Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 7 hours 59 min ago

Slackware: 2015-226-02: mozilla-thunderbird: Security Update

Friday 14th of August 2015 06:41:00 PM
LinuxSecurity.com: New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]

Ubuntu: 2709-1: pollinate update

Friday 14th of August 2015 03:06:00 PM
LinuxSecurity.com: The certificate bundled with pollinate has been refreshed.

Red Hat: 2015:1623-01: kernel: Important Advisory

Thursday 13th of August 2015 01:24:00 PM
LinuxSecurity.com: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]

Fedora 22 gnutls-3.3.17-1.fc22

Thursday 13th of August 2015 01:01:00 PM
LinuxSecurity.com: updated to 3.3.17

Fedora 22 wordpress-4.2.4-1.fc22

Thursday 13th of August 2015 12:58:00 PM
LinuxSecurity.com: **WordPress 4.2.4 Security and Maintenance Release**WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.Our thanks to those who have practiced responsible disclosure of security issues.WordPress 4.2.4 also fixes four bugs. For more information, see: the release notes or consult the list of changes.* the release notes: https://codex.wordpress.org/Version_4.2.4* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396**WordPress 4.2.3 Security and Maintenance Release**WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.Our thanks to those who have practiced responsible disclosure of security issues.WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:* the release notes: https://codex.wordpress.org/Version_4.2.3* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430

Fedora 22 pcre-8.37-3.fc22

Thursday 13th of August 2015 12:58:00 PM
LinuxSecurity.com: This release fixes buffer overflows when compiling certain expressions.

Fedora 22 nbd-3.11-1.fc22

Thursday 13th of August 2015 12:56:00 PM
LinuxSecurity.com: * Fix unsafe signal handlers to avoid DoS attack [CVE-2015-0847].

Fedora 21 wordpress-4.2.4-1.fc21

Thursday 13th of August 2015 12:55:00 PM
LinuxSecurity.com: **WordPress 4.2.4 Security and Maintenance Release**WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.Our thanks to those who have practiced responsible disclosure of security issues.WordPress 4.2.4 also fixes four bugs. For more information, see: the release notes or consult the list of changes.* the release notes: https://codex.wordpress.org/Version_4.2.4* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396**WordPress 4.2.3 Security and Maintenance Release**WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.Our thanks to those who have practiced responsible disclosure of security issues.WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:* the release notes: https://codex.wordpress.org/Version_4.2.3* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430

Fedora 21 nbd-3.11-1.fc21

Thursday 13th of August 2015 12:55:00 PM
LinuxSecurity.com: * Fix unsafe signal handlers to avoid DoS attack [CVE-2015-0847].

Debian: 3335-1: request-tracker4: Summary

Thursday 13th of August 2015 09:17:00 AM
LinuxSecurity.com: Security Report Summary

Red Hat: 2015:1603-01: flash-plugin: Critical Advisory

Wednesday 12th of August 2015 11:56:00 AM
LinuxSecurity.com: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]

Debian: 3334-1: gnutls28: Summary

Wednesday 12th of August 2015 10:52:00 AM
LinuxSecurity.com: Security Report Summary

Debian: 3333-1: iceweasel: Summary

Wednesday 12th of August 2015 06:25:00 AM
LinuxSecurity.com: Security Report Summary

Fedora 21 kernel-4.1.4-100.fc21

Wednesday 12th of August 2015 03:06:00 AM
LinuxSecurity.com: Update to latest upstream stable release, Linux v4.1.4. Fixes across the tree.

Fedora 21 devscripts-2.15.8-1.fc21

Wednesday 12th of August 2015 03:05:00 AM
LinuxSecurity.com: Update to version 2.15.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.8_changelog for details. Fixes CVE-2015-5705.Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.

Fedora 22 devscripts-2.15.8-1.fc22

Wednesday 12th of August 2015 03:05:00 AM
LinuxSecurity.com: Update to version 2.15.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.8_changelog for details. Fixes CVE-2015-5705.Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.

Fedora 22 xfsprogs-3.2.2-2.fc22

Wednesday 12th of August 2015 03:03:00 AM
LinuxSecurity.com: Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image.The expectation of xfs_metadump is to obfuscate all but the shortest names in the metadata, as noted in the manpage:By default, xfs_metadump obfuscates most file (regular file, directory and symbolic link) names and extended attribute names to allow the dumps to be sent without revealing confidential information. Extended attribute values are zeroed and no data is copied. The only exceptions are file or attribute names that are 4 or less characters in length. Also file names that span extents (this can only occur with the mkfs.xfs(8) options where -n size > -b size) are not obfuscated. Names between 5 and 8 characters in length inclusively are partially obfuscated.While the xfs_metadump tool can be run by unprivileged users, it requires appropriate permissions to access block devices (such as root) where the sensitive data might be dumped. An unprivileged user, without access to the block device, could not use this flaw to obtain sensitive data they would not otherwise have permission to access.

Fedora 21 xen-4.4.2-9.fc21

Wednesday 12th of August 2015 03:01:00 AM
LinuxSecurity.com: QEMU heap overflow flaw while processing certain ATAPI commands.[XSA-138, CVE-2015-5154] (#1247142)rebuild efi grub.cfg if it is present (#1239309),add gcc5 build fixes, one needed for the following patch,modify gnutls use in line with Fedora's crypto policies (#117935)

Fedora 22 pure-ftpd-1.0.36-7.fc22

Wednesday 12th of August 2015 03:00:00 AM
LinuxSecurity.com: * denial of service in glob_()

Fedora 22 kernel-4.1.4-200.fc22

Wednesday 12th of August 2015 02:59:00 AM
LinuxSecurity.com: Update to latest upstream stable release, Linux v4.1.4. Fixes across the tree.

More in Tux Machines

Wayland in Fedora 23 Linux Allows for Use of Multiple Monitors with Different DPIs

Fedora Project, through Christian Schaller, was proud to report on the progress made for the next-generation Wayland display server that it might be used by default on the upcoming major release of the Fedora Linux operating system, Fedora 23. Read more

GNOME Developers Discuss Codenames, GNOME 3.18 Might be Dubbed "Gothenburg"

Allan Day, a GNOME UX designer working for Red Hat and renowned GNOME developer/contributor, opened an interesting discussion on the official GNOME mailing list, about possible codenames for upcoming releases of the acclaimed desktop environment for GNU/Linux operating systems. Read more

Developer lowers Drupal's barrier to entry

From a consumer perspective, I'd like open source to be ubiquitous to the point of invisibility. Using recent Ubuntu distros, I'm always shocked at how professional the environment feels. Just five years ago, you'd need to hunt down drivers and do a bunch of fiddling to get basic things like a sound card working. Now there are so many pushbutton ways to deploy open source tech, from OSes to CMS distros on Pantheon to buying an Android-powered mobile phone. We're not quite to the point where CMS users can feel like open source is transparent; there's still a huge investment in vendors to give you the expertise to manage your Drupal or WordPress site, for example. But we're closer than we were a decade ago, and that's pretty exciting. Read more

Intel invests $60 million in drone venture

Intel is investing $60 million in UAV firm Yuneec, whose prosumer “Typhoon” drones use Android-based controllers. Intel Corp. CEO Brian Krzanich and Yuneec International CEO Tian Yu took to YouTube to announce an Intel investment of more than $60 million in the Hong Kong based company to help develop drone technology. No more details were provided except for Krzanich’s claim that “We’ve got drones on our road map that are going to truly change the world and revolutionize the industry.” One possibility is that Intel plans to equip the drones with its RealSense 3D cameras (see farther below). Read more