Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 4 hours 42 min ago

Debian: DSA-4027-1: postgresql-9.4 security update

Thursday 9th of November 2017 10:36:00 PM
LinuxSecurity.com: A vulnerabilitiy has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset() and jsonb_populate_recordset() functions.

Debian: DSA-4026-1: bchunk security update

Thursday 9th of November 2017 05:52:00 PM
LinuxSecurity.com: Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

Fedora 25: ansible Security Update

Wednesday 8th of November 2017 11:31:00 PM
LinuxSecurity.com: Update to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes.

Fedora 26: ansible Security Update

Wednesday 8th of November 2017 11:28:00 PM
LinuxSecurity.com: Update to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes.

Debian: DSA-4025-1: libpam4j security update

Wednesday 8th of November 2017 10:33:00 PM
LinuxSecurity.com: It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt() during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.

Debian: DSA-4022-1: libreoffice security update

Wednesday 8th of November 2017 10:17:00 PM
LinuxSecurity.com: Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened.

openSUSE: 2017:2953-1: important: chromium

Wednesday 8th of November 2017 03:07:00 PM
LinuxSecurity.com: An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

Debian: DSA-4024-1: chromium-browser security update

Wednesday 8th of November 2017 12:20:00 PM
LinuxSecurity.com: Several vulnerabilities have been discovered in the chromium browser. CVE-2017-15398

SuSE: 2017:2948-1: important: krb5

Wednesday 8th of November 2017 12:16:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

SuSE: 2017:2946-1: important: qemu

Wednesday 8th of November 2017 12:10:00 PM
LinuxSecurity.com: An update that solves 33 vulnerabilities and has two fixes An update that solves 33 vulnerabilities and has two fixes An update that solves 33 vulnerabilities and has two fixes is now available. is now available.

Fedora 25: kernel Security Update

Tuesday 7th of November 2017 11:42:00 PM
LinuxSecurity.com: The 4.13.11 update contains a number of important fixes across the tree.

Fedora 25: php Security Update

Tuesday 7th of November 2017 11:41:00 PM
LinuxSecurity.com: **PHP version 7.0.25** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236 (infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252 (Incorrect token formatting on two parse errors in one request). (Nikita) * Fixed bug php#75220 (Segfault when calling is_callable on parent).

Fedora 25: nodejs Security Update

Tuesday 7th of November 2017 11:41:00 PM
LinuxSecurity.com: # 2017-10-24, Version 6.11.5 'Boron' (LTS), @MylesBorins This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities. ## Notable Changes * zlib: * CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate

Fedora 26: kernel Security Update

Tuesday 7th of November 2017 10:22:00 PM
LinuxSecurity.com: The 4.13.11 update contains a number of important fixes across the tree.

Fedora 26: libgcrypt Security Update

Tuesday 7th of November 2017 10:22:00 PM
LinuxSecurity.com: Minor security update release 1.7.9.

Fedora 26: wget Security Update

Tuesday 7th of November 2017 10:22:00 PM
LinuxSecurity.com: new upstream release with CVE fixes

Fedora 26: rpm Security Update

Tuesday 7th of November 2017 10:21:00 PM
LinuxSecurity.com: This latest stable release on rpm 4.13.x branch brings in several important bugfixes. For details see release notes at http://rpm.org/wiki/Releases/4.13.0.2.

Fedora 26: php Security Update

Tuesday 7th of November 2017 10:21:00 PM
LinuxSecurity.com: **PHP version 7.1.11** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236 (infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252 (Incorrect token formatting on two parse errors in one request). (Nikita) * Fixed bug php#75220 (Segfault when calling is_callable on parent).

Fedora 26: poppler Security Update

Tuesday 7th of November 2017 10:21:00 PM
LinuxSecurity.com: Resolves: rhbz#1505731 rebuild for qt5 5.9.2 ---- Security fix for CVE-2017-14926, CVE-2017-14927 and CVE-2017-14928. ---- Security fix for CVE-2017-14617 ---- Security fix for CVE-2017-14517, CVE-2017-14518, CVE-2017-14519 and CVE-2017-14929.

Fedora 26: qemu Security Update

Tuesday 7th of November 2017 10:20:00 PM
LinuxSecurity.com: * Fix usb3 drive issues with windows guests (bz #1493196) * CVE-2017-15038: 9p: information disclosure when reading extended attributes (bz #1499111) * CVE-2017-15268: potential memory exhaustion via websock connection to VNC (bz #1496882) * CVE-2017-14167: multiboot OOB access while loading kernel image (bz #1489376) * CVE-2017-13672: vga: OOB read access during display update (bz

More in Tux Machines

OSS Leftovers

  • The Future of Marketing Technology Is Headed for an Open-Source Revolution
  • Edging Closer – ODS Sydney
    Despite the fact that OpenStack’s mission statement has not fundamentally changed since the inception of the project in 2010, we have found many different interpretations of the technology through the years. One of them was that OpenStack would be an all-inclusive anything-as-a-service, in a striking parallel to the many different definitions the “cloud” assumed at the time. At the OpenStack Developer Summit in Sydney, we found a project that is returning to its roots: scalable Infrastructure-as-a-Service. It turns out, that resonates well with its user base.
  • Firefox Quantum Now Available on openSUSE Tumbleweed, Linux 4.14 Coming Soon
    Users of the openSUSE Tumbleweed rolling operating system can now update their computers to the latest and greatest Firefox Quantum web browser.
  • Short Delay with WordPress 4.9
    You may have heard WordPress 4.9 is out. While this seems a good improvement over 4.8, it has a new editor that uses codemirror.  So what’s the problem? Well, inside codemirror is jshint and this has that idiotic no evil license. I think this was added in by WordPress, not codemirror itself. So basically WordPress 4.9 has a file, or actually a tiny part of a file that is non-free.  I’ll now have to delay the update of WordPress to hack that piece out, which probably means removing the javascript linter. Not ideal but that’s the way things go.

Red Hat and Fedora Leftovers

Darling ('Wine' for OS X) and Games Leftovers

Linux 4.13.14, 4.9.63, 4.4.99, and 3.18.82