Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 50 min 15 sec ago

Fedora 24 bind-9.10.4-3.P5.fc24

Monday 16th of January 2017 03:57:00 PM
LinuxSecurity.com: Security fix for CVE-2016-9131, CVE-2016-9147, CVE-2016-9444

Fedora 25 SimGear-2016.3.1-3.fc25

Monday 16th of January 2017 02:56:00 PM
LinuxSecurity.com: This update avoids a malicious repository writing to files outside the localstorage root.

Red Hat: 2017:0063-01: bind: Important Advisory

Monday 16th of January 2017 04:16:00 AM
LinuxSecurity.com: An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact [More...]

Red Hat: 2017:0064-01: bind97: Important Advisory

Monday 16th of January 2017 04:16:00 AM
LinuxSecurity.com: An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, [More...]

Red Hat: 2017:0062-01: bind: Important Advisory

Monday 16th of January 2017 04:12:00 AM
LinuxSecurity.com: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, [More...]

Fedora 24 ca-certificates-2017.2.11-1.0.fc24

Sunday 15th of January 2017 04:26:00 AM
LinuxSecurity.com: This is an update to the Mozilla CA certificates list version 2.11, which hasbeen published as part of Mozilla NSS 3.28.1. For additional details, pleaserefer to the NSS 3.28.1 release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.1_release_notes As in previous versionsof the ca-certificates package, the CA list has been modified to keep severallegacy CAs still trusted for compatibility reasons. Please refer tohttps://fedoraproject.org/wiki/CA-Certificates for details. If you prefer touse the unchanged list provided by Mozilla, and if you accept any compatibilityissues it may cause, an administrator may configure the system by executing the"ca-legacy disable" command. Please refer to the manual page of the ca-legacycommand for additional details.

Debian: 3743-2: python-bottle: Summary

Sunday 15th of January 2017 03:33:00 AM
LinuxSecurity.com: Security Report Summary

Gentoo: 201701-36 Apache: Multiple vulnerabilities

Sunday 15th of January 2017 03:19:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in Apache, the worst of which could lead to a Denial of Service condition.

Fedora 25 docker-latest-1.12.6-2.git51ef5a8.fc25

Sunday 15th of January 2017 02:56:00 AM
LinuxSecurity.com: Fix CVE-2016-9962 - Insecure opening of file-descriptor allows privilegeescalation ---- built docker @projectatomic/docker-1.12 commit 6009905 ----built docker @projectatomic/docker-1.12 commit 97974ae ---- built docker@projectatomic/docker-1.12 commit 7b5044b

Debian: 3765-1: icoutils: Summary

Saturday 14th of January 2017 05:50:00 AM
LinuxSecurity.com: Security Report Summary

Fedora 24 gnutls-3.4.17-2.fc24

Saturday 14th of January 2017 12:23:00 AM
LinuxSecurity.com: Security fix for CVE-2017-5337, CVE-2017-5334, CVE-2017-5336, CVE-2017-5335

Fedora 24 onionshare-0.9.1-1.fc24

Saturday 14th of January 2017 12:22:00 AM
LinuxSecurity.com: Update to 0.9.1

Fedora 25 bind99-9.9.9-4.P5.fc25

Friday 13th of January 2017 11:00:00 PM
LinuxSecurity.com: Security fix for CVE-2016-9131, CVE-2016-9147, CVE-2016-9444

Fedora 25 bind-9.10.4-3.P5.fc25

Friday 13th of January 2017 11:00:00 PM
LinuxSecurity.com: Security fix for CVE-2016-9131, CVE-2016-9147, CVE-2016-9444

Gentoo: 201701-35 Mozilla SeaMonkey: Multiple vulnerabilities

Friday 13th of January 2017 10:02:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in Mozilla SeaMonkey, the worst of which could lead to the remote execution of arbitrary code.

Debian: 3761-1: rabbitmq-server: Summary

Friday 13th of January 2017 05:27:00 AM
LinuxSecurity.com: Security Report Summary

Red Hat: 2017:0061-01: java-1.6.0-openjdk: Important Advisory

Friday 13th of January 2017 03:00:00 AM
LinuxSecurity.com: An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact [More...]

Fedora 24 libgit2-0.24.6-1.fc24

Friday 13th of January 2017 02:24:00 AM
LinuxSecurity.com: Update to 0.24.6

Fedora 24 pcsc-lite-1.8.20-1.fc24

Friday 13th of January 2017 02:23:00 AM
LinuxSecurity.com: New upstream release

Fedora 25 docker-1.12.6-3.git51ef5a8.fc25

Thursday 12th of January 2017 09:28:00 PM
LinuxSecurity.com: Fix [CVE-2016-9962] Insecure opening of file-descriptor allows privilege FixBZ#1412148 - containerd: container did not start before the specified timeout---- use container-selinux >= 2:2.0-2

More in Tux Machines

Security News

  • Wednesday's security updates
  • Secure your Elasticsearch cluster and avoid ransomware
    Last week, news came out that unprotected MongoDB databases are being actively compromised: content copied and replaced by a message asking for a ransom to get it back. As The Register reports: Elasticsearch is next. Protecting access to Elasticsearch by a firewall is not always possible. But even in environments where it is possible, many admins are not protecting their databases. Even if you cannot use a firewall, you can secure connection to Elasticsearch by using encryption. Elasticsearch by itself does not provide any authentication or encryption possibilities. Still, there are many third-party solutions available, each with its own drawbacks and advantages.
  • Resolve to Follow These 8 Steps for Better Data Security in 2017
    Getting physically fit is a typical New Year's resolution. Given that most of us spend more time online than in a gym, the start of the new year also might be a great time to improve your security “fitness.” As with physical fitness challenges, the biggest issue with digital security is always stagnation. That is, if you don't move and don't change, atrophy sets in. In physical fitness, atrophy is a function of muscles not being exercised. In digital fitness, security risks increase when you fail to change passwords, update network systems and adopt improved security technology. Before long, your IT systems literally become a “sitting duck.” Given the volume of data breaches that occurred in 2016, it is highly likely that everyone reading this has had at least one breach of their accounts compromised in some way, such as their Yahoo data account. Hackers somewhere may have one of the passwords you’ve used at one point to access a particular site or service. If you're still using that same password somewhere, in a way that can connect that account to you, that's a non-trivial risk. Changing passwords is the first of eight security resolutions that can help to improve your online security fitness in 2017. Click through this eWEEK slide show to discover the rest.
  • Pwn2Own 2017 Takes Aim at Linux, Servers and Web Browsers
    10th anniversary edition of Pwn2Own hacking contest offers over $1M in prize money to security researchers across a long list of targets including Virtual Machines, servers, enterprise applications and web browsers. Over the last decade, the Zero Day Initiative's (ZDI) annual Pwn2Own competition has emerged to become one of the premiere events on the information security calendar and the 2017 edition does not look to be any different. For the tenth anniversary of the Pwn2Own contest, ZDI, now owned and operated by Trend Micro, is going farther than ever before, with more targets and more prize money available for security researchers to claim by successfully executing zero-day exploits.
  • 'Factorio' is another game that was being hit by key scammers
    In another case of scammers trying to buy keys with often stolen credit cards to sell on websites like G2A, the developers of 'Factorio' have written about their experience with it (and other stuff too).

Red Hat News

Development News: LLVM, New Releases, and GCC

PulseAudio 10 and Virtual GPU in Linux

  • PulseAudio 10 Coming Soon, Using Memfd Shared Memory By Default
    It's been a half year since the debut of PulseAudio 9.0 while the release of PulseAudio 10 is coming soon. PulseAudio 9.99.1 development release was tagged earlier this month, then usually after x.99.2 marks the official release, so it won't be much longer now before seeing PulseAudio 10.0 begin to appear in Linux distributions.
  • Experimenting With Virtual GPU Support On Linux 4.10 + Libvirt
    With the Linux 4.10 kernel having initial but limited Intel Graphics Virtualization Tech support, you can begin playing with the experimental virtual GPU support using the upstream kernel and libvirt.