Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 5 hours 12 min ago

Fedora 20 openslp-1.2.1-22.fc20

Wednesday 27th of May 2015 12:31:00 PM
LinuxSecurity.com: openslp: denial of service vulnerability (CVE-2010-3609)

Fedora 20 ca-certificates-2015.2.4-1.0.fc20

Wednesday 27th of May 2015 12:31:00 PM
LinuxSecurity.com: This is an update to the set of CA certificates released with NSS version 3.18.1However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details.If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the "ca-legacy disable" command.This update adds a manual page for the ca-legacy command.This update changes the names of the possible values in the ca-legacy configuration file. It still uses the term legacy=disable to override the compatibility option and follow the upstream Mozilla.org decision. However it now uses the term legacy=default for the default configuration, to make it more obvious that the legacy certificates won't be kept enabled forever.

Fedora 20 hostapd-2.4-2.fc20

Wednesday 27th of May 2015 12:30:00 PM
LinuxSecurity.com: Security update for integer underflow in AP mode WMM Action frame processing.

Fedora 20 php-5.5.25-1.fc20

Wednesday 27th of May 2015 12:26:00 PM
LinuxSecurity.com: 14 May 2015, **PHP 5.5.25****Core:*** Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)* Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)* Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)* Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)* Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)* Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)* Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). (Nikita)* Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)* Fixed bug #68652 (segmentation fault in destructor). (Dmitry)* Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)* Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)**FTP:*** Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)**ODBC:*** Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)* Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)**OpenSSL:*** Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)**PCNTL:*** Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)**Phar:*** Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)

Fedora 22 postgresql-9.4.2-1.fc22

Wednesday 27th of May 2015 12:26:00 PM
LinuxSecurity.com: update to 9.4.2 per release notes

Fedora 21 php-5.6.9-1.fc21

Wednesday 27th of May 2015 12:17:00 PM
LinuxSecurity.com: 14 May 2015, **PHP 5.6.9**Core:* Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)* Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)* Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). (Nikita)* Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)* Fixed bug #68652 (segmentation fault in destructor). (Dmitry)* Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)* Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)* Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)* Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)* Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)* Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)FTP:* Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)ODBC:* Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). (Anatol)* Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)* Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)OpenSSL:* Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)PCNTL:* Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)PCRE:* Upgraded pcrelib to 8.37.Phar:* Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)

Fedora 22 rawtherapee-4.2-9.fc22

Wednesday 27th of May 2015 12:08:00 PM
LinuxSecurity.com: Security fix for CVE-2015-3885 (dcraw input sanitization), bz #1221257

Fedora 21 hostapd-2.4-2.fc21

Wednesday 27th of May 2015 12:06:00 PM
LinuxSecurity.com: Security update for integer underflow in AP mode WMM Action frame processing.

Fedora 20 java-1.8.0-openjdk-1.8.0.45-38.b14.fc20

Wednesday 27th of May 2015 12:06:00 PM
LinuxSecurity.com: updated to 8u45-b14 with hope to fix rhbz#1123870This update adds debugging information to all the Java code included in the JDK, make it easier to debug the code.

Red Hat: 2015:1031-01: qemu-kvm: Important Advisory

Wednesday 27th of May 2015 09:31:00 AM
LinuxSecurity.com: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]

Red Hat: 2015:1030-01: kernel: Important Advisory

Wednesday 27th of May 2015 09:28:00 AM
LinuxSecurity.com: Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Important security [More...]

Ubuntu: 2617-3: NTFS-3G vulnerability

Wednesday 27th of May 2015 09:26:00 AM
LinuxSecurity.com: NTFS-3G could be made to overwrite files as the administrator.

Debian: 3268-2: ntfs-3g: Summary

Tuesday 26th of May 2015 03:49:00 PM
LinuxSecurity.com: Security Report Summary

Ubuntu: 2622-1: OpenLDAP vulnerabilities

Tuesday 26th of May 2015 02:14:00 PM
LinuxSecurity.com: OpenLDAP could be made to crash if it received specially crafted networktraffic.

Fedora 20 kernel-3.19.8-100.fc20

Monday 25th of May 2015 11:58:00 PM
LinuxSecurity.com: The 3.19.8 update contains a number of important fixes across the treeThe 3.19.7 update contains a number of important updates across the treeThe 3.19.6 stable updates contains a number of important fixes across the tree

Fedora 22 java-1.8.0-openjdk-1.8.0.45-38.b14.fc22

Monday 25th of May 2015 11:56:00 PM
LinuxSecurity.com: updated to 8u45-b14. fixes rhbz#1123870

Fedora 22 wordpress-4.2.2-1.fc22

Monday 25th of May 2015 11:56:00 PM
LinuxSecurity.com: **WordPress 4.2.2 Security and Maintenance Release*** Upstream announcement https://wordpress.org/news/2015/05/wordpress-4-2-2/

Fedora 22 php-ZendFramework2-2.3.8-1.fc22

Monday 25th of May 2015 11:55:00 PM
LinuxSecurity.com: * **ZF2015-04**: Zend\Mail and Zend\Http were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either Zend\Mail or Zend\Http (which includes users of Zend\Mvc), we recommend upgrading immediately.

Fedora 22 quassel-0.11.0-2.fc22

Monday 25th of May 2015 11:47:00 PM
LinuxSecurity.com: Security fix BZ1205130 - patch for CTCP Denial of Service

Fedora 22 phpMyAdmin-4.4.6.1-1.fc22

Monday 25th of May 2015 11:45:00 PM
LinuxSecurity.com: phpMyAdmin 4.4.6.1 (2015-05-13)=============================== - [security] CSRF vulnerability in setup - [security] Vulnerability allowing man-in-the-middle attack

More in Tux Machines

Fedora's "Fedup" To Be Replaced In Fedora 23

Fedup right now is the command for handling in-place Fedora upgrades from release-to-release and it's been around since Fedora 17. However, with the Fedora 23 release due out in late 2015, that utility will likely be replaced with a new version to handle upgrading to new releases. Read more

Security and Linux

Leftovers: Software

  • Samba 4.2.2 Officially Released with over 30 Bug Fixes, systemd Improvements
    Samba, the world’s most used software solution for accessing shared Windows directories over a network in GNU/Linux and Mac OS X operating systems, has been updated to version 4.2.2.
  • PacketFence v5.1 released
    The Inverse team is pleased to announce the immediate availability of PacketFence 5.1.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.
  • Get started with Midnight Commander, a Linux file manager
    Midnight Commander (MC) is a text-based Command Line Interface (CLI) program. It is particularly useful when a GUI is not available but can also be used as a primary file manager in a terminal session even when you are using a GUI. I use Midnight Commander frequently because I often have need to interact with local and remote Linux computers using the CLI. It can be used with almost any of the common shells and remote terminals through SSH.
  • Cinnamon 2.6.3 Now Available via the Romeo (Unstable) Repository for Both Linux Mint 17.1 and LMDE 2.0
    As a reminder, Cinnamon 2.6.3 has been recently released, adding only fixes to the previous release from the Cinnamon 2.6 series. Among others, the use-system configuration key has been split into three different keys, the calendar applet is not properly refreshed, the pidgin tray icons have been updated, the on-screen keyboard has been enhanced and the date format setting is now respected in the notification applet. The full changelog can be read here.
  • The Boomaga PPA Has Received Packages For Ubuntu 15.04 Vivid Vervet
    Boomaga is an open source virtual printer software, having support for the most popular printers, via CUPS and Gutenprint. Unlike CUPS and Gutenprint which provide drivers for printers, the Boomaga virtual printer enables the users to view the document before printing, adjust the margins of the page, manage the number of documents per page, export the to be printed files as PDFs and others.
  • Yet Another Network Speed Ubuntu AppIndicator
    Indicator Netspeed Unity is an Ubuntu AppIndicator which displays the current network upload / download speed on the panel. Despite its name, it should work with any panel that supports AppIndicators.
  • Essential tools for hardening and securing Unix based Environments
    System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people’s computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services. Being able to identify tools and techniques to harden your systems is a key play on securing your systems. Moreover, choosing the right tools is a matter of experience. You should try most of them, or perhaps the ones that are popular. I chose free and open source software because, if I want to, I can check the applications source code and see for myself how did programmers wrote the software, how did they manage to keep the software easy to understand etc.
  • Antivirus products for Linux compared
    Though Linux is often seen as being immune to malware it's still important to have protection, partly because Linux malware does exist, even if it’s rare, and partly to prevent the passing on of viruses to more vulnerable operating systems like Windows and Android.
  • Opera Dev 31.0.1876.0 Brings New Discover and Settings Pages and Other Fixes and Enhancements

today's howtos