Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
LinuxSecurity.com is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Updated: 2 hours 37 min ago

openSUSE: 2018:4062-1: moderate: pdns-recursor

Monday 10th of December 2018 06:16:00 PM
LinuxSecurity.com: An update that solves four vulnerabilities and has one errata is now available.

Ubuntu 3842-1: CUPS vulnerability

Monday 10th of December 2018 04:56:00 PM
LinuxSecurity.com: CUPS could be made to expose sensitive information.

Ubuntu 3841-2: lxml vulnerability

Monday 10th of December 2018 02:44:00 PM
LinuxSecurity.com: lxml could allow cross-site scripting (XSS) attacks.

Ubuntu 3841-1: lxml vulnerability

Monday 10th of December 2018 01:42:00 PM
LinuxSecurity.com: lxml could allow cross-site scripting (XSS) attacks.

RedHat: RHSA-2018-3806:01 Low: Red Hat Enterprise Linux 6.6 Telco Update

Monday 10th of December 2018 01:02:00 PM
LinuxSecurity.com: This is the one-Month notification for the retirement of Red Hat Enterprise Linux 6.6 Telco Update Service (TUS). This notification applies only to those customers subscribed to the Telco Update Service (TUS) channel for Red Hat Enterprise Linux 6.6.

RedHat: RHSA-2018-3804:01 Low: Red Hat Enterprise Linux 7.3 Extended Update

Monday 10th of December 2018 01:01:00 PM
LinuxSecurity.com: This is the final notification for the retirement of Red Hat Enterprise Linux 7.3 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 7.3.

RedHat: RHSA-2018-3805:01 Low: Red Hat Enterprise Linux 6.7 Extended Update

Monday 10th of December 2018 01:01:00 PM
LinuxSecurity.com: This is the one-Month notification for the retirement of Red Hat Enterprise Linux 6.7 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.7.

RedHat: RHSA-2018-3803:01 Important: chromium-browser security update

Monday 10th of December 2018 10:34:00 AM
LinuxSecurity.com: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Debian LTS: DLA-1604-1: lxml security update

Monday 10th of December 2018 09:47:00 AM
LinuxSecurity.com: It was discovered that there was a XSS injection vulnerability in the LXML HTML/XSS manipulation library for Python. LXML did not remove "javascript:" URLs that used escaping such as

RedHat: RHSA-2018-3800:01 Important: rh-git218-git security update

Monday 10th of December 2018 08:12:00 AM
LinuxSecurity.com: An update for rh-git218-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Mageia 2018-0479: tomcat security update

Sunday 9th of December 2018 10:21:00 PM
LinuxSecurity.com: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service (CVE-2018-1336). The defaults settings for the CORS filter are insecure and enable

openSUSE: 2018:4056-1: important: Chromium

Saturday 8th of December 2018 03:14:00 PM
LinuxSecurity.com: An update that fixes 27 vulnerabilities is now available.

openSUSE: 2018:4055-1: important: ncurses

Saturday 8th of December 2018 03:14:00 PM
LinuxSecurity.com: An update that solves one vulnerability and has one errata is now available.

openSUSE: 2018:4054-1: moderate: ImageMagick

Saturday 8th of December 2018 03:13:00 PM
LinuxSecurity.com: An update that solves one vulnerability and has two fixes is now available.

openSUSE: 2018:4053-1: moderate: tiff

Saturday 8th of December 2018 03:12:00 PM
LinuxSecurity.com: An update that fixes 6 vulnerabilities is now available.

openSUSE: 2018:4051-1: important: libgit2

Saturday 8th of December 2018 03:09:00 PM
LinuxSecurity.com: An update that solves one vulnerability and has one errata is now available.

Mageia 2018-0478: flash-player-plugin security update

Friday 7th of December 2018 01:54:00 PM
LinuxSecurity.com: Use after free flaw enabling arbitrary code execution. (CVE-2018-15982) Insecure Library Loading (DLL hijacking) flaw enabling privilege escalation. (CVE-2018-15983)

openSUSE: 2018:4007-1: important: postgresql94

Friday 7th of December 2018 12:26:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

openSUSE: 2018:4005-1: moderate: glib2

Friday 7th of December 2018 12:24:00 PM
LinuxSecurity.com: An update that solves two vulnerabilities and has one errata is now available.

openSUSE: 2018:4004-1: important: qemu

Friday 7th of December 2018 12:23:00 PM
LinuxSecurity.com: An update that solves 7 vulnerabilities and has two fixes is now available.

More in Tux Machines

Server: HTTP Clients, IIS DDoS and 'DevOps' Hype From Red Hat

  • What are good command line HTTP clients?
    The whole is greater than the sum of its parts is a very famous quote from Aristotle, a Greek philosopher and scientist. This quote is particularly pertinent to Linux. In my view, one of Linux’s biggest strengths is its synergy. The usefulness of Linux doesn’t derive only from the huge raft of open source (command line) utilities. Instead, it’s the synergy generated by using them together, sometimes in conjunction with larger applications. The Unix philosophy spawned a “software tools” movement which focused on developing concise, basic, clear, modular and extensible code that can be used for other projects. This philosophy remains an important element for many Linux projects. Good open source developers writing utilities seek to make sure the utility does its job as well as possible, and work well with other utilities. The goal is that users have a handful of tools, each of which seeks to excel at one thing. Some utilities work well independently. This article looks at 4 open source command line HTTP clients. These clients let you download files over the internet from the command line. But they can also be used for many more interesting purposes such as testing, debugging and interacting with HTTP servers and web applications. Working with HTTP from the command-line is a worthwhile skill for HTTP architects and API designers. If you need to play around with an API, HTTPie and curl will be invaluable.
  • Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes
    The Microsoft Security Response Center published yesterday a security advisory about a denial of service (DOS) issue impacting IIS (Internet Information Services), Microsoft's web server technology.
  • 5 things to master to be a DevOps engineer
    There's an increasing global demand for DevOps professionals, IT pros who are skilled in software development and operations. In fact, the Linux Foundation's Open Source Jobs Report ranked DevOps as the most in-demand skill, and DevOps career opportunities are thriving worldwide. The main focus of DevOps is bridging the gap between development and operations teams by reducing painful handoffs and increasing collaboration. This is not accomplished by making developers work on operations tasks nor by making system administrators work on development tasks. Instead, both of these roles are replaced by a single role, DevOps, that works on tasks within a cooperative team. As Dave Zwieback wrote in DevOps Hiring, "organizations that have embraced DevOps need people who would naturally resist organization silos."

Purism's Privacy and Security-Focused Librem 5 Linux Phone to Arrive in Q3 2019

Initially planned to ship in early 2019, the revolutionary Librem 5 mobile phone was delayed for April 2019, but now it suffered just one more delay due to the CPU choices the development team had to make to deliver a stable and reliable device that won't heat up or discharge too quickly. Purism had to choose between the i.MX8M Quad or the i.MX8M Mini processors for their Librem 5 Linux-powered smartphone, but after many trials and errors they decided to go with the i.MX8M Quad CPU as manufacturer NXP recently released a new software stack solving all previous power consumption and heating issues. Read more

Qt Creator 4.9 Beta released

We are happy to announce the release of Qt Creator 4.9 Beta! There are many improvements and fixes included in Qt Creator 4.9. I’ll just mention some highlights in this blog post. Please refer to our change log for a more thorough overview. Read more

Hack Week - Browsersync integration for Online

Recently my LibreOffice work is mostly focused on the Online. It's nice to see how it is growing with new features and has better UI. But when I was working on improving toolbars (eg. folding menubar or reorganization of items) I noticed one annoying thing from the developer perspective. After every small change, I had to restart the server to provide updated content for the browser. It takes few seconds for switching windows, killing old server then running new one which requires some tests to be passed. Last week during the Hack Week funded by Collabora Productivity I was able to work on my own projects. It was a good opportunity for me to try to improve the process mentioned above. I've heard previously about browsersync so I decided to try it out. It is a tool which can automatically reload used .css and .js files in all browser sessions after change detection. To make it work browsersync can start proxy server watching files on the original server and sending events to the browser clients if needed. Read more