Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 5 hours 21 sec ago

Gentoo: 201701-13 HDF5: Multiple vulnerabilities

Monday 2nd of January 2017 09:55:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in HDF5 which could lead to the arbitrary execution of code.

Gentoo: 201701-12 memcached: Multiple vulnerabilities

Monday 2nd of January 2017 09:44:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in memcached which could lead to the remote execution of arbitrary code.

Gentoo: 201701-11 musl: Integer overflow

Monday 2nd of January 2017 09:37:00 AM
LinuxSecurity.com: An integer overflow in musl might allow an attacker to execute arbitrary code.

Gentoo: 201701-10 libotr, Pidgin OTR: Remote execution of arbitrary code

Monday 2nd of January 2017 09:23:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in libotr and Pidgin OTR, allowing remote attackers to execute arbitrary code.

Red Hat: 2017:0001-01: ipa: Moderate Advisory

Monday 2nd of January 2017 06:42:00 AM
LinuxSecurity.com: An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which [More...]

Fedora 24 mingw-openjpeg2-2.1.2-3.fc24

Sunday 1st of January 2017 06:20:00 PM
LinuxSecurity.com: This update fixes CVE-2016-9580 and CVE-2016-9581. ---- This update adds apatch to fix CVE-2016-9573 and CVE-2016-9572.

Fedora 24 openjpeg2-2.1.2-3.fc24

Sunday 1st of January 2017 06:20:00 PM
LinuxSecurity.com: This update fixes CVE-2016-9580 and CVE-2016-9581.

Fedora 25 libpng-1.6.27-1.fc25

Sunday 1st of January 2017 04:56:00 PM
LinuxSecurity.com: libpng 1.6.27 release, fixing a potential security issue. For details, seehttps://sourceforge.net/p/png-mng/mailman/message/35575076/

Gentoo: 201612-49 mod_wsgi: Privilege escalation

Thursday 29th of December 2016 08:24:00 PM
LinuxSecurity.com: A vulnerability in mod_wsgi could lead to privilege escalation.

Debian: 3749-1: dcmtk: Summary

Thursday 29th of December 2016 04:58:00 AM
LinuxSecurity.com: Security Report Summary

Slackware: 2016-363-01: python: Security Update

Thursday 29th of December 2016 03:43:00 AM
LinuxSecurity.com: New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. [More Info...]

Slackware: 2016-363-02: samba: Security Update

Thursday 29th of December 2016 03:43:00 AM
LinuxSecurity.com: New samba packages are available for Slackware 14.2 and -current to fix security issues. [More Info...]

Fedora 24 js-jquery-2.2.4-1.fc24

Thursday 29th of December 2016 03:23:00 AM
LinuxSecurity.com: Update to 2.2.4 with backport for XSS vulnerability.

Fedora 24 js-jquery1-1.12.4-2.fc24

Thursday 29th of December 2016 03:22:00 AM
LinuxSecurity.com: Update to latest jquery1 stable, with backport fix for XSS vulnerability.)

Fedora 24 tracker-1.8.2-1.fc24

Thursday 29th of December 2016 03:21:00 AM
LinuxSecurity.com: This update adds security sandboxing to tracker-extract.

Fedora 25 js-jquery1-1.12.4-2.fc25

Thursday 29th of December 2016 02:31:00 AM
LinuxSecurity.com: Update to latest jquery1 stable, with backport fix for XSS vulnerability.)

Fedora 25 smack-4.1.5-3.fc25

Thursday 29th of December 2016 02:30:00 AM
LinuxSecurity.com: fix for "TLS SecurityMode.required bypass via StripTLS attack"(rhbz#1406703,1406704)

Fedora 24 community-mysql-5.7.17-1.fc24

Tuesday 27th of December 2016 05:51:00 PM
LinuxSecurity.com: * Mon Dec 12 2016 Norvald H. Ryeng - 5.7.17-1 -Update to MySQL 5.7.17, for various fixes described athttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html - Add newplugin: connnection_control.so - Add MySQL Group Replication:group_replication.so - Add numactl-devel to buildreq and enable NUMA support (ifavailable) - Simplify boost path - Build compat-openssl10 in rawhide for now -Reqs. in -devel packages was incomplete

Fedora 24 nagios-plugins-2.1.4-2.fc24

Tuesday 27th of December 2016 05:50:00 PM
LinuxSecurity.com: Updated to 2.1.4

Fedora 24 python-wikitcms-2.1.10-1.fc24

Tuesday 27th of December 2016 05:50:00 PM
LinuxSecurity.com: This update contains a **SECURITY** fix for an issue with potentially seriousconsequences but very limited scope. If an administrator of a wiki you talked tousing python-wikitcms were malicious, they could cause arbitrary code executionas the user running wikitcms. No-one besides a wiki administrator could do this,as it requires crafting the wiki's response to an edit request to include amalicious payload. It also drops some now useless or unneeded code (due tochanges in mediawiki and mwclient).

More in Tux Machines

Code for Pakistan and Linux Foundation Event

  • Code for Pakistan to host Open Source Day for Women
    Open source refers to software with its source code publicly available for people to modify and share. However, it does not simply mean to write a source code and make it publicly available, it is also about collaborative participation, transparency, rapid growth and community-oriented development. The Open Source Day is an opportunity for women with a background in Computer Science to get started on Open Source Projects and network with mentors in the tech industry. It provides them an opportunity to come together and hone their tech skills.
  • Open Source Software Strategies for Enterprise IT
    Enterprises using open source code in infrastructure must understand both the risks and benefits of community-developed software. Professional open source management is a discipline that focuses on minimizing risk and delivering the benefits of open source software as efficiently as possible. For successful open source management, enterprises must adopt clear strategies, well-defined policies, and efficient processes. Nobody gets all this right the first time, so it’s also important to review and audit your policies for continuous improvement. Additionally, successful open source initiatives for enterprise IT must provide real ROI in acquisition, integration, and management.

Security Leftovers

Leftovers: BSD

  • BSD Mag: Understanding Unikernels by Russell Pavlicek
    The number of tasks which lend themselves to being unikernels is larger than you might think. In 2015, Martin Lucina announced the successful creation of a “RAMP” stack. A variant of the common “LAMP” stack (Linux. Apache, MySQL, PHP/Python), the “RAMP” stack employs NGINX, MySQL, and PHP each built on Rumprun. Rumprun is an instance of a Rump kernel, which is a unikernel system based on the modular operating system functions found in the NetBSD project. So even this very common solution stack can be successfully converted into unikernels.
  • Summary of the preliminary LLDB support project
    Operating systems can be called monitors as they handle system calls from userland processes. A similar task is performed by debuggers as they implement monitors for traced applications and interpret various events that occurred in tracees and are messaged usually with signals to their tracers. During this month I have started a new Process Plugin within LLDB to incept NativeProcessNetBSD - copied from NativeProcessLinux - implementing basic functionality and handling all the needed events in the MonitorCallback() function. To achieve these tasks, I had to add a bunch of new ptrace(2) interfaces in the kernel to cover all that is required by LLDB monitors. The current Process Plugin for NetBSD is capable to start a process, catch all the needed events correctly and if applicable resume or step the process.
  • NetBSD Making Progress On LLDB Debugger Support
    NetBSD developers have been implementing the relevant interfaces needed for the LLVM debugger to effectively monitor and work on the operating system. As part of that they have also improved some of their own documentation, provided new ptrace interfaces, and more. Those interested in LLDB and/or NetBSD can learn more about this debugging work via this NetBSD.org blog post.

Firefox 51 Released With FLAC Audio Support, WebGL 2.0 By Default

Firefox 51.0 just hit Mozilla's FTP servers for those wanting the latest version of this open-source web-browser. Firefox 51 isn't a big feature release for end-users but notably does have support for FLAC audio, at long last! Great to see the web browsers finally shipping support out-of-the-box for this open-source audio codec. Read more