Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 3 hours 43 min ago

Fedora 32: xrdp 2020-9666e4c9cd>

Wednesday 8th of July 2020 09:06:26 PM
This is a security fix release that includes fixes for the following local buffer overflow vulnerability. - CVE-2022-4044: Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it This update is recommended for all xrdp users.

Fedora 32: remmina 2020-a3ef998a70>

Wednesday 8th of July 2020 09:06:23 PM
Remmina 1.4.7 and FreeRDP 2.1.2 to fix many bugs and CVEs

Fedora 32: freerdp 2020-a3ef998a70>

Wednesday 8th of July 2020 09:06:22 PM
Remmina 1.4.7 and FreeRDP 2.1.2 to fix many bugs and CVEs

openSUSE: 2020:0947-1: important: chocolate-doom>

Wednesday 8th of July 2020 05:12:08 PM
An update that fixes one vulnerability is now available.

Debian: DSA-4722-1: ffmpeg security update>

Wednesday 8th of July 2020 04:46:11 PM
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Ubuntu 4421-1: Thunderbird vulnerabilities>

Wednesday 8th of July 2020 02:34:23 PM
Several security issues were fixed in Thunderbird.

CentOS: CESA-2020-2824: Important CentOS 6 firefox >

Wednesday 8th of July 2020 01:26:10 PM
Upstream details at : https://access.redhat.com/errata/RHSA-2020:2824

CentOS: CESA-2020-2827: Important CentOS 7 firefox >

Wednesday 8th of July 2020 01:23:13 PM
Upstream details at : https://access.redhat.com/errata/RHSA-2020:2827

Debian: DSA-4721-1: ruby2.5 security update>

Wednesday 8th of July 2020 11:31:57 AM
Several vulnerabilities have been discovered in the interpreter for the Ruby language. CVE-2020-10663

SUSE: 2020:1591-2 important: MozillaThunderbird>

Wednesday 8th of July 2020 09:33:31 AM
An update that fixes four vulnerabilities is now available.

SUSE: 2020:1580-2 moderate: texlive-filesystem>

Wednesday 8th of July 2020 09:25:52 AM
An update that fixes two vulnerabilities is now available.

SUSE: 2020:1297-2 moderate: libvpx>

Wednesday 8th of July 2020 09:25:11 AM
An update that fixes one vulnerability is now available.

SUSE: 2020:1695-2 moderate: osc>

Wednesday 8th of July 2020 09:23:31 AM
An update that fixes one vulnerability is now available.

SUSE: 2020:1553-2 moderate: libexif>

Wednesday 8th of July 2020 09:22:19 AM
An update that fixes 9 vulnerabilities is now available.

SUSE: 2020:0819-2 important: icu>

Wednesday 8th of July 2020 09:21:38 AM
An update that fixes one vulnerability is now available.

SUSE: 2020:1417-2 moderate: freetds>

Wednesday 8th of July 2020 09:20:57 AM
An update that fixes one vulnerability is now available.

SUSE: 2019:2425-2 important: nmap>

Wednesday 8th of July 2020 09:20:09 AM
An update that fixes two vulnerabilities is now available.

SUSE: 2020:1621-2 important: libEMF>

Wednesday 8th of July 2020 09:19:10 AM
An update that fixes four vulnerabilities is now available.

Debian: DSA-4720-1: roundcube security update>

Wednesday 8th of July 2020 02:06:19 AM
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize incoming mail messages. This would allow a remote attacker to perform a Cross-Side Scripting (XSS) attack.

Fedora 31: firefox 2020-8ba9376229>

Tuesday 7th of July 2020 09:07:11 PM
Update to latest upstream version

More in Tux Machines

today's howtos

Olimex Tukhla High-End Open Source Hardware NXP i.MX 8QuadMax SBC in the Works

Most open-source hardware Arm Linux SBCs are optimized for cost, and there are few higher-end boards with extensive connectivity designed for professionals. Beagleboard X15 would be one of the rare examples currently available on the market, but it was launched five years ago. One European company noticed the void in this market and asked Olimex to develop a high-end open-source Linux board with a well-documented processor. They ruled out RK3399, and instead went Olimex Tukhla SBC will be powered by NXP i.MX 8QuadMax, the top processor of i.MX 8 family with two Cortex-A72 cores, four Cortex-A53 cores, and two real-time Cortex-M4F cores. Read more

Robotics Recap: Learning, Programming & Snapping ROS 2

Robotics@Canonical puts a strong focus on the migration from ROS to ROS 2. ROS 2 benefits from many improvements, especially robot security. Our goal is to make it easy for you to transition to ROS 2, whether you’re completely new to ROS or a seasoned engineer retooling for a new environment. Your new platform should be secure-by-default, and we expect you’ll need to pivot between different environments as you migrate from ROS to ROS 2. Along the way we’ve encountered some friction points, some mild surprises, and some opportunities to better leverage existing tools. Whenever that happened we tried to fix them and share our experiences so you didn’t run into the same problems! This has resulted in blog posts and videos in three key focus areas: getting started with ROS 2, software development in ROS 2, and building snaps for ROS. Let’s recap some of our recent output. Read more

Linux 5.8-rc5

Ok, so rc4 was small, and now a week later, rc5 is large.

It's not _enormous_, but of all the 5.x kernels so far, this is the
rc5 with the most commits. So it's certainly not optimal. It was
actually very quiet the beginning of the week, but things picked up on
Friday. Like they do..

That said, a lot of it is because of the networking fixes that weren't
in rc4, and I'm still not hearing any real panicky sounds from people,
and things on the whole seem to be progressing just fine.

So a large rc5 to go with a large release doesn't sound all that
worrisome, when we had an unusually small rc4 that precedes it and
explains it.

Maybe I'm in denial, but I still think we might hit the usual release
schedule. A few more weeks to go before I need to make that decision,
so it won't be keeping me up at night.

The diffstat for rc5 doesn't look particularly worrisome either. Yes,
there's a (relatively) high number of commits, but they tend to be
small. Nothing makes me go "umm".

In addition to the outright fixes, there's a few cleanups that are
just prep for 5.9. They all look good and simple too.

Anyway, networking (counting both core and drivers) amounts to about a
third of the patch, with the rest being spread all over: arch updates
(arm64, s390, arc), drivers (gpu, sound, md, pin control, gpio),
tooling (perf and selftests). And misc noise all over.

The appended shortlog gives the details, nothing really looks all that
exciting. Which is just as it should be at this time.

Go forth and test.

Thanks,

                 Linus
Read more Also: Linux 5.8-rc5 Released As A Big Kernel For This Late In The Cycle