Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 2 hours 25 min ago

Debian LTS: DLA-1276-1: tomcat-native security update

Sunday 11th of February 2018 08:51:00 PM
LinuxSecurity.com: Jonas Klempel discovered that, when parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the

Debian: DSA-4111-1: libreoffice security update

Sunday 11th of February 2018 03:26:00 PM
LinuxSecurity.com: Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.

Debian LTS: DLA-1275-1: uwsgi security update

Saturday 10th of February 2018 11:01:00 PM
LinuxSecurity.com: It was discovered that the uwsgi_expand_path function in utils.c in Unbit uWSGI, an application container server, has a stack-based buffer overflow via a large directory length that can cause a denial-of-service (application crash) or stack corruption.

Debian LTS: DLA-1274-1: exim4 security update

Saturday 10th of February 2018 08:05:00 PM
LinuxSecurity.com: Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted

Debian: DSA-4110-1: exim4 security update

Saturday 10th of February 2018 06:35:00 PM
LinuxSecurity.com: Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted

Debian: DSA-4109-1: ruby-omniauth security update

Saturday 10th of February 2018 02:35:00 AM
LinuxSecurity.com: Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web

ArchLinux: 201802-4: plasma-workspace: arbitrary command execution

Friday 9th of February 2018 11:02:00 PM
LinuxSecurity.com: The package plasma-workspace before version 5.12.0-1 is vulnerable to arbitrary command execution.

ArchLinux: 201802-4: plasma-workspace: arbitrary command execution

Friday 9th of February 2018 11:00:00 PM
LinuxSecurity.com: The package plasma-workspace before version 5.12.0-1 is vulnerable to arbitrary command execution.

ArchLinux: 201802-3: go-pie: arbitrary code execution

Friday 9th of February 2018 10:38:00 PM
LinuxSecurity.com: The package go-pie before version 1.9.4-1 is vulnerable to arbitrary code execution.

ArchLinux: 201802-2: go: arbitrary code execution

Friday 9th of February 2018 10:36:00 PM
LinuxSecurity.com: The package go before version 1.9.4-1 is vulnerable to arbitrary code execution.

SUSE: 2018:0416-1: important: the Linux Kernel

Friday 9th of February 2018 09:15:00 PM
LinuxSecurity.com: An update that solves 9 vulnerabilities and has 44 fixes is now available.

SUSE: 2018:0414-1: important: freetype2

Friday 9th of February 2018 09:13:00 PM
LinuxSecurity.com: An update that fixes four vulnerabilities is now available.

Fedora 27: tomcat-native Security Update

Friday 9th of February 2018 04:30:00 PM
LinuxSecurity.com: Security fix for CVE-2017-15698

Ubuntu 3564-1: PostgreSQL vulnerability

Friday 9th of February 2018 03:49:00 PM
LinuxSecurity.com: PostgreSQL could be made to expose sensitive information.

ArchLinux: 201802-1: clamav: multiple issues

Friday 9th of February 2018 03:44:00 PM
LinuxSecurity.com: The package clamav before version 0.99.3-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

openSUSE: 2018:0408-1: important: the Linux Kernel

Friday 9th of February 2018 03:09:00 PM
LinuxSecurity.com: An update that solves 9 vulnerabilities and has 70 fixes is now available.

RedHat: RHSA-2018-0292:01 Important: kernel security update

Friday 9th of February 2018 12:57:00 PM
LinuxSecurity.com: An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Fedora 26: tomcat-native Security Update

Friday 9th of February 2018 11:28:00 AM
LinuxSecurity.com: Security fix for CVE-2017-15698

Debian LTS: DLA-1273-1: simplesamlphp security update

Friday 9th of February 2018 08:41:00 AM
LinuxSecurity.com: simplesamlphp, an authentication and federation application has been found vulnerable to Cross Site Scripting (XSS), signature validation byepass and using insecure connection charset.

Debian LTS: DLA-1272-1: mailman security update

Friday 9th of February 2018 08:02:00 AM
LinuxSecurity.com: The mailman package has a Cross-site scripting (XSS) vulnerability in the web UI before 2.1.26 which allows remote attackers to inject arbitrary web script or HTML via a user-options URL

More in Tux Machines

SuiteCRM 7.10 Released

  • SuiteCRM 7.10 released
    SalesAgility, the creators and maintainers of SuiteCRM, are excited to announce a new major release of the world’s most popular open source CRM – SuiteCRM 7.10, including highly anticipated new features and many enhancements. SuiteCRM is a fully featured, highly flexible, open source CRM, which can be installed on-premise or in the cloud, and allows companies and organisations to have full control over their own customer data. It delivers actionable insights into customers, boosts conversions, helps increase sales, bolsters customer care and streamlines business operations. The CRM is as powerful as Salesforce and Dynamics, but with the unique benefit of being completely open source.
  • SuiteCRM 7.10 released
    SuiteCRM is a fork of the formerly open-source SugarCRM customer relationship management system.
  • SuiteCRM 7.10 Released For Open-Source Customer Relationship Management
    SuiteCRM 7.10 is now available as the latest major feature release to this customer relationship management (CRM) software forked from SugarCRM's last open-source release.
  • How startups and SME’s can leverage open source CRM to increase business
    Prominent Open Source CRM in India: – SugarCRM Founded in 2004, Sugar CRM has over 7,000 customers and more than half a million users worldwide. Easily one of the largest open sources CRM in the world, SugarCRM offers versatile functionalities including sales-force automation, marketing campaigns, customer support, collaboration, Mobile CRM, Social CRM and reporting. While SugarCRM has released no open source editions since early 2014, its earlier community versions continued to inspire other open source software, namely Suite CRM, Vtiger CRM and SarvCRM. – SuiteCRM Suite CRM is a popular fork of SugarCRM and was launched as the latest version of the SugarCRM in October 2013. In a short period of its existence, it has won several awards and has been adopted by reputed clientele, including the Govt. of UK’s National Health Scheme (NHS) program. Suite CRM is an enterprise-class open source alternative to proprietary alternatives and offers a series of extension for both free and paid-for enhancements. Prominent additional modules available with SuiteCRM include Teams security, Google Maps, Outlook Plugin, Products, Contracts, Invoices, PDF Templates, workflow, reporting and Responsive Theme.

Open source intelligent solutions to transform work, businesses

New trends are opening up new opportunities and new ways to deal with IT, according to Thomas di Giacomo, SUSE CTO, speaking at the SUSE executive roundtable, which the open source company hosted in partnership with ITWeb last week. There are many new and innovative technologies that can help IT leaders meet these new demands, he added. Open source based technologies have become the driving force behind most of the technologically disruptive innovations, said Di Giacomo. "It is pretty clear that all the new innovation is coming from open source. "For example, open source progress with Linux and virtualisation a couple of decades ago, cloud in the last 10 years, and more recently, containers for applications, software-defined infrastructure, and platform-as-a-service, empowering DevOps principles." However, these trends also present some new challenges, said Di Giacomo. Compared to a couple of decades ago, the number of open source projects today has skyrocketed - from hundreds in the different foundations like the Linux Foundation, Apache, Eclipse and others, to millions of projects on Github. Read more

today's lefftovers

OSS Leftovers

  • Running for the board of the Open Source Initiative – a few words
    Today I would like to explain my reasons for my candidacy at the board of the Open Source Initiative. I can think of two kinds of reason for my decision: one is personal, and the other one is directly related to current state of Open Source and software freedom. Let’s start with the first one: I’m currently helping the Open Information Security Foundation and the Suricata project in my capacity at ANSSI, while contributing in a minor way to the LibreOffice project and the Document Foundation.
  • Tutanota: Encrypted Open Source Email Service for Privacy Minded People
    Since then, I have heard of another email provider that you may be interested in. It’s a little different, but it touts some of the same features ProtonMail does: privacy, security, open-source code, etc. It’s called Tutanota, and like ProtonMail, I am a very big fan.
  • Open FinTech Forum – Event preview, October 10-11, New York City.
  • The tracker will always get through
    A big objection to tracking protection is the idea that the tracker will always get through. Some people suggest that as browsers give users more ability to control how their personal information gets leaked across sites, things won't get better for users, because third-party tracking will just keep up. On this view, today's easy-to-block third-party cookies will be replaced by techniques such as passive fingerprinting where it's hard to tell if the browser is succeeding at protecting the user or not, and users will be stuck in the same place they are now, or worse. I doubt this is the case because we're playing a more complex game than just trackers vs. users. The game has at least five sides, and some of the fastest-moving players with the best understanding of the game are the adfraud hackers. Right now adfraud is losing in some areas where they had been winning, and the resulting shift in adfraud is likely to shift the risks and rewards of tracking techniques.
  • MozMEAO SRE Status Report - February 16, 2018
    Here’s what happened on the MozMEAO SRE team from January 23 - February 16.
  • The major milestones of the Government Digital Service (GDS)
  • PyTorch Should Be Copyleft
    Most people have heard of Google’s Tensorflow which was released at the end of 2015, but there’s an active codebase called PyTorch which is easier to understand, less of a black box, and more dynamic. Tensorflow does have solutions for some of those limitations (such as Tensorflow-fold, and Tensorflow-Eager) but these new capabilities remove the need for other features and complexity of Tensorflow. Google built a great system for doing static computation graphs before realizing that most people want dynamic graphs. Doh! [...] I wish PyTorch used the AGPL license. Most neural networks are run on servers today, it is hardly used on the Linux desktop. Data is central to AI and that can stay owned by FB and the users of course. The ImageNet dataset created a revolution in computer vision, so let’s never forget that open data sets can be useful.
  • Linux on Nintendo Switch, a new Kubernetes ML platform, and more news
    In this edition of our open source news roundup, we take a look at the Mozilla's IoT gateway, a new machine learning platform, Code.mil's revamp, and more.