Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 11 hours 38 min ago

Fedora 25: kernel Security Update

Monday 20th of November 2017 05:59:00 PM
LinuxSecurity.com: The 4.13.13 update contains a number of important fixes across the tree.

Fedora 27: postgresql Security Update

Monday 20th of November 2017 04:57:00 PM
LinuxSecurity.com: update to 9.6.6 per release notes: https://www.postgresql.org/docs/9.6/static/release-9-6-6.html

RedHat: RHSA-2017-3248:01 Low: .NET Core security update

Monday 20th of November 2017 11:47:00 AM
LinuxSecurity.com: A security update for .NET Core on RHEL is now available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

Fedora 27: kernel Security Update

Monday 20th of November 2017 01:04:00 AM
LinuxSecurity.com: The 4.13.13 update contains a number of important fixes across the tree.

Fedora 27: jbig2dec Security Update

Monday 20th of November 2017 01:04:00 AM
LinuxSecurity.com: update to 0.14 (bugfix release)

Fedora 27: roundcubemail Security Update

Monday 20th of November 2017 01:04:00 AM
LinuxSecurity.com: Upstream announcement for **version 1.3.3** This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file- based attachment plugins, which are used by default. More details will be published under CVE-2017-16651. We strongly recommend to update all productive

Fedora 26: kernel Security Update

Sunday 19th of November 2017 11:18:00 PM
LinuxSecurity.com: The 4.13.13 update contains a number of important fixes across the tree.

Fedora 26: roundcubemail Security Update

Sunday 19th of November 2017 11:17:00 PM
LinuxSecurity.com: Upstream announcement for **version 1.3.3** This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file- based attachment plugins, which are used by default. More details will be published under CVE-2017-16651. We strongly recommend to update all productive

Gentoo: GLSA-201711-16: CouchDB: Multiple vulnerabilities

Sunday 19th of November 2017 08:52:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been found in CouchDB, the worst of which could lead to the remote execution of arbitrary shell commands.

Gentoo: GLSA-201711-15: PHPUnit: Remote code execution

Sunday 19th of November 2017 08:47:00 PM
LinuxSecurity.com: A vulnerability was discovered in PHPUnit which may allow an unauthenticated remote attacker to execute arbitrary PHP code. [More...]

Gentoo: GLSA-201711-14: IcedTea: Multiple vulnerabilities

Sunday 19th of November 2017 08:35:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code.

Gentoo: GLSA-201711-13: Adobe Flash Player: Multiple vulnerabilities

Sunday 19th of November 2017 08:26:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.

Debian: DSA-4042-1: libxml-libxml-perl security update

Sunday 19th of November 2017 10:36:00 AM
LinuxSecurity.com: A use-after-free vulnerability was discovered in XML::LibXML, a Perl interface to the libxml2 library, allowing an attacker to execute arbitrary code by controlling the arguments to a replaceChild() call.

Debian: DSA-4041-1: procmail security update

Sunday 19th of November 2017 08:55:00 AM
LinuxSecurity.com: Jakub Wilk reported a heap-based buffer overflow vulnerability in procmail's formail utility when processing specially-crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss.

Fedora 26: qt5-qtwebengine Security Update

Saturday 18th of November 2017 06:46:00 PM
LinuxSecurity.com: An update of QtWebEngine to the security and bugfix release 5.9.2, including: Chromium Snapshot: * Security fixes from Chromium up to version 61.0.3163.79 Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095, CVE-2017-5097, CVE-2017-5099, CVE-2017-5102, CVE-2017-5103, CVE-2017-5107, CVE-2017-5112, CVE-2017-5114, CVE-2017-5117 and CVE-2017-5118 * Fixed Skia to to render text

Debian: DSA-4040-1: imagemagick security update

Friday 17th of November 2017 11:51:00 PM
LinuxSecurity.com: This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.

Fedora 25: firefox Security Update

Friday 17th of November 2017 11:27:00 PM
LinuxSecurity.com: Updated to the latest version - Firefox 57 Please note that this update is incompatible with many recent Firefox add-ons, please see Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum- leap/ ---- Update to Firefox 57 a.k.a. Quantum This update may break your installed extension, please see this Fedora Magazine article for details:

Fedora 27: qt5-qtwebengine Security Update

Friday 17th of November 2017 04:43:00 PM
LinuxSecurity.com: An update of QtWebEngine to the security and bugfix release 5.9.2, including: Chromium Snapshot: * Security fixes from Chromium up to version 61.0.3163.79 Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095, CVE-2017-5097, CVE-2017-5099, CVE-2017-5102, CVE-2017-5103, CVE-2017-5107, CVE-2017-5112, CVE-2017-5114, CVE-2017-5117 and CVE-2017-5118 * Fixed Skia to

Fedora 27: knot-resolver Security Update

Friday 17th of November 2017 04:43:00 PM
LinuxSecurity.com: Major update for Knot DNS and Knot Resolver: Knot Resolver 1.5.0 (2017-11-02) Darwin Improvements ------------ - new module ta_signal_query supporting Signaling Trust Anchor Knowledge using Keytag Query (RFC 8145 section 5); it is enabled by default - attempt validation for more records but require it for

Fedora 27: knot Security Update

Friday 17th of November 2017 04:43:00 PM
LinuxSecurity.com: Major update for Knot DNS and Knot Resolver: Knot Resolver 1.5.0 (2017-11-02) Darwin Improvements ------------ - new module ta_signal_query supporting Signaling Trust Anchor Knowledge using Keytag Query (RFC 8145 section 5); it is enabled by default - attempt validation for more records but require it for

More in Tux Machines

Programming: Swift, Brilliant Jerks in Engineering, and Career Path for Software Developers

  • Swift code will run on Google's Fuchsia OS
    A few days ago, there was a flash-in-the-pan controversy over Google "forking" Apple's open-source programming language Swift. After a few minutes of speculation over whether Google was going to make its own special flavor of the language for its own purposes, Swift's creator Chris Lattner (who now works at Google) helpfully clarified the situation:
  • Brilliant Jerks in Engineering
    This are numerous articles and opinions on the topic, including Brilliant Jerks Cost More Than They Are Worth, and It's Better to Avoid a Toxic Employee than Hire a Superstar. My colleague Justin Becker is also giving a talk at QConSF 2017 on the topic: Am I a Brilliant Jerk?. It may help to clarify that "brilliant jerk" can mean different things to different people. To illustrate, I'll describe two types of brilliant jerks: the selfless and the selfish, and their behavior in detail. I'll then describe the damage caused by these jerks, and ways to deal with them. The following are fictional characters. These are not two actual engineers, but are collections of related traits to help examine this behavior beyond the simple "no asshole rule." These are engineers who by default act like jerks, not engineers who sometimes act that way.
  • [Older] The missing career path for software developers
    You started hacking on technology thrilled with every stroke of the key, making discoveries with every commit. You went about solving problems, finding new challenges. You were happy for a while, until you hit a plateau. There was a choice to be made. Continue solving the same problems or start managing others. You tried it out, and hated it. Longing to focus on technology, not people, you turned to your open source project. When it became successful, you became an open source maintainer but ended up overwhelmed and burned out. Hoping to get back to doing work that fascinates you, you went work for yourself. Lacking experience running a business, you're crushed with all the decisions you need to make. You’re nearing burnout — again. It feels like you’re on a hamster wheel.

Mastodon is Free Software, But It Does Not Respect Free Speech

Mastodon was always known to be tough on Nazis; it was known that they were strict on free speech only to a degree. After the treatment that I received yesterday, however, I can no longer recommend Mastodon. It may be Free software, but it’s very weak on free speech. Read more

today's howtos

Mesa 17.3 RC5 and Early Stages of Linux 4.15

  • mesa 17.3.0-rc5
    The fifth release candidate for Mesa 17.3.0 is now available. This is the last planned release candidate before the final release. We still have a couple of regressions in our tracker [1] although I'm anticipating for those to be resolved by EOW.
  • Mesa 17.3-RC5 Released, Official Mesa 3D Update Expected By Next Week
    The Mesa 17.3 release game is in overtime but it should be wrapping up in the days ahead. Emil Velikov of Collabora announced the Mesa 17.3-RC5 release candidate this morning. He anticipates it being the last release candidate, but there still are a few blocker bugs open. As of writing there still are 4 bugs open with one pertaining to Gallium3D Softpipe and the others being Intel driver issues.
  • Extra KVM Changes For Linux 4.15 Bring UMIP Support, AMD SEV Changes Delayed
    As some additional work past the KVM changes for Linux 4.15 submitted last week, a few more feature items have been queued. The second batch of Kernel-based Virtual Machine (KVM) updates sent in today for Linux 4.15 include ARM GICv4 support, x86 bug fixes, the AMD VFIO NFT performance fix, and x86 guest UMIP support. Landing already with Linux 4.15 is Intel UMIP capabilities for User-Mode Instruction Prevention to prevent certain instructions from being executed if the ring level is greater than zero. This latest KVM pull update adds this UMIP support to its space for both real and emulated guests.
  • AMD EPYC Is Running Well On Linux 4.15
    Of the many changes coming for Linux 4.15, as detailed this weekend Radeon GPU and AMD CPU customers have a lot to be thankful for with this new kernel update currently in development. Here are some initial benchmarks of the Linux 4.15 development kernel using an AMD EPYC 7601 32-core / 64-thread setup. When it comes to EPYC in Linux 4.15, the kernel side-bits have landed for Secure Encrypted Virtualization (SEV), CPU temperature monitoring support now working, and improved NUMA node balancing.