Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 3 hours 51 min ago

Fedora 31: xpdf 2020-de27bb80af>

Saturday 4th of July 2020 09:49:29 PM
Fix CVE-2019-12360.

Mageia 2020-0274: firefox security update>

Saturday 4th of July 2020 08:48:25 PM
Updated nss and firefox packages fix security vulnerabilities: NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys (CVE-2020-12399).

Mageia 2020-0273: libexif security update>

Saturday 4th of July 2020 08:48:23 PM
The updated packages fix a security vulnerability: In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction

Mageia 2020-0272: vlc security update>

Saturday 4th of July 2020 08:48:22 PM
Updated vlc packages fixes security vulnerability: A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash)

Mageia 2020-0271: libxml2 security update>

Saturday 4th of July 2020 08:48:21 PM
Updated libxml2 packages fix security vulnerability: The fix for CVE-2019-19956 introduced regressions which can cause invalid xmlns references in output and memory leaks, possibly leading to more serious security issues. The broken fix has been reverted.

Mageia 2020-0270: libupnp security update>

Saturday 4th of July 2020 08:48:20 PM
The updated packages fix a security vulnerability: Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions

Mageia 2020-0269: python-httplib2 security update>

Saturday 4th of July 2020 08:48:19 PM
Updated python-httplib2 packages fix security vulnerability: In httplib2, an attacker controlling unescaped part of uri for httplib2.Http.request() could change request headers and body, send additional hidden requests to same server. This vulnerability impacts

Slackware: 2020-186-01: libvorbis Security Update>

Saturday 4th of July 2020 03:17:27 PM
New libvorbis packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

Fedora 32: libldb 2020-ccd9bdb2eb>

Friday 3rd of July 2020 09:14:40 PM
Update to Samba 4.12.5

Fedora 32: samba 2020-ccd9bdb2eb>

Friday 3rd of July 2020 09:14:40 PM
Update to Samba 4.12.5

Fedora 32: python-pillow 2020-c52106e48a>

Friday 3rd of July 2020 09:14:29 PM
This update fixes CVE-2020-10177, CVE-2020-10994, CVE-2020-10379, CVE-2020-11538 and CVE-2020-10378.

Fedora 32: python36 2020-8bdd3fd7a4>

Friday 3rd of July 2020 09:14:28 PM
# Python 3.6.11 Python 3.6.11 is the latest security fix release of Python 3.6. - bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks. - bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. -

Fedora 32: libfilezilla 2020-74dd64990b>

Friday 3rd of July 2020 09:14:26 PM
3.48.1

Fedora 32: gupnp 2020-1f7fc0d0c9>

Friday 3rd of July 2020 09:13:43 PM
Security update for CVE-2020-12695 (CallStranger)

openSUSE: 2020:0925-1: moderate: Virtualbox>

Friday 3rd of July 2020 02:15:39 PM
An update that fixes 19 vulnerabilities is now available.

SUSE: 2020:1396-2 moderate: zstd>

Friday 3rd of July 2020 12:14:52 PM
An update that contains security fixes can now be installed.

SUSE: 2020:1839-1 important: mozilla-nspr, mozilla-nss>

Friday 3rd of July 2020 12:12:57 PM
An update that solves three vulnerabilities and has three fixes is now available.

Fedora 31: alpine 2020-f822ea9330>

Thursday 2nd of July 2020 09:38:00 PM
2.23 fixes CVE-2020-14929 (#1850048,#1850047) and new version (#1848786)

Fedora 32: firefox 2020-55077d678a>

Thursday 2nd of July 2020 09:19:48 PM
Update to latest upstream version

Fedora 32: hostapd 2020-df3e1cfde9>

Thursday 2nd of July 2020 09:19:38 PM
Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP)

More in Tux Machines

today's howtos

Olimex Tukhla High-End Open Source Hardware NXP i.MX 8QuadMax SBC in the Works

Most open-source hardware Arm Linux SBCs are optimized for cost, and there are few higher-end boards with extensive connectivity designed for professionals. Beagleboard X15 would be one of the rare examples currently available on the market, but it was launched five years ago. One European company noticed the void in this market and asked Olimex to develop a high-end open-source Linux board with a well-documented processor. They ruled out RK3399, and instead went Olimex Tukhla SBC will be powered by NXP i.MX 8QuadMax, the top processor of i.MX 8 family with two Cortex-A72 cores, four Cortex-A53 cores, and two real-time Cortex-M4F cores. Read more

Robotics Recap: Learning, Programming & Snapping ROS 2

Robotics@Canonical puts a strong focus on the migration from ROS to ROS 2. ROS 2 benefits from many improvements, especially robot security. Our goal is to make it easy for you to transition to ROS 2, whether you’re completely new to ROS or a seasoned engineer retooling for a new environment. Your new platform should be secure-by-default, and we expect you’ll need to pivot between different environments as you migrate from ROS to ROS 2. Along the way we’ve encountered some friction points, some mild surprises, and some opportunities to better leverage existing tools. Whenever that happened we tried to fix them and share our experiences so you didn’t run into the same problems! This has resulted in blog posts and videos in three key focus areas: getting started with ROS 2, software development in ROS 2, and building snaps for ROS. Let’s recap some of our recent output. Read more

Linux 5.8-rc5

Ok, so rc4 was small, and now a week later, rc5 is large.

It's not _enormous_, but of all the 5.x kernels so far, this is the
rc5 with the most commits. So it's certainly not optimal. It was
actually very quiet the beginning of the week, but things picked up on
Friday. Like they do..

That said, a lot of it is because of the networking fixes that weren't
in rc4, and I'm still not hearing any real panicky sounds from people,
and things on the whole seem to be progressing just fine.

So a large rc5 to go with a large release doesn't sound all that
worrisome, when we had an unusually small rc4 that precedes it and
explains it.

Maybe I'm in denial, but I still think we might hit the usual release
schedule. A few more weeks to go before I need to make that decision,
so it won't be keeping me up at night.

The diffstat for rc5 doesn't look particularly worrisome either. Yes,
there's a (relatively) high number of commits, but they tend to be
small. Nothing makes me go "umm".

In addition to the outright fixes, there's a few cleanups that are
just prep for 5.9. They all look good and simple too.

Anyway, networking (counting both core and drivers) amounts to about a
third of the patch, with the rest being spread all over: arch updates
(arm64, s390, arc), drivers (gpu, sound, md, pin control, gpio),
tooling (perf and selftests). And misc noise all over.

The appended shortlog gives the details, nothing really looks all that
exciting. Which is just as it should be at this time.

Go forth and test.

Thanks,

                 Linus
Read more Also: Linux 5.8-rc5 Released As A Big Kernel For This Late In The Cycle