Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 6 weeks 2 days ago

Debian LTS: DLA-1338-1: beep security update

Tuesday 3rd of April 2018 07:46:00 AM
LinuxSecurity.com: It was discovered that there was a local privilege escalation vulnerability in beep, an "advanced PC speaker beeper". For Debian 7 "Wheezy", this issue has been fixed in beep version

Debian LTS: DLA-1337-1: jruby security update

Monday 2nd of April 2018 11:10:00 PM
LinuxSecurity.com: Multiple vulnerabilities were found in the rubygems package management framework, embedded in JRuby, a pure-Java implementation of the Ruby programming language.

Debian: DSA-4163-1: beep security update

Monday 2nd of April 2018 10:30:00 PM
LinuxSecurity.com: It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation. For the oldstable distribution (jessie), this problem has been fixed

Ubuntu 3614-1: OpenJDK 7 vulnerabilities

Monday 2nd of April 2018 07:36:00 PM
LinuxSecurity.com: Several security issues were fixed in OpenJDK 7.

Ubuntu 3613-1: OpenJDK 8 vulnerabilities

Monday 2nd of April 2018 07:36:00 PM
LinuxSecurity.com: Several security issues were fixed in OpenJDK 8.

Ubuntu 0036-1: Linux kernel vulnerability

Monday 2nd of April 2018 01:54:00 PM
LinuxSecurity.com: Several security issues were fixed in the kernel.

Ubuntu 3587-2: Dovecot vulnerabilities

Monday 2nd of April 2018 01:31:00 PM
LinuxSecurity.com: Several security issues were fixed in Dovecot.

Debian: DSA-4162-1: irssi security update

Sunday 1st of April 2018 10:30:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service. For the stable distribution (stretch), these problems have been fixed in

Debian LTS: DLA-1336-1: rubygems security update

Sunday 1st of April 2018 07:18:00 PM
LinuxSecurity.com: Multiple vulnerabilities were found in rubygems, a package management framework for Ruby. CVE-2018-1000075

Debian: DSA-4160-1: libevt security update

Sunday 1st of April 2018 02:52:00 PM
LinuxSecurity.com: It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log (EVT) format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.

Debian: DSA-4159-1: remctl security update

Sunday 1st of April 2018 02:11:00 PM
LinuxSecurity.com: Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code.

Debian: DSA-4161-1: python-django security update

Sunday 1st of April 2018 01:16:00 PM
LinuxSecurity.com: James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize() function or django.utils.text.Truncator's chars() and words() methods

Debian LTS: DLA-1335-1: zsh security update

Sunday 1st of April 2018 12:19:00 AM
LinuxSecurity.com: Two security vulnerabilities were discovered in the Z shell. CVE-2018-1071 Stack-based buffer overflow in the exec.c:hashcmd() function.

Debian LTS: DLA-1334-1: mosquitto security update

Saturday 31st of March 2018 08:24:00 PM
LinuxSecurity.com: CVE-2017-7651 A crafted CONNECT packet from an unauthenticated client could result in extraordinary memory consumption.

Debian LTS: DLA-1333-1: dovecot security update

Saturday 31st of March 2018 08:13:00 PM
LinuxSecurity.com: Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues:

Debian LTS: DLA-1332-1: libvncserver security update

Saturday 31st of March 2018 12:57:00 AM
LinuxSecurity.com: libvncserver version through 0.9.11. does not sanitize msg.cct.length which may result in access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

Debian LTS: DLA-1331-1: mercurial security update

Friday 30th of March 2018 03:34:00 PM
LinuxSecurity.com: Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in

Debian LTS: DLA-1330-1: openssl security update

Friday 30th of March 2018 03:24:00 PM
LinuxSecurity.com: It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.

openSUSE: 2018:0855-1: important: memcached

Friday 30th of March 2018 03:08:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

openSUSE: 2018:0851-1: important: LibVNCServer

Friday 30th of March 2018 12:07:00 AM
LinuxSecurity.com: An update that fixes three vulnerabilities is now available.

More in Tux Machines

today's howtos

Ubuntu: Ubuntu 18.04 Install and First Look, Canonical and Trilio Deal, Ubuntu Server Development and Shuttleworth's Controversy

  • Ubuntu 18.04 Install and First Look
    The long anticipated Ubuntu 18.04 “Bionic Beaver” Long Term Support (LTS) release has arrived… Let’s install it and take a look around.
  • Canonical Managed Cloud adds data protection and recovery with Trilio
    Canonical and Trilio announced today a partnership agreement to deliver TrilioVault backup and recovery solutions as part of BootStack, Canonical’s fully managed OpenStack private cloud solution. TrilioVault will also be made available as an option to Ubuntu Advantage support customers. As a result, users already taking advantage of the Ubuntu platform for their OpenStack deployment now have seamless access to the only OpenStack-native data protection solution on the market. Together, the two companies are pushing the boundaries of enterprise OpenStack clouds to become increasingly easier to build, simpler to manage, and more reliable in the event of a disaster.
  • Ubuntu Server development summary – 22 May 2018
  • Ubuntu's Shuttleworth Creates Controversy with OpenStack Summit Vancouver Keynote
    The OpenStack Foundation is facing a bit of drama and controversy as it deals with issues related to a keynote delivered by Ubuntu Linux founder, Mark Shuttleworth at the OpenStack Summit here on May 21. Typically the OpenStack Foundation posts videos of all its session online within 24 hours, but with the Shuttleworth keynote, the video was apparently posted and then promptly removed. During his keynote, Shuttleworth took direct aim at his OpenStack competitor Red Hat, which apparently made some people in the OpenStack Summit community uncomfortable.

Offline Computing – 10 Apps for the Digital Nomad

In today’s always-connected, constantly-inturrupted world, it can often be rewarding to go offline. Disconnecting from the Internet doesn’t mean you have to buy a yurt, live on beans, and get no work done though! While there’s a ton of great apps in the Snap store which rely on a connection to function, there’s also a lot you can do offline. So whether you’re taking a trip that doesn’t offer (reasonably priced) in-flight wifi, or want to live life the digital nomad style, we’ve got some apps for you! These all work offline, so once installed you can work, study & play without a connection. Read more Also: Linux Release Roundup: GNOME Twitch, Shotwell & GIMP

Finally: Historic Eudora email code goes open source

The source code to the Eudora email client is being released by the Computer History Museum, after five years of discussion with the IP owner, Qualcomm. The Mac software was well loved by early internet adopters and power users, with versions appearing for Palm, Newton and Windows. At one time, the brand was so synonymous with email that Lycos used Eudora to brand its own webmail service. As the Mountain View, California museum has noted, "It’s hard to overstate Eudora’s popularity in the mid-1990s." Read more Also: The Computer History Museum Just Made Eudora Open Source