Language Selection

English French German Italian Portuguese Spanish Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 1 hour 46 min ago

Fedora 24 drupal7-7.52-1.fc24

Tuesday 29th of November 2016 10:56:00 PM

Fedora 23 vagrant-1.8.1-3.fc23

Tuesday 29th of November 2016 06:57:00 PM Fix nfs_cleanup security race and permissions (rhbz#1395040).

Fedora 23 teeworlds-0.6.4-1.fc23

Tuesday 29th of November 2016 06:56:00 PM Fix for CVE-2016-9400

Fedora 23 drupal7-7.52-1.fc23

Tuesday 29th of November 2016 06:56:00 PM

Red Hat: 2016:2825-01: thunderbird: Important Advisory

Tuesday 29th of November 2016 01:11:00 AM An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact [More...]

Debian: 3725-1: icu: Summary

Sunday 27th of November 2016 12:40:00 PM Security Report Summary

Fedora 23 bind-9.10.4-2.P4.fc23

Sunday 27th of November 2016 10:24:00 AM Security fix for CVE-2016-8864

Debian: 3726-1: imagemagick: Summary

Saturday 26th of November 2016 11:10:00 PM Security Report Summary

Fedora 25 python-tornado-4.4.2-1.fc25

Saturday 26th of November 2016 06:01:00 PM Update to 4.4.2: Security fixes * A difference in cookie parsing betweenTornado and web browsers (especially when combined with Google Analytics) couldallow an attacker to set arbitrary cookies and bypass XSRF protection. Thecookie parser has been rewritten to fix this attack. Backwards-compatibilitynotes * Cookies containing certain special characters (in particular semicolonand square brackets) are now parsed differently. * If the cookie headercontains a combination of valid and invalid cookies, the valid ones will bereturned (older versions of Tornado would reject the entire header for a singleinvalid cookie).

Fedora 23 sudo-1.8.18p1-1.fc23

Friday 25th of November 2016 02:29:00 AM - update to 1.8.18p1 - fixes CVE-2016-7076

Debian: 3724-1: gst-plugins-good0.10: Summary

Thursday 24th of November 2016 03:56:00 PM Security Report Summary

Debian: 3723-1: gst-plugins-good1.0: Summary

Thursday 24th of November 2016 03:49:00 PM Security Report Summary

Fedora 24 icu-56.1-7.fc24

Thursday 24th of November 2016 03:46:00 PM Security fix for CVE-2016-7415

Fedora 24 zathura-pdf-mupdf-0.3.0-3.fc24

Thursday 24th of November 2016 03:46:00 PM Security fix for CVE-2016-7504, CVE-2016-7505, CVE-2016-7506, CVE-2016-9017,CVE-2016-9108, CVE-2016-9109, CVE-2016-9294

Fedora 24 mujs-0-6.20161031gita0ceaf5.fc24

Thursday 24th of November 2016 03:46:00 PM Security fix for CVE-2016-7504, CVE-2016-7505, CVE-2016-7506, CVE-2016-9017,CVE-2016-9108, CVE-2016-9109, CVE-2016-9294

Fedora 24 perl-DBD-MySQL-4.039-1.fc24

Thursday 24th of November 2016 03:45:00 PM Security fix for CVE-2016-1249

Fedora 24 moodle-3.1.3-1.fc24

Thursday 24th of November 2016 03:39:00 PM 3.1.3

Fedora 25 zathura-pdf-mupdf-0.3.0-3.fc25

Thursday 24th of November 2016 11:44:00 AM Security fix for CVE-2016-7504, CVE-2016-7505, CVE-2016-7506, CVE-2016-9017,CVE-2016-9108, CVE-2016-9109, CVE-2016-9294

Fedora 25 mujs-0-6.20161031gita0ceaf5.fc25

Thursday 24th of November 2016 11:43:00 AM Security fix for CVE-2016-7504, CVE-2016-7505, CVE-2016-7506, CVE-2016-9017,CVE-2016-9108, CVE-2016-9109, CVE-2016-9294

Fedora 23 kernel-4.8.8-100.fc23

Thursday 24th of November 2016 03:38:00 AM The 4.8.8 stable kernel update contains a number of important fixes across thetree. ---- The 4.8.7 kernel rebase contains new hardware support, additionalfeatures, and a number of important bug fixes across the tree.

More in Tux Machines

Red Hat News

  • Improving Storage Performance with Ceph and Flash
    Ceph is a storage system designed to be used at scale, with clusters of Ceph in deployment in excess of 40 petabytes today. At LinuxCon Europe, Allen Samuels, Engineering Fellow at Western Digital, says that Ceph has been proven to scale out reasonably well. Samuels says, “the most important thing that a storage management system does in the clustered world is to give you availability and durability,” and much of the technology in Ceph focuses on controlling the availability and the durability of your data. In his presentation, Samuels talks not just about some of the performance advantages to deploying Ceph on Flash, but he also goes into detail about what they are doing to optimize Ceph in future releases.
  • Ceph and Flash by Allen Samuels, Western Digital
  • Red Hat Opens Up OpenShift Dedicated to Google Cloud Platform
    When businesses and enterprises begin adopting data center platforms that utilize containerization, then and only then can we finally say that the container trend is sweeping the planet. Red Hat’s starter option for containerization platforms is OpenShift Dedicated — a public cloud-based, mostly preconfigured solution, which launched at this time last year on Amazon AWS.
  • Volatility Numbers in View for Red Hat, Inc. (NYSE:RHT)

Leftovers: OSS and Sharing

  • Rhizome is working on an open-source tool to help archive digital content
    "The stability of this kind of easy archiving for document storage, review and revision is a great possibility, but the workflow for journalists is very specific, so the grant will allow us to figure out how it could function." Another feature of Webrecorder that journalists might find appealing, and one of the software's core purposes, is to preserve material that might be deleted or become unavailable in time. However, the tool is currently operated under a Digital Millennium Copyright Act (DMCA) Takedown policy. This means any individual can ask for a record of their web presence or materials to be removed, so Rhizome will be working to "answer the more complicated questions and figure out policies" around privacy and copyright with the latest round of funding.
  • An ode to releasing software
    There is one particular moment in every Free and Open Source Software project: it’s the time when the software is about to get released. The software has been totally frozen of course, QA tests have been made, all the lights are green; the website still needs to be updated with the release notes, perhaps some new content and of course the stable builds have to be uploaded. The release time is always a special one. The very day of the release, there is some excitement and often a bit of stress. The release manager(s), as well as everyone working on the project’s infrastructure are busy making sure everything is ready when the upload of the stable version of the software, binaries and source, has been completed. In many cases, some attention is paid to the main project’s mirror servers so that the downloads are fluid and work (mostly) flawlessly as soon as the release has been pushed and published.
  • Diversity Scholarship Series: My Time at CloudNativeCon 2016
    CloudNativeCon 2016 was a wonderful first conference for me and although the whirlwind of a conference is tiring, I left feeling motivated and inspired. The conference made me feel like I was a part of the community and technology I have been working with daily.
  • WordPress 4.7 Content Management System Provides New Design Options
    WordPress is among the most widely used open-source technologies in the world, powering more than 70 million websites. WordPress 4.7 was released Dec. 6, providing a new milestone update including new features for both users and developers. As is typically the case with new WordPress releases, there is also a new default theme in the 4.7 update. The 2017 theme provides users with a number of interesting attributes including the large feature image as well as the ability to have a video as part of the header image. The Theme Customizer feature enables users to more intuitively adjust various elements of a theme, to fit the needs of websites that use will upgrade to WordPress 4.7. In addition, the new custom CSS (Cascading Style Sheets) feature within a theme preview lets users quickly see how style changes will change the look of a site. As an open-source project, WordPress benefits from participation of independent contributors and for the 4.7 release there were 482 contributors. In this slideshow eWEEK takes a look at some of the highlights of the WordPress 4.7 release.
  • Psychology Professor Releases Free, Open-Source, Preprint Software
    The Center for Open Science, directed by University of Virginia psychology professor Brian Nosek, has launched three new services to more quickly share research data as the center continues its mission to press for openness, integrity and reproducibility of scientific research. Typically, researchers send preprint manuscripts detailing their research findings to peer-reviewed academic journals, such as Nature and Science. The review process can take months or even years before publication – if the research is published at all. By contrast, “preprinting,” or sharing non-peer-reviewed research results online, enables crucial data to get out to the community the moment it is completed. That, said Nosek, is critical.
  • Integral Ad Science Launches Open Source SDK to Drive Mobile Innovation for the Advertising Industry
  • Tullett Prebon Information, Quaternion and Columbia University form open source risk collaboration
  • Tullett Prebon Information And Quaternion Risk Management Partner To Enhance Transparency And Standardisation In Risk Modelling – Partnership Fuels Columbia University Research To Improve Understanding Of Systemic Risk
  • Integral Ad Science Partners with Google, Others for Open Source Viewability
  • DoomRL creator makes free roguelike open-source to try and counter Zenimax legal threat
  • DoomRL Goes Open-Source in Face of Copyright Claims
    Earlier this week, ZeniMax Medi hit DoomRL, a popular roguelike version of the original first-person shooter, with a cease-and-desist order. This order instructed producer ChaosForge to remove the free downloadable game to prevent further legal action. Instead of taking it down, co-creator Kornel Kisielewicz turned the game open-source.
  • This Indian software company just partnered with the world’s biggest open source community
    In what can be called a major motivation for Indian tech firms, Amrut Software, an end-to-end Software, BPO services and solutions provider has become a GitHub distributor for India region. GitHub hosts world’s biggest open source community along with the most popular version control systems, configuration management and collaboration tools for software developers. It has some of the largest installations of repositories in the world.
  • Python 3.6 released with many new improvements and features
    Python,the high-level interpreted programming language is now one of the most preferred programming language by beginners and professional-level developers.So,here Python 3.6 is now available with many changes,improvements and of course the ease of Python was not left in the work list.

Security Leftovers