Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 7 hours 12 min ago

SUSE: 2018:0020-1: important: qemu

Thursday 4th of January 2018 06:10:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

SUSE: 2018:0019-1: important: kvm

Thursday 4th of January 2018 06:10:00 PM
LinuxSecurity.com: An update that fixes two vulnerabilities is now available.

SUSE: 2018:0017-1: important: ImageMagick

Thursday 4th of January 2018 03:09:00 PM
LinuxSecurity.com: An update that fixes 9 vulnerabilities is now available.

openSUSE: 2018:0013-1: important: kernel-firmware

Thursday 4th of January 2018 03:07:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

SUSE: 2018:0012-1: important: the Linux Kernel

Thursday 4th of January 2018 12:19:00 PM
LinuxSecurity.com: An update that solves 5 vulnerabilities and has 13 fixes is now available.

SUSE: 2018:0011-1: important: the Linux Kernel

Thursday 4th of January 2018 12:14:00 PM
LinuxSecurity.com: An update that solves 17 vulnerabilities and has 13 fixes is now available.

SuSE: 2018:0009-1: important: microcode_ctl

Thursday 4th of January 2018 06:08:00 AM
LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

RedHat: RHSA-2018-0017:01 Important: kernel security update

Thursday 4th of January 2018 05:53:00 AM
LinuxSecurity.com: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact

RedHat: RHSA-2018-0016:01 Important: kernel-rt security update

Thursday 4th of January 2018 05:50:00 AM
LinuxSecurity.com: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2018-0014:01 Important: linux-firmware security update

Thursday 4th of January 2018 05:01:00 AM
LinuxSecurity.com: An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2018-0015:01 Important: linux-firmware security update

Thursday 4th of January 2018 04:49:00 AM
LinuxSecurity.com: An update for linux-firmware is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

SciLinux: Important: microcode_ctl on SL6.x i386/x86_64

Thursday 4th of January 2018 03:53:00 AM
LinuxSecurity.com: An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the microcode counterpart of the CVE-2017-5715 kernelmitigation.

SciLinux: Important: kernel on SL6.x i386/x86_64

Thursday 4th of January 2018 03:53:00 AM
LinuxSecurity.com: An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Note: This issue is present in hardware and cannot be fully fixed viasoftware update. The updated kernel packages provide software mitigationfor this hardware issue at a cost of potential performance penalty. The performance impact of these patches may vary considerably based on workloadand hardware configuration.In this update mitigations for x86-64 architecture are provided.Variant CVE-2017-5753 triggers the speculative execution by performing abounds-check bypass. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall boundary and read privileged memory by conductingtargeted cache side-channel attacks. (CVE-2017-5753, Important)Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715, Important)Variant CVE-2017-5754 relies on the fact that, on impactedmicroprocessors, during speculative execution of instruction permissionfaults, exception generation triggered by a faulting access is suppresseduntil the retirement of the whole instruction block. In a combination withthe fact that memory accesses may populate the cache even when the blockis being dropped and never committed (executed), an unprivileged localattacker could use this flaw to read privileged (kernel space) memory byconducting targeted cache side-channel attacks. (CVE-2017-5754, Important)Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64microprocessors are not affected by this issue.

SuSE: 2018:0008-1: important: kernel-firmware

Thursday 4th of January 2018 03:08:00 AM
LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

SuSE: 2018:0007-1: important: qemu

Thursday 4th of January 2018 03:07:00 AM
LinuxSecurity.com: An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is now available. is now available.

SuSE: 2018:0006-1: important: ucode-intel

Thursday 4th of January 2018 03:07:00 AM
LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

Fedora 27: kernel Security Update

Thursday 4th of January 2018 02:22:00 AM
LinuxSecurity.com: The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures.

SciLinux: Important: microcode_ctl on SL7.x x86_64

Thursday 4th of January 2018 02:01:00 AM
LinuxSecurity.com: An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the microcode counterpart of the CVE-2017-5715 kernelmitigation.

Debian LTS: DLA-1228-1: poppler security update

Wednesday 3rd of January 2018 01:21:00 PM
LinuxSecurity.com: Jason Crain discovered a overflow vulnerability in the poppler PDF rendering library. For Debian 7 "Wheezy", this issue has been fixed in poppler version

RedHat: RHSA-2018-0005:01 Important: eap7-jboss-ec2-eap security update

Wednesday 3rd of January 2018 10:52:00 AM
LinuxSecurity.com: An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7.

More in Tux Machines

GNOME: GNOME Shell, Bug Tracking, GXml

  • How to Install GNOME Shell Extensions GUI / CLI
    GNOME Shell extensions are small and lightweight pieces of codes that enhance GNOME desktop’s functionality and improves the user experience. They are the equivalent of add-ons in your browser. For instance, you can have add-ons that download videos like IDM downloader or block annoying ads such as Adblocker. Similarly, GNOME extensions perform certain tasks e.g. Display weather and geolocation. One of the tools used to install and customize GNOME Shell extensions is the GNOME tweak tool. It comes pre-installed in the latest Linux distributions. This article we cover how to install GNOME Shell extensions from GUI and from the command line on various Linux distros.
  • Musings on bug trackers
    I love bugzilla, I really do. I’ve used it nearly my entire career in free software. I know it well, I like the command line tool integration. But I’ve never had a day in bugzilla where I managed to resolve/triage/close nearly 100 issues. I managed to do that today with our gitlab instance and I didn’t even mean to.
  • ABI stability for GXml
    I’m taking a deep travel across Vala code; trying to figure out how things work. With my resent work on abstract methods for compact classes, may I have an idea on how to provide ABI stability to GXml. GXml have lot of interfaces for DOM4, implemented in classes, like Gom* series. But they are a lot, so go for each and add annotations, like Gee did, to improve ABI, is a hard work.

More on Barcelona Moving to Free Software

  • Barcelona Aims To Oust Microsoft In Open Source Drive
    The city of Barcelona has embarked on an ambitious open source effort aimed at reducing its dependence on large proprietary software vendors such as Microsoft, including the replacement of both applications and operating systems.
  • Barcelona to ditch Microsoft software for open source software
    Barcelona, one of the most popular cities in the Europe is now switching to open-source software by replacing Microsoft Windows, Office and Exchange with Linux, Libre Office and Open Xchange respectively. The city council is already piloting the use of Ubuntu Linux desktops along with Mozilla Firefox as the default browser. With this move, Barcelona city is planning to save money over the years by reducing software/service licensing fees. They are also planning to hire new developers to write open-source software. The open-source product will also be made available to other Spanish municipalities and public bodies further afield allowing them the opportunity to save money on software licences.
  • Barcelona to ditch Microsoft in favour of open source Linux software
    Catalan capital Barcelona is planning to ditch proprietary software products from Microsoft in favour of free, open source alternatives such as Open-Xchange email. That’s according to a report by Spain's national paper El Pais, which reports that Barcelona plans to invest 70% of its annual software budget in open source this year.

OSS Leftovers

  • Open Source turns 20
    While open source software is ubiquitous, recognized across industries as a fundamental infrastructure component as well as a critical factor for driving innovation, the "open source" label was coined only 20 years ago. The concept of open source software - as opposed to free software or freeware - is credited to Netscape which, in January 1998, announced plans to release the source code of its proprietary browser, Navigator, under a license that would freely permit modification and redistribution. This code is today the basis for Mozilla Firefox and Thunderbird. The Open Source Initiative (OSI) regards that event as the point at which "software freedom extended its reach beyond the enthusiast community and began its ascent into the mainstream".
  • Coreboot 4.7 Released With 47 More Motherboards Supported, AMD Stoney Ridge
    Coreboot 4.7 is now available as the latest release of this free and open-source BIOS/UEFI replacement. Coreboot 4.7 is the latest tagged release for this project developed via Git. This release has initial support for AMD Stoney Ridge platforms, Intel ICH10 Southbridge support, Intel Denverton/Denverton-NS platform support, and initial work on supporting next-gen Intel Cannonlake platforms.
  • Thank you CUSEC!
    Last week, I spoke at CUSEC (Canadian Undergraduate Software Engineering Conference) in Montreal.   I really enjoy speaking with students and learning what they are working on.  They are the future of our industry!  I was so impressed by the level of organization and the kindness and thoughtfulness of the CUSEC organizing committee who were all students from various universities across Canada. I hope that you all are enjoying some much needed rest after your tremendous work in the months approaching the conference and last week.
  • Percona Announces Sneak Peek of Conference Breakout Sessions for Seventh Annual Percona Live Open Source Database Conference
  • The Universal Donor
    A few people reacted negatively to my article on why Public Domain software is broadly unsuitable for inclusion in a community open source project. Most argued that because public domain gave them the rights they need where they live (mostly the USA), I should not say it was wrong to use it. That demonstrates either parochialism or a misunderstanding of what public domain really means. It should not be used for the same reason code known to be subject to software patents should not be used — namely that only code that, to the best efforts possible, can be used by anyone, anywhere without the need to ask permission (e.g. by buying a patent license) or check it it’s needed (e.g. is that PD code PD here?) can be used in an open source project. Public domain fails the test for multiple reasons: global differences in copyright term, copyright as an unalienable moral rather than as a property right, and more. Yes, public domain may give you the rights you need. But in an open source project, it’s not enough for you to determine you personally have the rights you need. In order to function, every user and contributor of the project needs prior confidence they can use, improve and share the code, regardless of their location or the use to which they put it. That confidence also has to extend to their colleagues, customers and community as well.

Ubuntu: Ubuntu Core, Ubuntu Free Culture Showcase for 18.04, Lubuntu 17.04 EoL

  • Ubuntu Core: A secure open source OS for IoT
    Canonical's Ubuntu Core, a tiny, transactional version of the Ubuntu Linux OS for IoT devices, runs highly secure Linux application packages, known as "snaps," that can be upgraded remotely.
  • Introducing the Ubuntu Free Culture Showcase for 18.04
    Ubuntu’s changed a lot in the last year, and everything is leading up to a really exciting event: the release of 18.04 LTS! This next version of Ubuntu will once again offer a stable foundation for countless humans who use computers for work, play, art, relaxation, and creation. Among the various visual refreshes of Ubuntu, it’s also time to go to the community and ask for the best wallpapers. And it’s also time to look for a new video and music file that will be waiting for Ubuntu users on the install media’s Examples folder, to reassure them that their video and sound drivers are quite operational. Long-term support releases like Ubuntu 18.04 LTS are very important, because they are downloaded and installed ten times more often than every single interim release combined. That means that the wallpapers, video, and music that are shipped will be seen ten times more than in other releases. So artists, select your best works. Ubuntu enthusiasts, spread the word about the contest as far and wide as you can. Everyone can help make this next LTS version of Ubuntu an amazing success.
  • Lubuntu 17.04 has reached End of Life
    The Lubuntu Team announces that as a non-LTS release, 17.04 has a 9-month support cycle and, as such, reached end of life on Saturday, January 13, 2018. Lubuntu will no longer provide bug fixes or security updates for 17.04, and we strongly recommend that you update to 17.10, which continues to be actively supported with security updates and select high-impact bug fixes.