Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 10 hours 59 min ago

Fedora 27: thunderbird-enigmail Security Update

Friday 22nd of June 2018 02:12:00 PM
LinuxSecurity.com: Security fix CVE-2018-12019

Debian LTS: DLA-1395-1: php-horde-image security update

Friday 22nd of June 2018 11:22:00 AM
LinuxSecurity.com: It was discovered that there were two remote code execution vulnerabilities in php-horde-image, the image processing library for the Horde groupware tool:

Ubuntu 3691-1: OpenJDK 7 vulnerabilities

Thursday 21st of June 2018 06:26:00 PM
LinuxSecurity.com: Several security issues were fixed in OpenJDK 7.

SciLinux: Important: git on SL7.x x86_64

Thursday 21st of June 2018 03:13:00 PM
LinuxSecurity.com: git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235) SL7 x86_64 git-1.8.3.1-14.el7_5.x86_64.rpm git-daemon-1.8.3.1-14.el7_5.x86_64.rpm git-debuginfo-1.8.3.1-14.el7_5.x86_64.rpm git-svn-1.8.3.1-14.el7_5.x86_64.rpm noarch emacs-git-1.8.3.1-14.el7_5.noarch.rpm emacs-git-el-1.8.3.1-14.el7_5.noarch.rpm git-all-1.8.3.1-14.el7 [More...]

openSUSE: 2018:1770-1: moderate: cobbler

Thursday 21st of June 2018 12:07:00 PM
LinuxSecurity.com: An update that solves one vulnerability and has three fixes is now available.

RedHat: RHSA-2018-1957:01 Important: git security update

Wednesday 20th of June 2018 11:06:00 PM
LinuxSecurity.com: An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

Ubuntu 3690-1: AMD Microcode update

Wednesday 20th of June 2018 10:22:00 PM
LinuxSecurity.com: The system could be made to expose sensitive information.

openSUSE: 2018:1767-1: moderate: matrix-synapse

Wednesday 20th of June 2018 09:10:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

Fedora 28: timidity++ Security Update

Wednesday 20th of June 2018 02:49:00 PM
LinuxSecurity.com: - Security fix for [CVE-2017-11546, CVE-2017-11547] - Fix the .desktop files so that opening a .mid file from a GUI filemanager works

Fedora 28: mingw-libtiff Security Update

Wednesday 20th of June 2018 02:49:00 PM
LinuxSecurity.com: http://www.simplesystems.org/libtiff/v4.0.9.html

Fedora 28: cobbler Security Update

Wednesday 20th of June 2018 02:49:00 PM
LinuxSecurity.com: Update to 2.8.3 - Fix security issue

Fedora 27: timidity++ Security Update

Wednesday 20th of June 2018 01:55:00 PM
LinuxSecurity.com: - Security fix for [CVE-2017-11546, CVE-2017-11547] - Fix the .desktop files so that opening a .mid file from a GUI filemanager works

Fedora 27: LibRaw Security Update

Wednesday 20th of June 2018 01:55:00 PM
LinuxSecurity.com: Secunia Advisory SA83507, credits Kasper Leigh Haabb, Secunia Research at Flexera parse_qt: possible integer overflow reject broken/crafted NOKIARAW files Backported 0.19-patch to recover read position if TIFF/EXIF tag is too long

Fedora 27: chromium Security Update

Wednesday 20th of June 2018 01:55:00 PM
LinuxSecurity.com: Update to Chromium 67. Security fix for CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6148

Fedora 27: cobbler Security Update

Wednesday 20th of June 2018 01:55:00 PM
LinuxSecurity.com: Update to 2.8.3 - Fix security issue

RedHat: RHSA-2018-1954:01 Important: glusterfs security update

Wednesday 20th of June 2018 10:33:00 AM
LinuxSecurity.com: An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact

RedHat: RHSA-2018-1955:01 Important: glusterfs security update

Wednesday 20th of June 2018 10:31:00 AM
LinuxSecurity.com: An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact

Debian: DSA-4232-1: xen security update

Wednesday 20th of June 2018 09:02:00 AM
LinuxSecurity.com: This update provides mitigations for the "lazy FPU" vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU. For additional information please refer to

Fedora 28: kernel Security Update

Wednesday 20th of June 2018 01:57:00 AM
LinuxSecurity.com: The v4.16.16 update contains important fixes across the tree.

Fedora 28: gnupg Security Update

Wednesday 20th of June 2018 01:57:00 AM
LinuxSecurity.com: - New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches included in upstream release - Note that this includes the fix for [CVE-2018-12020]

More in Tux Machines

today's howtos

KDE: Qt, Plasma, QML, Usability & Productivity

  • Qt 5.11.1 and Plasma 5.13.1 in ktown ‘testing’ repository
    A couple of days ago I recompiled ‘poppler’ and the packages in ‘ktown’ that depend on it, and uploaded them into the repository as promised in my previous post. I did that because Slackware-current updated its own poppler package and mine needs to be kept in sync to prevent breakage in other parts of your Slackware computer. I hear you wonder, what is the difference between the Slackware poppler package and this ‘ktown’ package? Simple: my ‘poppler’ package contains support for Qt5 (in addition to the QT4 support in the original package) and that is required by other packages in the ‘ktown’ repository.
  • Sixth week of coding phase, GSoC'18
    The Menus API enables the QML Plugin to add an action, separator or menu to the WebView context menu. This API is not similar to the WebExtensions Menus API but is rather Falkonish!
  • This week in Usability & Productivity, part 24
    See all the names of people who worked hard to make the computing world a better place? That could be you next week! Getting involved isn’t all that tough, and there’s lots of support available.

Programming: Python Maths Tools and Java SE

  • Essential Free Python Maths Tools
    Python is a very popular general purpose programming language — with good reason. It’s object oriented, semantically structured, extremely versatile, and well supported. Scientists favour Python because it’s easy to use and learn, offers a good set of built-in features, and is highly extensible. Python’s readability makes it an excellent first programming language. The Python Standard Library (PSL) is the the standard library that’s distributed with Python. The library comes with, among other things, modules that carry out many mathematical operations. The math module is one of the core modules in PSL which performs mathematical operations. The module gives access to the underlying C library functions for floating point math.
  • Oracle's new Java SE subs: Code and support for $25/processor/month
    Oracle’s put a price on Java SE and support: $25 per processor per month, and $2.50 per user per month on the desktop, or less if you buy lots for a long time. Big Red’s called this a Java SE Subscription and pitched it as “a commonly used model, popular with Linux distributions”. The company also reckons the new deal is better than a perpetual licence, because they involve “an up-front cost plus additional annual support and maintenance fees.”

Linux 4.18 RC2 Released From China

  • Linux 4.18-rc2
    Another week, another -rc. I'm still traveling - now in China - but at least I'm doing this rc Sunday _evening_ local time rather than _morning_. And next rc I'll be back home and over rmy jetlag (knock wood) so everything should be back to the traditional schedule. Anyway, it's early in the rc series yet, but things look fairly normal. About a third of the patch is drivers (drm and s390 stand out, but here's networking and block updates too, and misc noise all over). We also had some of the core dma files move from drivers/base/dma-* (and lib/dma-*) to kernel/dma/*. We sometimes do code movement (and other "renaming" things) after the merge window simply because it tends to be less disruptive that way. Another 20% is under "tools" - mainly due to some selftest updates for rseq, but there's some turbostat and perf tooling work too. We also had some noticeable filesystem updates, particularly to cifs. I'm going to point those out, because some of them probably shouldn't have been in rc2. They were "fixes" not in the "regressions" sense, but in the "missing features" sense. So please, people, the "fixes" during the rc series really should be things that are _regressions_. If it used to work, and it no longer does, then fixing that is a good and proper fix. Or if something oopses or has a security implication, then the fix for that is a real fix. But if it's something that has never worked, even if it "fixes" some behavior, then it's new development, and that should come in during the merge window. Just because you think it's a "fix" doesn't mean that it really is one, at least in the "during the rc series" sense. Anyway, with that small rant out of the way, the rest is mostly arch updates (x86, powerpc, arm64, mips), and core networking. Go forth and test. Things look fairly sane, it's not really all that scary. Shortlog appended for people who want to scan through what changed. Linus
  • Linux 4.18-rc2 Released With A Normal Week's Worth Of Changes
    Due to traveling in China, Linus Torvalds has released the Linux 4.18-rc2 kernel a half-day ahead of schedule, but overall things are looking good for Linux 4.18.