Language Selection

English French German Italian Portuguese Spanish

Security Advisories

Filed under
Security

Less critical

Ubuntu has issued updates for the kernel. These fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

Solution:

Apply updated packages. Links to updates

Highly critical

SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited by malicious, local users to escalate their privileges and by malicious people to compromise a vulnerable system.

Solution:

Apply updated packages.

Updated packages are available using YaST Online Update or the SUSE FTP site. Full description.

Less critical

Noam Rathaus has discovered a vulnerability in KMail, which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability is caused due to an error where HTML code can overlay part of the user interface. This can e.g. be exploited to trick a user into believing a specially crafted mail is signed and coming from a trusted source.

Successful exploitation requires that the option "Prefer HTML to plain text" is enabled (not default setting).

The vulnerability has been confirmed in KMail 1.7.1 on KDE 3.3.1. KDE 3.3.2 is reportedly also affected. Other versions may also be affected.

Solution:

Disable the "Prefer HTML to plain text" setting. Link.

Serious
Red Hat Inc. is warning enterprise Linux users to update their installations of XFree86 to fix a number of serious security bugs, some of which could allow attackers to take over a system. Affected operating systems include Enterprise Linux AS 3, Enterprise Linux ES 3 and Enterprise Linux WS 3, Red Hat said in an advisory. XFree86 is an implementation of the X Window System that provides low-level graphics functionality for graphical user interface systems such as KDE and Gnome. The most serious flaw is an integer overflow in the libXpm library, used by some applications in opening XPixMap images, Red Hat said. An attacker could use a malicious XPixMap file to execute code on a user's system. Source for this one.

More in Tux Machines

Linux 4.6.5

I'm announcing the release of the 4.6.5 kernel. All users of the 4.6 kernel series must upgrade. The updated 4.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.6.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... thanks, greg k-h Read more Also: Linux 4.4.16 Linux 3.14.74

today's leftovers

Leftovers: Software

  • The Linux Deepin File Manager Is a Thing of Beauty
    China-based Linux distro Deepin has shown off its all-new desktop file manager. And to say it's pretty is an understatement.
  • GRadio Lets You Find, Listen to Radio Stations from the Ubuntu Desktop
    Love to listen to the radio? My ol’ pal Lolly did. But let’s say you want to listen to the radio on Ubuntu. How do you do it? Well, the Ubuntu Software centre should always be the first dial you try, but you’ll need to sift through a load of static to find a decent app.
  • Reprotest 0.2 released, with virtualization support
    reprotest 0.2 is available in PyPi and should hit Debian soon. I have tested null (no container, build on the host system), schroot, and qemu, but it's likely that chroot, Linux containers (lxc/lxd), and quite possibly ssh are also working. I haven't tested the autopkgtest code on a non-Debian system, but again, it probably works. At this point, reprotest is not quite a replacement for the prebuilder script because I haven't implemented all the variations yet, but it offers better virtualization because it supports qemu, and it can build non-Debian software because it doesn't rely on pbuilder.
  • Calibre 2.63.0 eBook Converter and Viewer Adds Unicode 9.0 Support, Bugfixes
    Kovid Goyal has released yet another maintenance update for his popular, open-source, free, and cross-platform Calibre ebook library management software, version 2.63.0. Calibre 2.63.0 arrives two weeks after the release of the previous maintenance update, Calibre 2.62.0, which introduced support for the new Kindle Oasis ebook reader from Amazon, as well as reading and writing of EPUB 3 metadata. Unfortunately, there aren't many interesting features added in the Calibre 2.63.0 release, except for the implementation of Unicode 9.0 support in the regex engine of the Edit Book feature that lets users edit books that contain characters encoded with the recently released Unicode 9.0 standard.
  • Mozilla Delivers Improved User Experience in Firefox for iOS
    When we rolled out Firefox for iOS late last year, we got a tremendous response and millions of downloads. Lots of Firefox users were ecstatic they could use the browser they love on the iPhone or iPad they had chosen. Today, we’re thrilled to release some big improvements to Firefox for iOS. These improvements will give users more speed, flexibility and choice, three things we care deeply about.
  • LibreOffice 5.2 Is Being Released Next Wednesday
    One week from today will mark the release of LibreOffice 5.2 as the open-source office suite's latest major update. LibreOffice 5.2 features a new (optional) single toolbar mode, bookmark improvements. new Calc spreadsheet functions (including forecasting functions), support for signature descriptions, support for OOXML signature import/export, and a wealth of other updates. There are also GTK3 user-interface improvements, OpenGL rendering improvements, multi-threaded 3D rendering, faster rendering, and more.
  • Blackmagic Design Finally Introduces Fusion 8 For Linux
  • Why Microsoft’s revival of Skype for Linux is a big deal [Ed: This article is nonsense right from the headline. Web client is not Linux support. And it's spyware (centralised too).]

today's howtos