Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 2 hours 47 min ago

Fedora 25 kernel-4.9.13-200.fc25

Thursday 2nd of March 2017 11:15:00 PM
LinuxSecurity.com: The 4.9.13 update contains a number of important fixes across the tree

Fedora 24 kernel-4.9.13-100.fc24

Thursday 2nd of March 2017 11:01:00 PM
LinuxSecurity.com: The 4.9.13 update contains a number of important fixes across the tree.

Fedora 24 xrdp-0.9.1-5.fc24

Thursday 2nd of March 2017 10:54:00 PM
LinuxSecurity.com: WARNING: Please note that this update comes with a slightly different syntax ofsesman.ini file, so if you edited this file by hand, you may need to look at the.rpmnew file and merge any required changes by hand. This release also createsthree files in /etc/xrdp directory if they don't already exist or are empty: -rsakeys.ini - cert.pem - key.pem Also note that in Fedora, the only backendthat will really work is still Xvnc for now. New features - New xorgxrdpbackend using existing Xorg with additional modules - Improvements to X11rdpbackend - Support for IPv6 (disabled by default) - Initial support for RemoteFXCodec (disabled by default) - Support for TLS security layer (preferred over RDPlayer if supported by the client) - Support for disabling deprecated SSLv3protocol and for selecting custom cipher suites in xrdp.ini - Support forbidirectional fastpath (enabled in both directions by default) - Support clientsthat don't support drawing orders, such as MS RDP client for Android, ChromeRDP(disabled by default) - More configurable login screen - Support for new virtualchannels: - - rdpdr: device redirection - - rdpsnd: audio output - - cliprdr:clipboard - - xrdpvr: xrdp video redirection channel (can be used along withNeutrinoRDP client) - Support for disabling virtual channels globally or bysession type - Allow to specify the path for backends (Xorg, X11rdp, Xvnc) -Added files for systemd support - Multi-monitor support - xrdp-chansrv stroeslogs in ${XDG_DATA_HOME}/xrdp now Security fixes - User's password could berecovered from the Xvnc password file - X11 authentication was not used

Red Hat: 2017:0435-01: python-oslo-middleware: Moderate Advisory

Thursday 2nd of March 2017 04:35:00 PM
LinuxSecurity.com: An update for python-oslo-middleware is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact [More...]

Red Hat: 2017:0403-01: kernel: Important Advisory

Thursday 2nd of March 2017 04:04:00 PM
LinuxSecurity.com: An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact [More...]

Red Hat: 2017:0402-01: kernel-rt: Important Advisory

Thursday 2nd of March 2017 04:03:00 PM
LinuxSecurity.com: An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, [More...]

Red Hat: 2017:0388-01: ipa: Moderate Advisory

Thursday 2nd of March 2017 04:00:00 PM
LinuxSecurity.com: An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which [More...]

Red Hat: 2017:0386-01: kernel: Important Advisory

Thursday 2nd of March 2017 03:59:00 PM
LinuxSecurity.com: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, [More...]

Red Hat: 2017:0387-01: kernel-rt: Important Advisory

Thursday 2nd of March 2017 03:59:00 PM
LinuxSecurity.com: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, [More...]

Red Hat: 2017:0396-01: qemu-kvm: Important Advisory

Thursday 2nd of March 2017 01:59:00 PM
LinuxSecurity.com: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, [More...]

Debian: 3800-1: libquicktime: Summary

Thursday 2nd of March 2017 04:20:00 AM
LinuxSecurity.com: Security Report Summary

Debian: 3794-2: munin: Summary

Thursday 2nd of March 2017 12:52:00 AM
LinuxSecurity.com: Security Report Summary

Fedora 25 vim-8.0.386-1.fc25

Wednesday 1st of March 2017 08:27:00 PM
LinuxSecurity.com: The newest upstream commit, CVE-2017-6350 vim: Integer overflow at anunserialize_uep memory allocation site, CVE-2017-6349 vim: Integer overflow at au_read_undo memory allocation site

Fedora 25 cxf-3.1.6-5.fc25

Wednesday 1st of March 2017 08:24:00 PM
LinuxSecurity.com: fix CVE-2017-3156 (rhbz#1425455,1425458)

Fedora 24 netpbm-10.77.00-3.fc24

Wednesday 1st of March 2017 07:52:00 PM
LinuxSecurity.com: Security fix for CVE-2017-2586, CVE-2017-2587 and CVE-2017-5849, ---- Addlicense information file copyright_summary ---- New version of netpbm isavailable (10.77.00) ---- add missing directives about bundled librariesjasper and jbigkit ---- New version of netpbm is available (10.76.00)

Red Hat: 2017:0361-01: openstack-puppet-modules: Moderate Advisory

Wednesday 1st of March 2017 07:00:00 PM
LinuxSecurity.com: An update for openstack-puppet-modules is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact [More...]

Red Hat: 2017:0359-01: openstack-puppet-modules: Moderate Advisory

Wednesday 1st of March 2017 06:59:00 PM
LinuxSecurity.com: An update for openstack-puppet-modules is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact [More...]

Debian: 3799-1: imagemagick: Summary

Wednesday 1st of March 2017 05:08:00 PM
LinuxSecurity.com: Security Report Summary

Red Hat: 2017:0366-01: kernel: Important Advisory

Wednesday 1st of March 2017 01:14:00 PM
LinuxSecurity.com: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. [More...]

Red Hat: 2017:0365-01: kernel: Important Advisory

Wednesday 1st of March 2017 01:00:00 PM
LinuxSecurity.com: An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact [More...]

More in Tux Machines

Leftovers: OSS and Sharing

  • Making your OpenStack monitoring stack highly available using Open Source tools
    Operators tasked with maintaining production environments are relying on monitoring stacks to provide insight to resource usage and a heads-up to threats of downtime. Perhaps the most critical function of a monitoring stack is providing alerts which trigger mitigation steps to ensure an environment stays up and running. Downtime of services can be business-critical, and often has extremely high cost ramifications. Operators working in cloud environments are especially reliant on monitoring stacks due to the increase in potential inefficiency and downtime that comes with greater resource usage. The constant visibility of resources and alerts that a monitoring stack provides, makes it a fundamental component of any cloud.
  • InfraRed: Deploying and Testing Openstack just made easier!
  • The journey of a new OpenStack service in RDO
    When new contributors join RDO, they ask for recommendations about how to add new services and help RDO users to adopt it. This post is not a official policy document nor a detailed description about how to carry out some activities, but provides some high level recommendations to newcomers based on what I have learned and observed in the last year working in RDO.
  • Getting to know the essential OpenStack components better
  • Getting to know core components, speed mentoring, and more OpenStack news
  • Testing LibreOffice 5.3 Notebookbar
    I teach an online CSCI class about usability. The course is "The Usability of Open Source Software" and provides a background on free software and open source software, and uses that as a basis to teach usability. The rest of the class is a pretty standard CSCI usability class. We explore a few interesting cases in open source software as part of our discussion. And using open source software makes it really easy for the students to pick a program to study for their usability test final project.
  • [Older] Drupal member sent out after BDSM lifestyle revealed

    Drupal, like many other open source projects, has a stated goal of welcoming and accepting all people, no matter their heritage, culture, sexual orientation, gender identity or other factors.

  • Controversy Erupts in Open-Source Community After Developer's Sex Life Made Public
    Drupal is a popular open-source content-management system, used to build websites. Like many other open-source projects, Drupal is guided by several committees that are supposed to be accountable to the community and its code of conduct, which enshrines values like "be considerate" and "be respectful." Also like many other open-source projects, Drupal attracts all sorts of people, some of whom are eclectic. Last week, under murky circumstances, Drupal creator Dries Buytaert banned one of the project's technical and community leaders, Larry Garfield. Buytaert attributed the decision to aspects of Garfield's private sex life. Many Drupal users and developers are up in arms about the perceived injustice of the move, exacerbated by what they see as a lack of transparency.
  • HospitalRun: Open Source Software for the Developing World
    When open source software is used for global health and global relief work, its benefits shine bright. The benefits of open source become very clear when human health and human lives are on the line. In this YouTube video, hear Harrisburg, Pennsylvania software developer Joel Worrall explain about HospitalRun software – open source cloud-based software used at developing world healthcare facilities.
  • Scotland emphasises sharing and reuse of ICT
    Scotland’s public administrations should focus on common, shared technology platforms, according to the new digital strategy, published on 22 March. The government says it wants to develop “shared infrastructure, services and standards in collaboration with our public sector partners, to reduce costs and enable resources to be focused on front-line services.”
  • [Older] OpenSSL Re-licensing to Apache License v. 2.0 To Encourage Broader Use with Other FOSS Projects and Products

    OpenSSL Launches New Website to Organize Process, Seeks to Contact All Contributors

  • Austria state secretary promotes open data
    The State Secretary at Austria’s Federal Chancellery, Muna Duzdar, is encouraging the making available of government data as open data. “The administration must set an example and support the open data culture by giving society its data back”, the State Secretary for Digitalisation said in a statement.
  • Study: Hungary should redouble open data initiatives
    The government of Hungary should redouble its efforts to make public sector information available as open data, and actively help to create market opportunities, a government white paper recommends. The ‘White Paper on National Data Policy’ was approved by the government in December.
  • Williamson School Board OKs developing open source science curriculum
    Science textbooks may be a thing of the past in Williamson County Schools. The Williamson County school board approved a proposal Monday night to use open source science resources instead of science textbooks. The switch will require a team of nine teachers to spend a year developing an open source curriculum.
  • How Elsevier plans to sabotage Open Access
    It was a long and difficult road to get the major publishing houses to open up to open access, but in the end the Dutch universities got their much awaited ‘gold deal’ for open access. A recently revealed contract between Elsevier and the Dutch research institutes lays bare the retardant tactics the publishing giant employs to stifle the growth of open access.
  • #0: Introducing R^4
  • RcppTOML 0.1.2

Security Leftovers

  • Security updates for Monday
  • FedEx Will Pay You $5 to Install Flash on Your Machine
    FedEx is making you an offer you can’t afford to accept. It’s offering to give you $5 (actually, it’s a discount on orders over $30) if you’ll just install Adobe Flash on your machine. Nobody who knows anything about online security uses Flash anymore, except when it’s absolutely necessary. Why? Because Flash is the poster child for the “security-vulnerability-of-the-hour” club — a group that includes another Adobe product, Acrobat. How unsafe is Flash? Let’s put it this way: seven years ago, Steve Jobs announced that Flash was to be forever banned from Apple’s mobile products. One of the reasons he cited was a report from Symantec that “highlighted Flash for having one of the worst security records in 2009.” Flash security hasn’t gotten any better since.
  • Every once in a while someone suggests to me that curl and libcurl would do better if rewritten in a “safe language”
  • An insecure dishwasher has entered the IoT war against humanity

    Regel says that he has contacted Miele on a number of occasions about the issue, but had failed to get a response to his missives, and this has no updated information on the vulnerability.

    He added, bleakly that "we are not aware of an actual fix."

  • Monday Witness: It's Time to Reconize a Civil Right Not to be Connected
    Along with death and taxes, two things appear inevitable. The first is that Internet of Things devices will not only be built into everything we can imagine, but into everything we can't as well. The second is that IoT devices will have wholly inadequate security, if they have any security at all. Even with strong defenses, there is the likelihood that governmental agencies will gain covert access to IoT devices anyway. What this says to me is that we need a law that guarantees consumers the right to buy versions of products that are not wirelessly enabled at all.
  • Remember kids, if you're going to disclose, disclose responsibly!
    If you pay any attention to the security universe, you're aware that Tavis Ormandy is basically on fire right now with his security research. He found the Cloudflare data leak issue a few weeks back, and is currently going to town on LastPass. The LastPass crew seems to be dealing with this pretty well, I'm not seeing a lot of complaining, mostly just info and fixes which is the right way to do these things.

Lightroom and Darktable: the verdict two years after switching

In summer 2015, I posted a detailed account of my tentative switch from Windows7 and Lightroom to Linux and Darktable. This was sparked by sudden crashes that were afflicting my system, but in a deeper sense grew from frustration with Windows and, to a lesser degree, with Lightroom. Once I headed for Linux, I decided to plunge in fully and commit to using Ubuntu and free, open-source photo software for several months – at least until the end of that year. That would give me a chance to see whether I could actually run my photography business on the new system. Read more

7 Linux Mainstream Distros Alternatives

Linux Mainstream Distros are quite popular as they have a large number of developers working on them as well as a large number of users using them. In addition, these distros also have strong support system. People often search alternatives for Linux Mainstream Distros but often get confused about which is the best one for them. So listed below are 7 best Linux mainstream distros alternative choices for you. Read more