Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 2 hours 2 min ago

Fedora 21 devscripts-2.15.8-1.fc21

Wednesday 12th of August 2015 03:05:00 AM
LinuxSecurity.com: Update to version 2.15.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.8_changelog for details. Fixes CVE-2015-5705.Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.

Fedora 22 devscripts-2.15.8-1.fc22

Wednesday 12th of August 2015 03:05:00 AM
LinuxSecurity.com: Update to version 2.15.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.8_changelog for details. Fixes CVE-2015-5705.Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.

Fedora 22 xfsprogs-3.2.2-2.fc22

Wednesday 12th of August 2015 03:03:00 AM
LinuxSecurity.com: Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image.The expectation of xfs_metadump is to obfuscate all but the shortest names in the metadata, as noted in the manpage:By default, xfs_metadump obfuscates most file (regular file, directory and symbolic link) names and extended attribute names to allow the dumps to be sent without revealing confidential information. Extended attribute values are zeroed and no data is copied. The only exceptions are file or attribute names that are 4 or less characters in length. Also file names that span extents (this can only occur with the mkfs.xfs(8) options where -n size > -b size) are not obfuscated. Names between 5 and 8 characters in length inclusively are partially obfuscated.While the xfs_metadump tool can be run by unprivileged users, it requires appropriate permissions to access block devices (such as root) where the sensitive data might be dumped. An unprivileged user, without access to the block device, could not use this flaw to obtain sensitive data they would not otherwise have permission to access.

Fedora 21 xen-4.4.2-9.fc21

Wednesday 12th of August 2015 03:01:00 AM
LinuxSecurity.com: QEMU heap overflow flaw while processing certain ATAPI commands.[XSA-138, CVE-2015-5154] (#1247142)rebuild efi grub.cfg if it is present (#1239309),add gcc5 build fixes, one needed for the following patch,modify gnutls use in line with Fedora's crypto policies (#117935)

Fedora 22 pure-ftpd-1.0.36-7.fc22

Wednesday 12th of August 2015 03:00:00 AM
LinuxSecurity.com: * denial of service in glob_()

Fedora 22 kernel-4.1.4-200.fc22

Wednesday 12th of August 2015 02:59:00 AM
LinuxSecurity.com: Update to latest upstream stable release, Linux v4.1.4. Fixes across the tree.

Fedora 22 xen-4.5.1-5.fc22

Wednesday 12th of August 2015 02:58:00 AM
LinuxSecurity.com: QEMU heap overflow flaw while processing certain ATAPI commands.[XSA-138, CVE-2015-5154] (#1247142)try again to fix xen-qemu-dom0-disk-backend.service (#1242246)correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246),rebuild efi grub.cfg if it is present (#1239309),re-enable remus by building with libnl3,modify gnutls use in line with Fedora's crypto policies (#1179352)

Debian: 3332-1: wordpress: Summary

Tuesday 11th of August 2015 03:56:00 PM
LinuxSecurity.com: Security Report Summary

Ubuntu: 2702-1: Firefox vulnerabilities

Tuesday 11th of August 2015 02:54:00 PM
LinuxSecurity.com: Firefox could be made to crash or run programs as your login if itopened a malicious website.

Fedora 21 lxc-1.0.7-2.fc21

Monday 10th of August 2015 10:13:00 PM
LinuxSecurity.com: Security fix for CVE-2015-1331, CVE-2015-1334.

Fedora 22 elasticsearch-1.6.1-0.fc22

Monday 10th of August 2015 10:12:00 PM
LinuxSecurity.com: updated to securty update of 1.6.1 - https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-releasedupdated to 1.6.0

Fedora 22 lxc-1.1.2-2.fc22

Monday 10th of August 2015 10:12:00 PM
LinuxSecurity.com: Security fix for CVE-2015-1331, CVE-2015-1334.

Fedora 22 rubygems-2.4.8-100.fc22

Monday 10th of August 2015 10:07:00 PM
LinuxSecurity.com: Update to RubyGems 2.4.8.

Debian: 3331-1: subversion: Summary

Monday 10th of August 2015 02:22:00 PM
LinuxSecurity.com: Security Report Summary

Fedora 23 rubygems-2.4.8-100.fc23

Monday 10th of August 2015 06:06:00 AM
LinuxSecurity.com: Update to RubyGems 2.4.8.

Fedora 23 lxc-1.1.2-2.fc23

Monday 10th of August 2015 06:06:00 AM
LinuxSecurity.com: Security fix for CVE-2015-1331, CVE-2015-1334.

Fedora 23 wordpress-4.2.4-1.fc23

Monday 10th of August 2015 06:04:00 AM
LinuxSecurity.com: **WordPress 4.2.4 Security and Maintenance Release**WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.Our thanks to those who have practiced responsible disclosure of security issues.WordPress 4.2.4 also fixes four bugs. For more information, see: the release notes or consult the list of changes.* the release notes: https://codex.wordpress.org/Version_4.2.4* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396

Fedora 23 xen-4.5.1-5.fc23

Monday 10th of August 2015 06:03:00 AM
LinuxSecurity.com: QEMU heap overflow flaw while processing certain ATAPI commands.[XSA-138, CVE-2015-5154] (#1247142)try again to fix xen-qemu-dom0-disk-backend.service (#1242246)

Fedora 23 firefox-39.0.3-1.fc23

Monday 10th of August 2015 06:03:00 AM
LinuxSecurity.com: Firefox security release. See:https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/

Fedora 21 community-mysql-5.6.26-1.fc21

Monday 10th of August 2015 05:59:00 AM
LinuxSecurity.com: Update to 5.6.26

More in Tux Machines

Munich Linux councillor: 'We didn't propose a switch back to Windows'

ONE OF THE CITY COUNCILLORS behind the alleged "Bring Back Windows" letter to Munich City officials has told The INQUIRER that she has no desire to see the city migrate back to Microsoft. Munich spurned Windows for its own version of Linux, known as Limux, and recent reports suggested it is once again getting high-level calls to trash the experiment and get back to the old days. The story, which has been circulating for the past week or so, is based on a memo sent by two councillors from the city which appeared to request consideration of a return to Windows. Read more

LLVM 3.7.0 Officially Released

LLVM 3.7 along with sub-projects like Clang 3.7.0 have been officially released this afternoon. Hans Wennborg announced 3.7.0 a few minutes ago on the mailing list. "This release contains the work of the LLVM community over the past six months: full OpenMP 3.1 support (behind a flag), the On Request Compilation (ORC) JIT API, a new backend for Berkeley Packet Filter (BPF), Control Flow Integrity checking, as well as improved optimizations, new Clang warnings, many bug fixes, and more." Read more

Rugged module runs Linux on i.MX6 UltraLite SoC

F&S announced a COM that runs Linux on Freescale’s Cortex-A7 based i.MX6 UltraLite SoC, and offers dual Ethernet, WiFi, and an industrial temperature range. Since May, when Freescale unveiled its new, Cortex-A7 based i.MX6 UltraLite SoC, we’ve seen several announcements of computer-on-module products that incorporate the new, more power-efficient processor. These include two products from TechNexion — an EDM form-factor COM and a module fits in an Intel Edison socket — plus an SODIMM-style COM from iWave Systems. Now, F&S Elektronik Systeme has announced that it is adding an i.MX6 UltraLite-based “efus-A7UL” module to its “efus” COM family. Read more

How Ubuntu 15.04 Vivid Vervet Can Prove Useful for Enterprise WiFi

I personally recommend Ubuntu 15.04 but you may choose some other enterprise distro such as RHEL 7.1 or SUSE Linux Enterprise Server. That’s okay, but if you follow my recommendation and choose Vivid Vervet instead, the discussion above would help you. Read more