Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 14 hours 43 min ago

SUSE: 2020:0490-1 important: ppp>

Wednesday 26th of February 2020 10:15:36 AM
An update that fixes one vulnerability is now available.

SUSE: 2020:0487-1 moderate: squid>

Wednesday 26th of February 2020 10:14:36 AM
An update that fixes four vulnerabilities is now available.

SUSE: 2020:0488-1 important: nodejs6>

Wednesday 26th of February 2020 10:13:43 AM
An update that fixes three vulnerabilities is now available.

SUSE: 2020:0489-1 important: ppp>

Wednesday 26th of February 2020 10:12:56 AM
An update that fixes one vulnerability is now available.

Debian LTS: DLA-2119-1: python-pysaml2 security update>

Wednesday 26th of February 2020 07:17:15 AM
It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.

Mageia 2020-0106: squid security update>

Wednesday 26th of February 2020 06:22:02 AM
Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory (CVE-2019-12528).

SUSE: 2020:0474-1 moderate: openssl>

Tuesday 25th of February 2020 01:13:47 PM
An update that solves one vulnerability and has two fixes is now available.

SUSE: 2020:14292-1 important: ppp>

Tuesday 25th of February 2020 01:12:23 PM
An update that fixes one vulnerability is now available.

RedHat: RHSA-2020-0605:01 Important: Red Hat JBoss Enterprise Application>

Tuesday 25th of February 2020 12:35:10 PM
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2020-0606:01 Important: Red Hat JBoss Enterprise Application>

Tuesday 25th of February 2020 12:28:11 PM
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

SciLinux: SLSA-2020-0574-1 Important: thunderbird on SL6.x i386/x86_64>

Tuesday 25th of February 2020 12:13:56 PM
Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords (CVE-2020-6794) Mozilla: Crash processing S/MIME messages with multiple signatures (CVE-2020-6795) Mozilla: Incorrect p [More...]

SciLinux: SLSA-2020-0578-1 Important: python-pillow on SL7.x x86_64>

Tuesday 25th of February 2020 12:12:41 PM
python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312) python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service (CVE-2019-16865) SL7 x86_64 python-pillow-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm python-pillow-debuginfo-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm python-pillow- [More...]

SUSE: 2020:0456-1 important: java-1_7_1-ibm>

Tuesday 25th of February 2020 10:23:19 AM
An update that fixes four vulnerabilities is now available.

SUSE: 2020:0468-1 important: webkit2gtk3>

Tuesday 25th of February 2020 10:22:17 AM
An update that fixes 8 vulnerabilities is now available.

SUSE: 2020:0457-1 moderate: libexif>

Tuesday 25th of February 2020 10:20:14 AM
An update that fixes two vulnerabilities is now available.

SUSE: 2020:0467-1 moderate: python3>

Tuesday 25th of February 2020 10:15:42 AM
An update that solves two vulnerabilities and has two fixes is now available.

SUSE: 2020:0466-1 important: java-1_8_0-ibm>

Tuesday 25th of February 2020 10:14:54 AM
An update that fixes 5 vulnerabilities is now available.

RedHat: RHSA-2020-0598:01 Important: nodejs:12 security update>

Tuesday 25th of February 2020 08:40:12 AM
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2020-0579:01 Important: nodejs:10 security update>

Tuesday 25th of February 2020 03:37:11 AM
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2020-0562:01 Moderate: OpenShift Container Platform 4.3.3>

Tuesday 25th of February 2020 12:55:09 AM
An update for jenkins-slave-base-rhel7-container is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

More in Tux Machines

7 open source Q&A platforms

Where do you go when you have a question? Since humans began walking the earth, we've asked the people around us—our family, friends, neighbors, classmates, co-workers, or other people we know well. Much later came libraries and bookstores offering knowledge and resources, as well as access for anyone to come in and search for the answers. When the home computer became common, these knowledge bases extended to electronic encyclopedias shipped on floppy disks or CD-ROMs. Then, when the internet age arrived, these knowledge bases migrated online to the likes of Wikipedia, and search engines like Google were born with the purpose of making it easy for people to search for answers to their questions. Now, sites like StackOverflow are there to answer our software questions and Quora for our general queries. The lesson is clear, though. We all have questions, and we all want answers for them. And some of us want to help others find answers to their questions, and this is where self-hosted Q&A sites come in. Read more

The City of Dortmund continues its transition to open source software

Five years after the creation of its Open Source Working Group, the City of Dortmund published several reports on the “Investigation of the potential of Free Software and Open Standards”. The reports share the city of Dortmund’s open source policy goals as well as its ambition to create an alliance of municipalities in favour of open source software. Read more

CERN adopts Mattermost, an open source messaging app

The European Organization for Nuclear Research (CERN) has decided to discontinue the use of the Facebook collaboration app Workplace, instead opting to replace it with Mattermost, an open source messaging app. CERN switched to open source software after changes to Facebook’s solution subscription prices and possible changes in the data security settings. Read more

Programming/Development: PHP 8.0, WASMtime 0.12, Perl, Python, and java

  • Looking At The PHP 8.0 Performance So Far In Early 2020

    With it being a while now since the PHP 7.4 release and the PHP developers continuing to be busy at work on PHP 8.0 as the next major installment of the popular web programming language, here is a fresh look at the performance of PHP 8.0 in its current state -- including when its JIT compiler is enabled -- compared to releases going back to PHP 5.6. Most exciting with PHP 8.0 is the JIT compiler that has the ability to provide better performance on top of all the gains already scored during PHP 7.x releases. PHP 8.0 is also bringing support for static return types, weak maps, union types, improved errors and warnings, and more is surely to come -- stay tuned to the PHP RFC page. The latest indications are PHP 8.0 isn't expected for release until the very end of 2020 or early 2021.

  • WASMtime 0.12 Released For The JIT-Style WebAssembly Runtime

    Announced last November was the Bytecode Alliance with a goal of running WebAssembly everywhere. This effort by Intel, Red Hat, Mozilla, and others has resulted in a new release today of wasmtime, their JIT-style runtime for WebAssembly on the desktop. The Bytecode Alliance developers from the different organizations continue working heavily on their Wasmtime JIT runtime, Cranelift low-level code generator, the WAMR micro-runtime, and Lucet sandboxing WebAssembly compiler. Wasmtime v0.12 is the new release out today for their optimizing run-time offering for WebAssembly and WASI (WebAssembly System Interface) on desktops and other non-browser use-cases.

  • The Weekly Challenge #049

    This is my second blog for The Weekly Challenge. I am only able to participate, thanks to Ryan Thompson for helping me with the Perl and Raku reviews. I am going for Perl solutions first then will try to translate it into Raku next. I believe in coding to learn the language. With so many Raku experts around, I am not shy throwing questions up. I am now going to share my experience doing “The Weekly Challenge - 049”.

  • EuroPython 2020: Call for Proposals opens on March 9th

    We’re looking for proposals on every aspect of Python: all levels of programming from novice to advanced, applications, frameworks, data science, Python projects, internals or topics which you’re excited about, your experiences with Python and its ecosystem, creative or artistic things you’ve done with Python, to name a few. EuroPython is a community conference and we are eager to hear about your use of Python. Since feedback shows that our audience is very interested in advanced topics, we’d appreciate more entries in this category for EuroPython 2020. Please help spread word about Call for Proposals to anyone who might be interested. Thanks.

  • Using Anaconda Environments with Wing Python IDE

    Wing version 7.2 has been released, and we've been looking at the new features in this version. So far we've covered reformatting with Black and YAPF, Wing 7.2's expanded support for virtualenv, and using python -m with Wing. This time we'll take a look at what Wing 7.2 provides for people that are using Anaconda environments created with conda create as an alternative to virtualenv.

  • Easy Provisioning Of Cloud Instances On Oracle Cloud Infrastructure With The OCI CLI

    The OCI CLI requires python version 3.5 or later, running on Mac, Windows, or Linux. Installation instructions are provided on the OCI CLI Quickstart page.

  • Python Range

    The Python range type generates a sequence of integers by defining a start and the end point of the range. It is generally used with the for loop to iterate over a sequence of numbers. range() works differently in Python 2 and 3. In Python 2, there are two functions that allow you to generate a sequence of integers, range and xrange. These functions are very similar, with the main difference being that range returns a list, and xrange returns an xrange object.

  • Code Borrowing and Licence Violations [Ed: This study may be deeply flawed because they bothered assessing no projects other than those that Microsoft controls (what about projects that don't use Git and Microsoft's proprietary trap?)]

    The researchers used the Public Git Archive (PGA), a large dataset that was composed in the early 2018. It consists of all GitHub projects with 50 or more stars which can be filtered by language. They extract all projects with at least one line written in Java which resulted in 24,810 projects overall and a final dataset of 23,378 Java repositories.

  • Painless Java with BlueJ

    Whenever you're learning a new programming language, it's easy to criticize all the boilerplate text you need to memorize. Before you can get comfortable starting a project, you have to remember the preambles that, in theory, ought to be easy to remember since they're usually relatively short and repetitive. In practice, though, boilerplate text is too obscure in meaning to become an easy habit, but it's essential for a program to run.