Language Selection

English French German Italian Portuguese Spanish Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 6 hours 37 min ago

Debian LTS: DLA-1551-1: exiv2 security update

Sunday 21st of October 2018 04:39:00 AM A vulnerability has been discovered in exiv2 (CVE-2018-16336), a C++ library and a command line utility to manage image metadata, resulting in remote denial of service (heap-based buffer over-read/overflow) via

Mageia 2018-0409: libtiff security update

Saturday 20th of October 2018 03:56:00 PM Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file (CVE-2016-5319). In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function

Mageia 2018-0408: ghostscript security update

Friday 19th of October 2018 08:37:00 PM Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox. (CVE-2018-17961) Saved execution stacks can leak operator arrays. (CVE-2018-18073)

Mageia 2018-0406: clamav security update

Friday 19th of October 2018 08:01:00 PM The updated clamav packages fix a security vulnerability: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device (CVE-2018-15378).

Mageia 2018-0407: rust security update

Friday 19th of October 2018 08:01:00 PM Updated rust packages fix security vulnerability The Rust Programming Language Standard Library before version 1.29.1 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in the standard library that can result in buffer overflow. This attack

[updates-announce] MGASA-2018-0405: Updated glib2.0 packages fix security vulnerabilities

Friday 19th of October 2018 08:01:00 PM The updated glib2.0 packages fix security vulnerabilities: In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference (CVE-2018-16428).

[updates-announce] MGASA-2018-0404: Updated 389-ds-base packages fix security vulnerabilities

Friday 19th of October 2018 08:01:00 PM Updated 389-ds-base package fixes security vulnerabilities: a race condition on reference counter leads to DoS using persistent search (CVE-2018-10850)

Mageia 2018-0400: vlc security update

Friday 19th of October 2018 08:01:00 PM This update provides vlc 3.0.4 and fixes atleast the following security issue: A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media

Mageia 2018-0402: mgetty security update

Friday 19th of October 2018 08:01:00 PM Updated mgetty packages fix security vulnerabilities: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (CVE-2018-16741).

[updates-announce] MGASA-2018-0403: Updated php-smarty packages fix security vulnerability

Friday 19th of October 2018 08:01:00 PM Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files (CVE-2018-13982).

Mageia 2018-0401: tcpflow security update

Friday 19th of October 2018 08:01:00 PM pdated tcpflow package fixes security vulnerability: An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause

Mageia 2018-0399: calibre security update

Friday 19th of October 2018 08:01:00 PM Updated calibre package fixes security vulnerability: gui2/viewer/ in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that

Mageia 2018-0398: docker security update

Friday 19th of October 2018 08:01:00 PM Updated docker packages fix security vulnerabilities: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing (CVE-2017-14992).

openSUSE: 2018:3258-1: moderate: icinga

Friday 19th of October 2018 06:40:00 PM An update that fixes four vulnerabilities is now available.

openSUSE: 2018:3245-1: important: libssh

Friday 19th of October 2018 06:22:00 PM An update that fixes one vulnerability is now available.

ArchLinux: 201810-13: thunderbird: multiple issues

Friday 19th of October 2018 05:56:00 PM The package thunderbird before version 60.2.1-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

Debian LTS: DLA-1550-1: drupal7 security update

Friday 19th of October 2018 02:57:00 PM It was discovered that there was a remote code execution and an external URL injection vulnerability in the Drupal content management framework.

openSUSE: 2018:3235-1: moderate: java-11-openjdk

Friday 19th of October 2018 12:10:00 AM An update that solves 8 vulnerabilities and has one errata is now available.

Debian: DSA-4323-1: drupal7 security update

Thursday 18th of October 2018 09:05:00 PM Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution or an open redirect. For additional information, please refer to the upstream advisory at

openSUSE: 2018:3225-1: moderate: ImageMagick

Thursday 18th of October 2018 07:26:00 PM An update that fixes 7 vulnerabilities is now available.

More in Tux Machines

today's howtos

Licensing in Kate and Other KDE News/Changes

  • MIT licensed KSyntaxHighlighting usage
    With the KDE Frameworks 5.50 release, the KSyntaxHighlighting framework was re-licensed to the MIT license. This re-licensing only covers the actual code in the library and the bundled themes but not all of the syntax highlighting definition data files. One of the main motivation points was to get QtCreator to use this, if possible, instead of their own implementation of the Kate highlighting they needed to create in the past due to the incompatible licensing of KatePart at that time (and the impossibility to do a quick split/re-licensing of the parts in question).
  • This week in Usability & Productivity, part 41
  • KDE Will Now Set Scale Factor For GTK Apps, Plasma Gets Other Scaling & UI Polishing Too
    KDE developer Nate Graham is out with his weekly recap of interesting development activities impacting Plasma, Frameworks, and the Applications stack. When the display scaling factor for KDE is set to an integer, KDE will now export that as well to the GNOME/GTK environment variables of GDK_SCALE/GDK_DPI_SCALE, for helping out GTK applications running on the KDE desktop so they should still scale appropriately. The Wayland behavior was already correct while this should help out GTK X11 applications. The GNOME/GTK scaling though only supports scaling by integer numbers.

Graphics: NVIDIA, Kazan, Sway and Panfrost

  • NVIDIA Developers Express Interest In Helping Out libc++/libstdc++ Parallel Algorithms
    NVIDIA developers have expressed interest in helping the open-source GCC libstdc++ and LLVM Clang libc++ standard libraries in bringing up support for the standardized parallel algorithms. C++17 brings parallelized versions for some of the algorithms exposed by the C++ standard library, but sadly GCC's libstdc++ and LLVM's libc++ do not yet support these parallel algorithms while the rest of their C++17 support is in great shape. Going back over a year Intel has been interested in contributing parallel support code to these C++ standard libraries that could be shared by both projects. The Intel path builds in abstractions for supporting different underlying thread/parallelism APIs.
  • The Rust-Written Kazan Vulkan Driver Lights Up Its Shader Compiler
    This week the Kazan project (formerly known as "Vulkan-CPU") celebrated a small but important milestone in its trek to having a CPU-based Vulkan software implementation. As a refresher, Kazan is the project born as Vulkan-CPU during the 2017 Google Summer of Code. The work was started by student developer Jacob Lifshay and he made good progress last summer on the foundation of the project and continued contributing past the conclusion of that Google-funded program. By the end of the summer he was able to run some simple Vulkan compute tests. He also renamed Vulkan-CPU to Kazan (Japanese for "volcano").
  • Sway 1.0 Beta Released - Offers 100% Compatibility With i3 Window Manager
    The Sway Wayland compositor inspired by X11's i3 window manager is now up to its beta ahead of the big 1.0 release. Sway 1.0 Beta offers "100%" compatibility with the i3 window manager. The Sway 1.0 release has also been working on many other changes including improved window handling, multi-GPU support, virtual keyboard protocol, real-time video capture, tablet support, and many other changes.
  • Panfrost Open-Source GPU Driver Continues Advancing For Mali GPUs
    The Panfrost open-source, community-driven, reverse-engineered graphics driver for ARM Mali graphics processors continues panning out pretty well. Alyssa Rosenzweig has provided an update this weekend on the state of Panfrost for open-source Mali 3D support. The developers involved have been working out some texture issues, various OpenGL / GLES issues around GLMark2, and support now for running Wayland's Weston reference compositor.

Android Leftovers