Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 2 weeks 1 day ago

Fedora 28: compat-openssl10 Security Update

Monday 9th of April 2018 01:30:00 PM
LinuxSecurity.com: Minor security update from upstream fixing CVE-2018-0739

Fedora 28: mailman Security Update

Monday 9th of April 2018 01:29:00 PM
LinuxSecurity.com: New version 2.1.26 (#1370156, #1304360)

Fedora 28: nodejs Security Update

Monday 9th of April 2018 01:28:00 PM
LinuxSecurity.com: https://nodejs.org/en/blog/release/v8.11.0/

Fedora 28: thunderbird Security Update

Monday 9th of April 2018 01:28:00 PM
LinuxSecurity.com: Update to latest upstream version.

Ubuntu 3616-2: Python Crypto vulnerability

Monday 9th of April 2018 12:56:00 PM
LinuxSecurity.com: Python Crypto could expose sensitive information.

Debian LTS: DLA-1343-1: ming security update

Monday 9th of April 2018 12:23:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been discovered in Ming: CVE-2018-6358

SUSE: 2018:0902-1: important: openssl

Monday 9th of April 2018 03:08:00 AM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

SUSE: 2018:0901-1: important: apache2

Monday 9th of April 2018 03:07:00 AM
LinuxSecurity.com: An update that solves 6 vulnerabilities and has one errata is now available.

Gentoo: GLSA-201804-09: SPICE VDAgent: Arbitrary command injection

Sunday 8th of April 2018 11:33:00 PM
LinuxSecurity.com: A vulnerability in SPICE VDAgent could allow local attackers to execute arbitrary commands.

Gentoo: GLSA-201804-08: QEMU: Multiple vulnerabilities

Sunday 8th of April 2018 11:31:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been found in QEMU, the worst of which may allow an attacker to execute arbitrary code.

Gentoo: GLSA-201804-07: libvirt: Multiple vulnerabilities

Sunday 8th of April 2018 11:29:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been discovered in libvirt, the worst of which may result in the execution of arbitrary commands.

Gentoo: GLSA-201804-06: mailx: Multiple vulnerabilities

Sunday 8th of April 2018 11:27:00 PM
LinuxSecurity.com: Multiple vulnerabilities were discovered in mailx, the worst of which may allow a remote attacker to execute arbitrary commands.

Gentoo: GLSA-201804-05: ISC DHCP: Multiple vulnerabilities

Sunday 8th of April 2018 04:47:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been found in ISC DHCP, the worst of which could allow for the remote execution of arbitrary code.

Gentoo: GLSA-201804-03: Poppler: Multiple vulnerabilities]

Sunday 8th of April 2018 03:28:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been found in Poppler, the worst of which could allow a Denial of Service.

Gentoo: GLSA-201804-04: cURL: Multiple vulnerabilities

Sunday 8th of April 2018 02:30:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition.

Fedora 28: libofx Security Update

Saturday 7th of April 2018 10:16:00 PM
LinuxSecurity.com: This update fixes assorted CVEs in LibOFX.

Debian LTS: DLA-1341-1: sdl-image1.2 security update

Saturday 7th of April 2018 12:29:00 AM
LinuxSecurity.com: Lilith of Cisco Talos discovered several buffer overflow vulnerabilities in the SDL Image library which can be leveraged by attackers to execute arbitrary code via specially crafted image files.

Slackware: 2018-096-01: patch Security Update

Saturday 7th of April 2018 12:25:00 AM
LinuxSecurity.com: New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

Debian LTS: DLA-1340-1: sam2p security update

Saturday 7th of April 2018 12:13:00 AM
LinuxSecurity.com: Multiple invalid frees and buffer-overflow vulnerabilities were discovered in sam2p, a utility to convert raster images and other image formats, that may lead to a denial-of-service (application crash) or unspecified other impact.

Fedora 27: koji Security Update

Friday 6th of April 2018 03:04:00 PM
LinuxSecurity.com: Fixes for CVE-2018-1002150.

More in Tux Machines

today's howtos

Graphics: VC4 and AMDVLK Driver

  • VC4 display, VC5 kernel submitted
    For VC5, I renamed the kernel driver to “v3d” and submitted it to the kernel. Daniel Vetter came back right away with a bunch of useful feedback, and next week I’m resolving that feedback and continuing to work on the GMP support. On the vc4 front, I did the investigation of the HDL to determine that the OLED matrix applies before the gamma tables, so we can expose it in the DRM for Android’s color correction. Stefan was also interested in reworking his fencing patches to use syncobjs, so hopefully we can merge those and get DRM HWC support in mainline soon. I also pushed Gustavo’s patch for using the new core DRM infrastructure for async cursor updates. This doesn’t simplify our code much yet, but Boris has a series he’s working on that gets rid of a lot of custom vc4 display code by switching more code over to the new async support.
  • V3D DRM Driver Revised As It Works To Get Into The Mainline Kernel
    Eric Anholt of Broadcom has sent out his revised patches for the "V3D" DRM driver, which up until last week was known as the VC5 DRM driver. As explained last week, the VC5 driver components are being renamed to V3D since it ends up supporting more than just VC5 with Broadcom VC6 hardware already being supported too. Eric is making preparations to get this VideoCore driver into the mainline Linux kernel and he will then also rename the VC5 Gallium3D driver to V3D Gallium3D.
  • AMDVLK Driver Gets Fixed For Rise of the Tomb Raider Using Application Profiles
    With last week's release of Rise of the Tomb Raider on Linux ported by Feral Interactive, when it came to Radeon GPU support for this Vulkan-only Linux game port the Mesa RADV driver was supported while the official AMDVLK driver would lead to GPU hangs. That's now been fixed. With the latest AMDVLK/XGL source code as of today, the GPU hang issue for Rise of the Tomb Raider should now be resolved.

AMD Ryzen 7 2700X Linux Performance Boosted By Updated BIOS/AGESA

With last week's initial launch-day Linux benchmarks of the Ryzen 5 2600X / Ryzen 7 2700X some found the Linux performance to be lower than Windows. While the root cause is undetermined, a BIOS/AGESA update does appear to help the Linux performance significantly at least with the motherboard where I've been doing most of my tests with the Ryzen 7 2700X. Here are the latest benchmark numbers. Read more

GNU: The GNU C Library 2.28 and Guix on Android

  • Glibc 2.28 Upstream Will Build/Run Cleanly On GNU Hurd
    While Linux distributions are still migrating to Glibc 2.27, in the two months since the release changes have continued building up for what will eventually become the GNU C Library 2.28. The Glibc 2.28 work queued thus far isn't nearly as exciting as all the performance optimizations and more introduced with Glibc 2.27, but it's a start. Most notable at this point for Glibc 2.28 is that it will now build and run cleanly on GNU/Hurd without requiring any out-of-tree patches. There has been a ton of Hurd-related commits to Glibc over the past month.
  • Guix on Android!
    Last year I thought to myself: since my phone is just a computer running an operating system called Android (or Replicant!), and that Android is based on a Linux kernel, it's just another foreign distribution I could install GNU Guix on, right? It turned out it was absolutely the case. Today I was reminded on IRC of my attempt last year at installing GNU Guix on my phone. Hence this blog post. I'll try to give you all the knowledge and commands required to install it on your own Android device.
  • GNU Guix Wrangled To Run On Android
    The GNU Guix transactional package manager can be made to run on Android smartphones/tablets, but not without lots of hoops to jump through first.