Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 1 hour 8 min ago

Fedora 29: kdelibs3 FEDORA-2019-9f2ee52c88

7 hours 36 min ago
This update fixes **CVE-2019-14744 (kconfig arbitrary shell code execution)** in the KDE 3 compatibility version of kdelibs used by legacy KDE 3 applications. The full list of fixes in this `kdelibs3` build: * fixes **CVE-2019-14744** - `kconfig`: malicious `.desktop` files (and others) would execute code. KConfig had a well-meaning feature that allowed configuration files to execute arbitrary

Fedora 29: mgetty FEDORA-2019-732b5488c2

7 hours 37 min ago
Security fix for CVE-2019-1010189

Fedora 30: kdelibs3 FEDORA-2019-f9f78895c3

9 hours 3 min ago
This update fixes **CVE-2019-14744 (kconfig arbitrary shell code execution)** in the KDE 3 compatibility version of kdelibs used by legacy KDE 3 applications. The full list of fixes in this `kdelibs3` build: * fixes **CVE-2019-14744** - `kconfig`: malicious `.desktop` files (and others) would execute code. KConfig had a well-meaning feature that allowed configuration files to execute arbitrary

Fedora 30: gradle FEDORA-2019-1b6383acdd

9 hours 3 min ago
Resolves CVE-2019-11065.

Fedora 30: hostapd FEDORA-2019-97e9040197

9 hours 3 min ago
Update to version 2.9 from upstream Security fix for CVE-2019-13377

Debian LTS: DLA-1891-1: openldap security update

9 hours 18 min ago
Several security vulnerabilities were discovered in openldap, a server and tools to provide a standalone directory service. CVE-2019-13057

Debian LTS: DLA-1890-1: kde4libs security update

9 hours 28 min ago
Dominik Penner discovered a flaw in how KConfig interpreted shell commands in desktop files and other configuration files. An attacker may trick users into installing specially crafted files which could then be used to execute arbitrary code, e.g. a file manager trying to find out

Debian: DSA-4503-1: golang-1.11 security update

15 hours 41 min ago
Three vulnerabilities have been discovered in the Go programming language; "net/url" accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service.

openSUSE: 2019:1928-1: important: chromium

18 hours 16 min ago
An update that fixes two vulnerabilities is now available.

openSUSE: 2019:1929-1: moderate: LibreOffice

18 hours 20 min ago
An update that solves one vulnerability and has 11 fixes is now available.

openSUSE: 2019:1931-1: important: chromium

18 hours 28 min ago
An update that fixes two vulnerabilities is now available.

openSUSE: 2019:1927-1: moderate: zypper, libzypp and libsolv

18 hours 54 min ago
An update that solves three vulnerabilities and has 41 fixes is now available.

Mageia 2019-0226: redis security update

19 hours 25 min ago
This update fixes 2 security issues. A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure (CVE-2019-10192).

Mageia 2019-0225: postgresql security update

19 hours 25 min ago
Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function

Mageia 2019-0224: mariadb security update

19 hours 25 min ago
Updated mariadb packages fix security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise mariadb server. Successful attacks of this vulnerability can result in unauthorized

Mageia 2019-0223: mythtv security update

19 hours 25 min ago
This update provides and update to mythtv 30, and updates the bundled ffmpeg to 3.2. It also fixes atleast the following issue: The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion

Mageia 2019-0222: elfutils security update

19 hours 25 min ago
It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613,

Gentoo: GLSA-201908-25: hostapd and wpa_supplicant: Denial of Service

Saturday 17th of August 2019 10:31:52 PM
A vulnerability in hostapd and wpa_supplicant could lead to a Denial of Service condition.

Gentoo: GLSA-201908-24: MariaDB, MySQL: Multiple vulnerabilities

Saturday 17th of August 2019 10:29:44 PM
Multiple vulnerabilities have been found in MariaDB and MySQL, the worst of which could result in privilege escalation.

Gentoo: GLSA-201908-23: VLC: Multiple vulnerabilities

Saturday 17th of August 2019 10:27:15 PM
Multiple vulnerabilities have been found in VLC, the worst of which could result in the arbitrary execution of code.

More in Tux Machines

Manjaro 18.0.4 Illyria Xfce review - Nice but somewhat crude

Overall, Manjaro 18.0.4 Illyria Xfce is a decent distro. It has lots of good and unique points. Network, media and phone support is good. You get a colorful repertoire of high-quality programs, the performance and battery life are excellent, and the desktop is fairly pretty. The system was also quite robust and stable. But then, there were issues - including inconsistent behavior compared to the Plasma crop. The installation can be a bit friendlier (as Plasma one does). The package management remains the Achilles' Heel of this distro. Having too many frontends is confusing, and none of them do a great job. The messages on dependencies, the need for AUR (if you want fancy stuff), and such all create unnecessary confusing. There were also tons of visual papercuts, and I struggled getting things in order. All in all, Manjaro is getting better all the time, but it is still too geeky for the common person, as it breaks the fourth wall of nerdiness too often. 7/10, and I hope it can sort itself out and continue to deliver the unique, fun stuff that gets sidelined by the rough edges. Read more

Top 10 Best Open Source Speech Recognition Tools for Linux

Speech is a popular and smart method in modern time to make interaction with electronic devices. As we know, there are many open source speech recognition tools available on different platforms. From the beginning of this technology, it has been improved simultaneously in understanding the human voice. This is the reason; it has now engaged a lot of professionals than before. The technical advancement is strong enough to make it more clear to the common people. Read more

Slackware, the Longest Active Linux Distro, Finally Has a Patreon Page

"Slackware is the longest active Linux distribution project, founded in 1993," writes TheBAFH (Slashdot reader #68,624). "Today there are many Linux distributions available, but I've remained dedicated to this project as I believe it still holds an important place in the Linux ecosystem," writes Patrick J. Volkerding on a new Patreon page. He adds that Slackware's users "know that Slackware can be trusted not to constantly change the way things work, so that your investment in learning Slackware lasts longer than it would with a system that's a moving target... Your support is greatly appreciated, and will make it possible for me to continue to maintain this project." Read more

See Ubuntu Desktop Running on a Samsung Galaxy S10

I might have written about its availability a few times, but until today I had never actually seen Ubuntu 16.04 LTS running on a Samsung smartphone. Don’t panic, you haven’t missed any major announcements and Samsung hasn’t started to sell phones with Ubuntu pre-loaded. I’m instead referring to the “Linux on DeX” development experience. DeX is nifty bit of software tech that lets (select) Samsung devices running Android drive a more traditional “desktop” experience when connected to an external monitor, keyboard and mouse. “Turn your Galaxy devices into a PC-like experience with a single cable,” Samsung say. Additionally, ‘Linux on DeX’ is an Android app that’s only available as part of DeX. It lets users download and run a full desktop Linux experience using container technology on any supported Samsung Galaxy smartphone or tablet. Read more