Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 5 hours 30 min ago

Gentoo: 201611-09 Xen: Multiple vulnerabilities

Tuesday 15th of November 2016 02:56:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in Xen, the worst of which allows gaining of privileges on the host system.

Gentoo: 201611-08 libpng: Multiple vulnerabilities

Tuesday 15th of November 2016 02:52:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in libpng, the worst of which may allow remote attackers to cause Denial of Service.

Gentoo: 201611-07 polkit: Heap-corruption on duplicate IDs

Tuesday 15th of November 2016 02:48:00 AM
LinuxSecurity.com: polkit is vulnerable to local privilege escalation.

Gentoo: 201611-06 xinetd: Privilege escalation

Tuesday 15th of November 2016 02:23:00 AM
LinuxSecurity.com: A vulnerability in xinetd could lead to privilege escalation.

Gentoo: 201611-05 tnftp: Arbitrary code execution

Tuesday 15th of November 2016 02:07:00 AM
LinuxSecurity.com: tnftp is vulnerable to remote code execution if output file is not specified.

Fedora 23 tre-0.8.0-18.20140228gitc2f5d13.fc23

Monday 14th of November 2016 07:00:00 PM
LinuxSecurity.com: This update includes the following fixes: * fix for CVE-2016-8859 * fix forCVE-2015-3796 (see https://github.com/laurikari/tre/issues/37 andhttps://bugs.chromium.org/p/project-zero/issues/detail?id=428) * fix forparallel installation of multilib packages

Fedora 23 memcached-1.4.17-5.fc23

Monday 14th of November 2016 06:56:00 PM
LinuxSecurity.com: Security fix for CVE-2016-8704, CVE-2016-8705, CVE-2016-8706

Fedora 24 tre-0.8.0-18.20140228gitc2f5d13.fc24

Monday 14th of November 2016 04:11:00 PM
LinuxSecurity.com: This update includes the following fixes: * fix for CVE-2016-8859 * fix forCVE-2015-3796 (see https://github.com/laurikari/tre/issues/37 andhttps://bugs.chromium.org/p/project-zero/issues/detail?id=428) * fix forparallel installation of multilib packages

Red Hat: 2016:2718-01: chromium-browser: Important Advisory

Monday 14th of November 2016 04:11:00 PM
LinuxSecurity.com: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact [More...]

Red Hat: 2016:2702-01: policycoreutils: Important Advisory

Monday 14th of November 2016 08:04:00 AM
LinuxSecurity.com: An update for policycoreutils is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact [More...]

Debian: 3712-1: terminology: Summary

Sunday 13th of November 2016 04:40:00 PM
LinuxSecurity.com: Security Report Summary

Fedora 23 tomcat-8.0.38-1.fc23

Saturday 12th of November 2016 09:25:00 PM
LinuxSecurity.com: This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolvesmultiple CVEs and a problem that 8.0.37 introduces to freeipa: * rhbz#1375581 -CVE-2016-5388 Tomcat: CGI sets environmental variable based on user suppliedProxy request header * rhbz#1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794CVE-2016-6796 CVE-2016-6797 tomcat: various flaws and includes two additionalCVE fixes along with one bug fix: * rhbz#1383210 - CVE-2016-5425 tomcat: Localprivilege escalation via systemd-tmpfiles service * rhbz#1383216 - CVE-2016-6325tomcat: tomcat writable config files allow privilege escalation * rhbz#1370262 -catalina.out is no longer in use in the main package, but still gets rotated

Fedora 24 bind-9.10.4-2.P4.fc24

Saturday 12th of November 2016 07:08:00 PM
LinuxSecurity.com: Security fix for CVE-2016-8864

Fedora 24 mingw-libwebp-0.5.1-2.fc24

Saturday 12th of November 2016 07:01:00 PM
LinuxSecurity.com: This update backports an upstream patch to fix multiple integer overflows(CVE-2016-9085).

Fedora 24 tomcat-8.0.38-1.fc24

Saturday 12th of November 2016 07:01:00 PM
LinuxSecurity.com: This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolvesmultiple CVEs and a problem that 8.0.37 introduces to freeipa: * rhbz#1375581 -CVE-2016-5388 Tomcat: CGI sets environmental variable based on user suppliedProxy request header * rhbz#1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794CVE-2016-6796 CVE-2016-6797 tomcat: various flaws and includes two additionalCVE fixes along with one bug fix: * rhbz#1383210 - CVE-2016-5425 tomcat: Localprivilege escalation via systemd-tmpfiles service * rhbz#1383216 - CVE-2016-6325tomcat: tomcat writable config files allow privilege escalation * rhbz#1370262 -catalina.out is no longer in use in the main package, but still gets rotated

Fedora 24 sudo-1.8.18p1-1.fc24

Friday 11th of November 2016 04:08:00 PM
LinuxSecurity.com: - update to 1.8.18p1 - fixes CVE-2016-7076

Debian: 3711-1: mariadb-10.0: Summary

Friday 11th of November 2016 04:06:00 PM
LinuxSecurity.com: Security Report Summary

More in Tux Machines

Linux Foundation and Linux

openSUSE Tumbleweed Users Get Git 2.11, Xfce 4.12.3, FFmpeg 3.2.1 & Mesa 13.0.2

openSUSE's Douglas DeMaio reports on the latest Open Source and GNU/Linux technologies that landed in the repositories of the openSUSE Tumbleweed rolling operating system. Read more

What Is A VPN Connection? Why To Use VPN?

We all have heard about VPN sometime. Most of us normal users of internet use it. To bypass the region based restrictions of services like Netflix or Youtube ( Yes, youtube has geo- restrictions too). In fact, VPN is actually mostly used for this purpose only. ​ Read
more

The Libreboot C201 from Minifree is really really really ridiculously open source

Open source laptops – ones not running any commercial software whatsoever – have been the holy grail for free software fans for years. Now, with the introduction of libreboot, a truly open source boot firmware, the dream is close to fruition. The $730 laptop is a bog standard piece of hardware but it contains only open source software. The OS, Debian, is completely open source and to avoid closed software the company has added an Atheros Wi-Fi dongle with open source drivers rather than use the built-in Wi-Fi chip. Read more