Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 8 hours 6 min ago

Debian: DSA-4117-1: gcc-4.9 security update

Saturday 17th of February 2018 02:36:00 PM
LinuxSecurity.com: This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. For the oldstable distribution (jessie), this problem has been fixed

Debian: DSA-4118-1: tomcat-native security update

Saturday 17th of February 2018 01:58:00 PM
LinuxSecurity.com: Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime (APR) library's network connection (socket) implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field

Debian LTS: DLA-1286-1: quagga security update

Friday 16th of February 2018 11:32:00 PM
LinuxSecurity.com: Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues:

Debian: DSA-4116-1: plasma-workspace security update

Friday 16th of February 2018 09:46:00 PM
LinuxSecurity.com: Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is

Debian LTS: DLA-1285-1: bind9 security update

Friday 16th of February 2018 09:33:00 PM
LinuxSecurity.com: BIND, a DNS server implementation, was found to be vulnerable to a denial of service flaw was found in the handling of DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an

ArchLinux: 201802-8: irssi: multiple issues

Friday 16th of February 2018 06:39:00 PM
LinuxSecurity.com: The package irssi before version 1.1.1-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service.

SUSE: 2018:0464-1: important: p7zip

Friday 16th of February 2018 06:08:00 PM
LinuxSecurity.com: An update that solves three vulnerabilities and has one errata is now available.

openSUSE: 2018:0459-1: important: xen

Friday 16th of February 2018 12:12:00 PM
LinuxSecurity.com: An update that solves 10 vulnerabilities and has three fixes is now available.

openSUSE: 2018:0458-1: important: openssl-steam

Friday 16th of February 2018 12:07:00 PM
LinuxSecurity.com: An update that solves 16 vulnerabilities and has 12 fixes is now available.

SUSE: 2018:0457-1: important: quagga

Friday 16th of February 2018 09:08:00 AM
LinuxSecurity.com: An update that fixes 6 vulnerabilities is now available.

SUSE: 2018:0456-1: important: quagga

Friday 16th of February 2018 06:10:00 AM
LinuxSecurity.com: An update that fixes 5 vulnerabilities is now available.

SUSE: 2018:0455-1: important: quagga

Friday 16th of February 2018 06:08:00 AM
LinuxSecurity.com: An update that fixes 6 vulnerabilities is now available.

Slackware: 2018-046-01: irssi Security Update

Friday 16th of February 2018 05:02:00 AM
LinuxSecurity.com: New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

Ubuntu 3573-1: Quagga vulnerabilities

Friday 16th of February 2018 12:36:00 AM
LinuxSecurity.com: Several security issues were fixed in Quagga.

Debian: DSA-4115-1: quagga security update

Thursday 15th of February 2018 10:25:00 PM
LinuxSecurity.com: Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues:

openSUSE: 2018:0454-1: important: chromium

Thursday 15th of February 2018 09:08:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

openSUSE: 2018:0453-1: important: chromium

Thursday 15th of February 2018 09:08:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

Debian LTS: DLA-1283-1: python-crypto security update

Thursday 15th of February 2018 06:36:00 PM
LinuxSecurity.com: python-crypto generated weak ElGamal key parameters, which allowed attackers to obtain sensitive information by reading ciphertext data (i.e., it did not have semantic security in face of a ciphertext-only attack).

SUSE: 2018:0451-1: important: glibc

Thursday 15th of February 2018 06:10:00 PM
LinuxSecurity.com: An update that fixes 5 vulnerabilities is now available.

Debian LTS: DLA-1284-1: leptonlib security update

Thursday 15th of February 2018 03:08:00 PM
LinuxSecurity.com: Talosintelligence discovered a command injection vulnerability in the gplotMakeOutput function of leptonlib. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary

More in Tux Machines

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see. Read more

Today in Techrights

Android Leftovers

today's leftovers

  • MX Linux Review of MX-17 – For The Record
    MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.
  • Samsung Halts Android 8.0 Oreo Rollouts for Galaxy S8 Due to Unexpected Reboots
    Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users. SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.
  • Xen Project Contributor Spotlight: Kevin Tian
    The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.
  • Initial Intel Icelake Support Lands In Mesa OpenGL Driver, Vulkan Support Started
    A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.
  • LunarG's Vulkan Layer Factory Aims To Make Writing Vulkan Layers Easier
    Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory. The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.