Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 1 week 6 days ago

Fedora 29: krb5 Security Update

Tuesday 8th of January 2019 02:43:00 AM
LinuxSecurity.com: Improve memset hygiene in one location.

SUSE: 2019:0024-1 important: libgit2

Tuesday 8th of January 2019 12:08:00 AM
LinuxSecurity.com: An update that solves one vulnerability and has one errata is now available.

Debian LTS: DLA-1630-1: libav security update

Monday 7th of January 2019 11:34:00 PM
LinuxSecurity.com: Several security vulnerabilities were corrected in the libav multimedia library which may lead to a denial-of-service, information disclosure or the execution of arbitrary code if a malformed file is processed.

SUSE: 2019:0023-1 moderate: gpg2

Monday 7th of January 2019 09:10:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

RedHat: RHSA-2019-0031:01 Low: Red Hat Enterprise Linux 6.6 Telco Update

Monday 7th of January 2019 12:34:00 PM
LinuxSecurity.com: This is the final notification for the retirement of Red Hat Enterprise Linux 6.6 Telco Update Service (TUS). This notification applies only to those customers subscribed to the Telco Update Service (TUS) channel for Red Hat Enterprise Linux 6.6.

Debian LTS: DLA-1629-1: python-django security update

Sunday 6th of January 2019 08:27:00 PM
LinuxSecurity.com: It was discovered that there was a content-spoofing vulnerability in the default 404 pages in the Django web development framework. For more information, please see:

Mageia 2019-0017: dcraw security update

Sunday 6th of January 2019 05:42:00 PM
LinuxSecurity.com: A NULL pointer dereference flaw was found in the way dcraw processed images. An attacker could potentially use this flaw to crash dcraw by tricking it into processing crafted images (CVE-2018-5801). References:

Mageia 2019-0018: libao security update

Sunday 6th of January 2019 05:42:00 PM
LinuxSecurity.com: A flaw was found in libao. The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 can cause a denial of service(memory corruption) via a crafted mp3 file (CVE-2017-11548). References:

Mageia 2019-0016: aubio security update

Sunday 6th of January 2019 05:42:00 PM
LinuxSecurity.com: NULL pointer dereference in the function aubio_source_avcodec_readframe which may lead to DoS when playing a crafted audio file (CVE-2017-17554). A crash in aubio_pitch_set_unit (CVE-2018-14522).

CentOS: CESA-2019-0022: Important CentOS 7 keepalived

Sunday 6th of January 2019 12:09:00 PM
LinuxSecurity.com: Upstream details at : https://access.redhat.com/errata/RHSA-2019:0022

Fedora 29: tcpreplay Security Update

Sunday 6th of January 2019 02:22:00 AM
LinuxSecurity.com: This release (4.3.1) contains bug fixes only: - Fix checkspell detected typos (#531) - Heap overflow packet2tree and get_l2len (#530) This is Tcpreplay suite 4.3.0 This release contains several bug fixes and enhancements: - Fix maxOS TOS checksum failure (#524) - TCP sequence edits seeding (#514) - Fix issues identifed by Codacy (#493) - CVE-2018-18408 use-after-free in post_args (#489) -

Fedora 28: tcpreplay Security Update

Sunday 6th of January 2019 01:52:00 AM
LinuxSecurity.com: This release (4.3.1) contains bug fixes only: - Fix checkspell detected typos (#531) - Heap overflow packet2tree and get_l2len (#530) This is Tcpreplay suite 4.3.0 This release contains several bug fixes and enhancements: - Fix maxOS TOS checksum failure (#524) - TCP sequence edits seeding (#514) - Fix issues identifed by Codacy (#493) - CVE-2018-18408 use-after-free in post_args (#489) -

Mageia 2019-0015: wget security update

Saturday 5th of January 2019 10:50:00 PM
LinuxSecurity.com: Since version 1.19 Wget stores the URL and in certain cases the 'Referer' URL within extended attributes (xattrs) of the file system - by default. This includes username + password and other credentials or private data *if* those have been used within the URLs. Anyone with read access to

Mageia 2019-0013: libextractor security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: Several vulnerabilities were discovered in libextractor which may lead to denial of service or memory disclosure if a malformed OLE file is processed (CVE-2018-20430, CVE-2018-20431). References:

Mageia 2019-0014: libpgf security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32 (CVE-2015-6673). References: - https://bugs.mageia.org/show_bug.cgi?id=24101

Mageia 2019-0010: php-phpmailer security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: Potential object injection vulnerability (CVE-2018-19296). References: - https://bugs.mageia.org/show_bug.cgi?id=24055 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DAZQPUD7WZXMJ2KIQY5P2I2UI545YPYO/

Mageia 2019-0012: freerdp security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8784, CVE-2018-8785).

Mageia 2019-0009: pdns-recursor security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: A vulnerability was in found in PowerDNS Recursor. The issue is a memory leak occurring while parsing some malformed records, due to the fact that some memory is allocated parsing a record and is not always properly released if the record is not valid. It allows a malicious auth server to cause a denial of service by sending specially crafted records

Mageia 2019-0008: pdns security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: A vulnerability was in found in PowerDNS Authoritative Server. The issue is a memory leak occurring while parsing some malformed records, due to the fact that some memory is allocated parsing a record and is not always properly released if the record is not valid. It allows an authorized user to cause a denial of service by inserting specially

Mageia 2019-0007: units security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: A flaw was found in units. units_cur doesn't sanitize downloaded data. This allows a maliciously intended server to execute arbitrary code remotely on the client (rhbz#1598913). References:

More in Tux Machines

OpenSUSE/SUSE: SLES for SAP and Christian Boltz Introduced

  • SUSE Linux Enterprise Server for SAP Applications support update
    SUSE has announced effective December 1, 2018, two changes to its SUSE Linux Enterprise Server (SLES) for SAP Applications product. SLES for SAP Applications now includes support for a given service pack for 4.5 years with the regular subscription while the basic codestream is general available and itself fully maintained. This change reflects the request from clients to align OS upgrades with hardware life cycles. To explain this a bit further, this change affects SLES for SAP Applications 12 and 15 code streams. SLES for SAP Applications 11 is at the end of the general availability already, therefore SLES for SAP Applications 11 SP4 is the last service pack. If clients choose to stay on SLES for SAP Applications 11, then they will need to purchase LTSS to ensure ongoing support. This is especially true for clients that run SAP HANA 1 workloads on IBM Power Systems servers in Big Endian mode.
  • 2018-2019 openSUSE Board Elections: Meet incumbent Christian Boltz
    With two weeks to go until the ballots open on Monday, February 4, 2019, openSUSE News and the Elections Committee are running a “meet your candidates” series. Questions were sent out to the seven Candidates. The questions and answers will appear in the News, one Candidate each day, in alphabetical order.

ArchLabs Refresh Release, 2019.01.20

Gidday ArchLabbers, Happy New Year. With the new year comes an ISO refresh. All changes are listed at the change-log. If you encounter any issues, please post them at the forum. Also, ArchLabs related bugs need to be raised at BitBucket. Read more

Programming: Homebrew 1.9, JBoss EAP, Python, Qt and Inclusion

  • Homebrew 1.9 Adds Linux Support, Auto-Cleanup, and More
    The latest release of popular macOS package manager Homebrew includes support for Linux, optional automatic package cleanup, and extended binary package support. Linux support, merged from the Linuxbrew project, is still in beta and will become stable in version 2.0. It also enables the use of Homebrew on Windows 10 systems with the Windows Subsystem for Linux installed. Auto-cleanup is meant to optimize disk space occupation by removing all intermediate data that Homebrew generates when installing packages. This can be a significant amount when Homebrew actually builds the packages from sources instead of just installing binaries. Auto-cleanup is opt-in by setting the HOMEBREW_INSTALL_CLEANUP. This behaviour will become opt-out in version 2.0, where you will be able to set the HOMEBREW_NO_INSTALL_CLEANUP environment variable to disable auto-cleanup.
  • Streamline your JBoss EAP dev environment with Red Hat CodeReady Workspaces: Part 1
  • Counteracting Code Complexity With Wily - Episode 195
    As we build software projects, complexity and technical debt are bound to creep into our code. To counteract these tendencies it is necessary to calculate and track metrics that highlight areas of improvement so that they can be acted on. To aid in identifying areas of your application that are breeding grounds for incidental complexity Anthony Shaw created Wily. In this episode he explains how Wily traverses the history of your repository and computes code complexity metrics over time and how you can use that information to guide your refactoring efforts.
  • Qt Visual Studio Tools 2.3.1 Released
    The Qt VS Tools version 2.3.1 has now been released to the Visual Studio Marketplace.
  • Ben Cotton: Inclusion is a necessary part of good coding
    Too often I see comments like “some people would rather focus on inclusion than write good code.” Not only is that a false dichotomy, but it completely misrepresents the relationship between the two. Inclusion doesn’t come at the cost of good code, it’s a necessary part of good code. We don’t write code for the sake of writing code. We write code for people to use it in some way. This means that the code needs to work for the people. In order to do that, the people designing and implementing the technology need to consider different experiences. The best way to do that is to have people with different experiences be on the team. As my 7th grade algebra teacher was fond of reminding us: garbage in, garbage out.

Graphics: Vega, Radeon, Wayland on BSD

  • Vega 10 & Newer Getting More Fine-Grained PowerPlay Controls On Linux
    With the upcoming Linux 5.1 kernel cycle, discrete Radeon graphics cards based on Vega 10 and newer will have fine-grained controls over what PowerPlay power management features are enabled and the ability to toggle them at run-time. Queued into the work-in-progress AMDGPU code for the eventual Linux 5.1 kernel cycle is now a ppfeatures for sysfs. This new "ppfeatures" file on sysfs will allow for querying the PowerPlay features state and toggling them individually. This includes features like GFXOFF (the ability to turn off the graphics engine when idling), automatic fan control, LED display for GPU activity, the dynamic power management state for the various blocks, and other features. Up to now the PowerPlay features couldn't be toggled individually but just a blanket enable/disable.
  • AMD Radeon 7 Will Have Day One Linux Support
    Linux gamers shouldn't see a repeat performance of the Radeon RX 590 situation.
  • Wayland Support On The BSDs Continuing To Improve
    While Wayland was designed on and for Linux systems, the BSD support for Wayland and the various compositors has continued improving particularly over the past year or so but it's still a lengthy journey. In a little more than one year, the FreeBSD Wayland support has been on a steady rise. It's looking like this year could even mark the KDE Wayland session for FreeBSD potentially getting squared away. Besides KDE, the GNOME Wayland work for FreeBSD has advanced a bit and is available in some FreeBSD Ports but there has been some complications around libinput and its Linux'isms. Details on the current state of Wayland-related components in FreeBSD is drafted at the FreeBSD Wiki.