Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 3 hours 32 min ago

Debian LTS: DLA-1551-1: exiv2 security update

Sunday 21st of October 2018 04:39:00 AM
LinuxSecurity.com: A vulnerability has been discovered in exiv2 (CVE-2018-16336), a C++ library and a command line utility to manage image metadata, resulting in remote denial of service (heap-based buffer over-read/overflow) via

Mageia 2018-0409: libtiff security update

Saturday 20th of October 2018 03:56:00 PM
LinuxSecurity.com: Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file (CVE-2016-5319). In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function

Mageia 2018-0408: ghostscript security update

Friday 19th of October 2018 08:37:00 PM
LinuxSecurity.com: Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox. (CVE-2018-17961) Saved execution stacks can leak operator arrays. (CVE-2018-18073)

Mageia 2018-0406: clamav security update

Friday 19th of October 2018 08:01:00 PM
LinuxSecurity.com: The updated clamav packages fix a security vulnerability: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device (CVE-2018-15378).

Mageia 2018-0407: rust security update

Friday 19th of October 2018 08:01:00 PM
LinuxSecurity.com: Updated rust packages fix security vulnerability The Rust Programming Language Standard Library before version 1.29.1 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in the standard library that can result in buffer overflow. This attack

[updates-announce] MGASA-2018-0405: Updated glib2.0 packages fix security vulnerabilities

Friday 19th of October 2018 08:01:00 PM
LinuxSecurity.com: The updated glib2.0 packages fix security vulnerabilities: In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference (CVE-2018-16428).

[updates-announce] MGASA-2018-0404: Updated 389-ds-base packages fix security vulnerabilities

Friday 19th of October 2018 08:01:00 PM
LinuxSecurity.com: Updated 389-ds-base package fixes security vulnerabilities: a race condition on reference counter leads to DoS using persistent search (CVE-2018-10850)

Mageia 2018-0400: vlc security update

Friday 19th of October 2018 08:01:00 PM
LinuxSecurity.com: This update provides vlc 3.0.4 and fixes atleast the following security issue: A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media

Mageia 2018-0402: mgetty security update

Friday 19th of October 2018 08:01:00 PM
LinuxSecurity.com: Updated mgetty packages fix security vulnerabilities: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (CVE-2018-16741).

[updates-announce] MGASA-2018-0403: Updated php-smarty packages fix security vulnerability

Friday 19th of October 2018 08:01:00 PM
LinuxSecurity.com: Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files (CVE-2018-13982).

Mageia 2018-0401: tcpflow security update

Friday 19th of October 2018 08:01:00 PM
LinuxSecurity.com: pdated tcpflow package fixes security vulnerability: An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause

Mageia 2018-0399: calibre security update

Friday 19th of October 2018 08:01:00 PM
LinuxSecurity.com: Updated calibre package fixes security vulnerability: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that

Mageia 2018-0398: docker security update

Friday 19th of October 2018 08:01:00 PM
LinuxSecurity.com: Updated docker packages fix security vulnerabilities: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing (CVE-2017-14992).

openSUSE: 2018:3258-1: moderate: icinga

Friday 19th of October 2018 06:40:00 PM
LinuxSecurity.com: An update that fixes four vulnerabilities is now available.

openSUSE: 2018:3245-1: important: libssh

Friday 19th of October 2018 06:22:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

ArchLinux: 201810-13: thunderbird: multiple issues

Friday 19th of October 2018 05:56:00 PM
LinuxSecurity.com: The package thunderbird before version 60.2.1-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

Debian LTS: DLA-1550-1: drupal7 security update

Friday 19th of October 2018 02:57:00 PM
LinuxSecurity.com: It was discovered that there was a remote code execution and an external URL injection vulnerability in the Drupal content management framework.

openSUSE: 2018:3235-1: moderate: java-11-openjdk

Friday 19th of October 2018 12:10:00 AM
LinuxSecurity.com: An update that solves 8 vulnerabilities and has one errata is now available.

Debian: DSA-4323-1: drupal7 security update

Thursday 18th of October 2018 09:05:00 PM
LinuxSecurity.com: Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution or an open redirect. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-006

openSUSE: 2018:3225-1: moderate: ImageMagick

Thursday 18th of October 2018 07:26:00 PM
LinuxSecurity.com: An update that fixes 7 vulnerabilities is now available.

More in Tux Machines

Android Leftovers

The Performance & Power Efficiency Of The Core i7 990X vs. Core i9 9900K

With my initial Core i9 9900K benchmarks out there following Friday's embargo expiration, for some weekend benchmarking fun I decided to pull out the old Core i7 990X to see how it compares to the new 9900K... The Gulftown and Coffeelake processors were compared not only on raw performance but also overall power consumption and performance-per-Watt. The Core i7 990X was the Extreme Edition processor back from 2011 codenamed "Gulftown" (Westmere microarchitecture), the 32nm generation before Sandy Bridge. Granted the announced but not yet released Core i9 9900X X-Series CPU will be more akin for comparison to the 990X, and I will at such time that it is available, but just for some extra benchmark runs over the weekend I was curious to see how the 990X and 9900K compare... Read more

Linux and systemd updates, with Plasma 5.13.5, Applications 18.08.1 and Frameworks 5.50 by KDE now available to all Chakra users

This time we have been a bit late, as many of our contributors were busy over the last couple of months, but we hope we can soon get back to normal delivery times. :blush: Better late than never though, so we are happy to inform you that on your next system upgrade you will receive newer versions of KDE’s Plasma, Applications and Frameworks, in addition to updates to important packages such as the linux kernel and systemd. The latest Plasma 5.14 2 series should follow soon. Read more

Can You Build An Open Source Pocket Operator?

Toys are now musical instruments. Or we’ll just say musical instruments are now toys. You can probably ascribe this recent phenomenon to Frooty Loops or whatever software the kids are using these days, but the truth is that it’s never been easier to lay down a beat. Just press the buttons on a pocket-sized computer. One of the best examples of the playification of musical instruments is Pocket Operators from Teenage Engineering. They’re remarkable pieces of hardware, and really just a custom segment LCD and a few buttons. They also sound great and you can play real music with them. It’s a game changer when it comes to enabling musicianship. Of course, with any popular platform, there’s a need for an Open Source copy. That’s where [Chris]’ Teensy Beats Shield comes in. It’s a ‘shield’ of sorts for a Teensy microcontroller that adds buttons, knobs, and a display, turning this into a platform that uses the Teensy’s incredible audio system designer. Read more