Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 3 hours 27 min ago

Ubuntu 3410-1: GD library vulnerability

Tuesday 5th of September 2017 01:05:00 PM
LinuxSecurity.com: GD library could be made to crash if it opened a specially crafted file.

SuSE: 2017:2350-1: important: python-pycrypto

Tuesday 5th of September 2017 12:21:00 PM
LinuxSecurity.com: An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is now available. is now available.

Gentoo: GLSA-201709-01: MCollective: Remote Code Execution

Monday 4th of September 2017 06:48:00 PM
LinuxSecurity.com: A vulnerability in MCollective might allow remote attackers to execute arbitrary code.

Fedora 25: glibc Security Update

Monday 4th of September 2017 06:04:00 PM
LinuxSecurity.com: This update fixes a minor security vulnerability in the Sun RPC client (CVE-2017-12133).

SuSE: 2017:2344-1: important: libzypp, zypper

Monday 4th of September 2017 03:55:00 PM
LinuxSecurity.com: An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.

SuSE: 2017:2342-1: important: the Linux Kernel

Monday 4th of September 2017 03:25:00 PM
LinuxSecurity.com: An update that solves 44 vulnerabilities and has 135 fixes An update that solves 44 vulnerabilities and has 135 fixes An update that solves 44 vulnerabilities and has 135 fixes is now available. is now available.

Ubuntu 3409-1: FontForge vulnerabilities

Monday 4th of September 2017 12:34:00 PM
LinuxSecurity.com: Several security issues were fixed in FontForge.

Fedora 27: libidn2 Security Update

Monday 4th of September 2017 12:34:00 PM
LinuxSecurity.com: Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora

Fedora 27: xen Security Update

Monday 4th of September 2017 12:33:00 PM
LinuxSecurity.com: Qemu: usb: ohci: infinite loop due to incorrect return value [CVE-2017-9330] (#1457698) Qemu: nbd: segmentation fault due to client non-negotiation [CVE-2017-9524] (#1460173) Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466) Qemu: exec: oob access during dma operation [CVE-2017-11334] (#1471640) revised full fix for XSA-226 (regressed

SuSE: 2017:2339-1: important: xen

Monday 4th of September 2017 12:21:00 PM
LinuxSecurity.com: An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available.

Ubuntu 3408-1: Liblouis vulnerabilities

Monday 4th of September 2017 10:50:00 AM
LinuxSecurity.com: Several security issues were fixed in Liblouis.

openSUSE: 2017:2337-1: important: php7

Monday 4th of September 2017 06:21:00 AM
LinuxSecurity.com: An update that solves 9 vulnerabilities and has two fixes An update that solves 9 vulnerabilities and has two fixes An update that solves 9 vulnerabilities and has two fixes is now available. is now available.

Fedora 26: openjpeg2 Security Update

Sunday 3rd of September 2017 06:42:00 PM
LinuxSecurity.com: This update fixes CVE-2017-12982.

Fedora 26: mingw-openjpeg2 Security Update

Sunday 3rd of September 2017 06:41:00 PM
LinuxSecurity.com: This update fixes CVE-2017-12982.

Fedora 26: xen Security Update

Sunday 3rd of September 2017 06:41:00 PM
LinuxSecurity.com: Qemu: usb: ohci: infinite loop due to incorrect return value [CVE-2017-9330] (#1457698) Qemu: nbd: segmentation fault due to client non-negotiation [CVE-2017-9524] (#1460173) Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466) Qemu: exec: oob access during dma operation [CVE-2017-11334] (#1471640) revised full fix for XSA-226 (regressed

Fedora 25: libidn2 Security Update

Sunday 3rd of September 2017 12:47:00 AM
LinuxSecurity.com: Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora

Fedora 26: libidn2 Security Update

Saturday 2nd of September 2017 06:50:00 PM
LinuxSecurity.com: Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora

Fedora 26: gd Security Update

Saturday 2nd of September 2017 06:50:00 PM
LinuxSecurity.com: **Version 2.2.5** - 2017-08-30 * **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** * **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386:

Fedora 26: mbedtls Security Update

Saturday 2nd of September 2017 06:48:00 PM
LinuxSecurity.com: - Update to 2.6.0 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.6.0-2.1.9-and-1.3.21-released Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security- advisory-2017-02

openSUSE: 2017:2332-1: important: freerdp

Saturday 2nd of September 2017 12:29:00 PM
LinuxSecurity.com: An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available.

More in Tux Machines

Security: Equifax, Kodi, Infrared, and Windows XP in 2017

  • Safer but not immune: Cloud lessons from the Equifax breach
  • Warning: If you are using this Kodi repository, you could be in danger
    Kodi is quite possibly the best media center software of all time. If you are looking to watch videos or listen to music, the open source solution provides an excellent overall experience. Thanks to its support for "addons," it has the potential to become better all the time. You see, developers can easily add new functionality by writing an addon for the platform. And yes, some addons can be used for piracy, but not all of them are. These addons, such as Exodus and Covenant, are normally added using a repository, which hosts them. [...] We do not know 100 percent if the person that re-registered the metalkettle name on GitHub is planning anything evil, but it is better to be safe than sorry.
  • Infrared signals in surveillance cameras let malware jump network air gaps
    The malware prototype could be a crucial ingredient for attacks that target some of the world's most sensitive networks. Militaries, energy producers, and other critical infrastructure providers frequently disconnect such networks from the Internet as a precaution. In the event malware is installed, there is no way for it to make contact with attacker-controlled servers that receive stolen data or issue new commands. Such airgaps are one of the most basic measures for securing highly sensitive information and networks. The proof-of-concept malware uses connected surveillance cameras to bridge such airgaps. Instead of trying to use the Internet to reach attacker-controlled servers, the malware weaves passwords, cryptographic keys, and other types of data into infrared signals and uses a camera's built-in infrared lights to transmit them. A nearby attacker then records the signals with a video camera and later decodes embedded secrets. The same nearby attackers can embed data into infrared signals and beam them to an infected camera, where they're intercepted and decoded by the network malware. The covert channel works best when attackers have a direct line of sight to the video camera, but non-line-of-sight communication is also possible in some cases.
  • Manchester police still relies on Windows XP
    England's second biggest police force has revealed that more than one in five of its computers were still running Windows XP as of July. Greater Manchester Police told the BBC that 1,518 of its PCs ran the ageing operating system, representing 20.3% of all the office computers it used. Microsoft ended nearly all support for the operating system in 2014. Experts say its use could pose a hacking risk. The figure was disclosed as part of a wider Freedom of Information request. "Even if security vulnerabilities are identified in XP, Microsoft won't distribute patches in the same way it does for later releases of Windows," said Dr Steven Murdoch, a cyber-security expert at University College London.

Flock 2017, Fedora 27, and New Fedora 26 (F26) ISO

  • Flock 2017: How to make your application into a Flatpak?
  • Flock to Fedora 2017
  • Flock 2017 – A Marketing talk about a new era to come.
    I had two session at Flock this year, one done by me and another in support of Robert Mayr in the Mindshare one, if there were been any need for discussing. Here I’m talking about my session: Marketing – tasks and visions (I will push the report about the second one after Robert’s one, for completion). In order to fit the real target of a Flock conference (that is a contributor conference, not a show where people must demonstrate how much cool they are; we know it!) is to bring and show something new, whether ideas, software, changes and so on, and discuss with other contributors if they’re really innovative, useful and achievable.
  • F26-20170918 Updated Live isos released
  • GSoC2017 Final — Migrate Plinth to Fedora Server
  • Building Modules for Fedora 27
    Let me start with a wrong presumption that you have everything set up – you are a packager who knows what they want to achieve, you have a dist-git repository created, you have all the tooling installed. And of course, you know what Modularity is, and how and why do we use modulemd to define modular content. You know what Host, Platform, and Bootstrap modules are and how to use them.

Red Hat Financial Results Expectations High

Will Microsoft love Linux to death? Shuttleworth and Stallman on whether Windows 10 is free software's friend

Richard Stallman is a free-software activist and creator of the GNU OS that forms part of the basis of modern GNU/Linux distros. He believes that Microsoft's decision to build a Windows Subsystem for Linux (WSL) amounts to an attempt to extinguish software that users are free to run, copy, distribute, study, change and improve. "It certainly looks that way. But it won't be so easy to extinguish us, because our reasons for using and advancing free software are not limited to practical convenience," he said. "We want freedom. As a way to use computers in freedom, Windows is a non-starter." Read more