Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 8 hours 59 min ago

Gentoo: GLSA-201802-06: LibreOffice: Information disclosure

Tuesday 20th of February 2018 01:55:00 AM
LinuxSecurity.com: A vulnerability in LibreOffice might allow remote attackers to read arbitrary files.

Gentoo: GLSA-201802-05: Ruby: Command injection

Tuesday 20th of February 2018 01:55:00 AM
LinuxSecurity.com: A vulnerability has been found in Ruby which may allow for arbitrary command execution.

Gentoo: GLSA-201802-04: MySQL: Multiple vulnerabilities

Tuesday 20th of February 2018 01:54:00 AM
LinuxSecurity.com: Multiple vulnerabilities were found in MySQL, the worst of which may allow remote execution of arbitrary code.

Gentoo: GLSA-201802-03: Mozilla Firefox: Multiple vulnerabilities

Tuesday 20th of February 2018 01:54:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.

SUSE: 2018:0482-1: important: the Linux Kernel

Tuesday 20th of February 2018 12:08:00 AM
LinuxSecurity.com: An update that solves 9 vulnerabilities and has 44 fixes is now available.

Gentoo: GLSA-201802-02: Chromium, Google Chrome: Multiple vulnerabilities

Monday 19th of February 2018 11:20:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code.

Debian: DSA-4119-1: libav security update

Monday 19th of February 2018 10:44:00 PM
LinuxSecurity.com: Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.12

Ubuntu 3574-1: Bind vulnerability

Monday 19th of February 2018 08:21:00 PM
LinuxSecurity.com: Bind could be made to crash if it received specially crafted network traffic.

openSUSE: 2018:0473-1: important: quagga

Monday 19th of February 2018 03:13:00 PM
LinuxSecurity.com: An update that fixes 5 vulnerabilities is now available.

SUSE: 2018:0472-1: important: xen

Monday 19th of February 2018 03:11:00 PM
LinuxSecurity.com: An update that solves 10 vulnerabilities and has two fixes is now available.

openSUSE: 2018:0468-1: important: exim

Monday 19th of February 2018 12:08:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

Fedora 26: p7zip Security Update

Saturday 17th of February 2018 10:17:00 PM
LinuxSecurity.com: Improve security patch

Debian: DSA-4117-1: gcc-4.9 security update

Saturday 17th of February 2018 02:36:00 PM
LinuxSecurity.com: This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. For the oldstable distribution (jessie), this problem has been fixed

Debian: DSA-4118-1: tomcat-native security update

Saturday 17th of February 2018 01:58:00 PM
LinuxSecurity.com: Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime (APR) library's network connection (socket) implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field

Debian LTS: DLA-1286-1: quagga security update

Friday 16th of February 2018 11:32:00 PM
LinuxSecurity.com: Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues:

Debian: DSA-4116-1: plasma-workspace security update

Friday 16th of February 2018 09:46:00 PM
LinuxSecurity.com: Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is

Debian LTS: DLA-1285-1: bind9 security update

Friday 16th of February 2018 09:33:00 PM
LinuxSecurity.com: BIND, a DNS server implementation, was found to be vulnerable to a denial of service flaw was found in the handling of DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an

ArchLinux: 201802-8: irssi: multiple issues

Friday 16th of February 2018 06:39:00 PM
LinuxSecurity.com: The package irssi before version 1.1.1-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service.

SUSE: 2018:0464-1: important: p7zip

Friday 16th of February 2018 06:08:00 PM
LinuxSecurity.com: An update that solves three vulnerabilities and has one errata is now available.

openSUSE: 2018:0459-1: important: xen

Friday 16th of February 2018 12:12:00 PM
LinuxSecurity.com: An update that solves 10 vulnerabilities and has three fixes is now available.

More in Tux Machines

Bang & Olufsen’s RPi add-on brings digital life to old speakers

B&O and HiFiBerry have launched an open source, DIY “Beocreate 4” add-on for the Raspberry Pi that turns vintage speakers into digitally amplified, wireless-enabled smart speakers with the help of a 180-Watt 4-channel amplifier, a DSP, and a DAC. Bang & Olufsen has collaborated with HiFiBerry to create the open source, $189 Beocreate 4 channel amplifier kit. The 180 x 140 x 30mm DSP/DAC/amplifier board pairs with your BYO Raspberry Pi 3 with a goal of upcycling vintage passive speakers. Read more

Gemini PDA will ship with Android, but it also supports Debian, Ubuntu, Sailfish, and Postmarket OS (crowdfunding, work in progress)

The makers of the Gemini PDA plan to begin shipping the first units of their handheld computer to their crowdfunding campaign backers any day now. And while the folks at Planet Computer have been calling the Gemini PDA a dual OS device (with Android and Linux support) from the get go, it turns out the first units will actually just ship with Android. Read more

Red Hat: CO.LAB, Kubernetes/OpenShift, Self-Serving 'Study' and More

Browsers: Mozilla and Iridium

  • Best Web Browser
    When the Firefox team released Quantum in November 2017, they boasted it was "over twice as fast as Firefox from 6 months ago", and Linux Journal readers generally agreed, going as far as to name it their favorite web browser. A direct response to Google Chrome, Firefox Quantum also boasts decreased RAM usage and a more streamlined user interface.
  • Share Exactly What You See On-Screen With Firefox Screenshots
    A “screenshot” is created when you capture what’s on your computer screen, so you can save it as a reference, put it in a document, or send it as an image file for others to see exactly what you see.
  • What Happens when you Contribute, revisited
    I sat down to write a post about my students' experiences this term contributing to open source, and apparently I've written this before (and almost exactly a year ago to the day!) The thing about teaching is that it's cyclic, so you'll have to forgive me as I give a similar lecture here today. I'm teaching two classes on open source development right now, two sections in an introductory course, and another two in a follow-up intermediate course. The students are just starting to get some releases submitted, and I've been going through their blogs, pull requests, videos (apparently this generation likes making videos, which is something new for me), tweets, and the like. I learn a lot from my students, and I wanted to share some of what I'm seeing.
  • Iridium Browser: A Browser for the Privacy Conscience
    Iridium is a web browser based on Chromium project. It has been customized to not share your data and thus keeping your privacy intact.