Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 5 hours 7 min ago

RedHat: RHSA-2018-2462:01 Important: qemu-kvm security and bug fix update

9 hours 47 min ago
LinuxSecurity.com: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2018-2439:01 Moderate: mariadb security and bug fix update

9 hours 47 min ago
LinuxSecurity.com: An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

openSUSE: 2018:2343-1: moderate: aubio

11 hours 53 min ago
LinuxSecurity.com: An update that fixes two vulnerabilities is now available.

Fedora 28: wpa_supplicant Security Update

15 hours 57 min ago
LinuxSecurity.com: fix for CVE-2018-14526

Fedora 28: kernel-headers Security Update

15 hours 57 min ago
LinuxSecurity.com: The 4.17.14-202 build contains patches for the "foreshadow " security issue that were missing from the 201 builds.

Fedora 28: gdm Security Update

15 hours 57 min ago
LinuxSecurity.com: gdm 3.28.3 release, fixing CVE-2018-14424. - CVE-2018-14424 - double free fix - lifecycle fixes to libgdm/GdmClient - follow up fixes dealing with login screen reaping form last release - allow pam modules to use SIGUSR1 - set PWD for user session - tell cirrus not to use wayland - Translation updates

Fedora 28: units Security Update

15 hours 57 min ago
LinuxSecurity.com: - units_cur: validate rate data from server (#1598913)

Fedora 27: kernel-headers Security Update

16 hours 41 min ago
LinuxSecurity.com: The 4.17.14-102 build contains patches for the "foreshadow " security issue that were missing from the 101 builds.

Fedora 27: postgresql Security Update

16 hours 41 min ago
LinuxSecurity.com: update to 9.6.10, CVE-2018-10915 CVE-2018-10925

RedHat: RHSA-2018-2402:01 Important: rhvm-appliance security update

Thursday 16th of August 2018 05:21:00 AM
LinuxSecurity.com: An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Debian LTS: DLA-1468-1: fuse security update

Wednesday 15th of August 2018 10:43:00 PM
LinuxSecurity.com: CVE-2018-10906 This is a fix for a restriction bypass of the "allow_other" option when SELinux is active.

RedHat: RHSA-2018-2435:01 Important: flash-plugin security update

Wednesday 15th of August 2018 08:29:00 PM
LinuxSecurity.com: An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Fedora 28: cri-o Security Update

Wednesday 15th of August 2018 07:46:00 PM
LinuxSecurity.com: Update to latest version.

Ubuntu 3733-2: GnuPG vulnerability

Wednesday 15th of August 2018 05:20:00 PM
LinuxSecurity.com: GnuPG could be made to expose sensitive information.

RedHat: RHSA-2018-2404:01 Important: rhev-hypervisor7 security update

Wednesday 15th of August 2018 03:26:00 PM
LinuxSecurity.com: An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact

openSUSE: 2018:2330-1: important: seamonkey

Wednesday 15th of August 2018 03:07:00 PM
LinuxSecurity.com: An update that fixes 9 vulnerabilities is now available.

SciLinux: Important: kernel on SL6.x i386/x86_64

Wednesday 15th of August 2018 01:46:00 PM
LinuxSecurity.com: Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-fault [More...]

SciLinux: Important: kernel on SL7.x x86_64

Wednesday 15th of August 2018 01:45:00 PM
LinuxSecurity.com: Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-fault [More...]

Debian LTS: DLA-1467-1: ruby-zip security update

Wednesday 15th of August 2018 01:30:00 PM
LinuxSecurity.com: It was found that rubyzip, a Ruby module for reading and writing zip files, contained a Directory Traversal vulnerability that can be exploited to write arbitrary files to the filesystem.

Debian LTS: DLA-1466-1: linux-4.9 security update

Wednesday 15th of August 2018 01:18:00 PM
LinuxSecurity.com: Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-5390 (SegmentSmack)

More in Tux Machines

Android Leftovers

OSS Leftovers

  • 8 hurdles IT must overcome if they want open source success
    Open source software has the potential to drive innovation and collaboration across an enterprise, and can transform the way developers work together. "Open source is now part of the evaluation criteria when deciding on a software platform, so much so that it is expected," said Matt Ingenthron, senior director of engineering at Couchbase. "In this way, open source has somewhat faded into the background in a positive way. Just like no consumer would inquire if a mobile phone had internet access or text messaging, choosing an open source solution is almost always an option."
  • Sprint calls on open source analytics to prevent cyberfraud
    Mobile phone-related fraud is big business. Fraudsters, hackers, and other bad actors employ creative techniques to compromise networks, hijack user information, and piece together customer identities that are then sold for big bucks on the dark web. To protect its customers, Sprint needed to transform the way it detected and blocked fraudulent activity. “In the mobile phone business, there’s no markup on selling devices — our bread and butter is the network and the services that are delivered on that network, through the devices,” says Scott Rice, CIO of Sprint. “Identity theft is a huge problem and the ability for nefarious actors to use that theft of information to impersonate our customers means we were eating the costs of the devices and the costs of services delivery.”
  • Open Source Platform Delivers LDAP Integration
    The latest release of InfluxData, an open source platform for metrics, events, and other time series data, adds LDAP integration, new advanced analytics, and self-healing capabilities in the time series database platform. According to the company, time series data, collected and stored with InfluxData’s Time Series database platform is integral to observability and is becoming mission critical for organizations. Enhancements to InfluxEnterprise make it easier for administrators to keep this mission critical data available and secure by checking and verifying every requested action. This includes creating databases, storing data and running queries – against a user’s stored authorizations and role.
  • YOYOW-WeCenter Special Edition Release: Free and Open Source
    The YOYOW-WeCenter Special Edition, customized and developed by YOYOW and based on WeCenter Q&A community framework, has been released on GitHub. Compared to regular WeCenter frameworks, YOYOW is providing free open source services and will be continually iterating products and will be introducing an incentive mechanism. Each Q&A community can directly integrate into YOYOW's bottom layer network and enjoy the network services provided by YOYOW.
  • Add-on Recommended By Mozilla Caught Logging Users’ Browsing History
    According to the reports by Mike Kuketz, an independent security blogger from Germany and uBlock Origin, an add-on named “Web Security” has been caught collecting users’ browsing history. [...] Soon after this discovery by Hill, Kuketz added a post on his blog about the same extension pointing to the same strange behavior of the add-on. A user on Kuketz’s blog decoded the garbled data and found that the add-on was collecting users’ browsing history and sending it to a German server.
  • Zombies: Top 5 Open Source Vulnerabilities That Refuse To Die [Ed: Microsoft partner WhiteSource continues to stigmatise FOSS as a security nightmare, using bugs branded by other Microsoft partner for extra panic]
  • How a civic hacker used open data to halve tickets at Chicago's most confusing parking spot
    Matt Chapman used the Freedom of Information Act to get the City of Chicago's very mess parking ticket data; after enormous and heroic data normalization, Chapman was able to pinpoint one of the city's most confusing parking spots, between 1100-1166 N State St, which cycled between duty as a taxi-stand and a parking spot with a confusingly placed and semi-busted parking meter. After surveying the site and deducing the problem, Chapman contacted the alderman responsible for that stretch of North State Street, and, eight months later, the signage was cleaned up and made more intuitive. Followup data analysis showed that Chapman's work had halved the number of parking tickets issued on the spot, with 600-odd fewer tickets in the past 20 months, for a savings of $60,000 to Chicago motorists.
  • Bluespec, Inc. Releases a New Family of Open-Source RISC-V Processors
    Bluespec Inc. has released Piccolo, its first in a family of RISC-V open-source processors provided as a vehicle for open innovation in embedded systems. Piccolo is a 3-stage RV32IM processor whose small “footprint” is ideal for many IoT applications. The repository (https://github.com/bluespec/Piccolo) contains a royalty-free synthesizable Verilog core that can be easily integrated and deployed into an ASIC or FPGA. Bluespec, Inc. will actively maintain Piccolo. It also offers commercial-grade tools for the customization and verification of RISC-V cores. Configurations will be continually added to provide the full spectrum of embedded controller features. Companies or universities interested in contributing to the Piccolo project should contact Bluespec, Inc. (add contact – RISC-V open source support).

KDE Applications 18.08 Open-Source Software Suite Released, Here's What's New

Being in development for the past several months, KDE Applications 18.08 goes stable today and will hit the software repositories of various popular GNU/Linux distributions during the next few days. This is a major release and brings numerous new features and improvements across multiple apps, including Dolphin, Konsole, Gwenview, KMail, Akonadi, Cantor, Spectacle, and others. "We continuously work on improving the software included in our KDE Application series, and we hope you will find all the new enhancements and bug fixes useful," reads today's announcement. "More than 120 bugs have been resolved in applications including the Kontact Suite, Ark, Cantor, Dolphin, Gwenview, Kate, Konsole, Okular, Spectacle, Umbrello and more!" Read more

Security Leftovers

  • How to Protect Your PC From the Intel Foreshadow Flaws
  • AT&T Sued After SIM Hijacker Steals $24 Million in Customer's Cryptocurrency
    It has only taken a few years, but the press, public and law enforcement appear to finally be waking up to the problem of SIM hijacking. SIM hijacking (aka SIM swapping or a "port out scam") involves a hacker hijacking your phone number, porting it over to their own device (often with a wireless carrier employee's help), then taking control of your personal accounts. As we've been noting, the practice has heated up over the last few years, with countless wireless customers saying their entire identities were stolen after thieves ported their phone number to another carrier, then took over their private data. Sometimes this involves selling valuable Instagram account names for bitcoin; other times it involves clearing out the target's banking or cryptocurrency accounts. Case in point: California authorities recently brought the hammer down on one 20-year-old hacker, who had covertly ported more than 40 wireless user accounts, in the process stealing nearly $5 million in bitcoin. One of the problems at the core of this phenomenon is that hackers have either tricked or paid wireless carrier employees to aid in the hijacking, or in some instances appear to have direct access to (apparently) poorly-secured internal carrier systems. That has resulted in lawsuits against carriers like T-Mobile for not doing enough to police their own employees, the unauthorized access of their systems, or the protocols utilized to protect consumer accounts from this happening in the first place.
  • Voting Machine Vendors, Election Officials Continue To Look Ridiculous, As Kids Hack Voting Machines In Minutes
  • Security updates for Thursday