Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
LinuxSecurity.com is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Updated: 2 hours 52 min ago

Mageia 2019-0007: units security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: A flaw was found in units. units_cur doesn't sanitize downloaded data. This allows a maliciously intended server to execute arbitrary code remotely on the client (rhbz#1598913). References:

Mageia 2019-0011: ldb, talloc, and samba security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME loops, resulting in denial of service (CVE-2018-14629). Alex MacCuish discovered that a user with a valid certificate or smart

Mageia 2019-0005: plexus-archiver security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or vulnerable configurations (CVE-2018-1002200).

Mageia 2019-0006: imagemagick security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: Imagemagick has been updated to fix several bugs and security issues. References: - https://bugs.mageia.org/show_bug.cgi?id=23257 - https://legacy.imagemagick.org/script/changelog.php

Mageia 2019-0002: xmlrpc security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD (CVE-2016-5002).

SUSE: 2019:0019-1 moderate: polkit

Friday 4th of January 2019 06:14:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

SUSE: 2019:0020-1 important: xen

Friday 4th of January 2019 06:11:00 PM
LinuxSecurity.com: An update that solves 6 vulnerabilities and has three fixes is now available.

SUSE: 2019:13924-1 important: mailman

Friday 4th of January 2019 03:09:00 PM
LinuxSecurity.com: An update that fixes 5 vulnerabilities is now available.

SUSE: 2019:13923-1 moderate: GraphicsMagick

Thursday 3rd of January 2019 09:08:00 PM
LinuxSecurity.com: An update that fixes 8 vulnerabilities is now available.

SUSE: 2019:0015-1 moderate: polkit

Thursday 3rd of January 2019 03:09:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

SUSE: 2019:13921-1 important: xen

Wednesday 2nd of January 2019 08:10:00 PM
LinuxSecurity.com: An update that solves 13 vulnerabilities and has three fixes is now available.

SUSE: 2019:0003-1 important: xen

Wednesday 2nd of January 2019 08:08:00 PM
LinuxSecurity.com: An update that solves 11 vulnerabilities and has one errata is now available.

SUSE: 2019:0005-1 moderate: libraw

Wednesday 2nd of January 2019 08:07:00 PM
LinuxSecurity.com: An update that fixes four vulnerabilities is now available.

SUSE: 2019:0002-1 moderate: libraw

Wednesday 2nd of January 2019 08:06:00 PM
LinuxSecurity.com: An update that fixes three vulnerabilities is now available.

SUSE: 2018:4300-1 important: xen

Saturday 29th of December 2018 12:17:00 AM
LinuxSecurity.com: An update that solves 9 vulnerabilities and has four fixes is now available.

SUSE: 2018:4298-1 moderate: wireshark

Saturday 29th of December 2018 12:15:00 AM
LinuxSecurity.com: An update that fixes 6 vulnerabilities is now available.

SUSE: 2018:4297-1 important: containerd, docker and go

Saturday 29th of December 2018 12:11:00 AM
LinuxSecurity.com: An update that solves four vulnerabilities and has 17 fixes is now available.

Debian: DSA-4361-1: libextractor security update

Friday 28th of December 2018 10:10:00 PM
LinuxSecurity.com: Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or memory disclosure if a malformed OLE file is processed.

openSUSE: 2018:4287-1: important: netatalk

Friday 28th of December 2018 09:15:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

Debian LTS: DLA-1621-1: c3p0 security update

Friday 28th of December 2018 07:58:00 PM
LinuxSecurity.com: A XML External Entity (XXE) vulnerability was discovered in c3p0, a library for JDBC connection pooling, that may be used to resolve information outside of the intended sphere of control.

More in Tux Machines

Security: Windows 'Fun' at Melbourne and Alleged Phishing by Venezuela’s Government

today's howtos

GCC 8.3 Released and GCC 9 Plans

  • GCC 8.3 Released
    The GNU Compiler Collection version 8.3 has been released. GCC 8.3 is a bug-fix release from the GCC 8 branch containing important fixes for regressions and serious bugs in GCC 8.2 with more than 153 bugs fixed since the previous release. This release is available from the FTP servers listed at: http://www.gnu.org/order/ftp.html Please do not contact me directly regarding questions or comments about this release. Instead, use the resources available from http://gcc.gnu.org. As always, a vast number of people contributed to this GCC release -- far too many to thank them individually!
  • GCC 8.3 Released With 153 Bug Fixes
    While the GCC 9 stable compiler release is a few weeks away in the form of GCC 9.1, the GNU Compiler Collection is up to version 8.3.0 today as their newest point release to last year's GCC 8 series.
  • GCC 9 Compiler Picks Up Official Support For The Arm Neoverse N1 + E1
    Earlier this week Arm announced their next-generation Neoverse N1 and E1 platforms with big performance potential and power efficiency improvements over current generation Cortex-A72 processor cores. The GNU Compiler Collection (GCC) ahead of the upcoming GCC9 release has picked up support for the Neoverse N1/E1. This newly-added Neoverse N1 and E1 CPU support for GCC9 isn't all that surprising even with the very short time since announcement and GCC9 being nearly out the door... Arm developers had already been working on (and landed) the Arm "Ares" CPU support, which is the codename for what is now the Neoverse platform.

Android Leftovers