Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 3 days 4 hours ago

Fedora 21 mingw-curl-7.42.0-1.fc21

Monday 4th of May 2015 11:29:00 AM
LinuxSecurity.com: Update to 7.42.0 which fixes various CVE's

Fedora 21 mingw-libgcrypt-1.6.3-1.fc21

Monday 4th of May 2015 11:28:00 AM
LinuxSecurity.com: Update to 1.6.3 which fixes CVE-2014-3591 CVE-2015-0837

Mandriva: 2015:220: curl

Monday 4th of May 2015 04:28:00 AM
LinuxSecurity.com: Updated curl packages fix security vulnerabilities: NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user (CVE-2015-3143). [More...]

Mandriva: 2015:219: curl

Monday 4th of May 2015 04:28:00 AM
LinuxSecurity.com: Updated curl packages fix security vulnerabilities: NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user (CVE-2015-3143). [More...]

Fedora 20 proftpd-1.3.4e-3.fc20

Sunday 3rd of May 2015 01:25:00 PM
LinuxSecurity.com: Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by *unauthenticated clients*Upstream report:http://bugs.proftpd.org/show_bug.cgi?id=4169This update contains a backported fix for this issue.Note that mod_copy is not loaded/enabled by default in the Fedora package.

Fedora 22 proftpd-1.3.5-6.fc22

Sunday 3rd of May 2015 01:25:00 PM
LinuxSecurity.com: Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by unauthenticated clientsUpstream report: http://bugs.proftpd.org/show_bug.cgi?id=4169Note that mod_copy is not loaded/enabled by default in the Fedora package.

Fedora 22 kernel-4.0.1-300.fc22

Sunday 3rd of May 2015 01:23:00 PM
LinuxSecurity.com: The 4.0.1 stable update contains a number of important fixes across the tree.

Fedora 22 libarchive-3.1.2-12.fc22

Sunday 3rd of May 2015 01:22:00 PM
LinuxSecurity.com: Security fix for bug 1216891

Fedora 22 clamav-0.98.7-1.fc22

Sunday 3rd of May 2015 01:21:00 PM
LinuxSecurity.com: ClamAV 0.98.7=============This release contains new scanning features and bug fixes. - Improvements to PDF processing: decryption, escape sequence handling, and file property collection. - Scanning/analysis of additional Microsoft Office 2003 XML format. - Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. - Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222. - Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong. - Fix a couple crashes on crafted upack packed file. Identified and patches supplied by Sebastian Andrzej Siewior. - Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior. - Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668. - Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes. - Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305. - Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170. - Fix segfault scanning certain HTML files. Reported with sample by Kai Risku. - Improve detections within xar/pkg files.

Fedora 22 dovecot-2.2.16-2.fc22

Sunday 3rd of May 2015 01:21:00 PM
LinuxSecurity.com: fixes CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process- dovecot updated to 2.2.16- auth: Don't crash if master user login is attempted without any configured master=yes passdbs- Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages.- String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all.- fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes.- dovecot updated to 2.2.16- auth: Don't crash if master user login is attempted without any configured master=yes passdbs- Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages.- String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all.- fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes.

Fedora 20 ikiwiki-3.20150329-1.fc20

Sunday 3rd of May 2015 01:20:00 PM
LinuxSecurity.com: Update to the latest stable release of ikiwiki.See https://ikiwiki.info/news/version_3.20150329/ for the list of changes.

Fedora 21 ikiwiki-3.20150329-1.fc21

Sunday 3rd of May 2015 01:20:00 PM
LinuxSecurity.com: Update to the latest stable release of ikiwiki.See https://ikiwiki.info/news/version_3.20150329/ for the list of changes.

Debian: 3249-1: jqueryui: Summary

Sunday 3rd of May 2015 10:29:00 AM
LinuxSecurity.com: Security Report Summary

Fedora 21 clamav-0.98.7-1.fc21

Saturday 2nd of May 2015 02:12:00 PM
LinuxSecurity.com: ClamAV 0.98.7=============This release contains new scanning features and bug fixes. - Improvements to PDF processing: decryption, escape sequence handling, and file property collection. - Scanning/analysis of additional Microsoft Office 2003 XML format. - Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. - Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222. - Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong. - Fix a couple crashes on crafted upack packed file. Identified and patches supplied by Sebastian Andrzej Siewior. - Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior. - Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668. - Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes. - Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305. - Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170. - Fix segfault scanning certain HTML files. Reported with sample by Kai Risku. - Improve detections within xar/pkg files.

Debian: 3243-1: libxml-libxml-perl: Summary

Friday 1st of May 2015 01:14:00 PM
LinuxSecurity.com: Security Report Summary

Fedora 22 mingw-qt5-qtbase-5.4.1-2.fc22

Friday 1st of May 2015 12:55:00 PM
LinuxSecurity.com: Fix CVE-2015-0295, CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860

Fedora 22 mingw-curl-7.42.0-1.fc22

Friday 1st of May 2015 12:55:00 PM
LinuxSecurity.com: Update to 7.42.0 which fixes various CVE's

Fedora 22 mingw-libgcrypt-1.6.3-1.fc22

Friday 1st of May 2015 12:55:00 PM
LinuxSecurity.com: Update to 1.6.3 which fixes CVE-2014-3591 CVE-2015-0837

Fedora 20 qt3-3.3.8b-63.fc20

Friday 1st of May 2015 12:54:00 PM
LinuxSecurity.com: This update fixes CVE-2015-1860, a buffer overflow when loading some specific invalid GIF image files, which could be exploited for denial of service (application crash) and possibly even arbitrary code execution attacks. The security patch is backported from Qt 4.(Please note that Qt 3 is NOT vulnerable to the simultaneously published issues CVE-2015-1858 and CVE-2015-1859.)

Fedora 22 mingw-openssl-1.0.2a-1.fc22

Friday 1st of May 2015 12:45:00 PM
LinuxSecurity.com: Update to OpenSSL 1.0.2a which fixes various CVE's

More in Tux Machines

Sean Michael Kerner on OpenStack

Xubuntu 15.04 Vivid Vervet - Fabulous

I have to say, Xubuntu 15.04 Vivid Vervet shattered my expectations. Obliterated them. Overall, I was expecting a distro that would be about as good as its parent. Instead, I got this fine piece of digital machinery, which purrs and meows and growls like a turbo-charged tiger, if this silly metaphor makes any sense. Or is it an analogy? Now, one tiny software glitch, plus one big regression that affects the entire family. That's the sum of my complains. On the plus side, Xubuntu fully supports the hardware, including the tricky UEFI stuff, it's fast, robust, elegant, rich in software and features, simple and fun to use, and it works well with anything I've thrown at it. By far the best distro of this year. I don't give out 10/10 lightly, but I'm inclined to do that right now, even though the few tiny problems we've had prevent me from doing that. However, the whole package reminds me of Fuduntu, really. Pure and simple and just good. 9.99999/10. Try it, you won't be disappointed. We're done here. Read more

Akanda Pledges to Keep SDN Tech for OpenStack Open-Source

Rosendahl emphasized that Akanda was born as open-source software and will remain open-source. From a commercial perspective what Akanda provides to enterprises is support and professional services. Read more

A New Firefox OS phone

Last Monday, I bought the phone anyway. I must say that I am very pleased by its performance and very cheap price. One can swap the SIM card to use the phone with another carrier here, too. Read more