0.14.0-3 is vulnerable to arbitrary code execution.

ArchLinux: 201902-3: chromium: multiple issues

Tuesday 12th of February 2019 01:12:00 AM
The package chromium before version 72.0.3626.81-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, content spoofing and insufficient validation.

ArchLinux: 201902-2: firefox: multiple issues

Monday 11th of February 2019 05:05:00 PM
The package firefox before version 65.0-1 is vulnerable to multiple issues including arbitrary code execution, privilege escalation and access restriction bypass.

ArchLinux: 201902-1: dovecot: authentication bypass

Monday 11th of February 2019 05:04:00 PM
The package dovecot before version 2.3.4.1-1 is vulnerable to authentication bypass.

ArchLinux: 201901-18: ghostscript: sandbox escape

Thursday 31st of January 2019 11:44:00 AM
The package ghostscript before version 9.26-2 is vulnerable to sandbox escape.

ArchLinux: 201901-17: subversion: denial of service

Tuesday 29th of January 2019 10:19:00 PM
The package subversion before version 1.11.1-1 is vulnerable to denial of service.

ArchLinux: 201901-10: go-pie: private key recovery

Monday 28th of January 2019 10:30:00 PM
The package go-pie before version 2:1.11.5-1 is vulnerable to private key recovery.

ArchLinux: 201901-16: nasm: denial of service

Sunday 27th of January 2019 11:54:00 AM
The package nasm before version 2.14.02-1 is vulnerable to denial of service.

ArchLinux: 201901-15: haproxy: denial of service

Sunday 27th of January 2019 11:53:00 AM
The package haproxy before version 1.9.0-1 is vulnerable to denial of service.

More in Tux Machines

Ubuntu-Centric Full Circle Magazine and Debian on the Raspberryscape

  • Full Circle Magazine: Full Circle Weekly News #121
  • Debian on the Raspberryscape: Great news!
    I already mentioned here having adopted and updated the Raspberry Pi 3 Debian Buster Unofficial Preview image generation project. As you might know, the hardware differences between the three families are quite deep ? The original Raspberry Pi (models A and B), as well as the Zero and Zero W, are ARMv6 (which, in Debian-speak, belong to the armel architecture, a.k.a. EABI / Embedded ABI). Raspberry Pi 2 is an ARMv7 (so, we call it armhf or ARM hard-float, as it does support floating point instructions). Finally, the Raspberry Pi 3 is an ARMv8-A (in Debian it corresponds to the ARM64 architecture). [...] As for the little guy, the Zero that sits atop them, I only have to upload a new version of raspberry3-firmware built also for armel. I will add to it the needed devicetree files. I have to check with the release-team members if it would be possible to rename the package to simply raspberry-firmware (as it's no longer v3-specific). Why is this relevant? Well, the Raspberry Pi is by far the most popular ARM machine ever. It is a board people love playing with. It is the base for many, many, many projects. And now, finally, it can run with straight Debian! And, of course, if you don't trust me providing clean images, you can prepare them by yourself, trusting the same distribution you have come to trust and love over the years.

OSS: SVT-AV1, LibreOffice, FSF and Software Freedom Conservancy

  • SVT-AV1 Already Seeing Nice Performance Improvements Since Open-Sourcing
    It was just a few weeks ago that Intel open-sourced the SVT-AV1 project as a CPU-based AV1 video encoder. In the short time since publishing it, there's already been some significant performance improvements.  Since the start of the month, SVT-AV1 has added multi-threaded CDEF search, more AVX optimizations, and other improvements to this fast evolving AV1 encoder. With having updated the test profile against the latest state as of today, here's a quick look at the performance of this Intel open-source AV1 video encoder.
  • Find a LibreOffice community member near you!
    Hundreds of people around the world contribute to each new version of LibreOffice, and we’ve interviewed many of them on this blog. Now we’ve collected them together on a map (thanks to OpenStreetMap), so you can see who’s near you, and find out more!
  • What I learned during my internship with the FSF tech team
    Hello everyone, I am Hrishikesh, and this is my follow-up blog post concluding my experiences and the work I did during my 3.5 month remote internship with the FSF. During my internship, I worked with the tech team to research and propose replacements for their network monitoring infrastructure. A few things did not go quite as planned, but a lot of good things that I did not plan happened along the way. For example, I planned to work on GNU LibreJS, but never could find enough time for it. On the other hand, I gained a lot of system administration experience by reading IRC conversations, and by working on my project. I even got to have a brief conversation with RMS! My mentors, Ian, Andrew, and Ruben, were extremely helpful and understanding throughout my internship. As someone who previously had not worked with a team, I learned a lot about teamwork. Aside from IRC, we interacted weekly in a conference call via phone, and used the FSF's Etherpad instance for live collaborative editing, to take notes. The first two months were mostly spent studying the FSF's existing Nagios- and Munin-based monitoring and alert system, to understand how it works. The tech team provided two VMs for experimenting with Prometheus and Nagios, which I used throughout the internship. During this time, I also spent a lot of time reading about licenses, and other posts about free software published by the FSF.
  • We're Hiring: Techie Bookkeeper
    Software Freedom Conservancy is looking for a new employee to help us with important work that supports our basic operations. Conservancy is a nonprofit charity that promotes and improves free and open source software projects. We are home to almost 50 projects, including Git, Inkscape, Etherpad, phpMyAdmin, and Selenium (to name a few). Conservancy is the home of Outreachy, an award winning diversity intiative, and we also work hard to improve software freedom generally. We are a small but dedicated staff, handling a very large number of financial transactions per year for us and our member projects.

Security: Back Doors Running Amok, Container Runtime Flaw Patched, Cisco Ships Exploit Inside Products

  • Here We Go Again: 127 Million Accounts Stolen From 8 More Websites
    Several days ago, a hacker put 617 million accounts from 16 different websites for sale on the dark web. Now, the same hacker is offering 127 million more records from another eight websites.
  • Hacker who stole 620 million records strikes again, stealing 127 million more
    A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from eight more websites, TechCrunch has learned. The hacker, whose listing was the previously disclosed data for about $20,000 in bitcoin on a dark web marketplace, stole the data last year from several major sites — some that had already been disclosed, like more than 151 million records from MyFitnessPal and 25 million records from Animoto. But several other hacked sites on the marketplace listing didn’t know or hadn’t disclosed yet — such as 500px and Coffee Meets Bagel. The Register, which first reported the story, said the data included names, email addresses and scrambled passwords, and in some cases other login and account data — though no financial data was included.
  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks
  • How did the Dirty COW exploit get shipped in software?
    An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what this vulnerability can do.

10 Cool Software to Try from CORP Repo in Fedora

In this article, we will share 10 cool software projects to try in Fedora distribution. All the apps or tools covered here can be found in COPR repository. However, before we move any further, let’s briefly explain COPR. Read more