Language Selection

English French German Italian Portuguese Spanish

Latest Secunia Security Advisories

Filed under
Security

Highly critical

  1. Debian update for kdelibs. Link

  2. Red Hat update for mozilla. Link

  3. Gentoo update for xine-lib. Link.


Moderately critical

  1. Gentoo update for Convert-UUlib. Link

  2. Debian CVS Password Protection Bypass and Denial of Service. Link


Less Critical

  1. Debian update for gaim. Link

  2. Red Hat update for sharutils. Link

  3. Gentoo update for rkhunter. Link


These and others at secunia.com

More in Tux Machines

Software: VirtualBox 5.1.30, Cockpit 153, GNOME Mutter 3.27.1, KDE Neon

  • Oracle Releases VirtualBox 5.1.30 to Patch Glibc 2.26 Compile Bug on Linux Hosts
    Oracle released VirtualBox 5.1.30, a minor maintenance update to the open-source and cross-platform virtualization software that addresses a few important issues reported by users from previous versions. Coming one month after the VirtualBox 5.1.28 release, which probably most of you out there use right now on your personal computers, VirtualBox 5.1.30 contains a fix for a Glibc 2.26 compilation bug for Linux hosts and a 3D-related crash for Windows guest that use the Windows Additions package.
  • Cockpit 153
    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 153.
  • GNOME Mutter 3.27.1 Brings Hybrid GPU Support
    Mutter 3.27.1 has just been released as the first development release for the GNOME 3.28 cycle of this compositor / window manager. The change most interesting to us about Mutter 3.27.1 is support for hybrid GPU systems. The context for the hybrid GPU system support is explained via this bug report, "supporting systems with multiple GPUs connected to their own connectors. A common configuration is laptops with an integrated Intel GPU connected to the panel, and a dedicated Nvidia/AMD GPU connected to the HDMI ports."
  • #KDE #KDENEON Release bonanaza! Frameworks, Plasma, KmyMoney and Digikam

Intel Ads as 'Articles'

Security: WPA2, CVE-2017-15265, Fuzzing, Hyperledger

  • Fedora Dev Teaches Users How to Protect Their Wi-Fi Against WPA2 KRACK Bug
    Former Fedora Project leader Paul W. Frields talks today about how to protect your Fedora computers from the dangerous WPA2 KRACK security vulnerability that affects virtually any device using the security protocol to connect to the Internet.
  • WPA2 was kracked because it was based on a closed standard that you needed to pay to read
    How did a bug like krack fester in WPA2, the 13-year-old wifi standard whose flaws have rendered hundreds of millions of devices insecure, some of them permanently so? Thank the IEEE's business model. The IEEE is the standards body that developed WPA2, and they fund their operations by charging hundreds of dollars to review the WPA2 standard, and hundreds more for each of the standards it builds upon, so that would-be auditors of the protocol have to shell out thousands just to start looking. It's an issue that Carl Mamamud, Public Resource and the Electronic Frontier Foundation have been fighting hard on for years, ensuring that the standards that undergird public safety and vital infrastructure are available for anyone to review, audit and criticize.
  • Patch Available for Linux Kernel Privilege Escalation
    The issue — tracked as CVE-2017-15265 — is a use-after-free memory corruption issue that affects ALSA (Advanced Linux Sound Architecture), a software framework included in the Linux kernel that provides an API for sound card drivers.
  • ​Linus Torvalds says targeted fuzzing is improving Linux security
    Announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds has revealed that fuzzing is producing a steady stream of security fixes. Fuzzing involves stress testing a system by generating random code to induce errors, which in turn may help identify potential security flaws. Fuzzing is helping software developers catch bugs before shipping software to users.
  • Devsecops: Add security to complete your devops process [Ed: more silly buzzwords]
  • Companies overlook risks in open source software [Ed: marketing disguised as "news" (and which is actually FUD)]
  • Q&A: Does blockchain alleviate security concerns or create new challenges?
    According to some, blockchain is one of the hottest and most intriguing technologies currently in the market. Similar to the rising of the internet, blockchain could potentially disrupt multiple industries, including financial services. This Thursday, October 19 at Sibos in Toronto, Hyperledger’s Security Maven Dave Huseby will be moderating a panel “Does Blockchain technology alleviate security concerns or create new challenges?” During this session, experts will explore whether the shared nature of blockchain helps or hinders security.

Games: Nowhere Prophet, Ebony Spire: Heresy, The First Tree, Daggerfall, Talos Principle

  • Nowhere Prophet, a single-player tactical roguelike with card-based battles has Linux support
    Nowhere Prophet [Official Site, itch.io], a single-player tactical roguelike with card-based battles is currently going through 'First Access' (itch's version of Early Access) and it has Linux support.
  • Ebony Spire: Heresy, a first-person turn-based dungeon crawler will release next month
    For fans of the classic first-person dungeon crawlers, Ebony Spire: Heresy [Steam] looks like it might scratch the itch. One interesting thing to note, is that Linux is the primary platform for the development of the game. It's really great to hear about more games actually developed on Linux! Even better, is that the source code for the game is under the MIT license. You can find the source on GitHub. The source is currently a little outdated, but the developer has told me that it will be updated when the Beta becomes available.
  • The First Tree, a short and powerful exploration game is now available on Linux
    The developer of The First Tree [itch.io, Steam, Official Site] email in to let everyone know that their beautiful 3rd-person exploration game is now on Linux 'due to a ton of requests'. Linux support arrived as part of a major patch, which improves gamepad support, adds an option to invert the Y-axis and Camera Sensitivity options are in too. On top of that, a bunch of bugs were also squashed.
  • The open source recreation of Daggerfall hits an important milestone
    Another classic game is getting closer to being fully playable natively on Linux. The project to recreate The Elder Scrolls II: Daggerfall in the Unity engine has hit an important milestone and now the the main quest is completely playable. Daggerfall is the second entry in Bethesda’s long-running Elder Scrolls series of role-playing games and was originally released way back in 1996. It was an ambitious game, with thousands upon thousands of locations to explore in an virtual game area the size of a small real-world nation. It’s a game that I personally lost a lot of time to way back in the day and I’m happy to see that a project that allows me to play it natively on Linux is coming along swimmingly.
  • The Talos Principle VR Launches With Linux Support
    Croteam has just released The Talos Principle VR, the virtual reality edition of their award-winning The Talos Principle puzzle game. SteamOS/Linux with the HTC Vive is supported alongside Windows. This VR-enhanced version of The Talos Principle is retailing for $39.99 USD.