Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 38 min 29 sec ago

Mageia 2021-0255: irssi security update>

Sunday 13th of June 2021 07:34:06 PM
The irssi packages are updated to irssi 1.2.3 to fix several issues among some security vulnerabilities: * memory handling issues * memory leaks * erroneous free * crashes / freezes

Mageia 2021-0254: wpa_supplicant, hostapd security update>

Sunday 13th of June 2021 07:34:05 PM
The wpa_supplicant and hostapd packages are updated to fix a forging attacks that may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004). References: - https://bugs.mageia.org/show_bug.cgi?id=29046

Mageia 2021-0253: slurm security update>

Sunday 13th of June 2021 07:34:04 PM
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling (CVE-2021-31215). References:

SUSE: 2021:538-1 suse-sles-15-sp2-chost-byos-v20210610-gen2 Security Update>

Sunday 13th of June 2021 03:55:10 AM
The container suse-sles-15-sp2-chost-byos-v20210610-gen2 was updated. The following patches have been included in this update:

Fedora 33: mingw-openjpeg2 2021-e145f477df>

Friday 11th of June 2021 09:20:08 PM
Add proposed patches for CVE-2021-29338 and a heap buffer overflow.

Fedora 33: openjpeg2 2021-e145f477df>

Friday 11th of June 2021 09:20:08 PM
Add proposed patches for CVE-2021-29338 and a heap buffer overflow.

Fedora 34: openjpeg2 2021-c1ac2ee5ee>

Friday 11th of June 2021 09:18:25 PM
Add proposed patches for CVE-2021-29338 and a heap buffer overflow.

Fedora 34: mingw-openjpeg2 2021-c1ac2ee5ee>

Friday 11th of June 2021 09:18:24 PM
Add proposed patches for CVE-2021-29338 and a heap buffer overflow.

ArchLinux: 202106-30: wireshark-cli: denial of service>

Friday 11th of June 2021 01:59:57 PM
The package wireshark-cli before version 3.4.6-1 is vulnerable to denial of service.

ArchLinux: 202106-29: kube-apiserver: insufficient validation>

Friday 11th of June 2021 01:59:49 PM
The package kube-apiserver before version 1.21.1-1 is vulnerable to insufficient validation.

ArchLinux: 202106-28: nettle: denial of service>

Friday 11th of June 2021 01:59:42 PM
The package nettle before version 3.7.3-1 is vulnerable to denial of service.

ArchLinux: 202106-27: isync: arbitrary code execution>

Friday 11th of June 2021 01:59:34 PM
The package isync before version 1.4.2-1 is vulnerable to arbitrary code execution.

ArchLinux: 202106-26: python-websockets: private key recovery>

Friday 11th of June 2021 01:59:26 PM
The package python-websockets before version 9.1-1 is vulnerable to private key recovery.

ArchLinux: 202106-25: python-urllib3: denial of service>

Friday 11th of June 2021 01:59:17 PM
The package python-urllib3 before version 1.26.5-1 is vulnerable to denial of service.

SUSE: 2021:536-1 sles-15-sp2-chost-byos-v20210610 Security Update>

Friday 11th of June 2021 11:35:08 AM
The container sles-15-sp2-chost-byos-v20210610 was updated. The following patches have been included in this update:

SUSE: 2021:537-1 suse-sles-15-sp2-chost-byos-v20210610-hvm-ssd-x86_64 Security Update>

Friday 11th of June 2021 11:33:01 AM
The container suse-sles-15-sp2-chost-byos-v20210610-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

Fedora 33: firefox 2021-7b03865dbc>

Thursday 10th of June 2021 09:20:30 PM
- Update to Firefox 89.0

Fedora 33: lasso 2021-508acb1153>

Thursday 10th of June 2021 09:20:08 PM
CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses

Fedora 33: mod_auth_openidc 2021-cc85f79f63>

Thursday 10th of June 2021 09:20:06 PM
1965325 - CVE-2021-20718 mod_auth_openidc: DoS in oidc_util_read_post_params() in util.c

Fedora 33: redis 2021-0ad4bec5b1>

Thursday 10th of June 2021 09:20:05 PM
**Redis 6.0.14** - Released Tue June 1 12:00:00 IST 2021 Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. MODERATE otherwise. Fix integer overflow in STRALGO LCS (**CVE-2021-32625**) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially

More in Tux Machines

Android Leftovers

GCC 11 Compiler Performance Benchmarks With Various Optimization Levels, LTO

Given the recent forum discussion stemming from the -O3 optimization level still too unsafe for the Linux kernel (in part due to older, buggy compilers) and some users wondering about the current -O2 versus -O3 compiler optimization level impact, here is a fresh round of reference benchmarks using GCC 11.1 on Fedora Workstation 33 looking at various optimization levels and optimizations tested on dozens of different application benchmarks to see the overall impact on performance. With the recent optimization level discussions and not having done any thorough optimization level comparison tests and link-time optimization (LTO) testing of the recently released GCC 11, here is this Monday article for those interested in compiler optimizations. Read more

today's leftovers

  • the end of freenode

    My first experience with IRC was in 1999. I was in middle school, and a friend of mine ordered a Slackware CD from Walnut Creek CDROM. This was Slackware 3.4, and contained the GNOME 1.x desktop environment on the disc, which came with the BitchX IRC client. At first, I didn’t really know what BitchX was, I just thought it was a cool program that displayed random ascii art, and then tried to connect to various servers. After a while, I found out that an IRC client allowed you to connect to an IRC network, and get help with Slackware. At that time, freenode didn’t exist. The Slackware IRC channel was on DALnet, and I started using DALnet to learn more about Slackware. Like most IRC newbies, it didn’t go so well: I got banned from #slackware in like 5 minutes or something. I pleaded for forgiveness, in the way redolent of a middle schooler. And eventually, I got unbanned and stuck around for a while. That was my first experience with IRC. [...] For a few years, all was well, until the end of July 2002, when DALnet started being the target of Distributed Denial of Service attacks. We would of course, later find out that these attacks were at the request of Jason Michael Downey (Nessun), who had just launched a competing IRC network called Rizon. [...] In early 2006, lilo launched his Spinhome project. Spinhome was a fundraising effort so that lilo could get a mobile home to replace the double-wide trailer he had been living in. Some people saw him trying to fundraise while being the owner of freenode as a conflict of interest, which lead to a falling out with a lot of staffers, projects, etc. OFTC went from being a small network to a much larger network during this time. One side effect of this was that the atheme project got spun out into its own organization: atheme.org, which continues to exist in some form to this day. The atheme.org project was founded on the concept of promoting digital autonomy, which is basically the network equivalent of software freedom, and has advocated in various ways to preserve IRC in the context of digital autonomy for years. In retrospect, some of the ways we advocated for digital autonomy were somewhat obnoxious, but as they say, hindsight is always 20/20. [...] Self-hosting is really what makes IRC great: you can run your own server for your community and not be beholden to anyone else. As far as IRC goes, that’s the future I feel motivated to build. This concludes my coverage of the freenode meltdown. I hope people enjoyed it and also understand why freenode was important to me: without lilo‘s decision to take a chance on a dumbfuck kid like myself, I wouldn’t have ever really gotten as deeply involved in FOSS as I have, so to see what has happened has left me heartbroken.

  • A few thoughts on Fuchsia security

    Of course, under the hood, a lot is different. We built a brand new message-passing kernel, new connectivity stacks, component model, file-systems, you name it. And yes, there are a few security things I'm excited about.

  • Claudio Cambra: First week of Google Summer of Code 2021

    A year ago I’d just finished my History degree and I had no idea how to code. This year, I’m taking part in Google Summer of Code! I’m super happy to get the chance to learn more about how KDE software works, and to finally contribute to a project I’ve been using for years. Over the summer, I’ll be working with KDE developers to create productivity-focused components for Plasma Mobile that work with Akonadi, KDE’s personal information management framework. Akonadi is a super useful piece of kit: it allows developers to tap into a user’s synchronised e-mails, contacts, calendars, providing a seamless experience in productivity tools. I’ll be working on this project with my mentor Carl Schwan, who also helped me during my time doing Season of KDE, and Devin Lin.

  • Bas Nieuwenhuizen: Making Reading from VRAM less Catastrophic

    In an earlier article I showed how reading from VRAM with the CPU can be very slow. It however turns out there there are ways to make it less slow. The key to this are instructions with non-temporal hints, in particular VMOVNTDQA. The Intel Instruction Manual says the following about this instruction: “MOVNTDQA loads a double quadword from the source operand (second operand) to the destination operand (first operand) using a non-temporal hint if the memory source is WC (write combining) memory type. For WC memory type, the nontemporal hint may be implemented by loading a temporary internal buffer with the equivalent of an aligned cache line without filling this data to the cache. Any memory-type aliased lines in the cache will be snooped and flushed. Subsequent MOVNTDQA reads to unread portions of the WC cache line will receive data from the temporary internal buffer if data is available. “ (Intel® 64 and IA-32 Architectures Software Developer’s Manual Volume 2) This sounds perfect for our VRAM and WC System Memory buffers as we typically only read 16-bytes per instruction and this allows us to read entire cachelines at time. It turns out that Mesa already implemented a streaming memcpy using these instructions so all we had to do was throw that into our benchmark and write a corresponding memcpy that does non-temporal stores to benchmark writing to these memory regions.

  • Adrift - Alan Pope's blog

    Over the weekend I participated in FOSS Talk Live. Before The Event this would have been an in-person shindig at a pub in London. A bunch of (mostly) UK-based podcasters get together and record live versions of their shows in front of a “studio audience”. It’s mostly an opportunity for a bunch of us middle-aged farts who speak into microphones to get together, have a few beers and chat. Due to The Event, this year it was a virtual affair, done online via YouTube. Joe Ressington typically organised the in-person events, but with a lack of skills in video streaming, Martin Wimpress and Marius Quabeck stepped in to run the show behind-the-scenes.

  • PostgreSQL Weekly News - June 13, 2021
  • PostgreSQL JDBC 42.2.21 Released

    The JDBC project is proud to announce the latest version 42.2.21.

  • Vincent Fourmond: Solution for QSoas quiz #2: averaging several Y values for the same X value

    This post describes two similar solutions to the Quiz #2, using the data files found there. The two solutions described here rely on split-on-values. The first solution is the one that came naturally to me, and is by far the most general and extensible, but the second one is shorter, and doesn't require external script files.

Python Programming

  • How to Send Email Using Python – Linux Hint

    The Simple Mail Transfer Protocol (SMTP) seems to be an e-mail standard for transmitting and directing messages among email systems. The smtplib package in Python creates an SMTP customer conference entity that could be cast off to direct an email to any computer on the Internet that has an SMTP or ESMTP listening service. In this tutorial, we will let you know about the methods to send emails using SMTP in your system. We have been using the Spyder new version to do our email send implementation via python in Ubuntu 20.04. Login from your Ubuntu 20.04 system to start implementing it.

  • Python String Concatenation Examples – Linux Hint

    In computing, string combining is an overall common process. Concatenating strings in Python may be expressed in a variety of ways. This tutorial will look at various methods for concatenating strings inside a Python application. To concatenate strings with a delimiter, we may use the join() method. It is beneficial to have a character sequence, such as a list or perhaps a tuple of characters. Then, use the join() method with an empty string whenever you don’t want a delimiter. Use these methods according to your needs. Whenever concatenation requires any formatting, just use format() as well as f-string functions. It’s worth noting that f-string only works with Python 3.6 and higher. Let’s have a look at each one of them.

  • Python Socket Programming – Linux Hint

    Socket programming is a method of allowing two nodes within a network to interact with one another. One socket (node) reads on a certain port upon an IP address. Whereas, the former one connects with it. The client connects towards a server and the server creates the auditor socket. These are the true foundations of online surfing. To put it simply, there is indeed a server as well as a client. Integrating the socket package and creating a basic socket are the first steps in socket programming. At the time of implementing this article, we have been using Ubuntu 20.04 Linux system. Here are some examples of Python Socket Programming.

  • Analyzing Data in Histogram in Python – Linux Hint

    In Data Visualization, we use graphs and charts to represent data. The visual form of data makes it easy for data scientists and everybody to analyze data and draw the results. The histogram is one of the elegant ways to represent distributed continuous or discrete data. And in this Python tutorial, we will see how we can analyze data in Python using Histogram. So, let’s get started!