Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 5 hours 36 min ago

Debian: 3345-1: iceweasel: Summary

Saturday 29th of August 2015 12:48:00 AM
LinuxSecurity.com: Security Report Summary

Fedora 23 mediawiki-1.25.2-2.fc23

Friday 28th of August 2015 01:40:00 PM
LinuxSecurity.com: * (T94116) SECURITY: Compare API watchlist token in constant time * (T97391)SECURITY: Escape error message strings in thumb.php * (T106893) SECURITY: Don'tleak autoblocked IP addresses on Special:DeletedContributions * (T102562) FixInstantCommons parameters to handle the new HTTPS-only policy of WikimediaCommons. * (T100767) Setting a configuration setting for skin or extension tofalse in LocalSettings.php was not working. * (T100635) API action=opensearchjson output no longer breaks when $wgDebugToolbar is enabled. * (T102522) Usingan extension.json or skin.json file which has a "manifest_version" property for1.26 compatability will no longer trigger warnings. * (T86156) RunningupdateSearchIndex.php will not throw an error as page_restrictions has beenadded to the locked table list. * Special:Version would throw notices if usingSVN due to an incorrectly named variable. Add an additional check that an indexis defined.

Fedora 21 rubygem-rack-1.5.2-5.fc21

Thursday 27th of August 2015 07:54:00 PM
LinuxSecurity.com: Fix for CVE-2015-3225: Potential Denial of Service Vulnerability in Rack -Related rhbz#CVE-2015-3225 New rubygem-rack-1.6.1-1.fc22

Fedora 21 php-guzzle-Guzzle-3.9.3-5.fc21

Thursday 27th of August 2015 07:54:00 PM
LinuxSecurity.com: Zend Framework Upstream ChangeLogs: * [Version2.4.7](http://framework.zend.com/changelog/2.4.7/) * [Version2.4.6](http://framework.zend.com/changelog/2.4.6/) * [Version2.4.5](http://framework.zend.com/changelog/2.4.5/) * [Version2.4.4](http://framework.zend.com/changelog/2.4.4/) * [Version2.4.3](http://framework.zend.com/changelog/2.4.3/) * [Version2.4.2](http://framework.zend.com/changelog/2.4.2/) * [Version2.4.1](http://framework.zend.com/changelog/2.4.1/) * [Version2.4.0](http://framework.zend.com/changelog/2.4.0/)

Fedora 21 php-ZendFramework2-2.4.7-1.fc21

Thursday 27th of August 2015 07:54:00 PM
LinuxSecurity.com: Zend Framework Upstream ChangeLogs: * [Version2.4.7](http://framework.zend.com/changelog/2.4.7/) * [Version2.4.6](http://framework.zend.com/changelog/2.4.6/) * [Version2.4.5](http://framework.zend.com/changelog/2.4.5/) * [Version2.4.4](http://framework.zend.com/changelog/2.4.4/) * [Version2.4.3](http://framework.zend.com/changelog/2.4.3/) * [Version2.4.2](http://framework.zend.com/changelog/2.4.2/) * [Version2.4.1](http://framework.zend.com/changelog/2.4.1/) * [Version2.4.0](http://framework.zend.com/changelog/2.4.0/)

Fedora 21 openssh-6.6.1p1-16.fc21

Thursday 27th of August 2015 07:53:00 PM
LinuxSecurity.com: This update provides fixes for vulnerabilities published with openssh-7.0Security fix for CVE-2015-5600

Fedora 21 rt-4.2.12-1.fc21

Thursday 27th of August 2015 07:53:00 PM
LinuxSecurity.com: Security fix for CVE-2015-5475

Red Hat: 2015:1693-01: firefox: Critical Advisory

Thursday 27th of August 2015 05:45:00 PM
LinuxSecurity.com: Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]

Fedora 22 php-twig-1.20.0-1.fc22

Thursday 27th of August 2015 02:35:00 PM
LinuxSecurity.com: ## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templatesand internal parts of Twig_Template * fixed limited RCEs when in sandbox mode *deprecated Twig_Template::getEnvironment() * deprecated the _self variable forusage outside of the from and import tags * added Twig_BaseNodeVisitor to easethe compatibility of node visitors between 1.x and 2.x ## 1.19.0 (2015-07-31)* fixed wrong error message when including an undefined template in a childtemplate * added support for variadic filters, functions, and tests * addedsupport for extra positional arguments in macros * added ignore_missing flag tothe source function * fixed batch filter with zero items * deprecatedTwig_Environment::clearTemplateCache() * fixed sandbox disabling when using theinclude function

Fedora 22 php-guzzle-Guzzle-3.9.3-5.fc22

Thursday 27th of August 2015 02:35:00 PM
LinuxSecurity.com: Zend Framework Upstream ChangeLogs: * [Version2.4.7](http://framework.zend.com/changelog/2.4.7/) * [Version2.4.6](http://framework.zend.com/changelog/2.4.6/) * [Version2.4.5](http://framework.zend.com/changelog/2.4.5/) * [Version2.4.4](http://framework.zend.com/changelog/2.4.4/) * [Version2.4.3](http://framework.zend.com/changelog/2.4.3/) * [Version2.4.2](http://framework.zend.com/changelog/2.4.2/) * [Version2.4.1](http://framework.zend.com/changelog/2.4.1/) * [Version2.4.0](http://framework.zend.com/changelog/2.4.0/)

Fedora 22 php-ZendFramework2-2.4.7-1.fc22

Thursday 27th of August 2015 02:35:00 PM
LinuxSecurity.com: Zend Framework Upstream ChangeLogs: * [Version2.4.7](http://framework.zend.com/changelog/2.4.7/) * [Version2.4.6](http://framework.zend.com/changelog/2.4.6/) * [Version2.4.5](http://framework.zend.com/changelog/2.4.5/) * [Version2.4.4](http://framework.zend.com/changelog/2.4.4/) * [Version2.4.3](http://framework.zend.com/changelog/2.4.3/) * [Version2.4.2](http://framework.zend.com/changelog/2.4.2/) * [Version2.4.1](http://framework.zend.com/changelog/2.4.1/) * [Version2.4.0](http://framework.zend.com/changelog/2.4.0/)

Fedora 23 php-twig-1.20.0-1.fc23

Thursday 27th of August 2015 02:35:00 PM
LinuxSecurity.com: ## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templatesand internal parts of Twig_Template * fixed limited RCEs when in sandbox mode *deprecated Twig_Template::getEnvironment() * deprecated the _self variable forusage outside of the from and import tags * added Twig_BaseNodeVisitor to easethe compatibility of node visitors between 1.x and 2.x ## 1.19.0 (2015-07-31)* fixed wrong error message when including an undefined template in a childtemplate * added support for variadic filters, functions, and tests * addedsupport for extra positional arguments in macros * added ignore_missing flag tothe source function * fixed batch filter with zero items * deprecatedTwig_Environment::clearTemplateCache() * fixed sandbox disabling when using theinclude function

Fedora 22 rt-4.2.12-1.fc22

Thursday 27th of August 2015 02:34:00 PM
LinuxSecurity.com: Security fix for CVE-2015-5475

Ubuntu: 2723-1: Firefox vulnerabilities

Thursday 27th of August 2015 02:34:00 PM
LinuxSecurity.com: Firefox could be made to crash or run programs as your login if itopened a malicious website.

Debian: 3344-1: php5: Summary

Thursday 27th of August 2015 11:02:00 AM
LinuxSecurity.com: Security Report Summary

Ubuntu: 2724-1: QEMU vulnerabilities

Thursday 27th of August 2015 08:05:00 AM
LinuxSecurity.com: Several security issues were fixed in QEMU.

Fedora 21 mariadb-10.0.21-1.fc21

Wednesday 26th of August 2015 12:53:00 PM
LinuxSecurity.com: Update to 10.0.21

Ubuntu: 2722-1: GDK-PixBuf vulnerability

Wednesday 26th of August 2015 10:43:00 AM
LinuxSecurity.com: GDK-PixBuf could be made to crash or run programs as your login if itopened a specially crafted file.

Debian: 3343-1: twig: Summary

Wednesday 26th of August 2015 06:46:00 AM
LinuxSecurity.com: Security Report Summary

Fedora 23 rt-4.2.12-1.fc23

Tuesday 25th of August 2015 12:24:00 PM
LinuxSecurity.com: Security fix for CVE-2015-5475

More in Tux Machines

New Cyber Threat Detection Tool Made Open Source

Lockheed’s move points to the power of open source, particularly when it comes to big overreaching issues such as cybersecurity. Rather than Lockheed keeping their tool as internal proprietary software and requiring others to license or purchase it, they recognized the potential their innovation holds for the greater good. This represents a huge step for both the open source and cybersecurity communities. Read more

Five Ways Open Source Databases Are Limited

Two of the reasons to deploy an open source database are cost and philosophy. Philosophically, the open source movement subscribes to the notion that having community-developed product creates a better product, and/or “contributes to the world in a better way.” The other reason is cost, which usually means “free,” or at least no-charge for the software database license. Read more

Google Chrome Turns Seven, Advances with Security and Performance Gains

After seven years of development, Google continues its rapid pace of release and enhancement for its Chrome browser. On the seventh anniversary of the first Chrome public release on September 2, Google released Chrome stable version 45 and Chrome beta 46. Google Chrome debuted on September 2, 2008 after months of speculation about Google's intentions regarding entering the browser market. The first Chrome browser entered the market at a time when Microsoft's IE still dominated, though Firefox was making a dent in that market share. Today, according to multiple sets of stats, including Statcounter, Google Chrome stands as the world's most popular web browser. Read more

The Linux Test Project has been released for September 2015

Good news everyone, the Linux Test Project test suite stable release for *September 2015* has been released. Since the last release 272 patches by 27 authors were merged. Notable changes are: * Network namespace testcases were rewritten from scratch * New user namespaces testcases * New testcases for various virtual network interfaces * New umount2() testcases (for UMOUNT_NOFOLLOW, MNT_EXPIRE and MNT_DETACH flags) * New open() testcase (for O_PATH flag) * New getrandom() testcases * New inotify, cpuset, futex_wake() and recvmsg() regression tests + The usual number of fixes and enhancements Read more