Language Selection

English French German Italian Portuguese Spanish

Security Advisories

Filed under
Security

Less critical

Ubuntu has issued updates for the kernel. These fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

Solution:

Apply updated packages. Links to updates

Highly critical

SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited by malicious, local users to escalate their privileges and by malicious people to compromise a vulnerable system.

Solution:

Apply updated packages.

Updated packages are available using YaST Online Update or the SUSE FTP site. Full description.

Less critical

Noam Rathaus has discovered a vulnerability in KMail, which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability is caused due to an error where HTML code can overlay part of the user interface. This can e.g. be exploited to trick a user into believing a specially crafted mail is signed and coming from a trusted source.

Successful exploitation requires that the option "Prefer HTML to plain text" is enabled (not default setting).

The vulnerability has been confirmed in KMail 1.7.1 on KDE 3.3.1. KDE 3.3.2 is reportedly also affected. Other versions may also be affected.

Solution:

Disable the "Prefer HTML to plain text" setting. Link.

Serious
Red Hat Inc. is warning enterprise Linux users to update their installations of XFree86 to fix a number of serious security bugs, some of which could allow attackers to take over a system. Affected operating systems include Enterprise Linux AS 3, Enterprise Linux ES 3 and Enterprise Linux WS 3, Red Hat said in an advisory. XFree86 is an implementation of the X Window System that provides low-level graphics functionality for graphical user interface systems such as KDE and Gnome. The most serious flaw is an integer overflow in the libXpm library, used by some applications in opening XPixMap images, Red Hat said. An attacker could use a malicious XPixMap file to execute code on a user's system. Source for this one.

More in Tux Machines

UNIX Industry Banks on Linux Strategies

Struggling UNIX server makers are strengthening their Linux strategy in line with the open-source application environment. The move is aimed at maintaining remaining customers, since users are increasingly abandoning UNIX servers. However, it is receiving a lukewarm response from the market. According to industry sources on Dec. 22, server vendors such as IBM and HP are concentrating on the development of products so that the Linux operating system and related applications can be used as UNIX servers. Read more

Mageia Beta Delayed, Christmas Quiz, and 7 Best Alternatives

Today in Linux news the Mageia project announced another delay in version 5 Beta 2. The Linux Voice is running a Linux quiz for Christmas and Gary Newell offers up his list of the seven best alternative Linux distributions of the year. The Register says 2015 will be the year of Linux - on mobile. Three reviews need to be highlighted and, finally today, Matt Hartley says everyone should switch to Ubuntu MATE. Read more Also: Linux Bloat, Linux Lite, and Devuan Update

Christmas rest for the braves

We planned initially to release Mageia 5 beta 2 around the 16th of December. We still have some work left to complete to release a proper beta 2 that would drive us through to the final release. Releasing development ISOs is a good way to test all the functions of the installer with the largest possible scope of use cases and variety of hardware. We still have some issues left with EFI integration and some tricky bugs in the installer. So in order to allow some time to fix them and also to still enjoy the Christmas period with friends and family, it has been decided to delay beta 2 until the 6th of January 2015, the initial date of the RC, and then postpone the final release. Read more

Enterprise Advances Brought Linux Success in 2014

For Linux, 2014 could easily be labeled the year enterprise really and truly embraced Linux. It could just as easily be labeled the year that nearly forgot Linux on the desktop. If you weren’t Docker, containers, OpenStack, or big data ─ chances are the spotlight didn’t brighten your day much. If, however, you (or your product) fell into one of those categories, that spotlight shined so brightly, it was almost blinding. Let’s glance back into our own wayback machine and see where Linux succeeded and where it did not. The conclusions should be fairly simple to draw and are incredibly significant to the state of Linux as a whole. Read more