Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 7 min 16 sec ago

SUSE: 2022:1842-1 moderate: redis

5 hours 49 min ago
An update that fixes two vulnerabilities is now available.

Debian LTS: DLA-3022-1: dpkg security update

8 hours 18 min ago
Max Justicz reported a directory traversal vulnerability in Dpkg::Source::Archive in dpkg, the Debian package management system. This affects extracting untrusted source packages in the v2 and v3 source package formats that include a debian.tar.

Debian: DSA-5147-1: dpkg security update

8 hours 33 min ago
Max Justicz reported a directory traversal vulnerability in Dpkg::Source::Archive in dpkg, the Debian package management system. This affects extracting untrusted source packages in the v2 and v3 source package formats that include a debian.tar.

SUSE: 2022:1836-1 important: pcre2

8 hours 46 min ago
An update that fixes one vulnerability is now available.

SUSE: 2022:1840-1 moderate: kernel-firmware

8 hours 48 min ago
An update that fixes 15 vulnerabilities is now available.

Oracle7: ELSA-2022-4730: thunderbird Critical Security Update

9 hours 16 min ago
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

SciLinux: SLSA-2022-4729-1 Critical: firefox on SL7.x x86_64>

11 hours 16 min ago
This update upgrades Firefox to version 91.9.1 ESR. * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529) * Mozilla: Prototype pollution in Top-Level Await implementation (CVE-2022-1802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 [More...]

SciLinux: SLSA-2022-4730-1 Critical: thunderbird on SL7.x x86_64>

11 hours 17 min ago
This update upgrades Thunderbird to version 91.9.1. * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529) * Mozilla: Prototype pollution in Top-Level Await implementation (CVE-2022-1802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 [More...]

SUSE: 2022:1835-1 important: postgresql13>

11 hours 49 min ago
An update that fixes one vulnerability is now available.

SUSE: 2022:1163-1 bci/golang Security Update>

Wednesday 25th of May 2022 06:53:47 AM
The container bci/golang was updated. The following patches have been included in this update:

SUSE: 2022:1162-1 suse/sle15 Security Update>

Wednesday 25th of May 2022 06:52:13 AM
The container suse/sle15 was updated. The following patches have been included in this update:

SUSE: 2022:1161-1 suse/sle15 Security Update>

Wednesday 25th of May 2022 06:28:22 AM
The container suse/sle15 was updated. The following patches have been included in this update:

SUSE: 2022:1160-1 suse/sles12sp5 Security Update>

Wednesday 25th of May 2022 05:58:55 AM
The container suse/sles12sp5 was updated. The following patches have been included in this update:

SUSE: 2022:1159-1 suse/sles12sp4 Security Update>

Wednesday 25th of May 2022 05:45:10 AM
The container suse/sles12sp4 was updated. The following patches have been included in this update:

SUSE: 2022:1158-1 suse/sles12sp3 Security Update>

Wednesday 25th of May 2022 05:28:00 AM
The container suse/sles12sp3 was updated. The following patches have been included in this update:

Fedora 34: plib 2022-1cf3c9578f>

Tuesday 24th of May 2022 09:28:52 PM
Security fix for CVE-2021-38714

Fedora 35: plib 2022-bcc0df5180>

Tuesday 24th of May 2022 09:24:30 PM
Security fix for CVE-2021-38714

Fedora 35: plantuml 2022-fda9f1f7bd>

Tuesday 24th of May 2022 09:24:28 PM
Security fix for CVE-2022-1379

Fedora 36: plantuml 2022-e6c09a89eb>

Tuesday 24th of May 2022 09:05:06 PM
Security fix for CVE-2022-1379

Fedora 36: plib 2022-08022e9452>

Tuesday 24th of May 2022 09:05:05 PM
Security fix for CVE-2021-38714

More in Tux Machines

Qt Programming Leftovers

Ubuntu: Pearl Linux OS Reaches Version 11, ROS 2 Humble Hawksbill, Best Linux Desktop Environment for Ubuntu 22.04 LTS

  • New release of the Ubuntu-based Pearl, 11

    Pearl Linux OS has been available for free download since 12/2014 with our first release simply titled Pearl Linux. It was based on the 14.04 released version of Ubuntu. That release was using the XFCE desktop environment. Since then we now offer the MATE, GNOME, LXDE and soon to come our own DE PearlDE which will be a mix of LXDE and XFCE4 desktops. As of the latest release Pearl OS 3.0 we are now maintaining our own repository on site. Also all tho far from ready, we are working on the new website. The forum ain't pretty but it is up and running for ya all to post any questions you may have.

  • Package is “set to manually installed”? What does it Mean?

    Noticed a "package set to manually installed" message in Ubuntu? Here's what it means and why you see it for some packages only.

  • New ROS2 release Humble Hawksbill - The Robot Report

    Humble Hawksbill is a long-term support (LTS) release that will be supported until May 2027. It is the first ROS 2 release on Ubuntu 22.04

  • ROS 2 Humble security, a tour of the new and improved features | Ubuntu

    We’re excited about the recent release of ROS 2 Humble Hawksbill, a Long Term Support (LTS) distro, supported for the next five years. ROS 2 releases come out on every even-numbered year together with the LTS release of Ubuntu, this time with Ubuntu 22.04 (Jammy Jellyfish). Earlier this week, we shared a step-by-step guide to install ROS 2 Humble in Ubuntu 20.04 or 18.04 using LXD containers, that will allow you to easily install it on your current Ubuntu station. So, take a few minutes to check that out as well!

  • Best Linux Desktop Environment For Ubuntu 22.04 LTS | Itsubuntu.com

    Best Linux Desktop Environment For Ubuntu 22.04 LTS Ubuntu 22.04 LTS is the latest stable version of Ubuntu. You can find plenty of new features and improvements in the latest version of Ubuntu. Ubuntu 22.04 LTS is powered by GNOME 3.36. Gnome is the default desktop environment in Ubuntu. Meanwhile, there are lots of desktop environments available for Linux-based operating systems. In this post, we are going to list the best Linux desktop environment for Ubuntu 22.04 LTS.

Red Hat Leftovers

  • Eat up fewer resources in Cryostat 2.1 with sidecar reports

    Cryostat is a tool for managing JDK Flight Recorder data on Kubernetes. Version 2.1 of Cryostat introduces the option of using a sidecar reports container to generate automated analysis reports for JDK flight recordings. Previously, the main Cryostat container handled the report generation. Report generation is a resource-intensive operation, and as a result, users may find themselves overprovisioning the Cryostat container to meet peak resource demands. Those resources may in turn end up unused if you're not generating reports. With this new option to delegate report generation to a sidecar container, users will find it easier to provision resources more efficiently. When report generation is not a concern, the main Cryostat container, including its web server and various lightweight operations over HTTP and JMX, has only a small resource footprint. Based on their report generation workflow, users can provision resources to the sidecar reports container accordingly and spin up any number of replicas of that container.

  • Cockpit 270

    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from Cockpit 270, cockpit-machines 269, and cockpit-podman 48...

  • Digital transformation: 5 reality checks before you take the plunge

    Digital transformation (DX) can mean just about anything and everything in the business and technology spectrum. Starting with the transition from analog to digital, the term has evolved to refer to the adoption of social and mobile technologies and more recently, to the implementation of any of a plethora of digital technologies. With so much focus on digital, enterprises risk losing sight of what really matters: the actual transformation.

  • 6 tips for effective meetings in a hybrid work environment

    The pandemic has changed meeting culture forever. Zoom has become a verb and a household name. While online meetings were always part of business life, the pandemic and its aftermath made them an essential part of doing business for the foreseeable future. With distributed workforces now standard, doing online meetings “right” is more important than ever. After hosting and attending thousands of meetings in my many stints at companies large and small, I’ve become an expert on what it takes to have a productive meeting. Here are some key dos and don’ts and some tips and tricks for making online and hybrid meetings more effective.

Security Leftovers

  • Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes - Check Point Research [Ed: Microsoft Windows TCO]

    In the past two months, we observed multiple APT groups attempting to leverage the Russia and Ukraine war as a lure for espionage operations. It comes as no surprise that Russian entities themselves became an attractive target for spear-phishing campaigns that are exploiting the sanctions imposed on Russia by western countries. These sanctions have put enormous pressure on the Russian economy, and specifically on organizations in multiple Russian industries. [...] The malware creates a working directory %TEMP%\\OfficeInit and copies to it INIT and cmpbk32.dll files, as well as a legitimate 32-bit Windows executable cmdl32.exe from either System32 or SysWOW64 folder, depending on if the operating system is 32 or 64 bit.

  • Sandworm uses a new version of ArguePatch to attack targets in Ukraine [Ed: Microsoft Windows TCO]

    Filename: eset_ssl_filtered_cert_importer.exe SHA-1 hash: 796362BD0304E305AD120576B6A8FB6721108752 ESET detection name: Win32/Agent.AEGY

  • Malicious Python Repository Package drops Cobalt Strike on Windows, macOS & Linux systems [Ed: It's not an OS issue; it's about people installing malicious software and greater threats are proprietary software's back doors]

    Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries seeking to distribute malware to a mass audience.

  • 747 Hackathon | Pen Test Partners

    As is probably clear from our blog and public talks aviation cyber security is an area of huge interest to us. Some of us are also light aircraft pilots, so the crossover of two of our loves makes for some fascinating research. Over the last few years we’ve managed to get access to several airplanes that have been recently retired. As the various breakers yards are backed up with planes retired during the pandemic, many fully functional planes are available that will never fly again. However, a big problem for us is that the planes get dismantled, often between visits. On several occasions we’ve gone to an airframe to figure out the on board systems, go back to the lab to prepare custom connectors and tools, then come back a month later to find out that it’s been taken apart into many many pieces.