Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
LinuxSecurity.com is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Updated: 3 hours 33 min ago

ArchLinux: 201902-20: flatpak: privilege escalation

Monday 18th of February 2019 11:05:00 AM
The package flatpak before version 1.2.3-1 is vulnerable to privilege escalation.

ArchLinux: 201902-19: cairo: arbitrary code execution

Monday 18th of February 2019 11:04:00 AM
The package cairo before version 1.16.0-2 is vulnerable to arbitrary code execution.

ArchLinux: 201902-18: hiawatha: directory traversal

Monday 18th of February 2019 11:02:00 AM
The package hiawatha before version 10.8.4-1 is vulnerable to directory traversal.

ArchLinux: 201902-17: webkit2gtk: arbitrary code execution

Monday 18th of February 2019 10:59:00 AM
The package webkit2gtk before version 2.22.6-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-16: firefox: multiple issues

Monday 18th of February 2019 10:58:00 AM
The package firefox before version 65.0.1-1 is vulnerable to multiple issues including arbitrary code execution and same-origin policy bypass.

ArchLinux: 201902-15: python2-django: denial of service

Wednesday 13th of February 2019 12:16:00 AM
The package python2-django before version 1.11.19-1 is vulnerable to denial of service.

ArchLinux: 201902-14: python-django: denial of service

Wednesday 13th of February 2019 12:14:00 AM
The package python-django before version 2.1.6-1 is vulnerable to denial of service.

ArchLinux: 201902-12: lib32-libcurl-compat: arbitrary code execution

Tuesday 12th of February 2019 11:53:00 PM
The package lib32-libcurl-compat before version 7.64.0-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-13: lib32-curl: arbitrary code execution

Tuesday 12th of February 2019 11:53:00 PM
The package lib32-curl before version 7.64.0-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-11: lib32-libcurl-gnutls: arbitrary code execution

Tuesday 12th of February 2019 11:52:00 PM
The package lib32-libcurl-gnutls before version 7.64.0-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-10: libcurl-gnutls: arbitrary code execution

Tuesday 12th of February 2019 11:51:00 PM
The package libcurl-gnutls before version 7.64.0-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-9: curl: arbitrary code execution

Tuesday 12th of February 2019 11:50:00 PM
The package curl before version 7.64.0-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-8: aubio: denial of service

Tuesday 12th of February 2019 06:46:00 PM
The package aubio before version 0.4.9-1 is vulnerable to denial of service.

ArchLinux: 201902-7: libu2f-host: arbitrary code execution

Tuesday 12th of February 2019 06:45:00 PM
The package libu2f-host before version 1.1.7-1 is vulnerable to arbitrary code execution.

ArchLinux: 201902-6: runc: privilege escalation

Tuesday 12th of February 2019 06:43:00 PM
The package runc before version 1.0.0rc6-1 is vulnerable to privilege escalation.

ArchLinux: 201902-5: rdesktop: multiple issues

Tuesday 12th of February 2019 06:41:00 PM
The package rdesktop before version 1.8.4-1 is vulnerable to multiple issues including arbitrary code execution, denial of service and information disclosure.

ArchLinux: 201902-4: spice: arbitrary code execution

Tuesday 12th of February 2019 01:13:00 AM
The package spice before version 0.14.0-3 is vulnerable to arbitrary code execution.

ArchLinux: 201902-3: chromium: multiple issues

Tuesday 12th of February 2019 01:12:00 AM
The package chromium before version 72.0.3626.81-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, content spoofing and insufficient validation.

ArchLinux: 201902-2: firefox: multiple issues

Monday 11th of February 2019 05:05:00 PM
The package firefox before version 65.0-1 is vulnerable to multiple issues including arbitrary code execution, privilege escalation and access restriction bypass.

ArchLinux: 201902-1: dovecot: authentication bypass

Monday 11th of February 2019 05:04:00 PM
The package dovecot before version 2.3.4.1-1 is vulnerable to authentication bypass.

More in Tux Machines

GNU/Linux Security Leftovers

  • Major 9.8 vulnerability affects multiple Linux kernels— CVE-2019-8912 (af_alg_release())
    Our assessment is that the cause is this commit, the introduction of a "sockfs_setattr()" function. This function neglects to null-out values in a structure, making their values usable after exiting from the function (a so-called ‘use-after-free’ error).
  • Linux use-after-free vulnerability found in Linux 2.6 through 4.20.11
    Last week, a Huawei engineer reported a vulnerability present in the early Linux 2.6 kernels through version 4.20.11. The Kernel Address Sanitizer (KASAN) that detects dynamic memory errors within the Linux kernel code was used to uncover the use-after-free vulnerability which was present since early Linux versions. The use-after-free issue was found in the networking subsystem’s sockfs code and could lead to arbitrary code execution as a result.
  • Taking Care of Your Personal Online Security (For Paranoids)
    So, use Linux, and preferably coreboot or Libreboot (open source BIOS). You can buy hardware based on the recommendations of well-known and respected (still a bit paranoid) cypherpunk Richard Stallman.
  • Why do PAM projects fail? Tales from the trenches
    Privileged accounts hold the keys to highly sensitive company information and once these credentials are targeted, they can easily lead to a breach of a company’s most valuable assets; from databases to social media and unstructured data. Most enterprises have implemented some form of Privileged Access Management (PAM), but many find these initiatives fail to live up to expectations. Below are some common reasons why a PAM project might fail to meet the initial expectations; coupled with practical insights on how to prevent it from becoming a dud.
  • Sailfish OS: Security and Data Privacy
    Mobile World Congress is back again! Like every single year during the Jolla journey, we are excited to take part in this event. We have had great experiences in the past MWC’s, our main drivers for attending are the current and relevant topics discussed during the congress. One of this year’s core themes is Digital Trust; “Digital trust analyses the growing responsibilities required to create the right balance with consumers, governments and regulators.” It makes us happy that these topics are being discussed, especially since several scandals have recently affected trust in digital solutions. At Jolla we work constantly towards providing a secure and transparent solution. Our value towards our customer’s privacy is reflected in our values and actions. Back in May of 2018 our CEO Sami Pienimäki wrote a blog post on the GDPR laws passed within the European Union and stated the cornerstones on how Jolla views data privacy. This stand on privacy is not rocket science – the core idea is to respect our customers’ privacy and allow them to be in control of their data.
  • Security updates for Friday
  • Which is More Secure: Windows, Linux, or macOS? [Ed: security is not an OS feature but a separate product, insists company that sells "security" as a proprietar ysoftware product]

Games: BATTLETECH, Tesla vs Lovecraft and More

Linux Foundation, Linux 5.0 and Linux 5.1

  • Certified danger
    I suspected Linux Foundation went to the dark side when they started strange deals with Microsoft. But I'm pretty sure they went to dark side now.
  • The Most Interesting Highlights To The Linux 5.0 Kernel
    With the Linux 5.0 kernel due out within the next week or two, here's a look back at the biggest end-user facing changes for this kernel release that started out as Linux 4.21.
  • AMDGPU Squeezes In Revised Context Priority Handling For Linux 5.1
    With the Linux 5.1 kernel cycle soon to kick-off, an early batch of fixes for the AMDGPU DRM driver and other fixes were sent in on Thursday to queue along with all of the new functionality being staged in DRM-Next. There's a lot of DRM improvements and throughout all the kernel subsystems of new material queuing up for Linux 5.1. On the AMDGPU side there is AMDGPU DC seamless boot bits, PCI Express bandwidth utilization is now exported to user-space, Vega power management updates, DCC support for scanout surfaces, better page-flipping in DC, and various Vega 20 fixes.

Videos: Manjaro 18.0.3 Cinnamon, Bash Commands and FLOSS Weekly With ClearlyDefined

  • Manjaro 18.0.3 Cinnamon Run Through
    In this video, we look at Manjaro 18.0.3 Cinnamon.
  • JC’s Favorite BASH Commands
    We chill and look at some cool commands for the BASH terminal and scripts.
  • FLOSS Weekly 518: Clearly Defined
    Carol Smith is the program manager for ClearlyDefined, a project under the Open Source Initiative. ClearlyDefined is an open source project to crowd-source the gathering, curation, and upstreaming of licensing and security (and more) data about free and open source projects.