Language Selection

English French German Italian Portuguese Spanish Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 11 hours 36 sec ago

Fedora 25 bind-9.10.4-4.P6.fc25

Tuesday 14th of February 2017 11:30:00 AM Security fix for CVE-2017-3135

Fedora 25 kernel-4.9.9-200.fc25

Tuesday 14th of February 2017 11:26:00 AM The 4.9.9 update contains a number of important fixes across the tree

Fedora 25 netpbm-10.77.00-3.fc25

Tuesday 14th of February 2017 11:25:00 AM Security fix for CVE-2017-2586, CVE-2017-2587 and CVE-2017-5849, ---- Addlicense information file copyright_summary ---- New version of netpbm isavailable (10.77.00)

Fedora 25 w3m-0.5.3-27.git20161120.fc25

Tuesday 14th of February 2017 10:53:00 AM Rebase to latest upstream gitrev 20161120

Red Hat: 2017:0269-01: java-1.7.0-openjdk: Critical Advisory

Monday 13th of February 2017 07:19:00 AM An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact [More...]

Fedora 24 epiphany-3.20.7-1.fc24

Sunday 12th of February 2017 10:07:00 AM Update to 3.20.7, fixing a serious password extraction sweep attack on thepassword manager [(#752738)](

Slackware: 2017-041-02: openssl: Security Update

Friday 10th of February 2017 08:39:00 PM New openssl packages are available for Slackware 14.2 and -current to fix security issues. [More Info...]

Slackware: 2017-041-01: bind: Security Update

Friday 10th of February 2017 08:39:00 PM New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. [More Info...]

Slackware: 2017-041-04: tcpdump: Security Update

Friday 10th of February 2017 08:29:00 PM New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. NOTE: These updates also require the updated libpcap package. [More Info...]

Slackware: 2017-041-03: php: Security Update

Friday 10th of February 2017 08:29:00 PM New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. [More Info...]

Gentoo: 201702-06 Graphviz: Multiple vulnerabilities

Friday 10th of February 2017 06:24:00 PM Multiple vulnerabilities have been found in Graphviz and the extent of these vulnerabilities are unspecified.

Gentoo: 201702-05 Lsyncd: Remote execution of arbitrary code

Friday 10th of February 2017 06:17:00 PM A vulnerability in Lsyncd allows execution of arbitrary code.

Gentoo: 201702-04 GnuTLS: Multiple vulnerabilities

Friday 10th of February 2017 06:12:00 PM Multiple vulnerabilities have been found in GnuTLS, the worst of which may allow execution of arbitrary code.

Fedora 24 iio-sensor-proxy-2.1-1.fc24

Friday 10th of February 2017 09:58:00 AM Update to 2.1

Fedora 24 java-1.8.0-openjdk-aarch32-

Friday 10th of February 2017 09:52:00 AM January 2017 security fixes -

Fedora 25 gtk-vnc-0.7.0-1.fc25

Friday 10th of February 2017 09:45:00 AM Security fix for CVE-2017-5884, CVE-2017-5885

Fedora 25 libwmf-

Friday 10th of February 2017 09:43:00 AM * various security relevant flaws

Fedora 25 java-1.8.0-openjdk-aarch32-

Friday 10th of February 2017 09:32:00 AM January 2017 security fixes -

Ubuntu: 3190-2: Linux kernel (Raspberry Pi 2) vulnerabilities

Thursday 9th of February 2017 07:57:00 PM Several security issues were fixed in the kernel.

Debian: 3785-1: jasper: Summary

Thursday 9th of February 2017 05:39:00 PM Security Report Summary

More in Tux Machines

Artificial intelligence/Machine learning

  • Is your AI being handed to you by Google? Try Apache open source – Amazon's AWS did
    Surprisingly, the MXNet Machine Learning project was this month accepted by the Apache Software Foundation as an open-source project. What's surprising about the announcement isn't so much that the ASF is accepting this face in the crowd to its ranks – it's hard to turn around in the software world these days without tripping over ML tools – but rather that MXNet developers, most of whom are from Amazon, believe ASF is relevant.
  • Current Trends in Tools for Large-Scale Machine Learning
    During the past decade, enterprises have begun using machine learning (ML) to collect and analyze large amounts of data to obtain a competitive advantage. Now some are looking to go even deeper – using a subset of machine learning techniques called deep learning (DL), they are seeking to delve into the more esoteric properties hidden in the data. The goal is to create predictive applications for such areas as fraud detection, demand forecasting, click prediction, and other data-intensive analyses.
  • Your IDE won't change, but YOU will: HELLO! Machine learning
    Machine learning has become a buzzword. A branch of Artificial Intelligence, it adds marketing sparkle to everything from intrusion detection tools to business analytics. What is it, exactly, and how can you code it?
  • Artificial intelligence: Understanding how machines learn
    Learning the inner workings of artificial intelligence is an antidote to these worries. And this knowledge can facilitate both responsible and carefree engagement.
  • Your future boss? An employee-interrogating bot – it's an open-source gift from Dropbox
    Dropbox has released the code for the chatbot it uses to question employees about interactions with corporate systems, in the hope that it can help other organizations automate security processes and improve employee awareness of security concerns. "One of the hardest, most time-consuming parts of security monitoring is manually reaching out to employees to confirm their actions," said Alex Bertsch, formerly a Dropbox intern and now a teaching assistant at Brown University, in a blog post. "Despite already spending a significant amount of time on reach-outs, there were still alerts that we didn't have time to follow up on."

Red Hat News

Container-friendly Alpine Linux may get Java port

Alpine Linux, a security-focused lightweight distribution of the platform, may get its own Java port. Alpine is popular with the Docker container developers, so a Java port could pave the way to making Java containers very small. A proposal floated this week on an OpenJDK mailing list calls for porting the JDK (Java Development Kit), including the Java Runtime Environment, Java compiler and APIs, to both the distribution and the musl C standard library, which is supported by Alpine Linux. The key focus here is musl; Java has previously been ported to the standard glibc library, which you can install in Alpine, but the standard Alpine release switched two years ago to musl because it’s much faster and more compact Read more

OSS and Linux Foundation Work

  • Using Open Source Software to Speed Development and Gain Business Advantage
    Last week, we started by defining “Open Source” in common terms -- the first step for any organization that wants to realize, and optimize, the advantages of using open source software (OSS) in their products or services. In the next few articles, we will provide more details about each of the ways OSS adds up to a business advantage for organizations that use and contribute to open source. First, we’ll discuss why many organizations use OSS to speed up the delivery of software and hardware solutions.
  • Linux Foundation Creates New Platform for Network Automation
  • Tying together the many open source projects in networking
    There are a lot of pieces to the ongoing network transformation going up and down the stack. There's the shift away from proprietary hardware. There's the to need to manage complex network configurations. Add subscriber management and a wide range of other necessary functions. Add customer-facing services. All of those pieces need to fit together, integrate with each other, and interoperate. This was the topic of my conversation with Heather Kirksey, who heads up the Open Platform for Network Functions Virtualization (OPNFV) project when we caught up at the Open Source Leadership Summit in mid-February. OPNFV is a Linux Foundation Collaborative Project which focuses on the system integration effort needed to tie together the many other open source projects in this space, such as OpenDaylight. As Heather puts it: "Telecom operators are looking to rethink, reimagine, and transform their networks from things being built on proprietary boxes to dynamic cloud applications with a lot more being in software. [This lets them] provision services more quickly, allocate bandwidth more dynamically, and scale out and scale in more effectively."
  • Master the Open Cloud with Free, Community-Driven Guides
    One of the common criticisms of open source in general, especially when it comes to open cloud platforms such as OpenStack and ownCloud, is lack of truly top-notch documentation and training resources. The criticism is partly deserved, but there are some free documentation resources that benefit from lots of contributors. Community documentation and training contributors really can make a difference. In fact, in a recent interview, ClusterHQ’s Mohit Bhatnagar said: “Documentation is a classic example of where crowdsourcing wins. You just can’t beat the enthusiasm of hobbyist developers fixing a set of documentation resources because they are passionate about the topic.”
  • OpenStack Ocata Nova Cells Set to Improve Cloud Scalability
    Among the biggest things to land in the OpenStack Ocata cloud platform release this week is the Cells v2 code, which will help enable more scale and manageability in the core Nova compute project. Nova is one of the two original projects (along with Swift storage) that helped launch OpenStack in June 2010. The original Nova code, which was written by NASA, enables the management of virtualized server resources.