Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 1 hour 37 min ago

SUSE: 2019:2089-2 moderate: squid

Friday 16th of August 2019 11:13:30 PM
An update that fixes three vulnerabilities is now available.

SUSE: 2019:2080-2 important: evince

Friday 16th of August 2019 11:12:44 PM
An update that fixes two vulnerabilities is now available.

SUSE: 2019:2053-2 important: python3

Friday 16th of August 2019 11:11:52 PM
An update that fixes three vulnerabilities is now available.

SUSE: 2019:1861-3 important: MozillaFirefox

Friday 16th of August 2019 08:18:04 PM
An update that fixes 10 vulnerabilities is now available.

SUSE: 2019:2013-2 important: bzip2

Friday 16th of August 2019 08:17:26 PM
An update that fixes one vulnerability is now available.

SUSE: 2019:1830-2 important: glib2

Friday 16th of August 2019 08:14:59 PM
An update that solves one vulnerability and has one errata is now available.

SUSE: 2019:1958-2 moderate: glibc

Friday 16th of August 2019 08:14:03 PM
An update that solves two vulnerabilities and has one errata is now available.

SUSE: 2019:2036-2 important: java-1_8_0-openjdk

Friday 16th of August 2019 08:11:51 PM
An update that solves 8 vulnerabilities and has one errata is now available.

SUSE: 2019:2035-2 important: polkit

Friday 16th of August 2019 08:11:14 PM
An update that fixes one vulnerability is now available.

SUSE: 2019:1783-3 important: postgresql10

Friday 16th of August 2019 08:10:35 PM
An update that fixes one vulnerability is now available.

CentOS: CESA-2019-2473: Important CentOS 6 kernel

Friday 16th of August 2019 05:55:43 PM
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2473

CentOS: CESA-2019-2471: Moderate CentOS 6 openssl

Friday 16th of August 2019 05:53:45 PM
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2471

Ubuntu 4101-1: Firefox vulnerability

Friday 16th of August 2019 04:54:59 PM
A local attacker could obtain saved passwords.

Debian: DSA-4502-1: ffmpeg security update

Friday 16th of August 2019 04:38:40 PM
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Gentoo: GLSA-201908-20: Mozilla Thunderbird: Multiple vulnerabilities

Friday 16th of August 2019 04:25:22 PM
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

Debian LTS: DLA-1888-1: imagemagick security update

Friday 16th of August 2019 12:14:20 PM
Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-12974

Debian LTS: DLA-1886-1: openjdk-7 security update

Thursday 15th of August 2019 07:57:38 PM
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of arbitrary code.

Debian LTS: DLA-1887-1: freetype security update

Thursday 15th of August 2019 06:30:57 PM
A buffer over-read in the t1-parser of freetype, a font engine, has been found and fixed by checking limits more sensible.

SUSE: 2019:2155-1 important: 389-ds

Thursday 15th of August 2019 05:13:19 PM
An update that solves 8 vulnerabilities and has two fixes is now available.

SUSE: 2019:2152-1 moderate: openjpeg2

Thursday 15th of August 2019 05:12:38 PM
An update that fixes one vulnerability is now available.

More in Tux Machines

Today in Techrights

today's leftovers: OpenSUSE Tumbleweed, Fedora Program Management, Security and More

  • Dominique Leuenberger: openSUSE Tumbleweed – Review of the week 2019/33

    Week 2019/33 ‘only’ saw three snapshots being published (3 more were given to openQA but discarded).

  • FPgM report: 2019-33

    Here’s your report of what has happened in Fedora Program Management this week. I have weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else. (Just not this week because I will be traveling)

  • Security updates for Friday

    Security updates have been issued by Debian (freetype, libreoffice, and openjdk-7), Fedora (edk2, mariadb, mariadb-connector-c, mariadb-connector-odbc, python-django, and squirrelmail), Gentoo (chromium, cups, firefox, glibc, kconfig, libarchive, libreoffice, oracle-jdk-bin, polkit, proftpd, sqlite, wget, zeromq, and znc), openSUSE (bzip2, chromium, dosbox, evince, gpg2, icedtea-web, java-11-openjdk, java-1_8_0-openjdk, kconfig, kdelibs4, mariadb, mariadb-connector-c, nodejs8, pdns, polkit, python, subversion, and vlc), Oracle (ghostscript and kernel), Red Hat (mysql:8.0 and subversion:1.10), SUSE (389-ds, libvirt and libvirt-python, and openjpeg2), and Ubuntu (nginx).

  • A compendium of container escapes

    My name is Brandon Edwards, I’m Chief Scientist at Capsule8. Today we’ll be talking about a compendium of container escapes in the podcast. We’ve previously talked about escaping containers and the sorts of vulnerabilities people should be concerned with a while back. In particular we’re discussing how the RunC vulnerability had engendered all this interest, or concern, or almost shock, the trust the people are placing in containers was broken. Oh wow, an escape could happen! I think it’s really valuable to be able to communicate and show all the other ways that that sort of thing can happen, either from misconfiguration, or over granting privileges, or providing host mounts into the container, or having kernel vulnerabilities that could somehow compromise any of the elements of the security model of container, which is both fragile and complex.

  • Apollo data graph brings managed federation to enterprises

    Data graph vendor Apollo is aiming to help overcome several obstacles to enterprises using graph databases with its latest Apollo Data Graph Platform update, which became generally available on July 16. Among the key new features in the platform are federated management capabilities that enable more scalability across different GraphQL data graph instances. GraphQL is an open source query language for APIs, originally created by Facebook that is used to enable data graph capabilities.

Videos: Pardus and Linux Action News

today's howtos, LibreOffice development, 'DevOps' and programming leftovers

  • How to use apt Command in Linux
  • FreeBSD Display Information About The System Hardware
  • btLr text direction in Writer, part 4

    You can get a snapshot / demo of Collabora Office and try it out yourself right now: try unstable snapshot. Collabora is a major contributor to LibreOffice and all of this work will be available in TDF’s next release, too (6.4).

  • LibreOffice Community at FrOSCon 2019

    LibreOffice development takes place mostly via the internet: volunteers, certified developers and other community members collaborate on programming, design, quality assurance, documentation and other tasks. But we also like to meet up in person, to share information, bring new people into the project, and have fun! So on the weekend of 10 and 11 August, we attended FrOSCon 2019 in Sankt Augustin, a town just outside Bonn, Germany. FrOSCon is one of the largest free and open source software (FOSS) conferences in the country, with around 2,000 attendees. Most of the visitors know about FOSS already, but some had only learnt about it recently, and were eager to discover more.

  • 10 ways DevOps helps digital transformation

    DevOps helps organizations succeed with digital transformation by shifting the cultural mindset of the business, breaking down detrimental silos, and paving the way for continuous change and rapid experimentation: All those elements help organizations meet evolving customer demands, experts point out. This helps organizations “self-steer” toward better solutions to continually improve, says Matthew Skelton, head of consulting at Conflux and co-author of Team Topologies.

  • CloudBees Advances State of the DevOps World

    At its annual user conference, CloudBees previews a new Software Delivery Management platform as the DevOps vendor celebrates 15 years of Jenkins.

  • How do you verify that PyPI can be trusted?

    Now Go's packaging story is rather different from Python's since in Go you specify the location of a module by the URL you fetch it from, e.g. github.com/you/hello specifies the hello module as found at https://github.com/you/hello. This means Go's module ecosystem is distributed, which leads to interesting problems of caching so code doesn't disappear off the internet (e.g. a left-pad incident), and needing to verify that a module's provider isn't suddenly changing the code they provide with something malicious. But since the Python community has PyPI our problems are slightly different in that we just have to worry about a single point of failure (which has its own downsides). Now obviously you can run your own mirror of PyPI (and plenty of companies do), but for the general community no one wants to bother to set something up like that and try to keep it maintained (do you really need your own mirror to download some dependencies for the script you just wrote to help clean up your photos from your latest trip?). But we should still care about whether PyPI has been compromised such that packages hosted there have not been tampered with somehow between when the project owner uploaded their release's files and from when you download them.

  • Spyder 4.0 beta4: Kite integration is here

    As part of our next release, we are proud to announce an additional completion client for Spyder, Kite. Kite is a novel completion client that uses Machine Learning techniques to find and predict the best autocompletion for a given text. Additionally, it collects improved documentation for compiled packages, i.e., Matplotlib, NumPy, SciPy that cannot be obtained easily by using traditional code analysis packages such as Jedi.