Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 5 hours 49 min ago

Fedora 25: ca-certificates Security Update

Saturday 9th of December 2017 04:59:00 AM
LinuxSecurity.com: This is a cumulative update to the Mozilla CA certificates trust list version 2.20, which has been published as part of Mozilla NSS 3.34.1. It also includes the changes that were previously released as version 2.18 as part of NSS 3.34. For additional details, please refer to the release notes of NSS 3.34.1 https://developer.mozilla.org/en-

Fedora 25: collectd Security Update

Saturday 9th of December 2017 04:58:00 AM
LinuxSecurity.com: Upstream released new version. See https://collectd.org/news.shtml#news106 for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin)

Fedora 25: xrdp Security Update

Saturday 9th of December 2017 04:58:00 AM
LinuxSecurity.com: Patch CVE-2017-16927.

Fedora 25: git Security Update

Saturday 9th of December 2017 04:58:00 AM
LinuxSecurity.com: Previous versions of git mishandled layers of tree objects, which allowed remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.

Slackware: 2017-342-01: openssl Security Update

Saturday 9th of December 2017 03:52:00 AM
LinuxSecurity.com: New openssl packages are available for Slackware 14.2 and -current to fix security issues.

CentOS: CESA-2017-3402: Moderate CentOS 7 postgresql

Saturday 9th of December 2017 01:12:00 AM
LinuxSecurity.com: Upstream details at : https://access.redhat.com/errata/RHSA-2017:3402

Debian: DSA-4059-1: libxcursor security update

Friday 8th of December 2017 07:40:00 PM
LinuxSecurity.com: It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

Debian: DSA-4058-1: optipng security update

Friday 8th of December 2017 07:08:00 PM
LinuxSecurity.com: Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed.

SuSE: 2017:3253-1: important: Fixing security issues on OBS toolchain

Friday 8th of December 2017 06:18:00 PM
LinuxSecurity.com: An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now available. fixes is now available.

SuSE: 2017:3249-1: important: the Linux Kernel

Friday 8th of December 2017 06:11:00 PM
LinuxSecurity.com: An update that solves 14 vulnerabilities and has 8 fixes is An update that solves 14 vulnerabilities and has 8 fixes is An update that solves 14 vulnerabilities and has 8 fixes is now available. now available.

openSUSE: 2017:3245-1: important: chromium

Friday 8th of December 2017 12:15:00 PM
LinuxSecurity.com: An update that fixes 41 vulnerabilities is now available. An update that fixes 41 vulnerabilities is now available. An update that fixes 41 vulnerabilities is now available.

openSUSE: 2017:3244-1: important: chromium

Friday 8th of December 2017 12:15:00 PM
LinuxSecurity.com: An update that fixes 18 vulnerabilities is now available. An update that fixes 18 vulnerabilities is now available. An update that fixes 18 vulnerabilities is now available.

SuSE: 2017:3242-1: important: xen

Friday 8th of December 2017 12:13:00 PM
LinuxSecurity.com: An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes is now available. is now available.

openSUSE: 2017:3241-1: important: opensaml

Friday 8th of December 2017 12:12:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

SuSE: 2017:3239-1: important: xen

Friday 8th of December 2017 12:09:00 PM
LinuxSecurity.com: An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes is now available. is now available.

Debian: DSA-4057-1: erlang security update

Friday 8th of December 2017 07:51:00 AM
LinuxSecurity.com: It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys. For the oldstable distribution (jessie), this problem has been fixed

Ubuntu 3507-2: Linux kernel (GCP) vulnerabilities

Friday 8th of December 2017 03:50:00 AM
LinuxSecurity.com: Several security issues were fixed in the Linux kernel.

RedHat: RHSA-2017-3405:01 Moderate: rh-postgresql96-postgresql security

Friday 8th of December 2017 03:00:00 AM
LinuxSecurity.com: An update for rh-postgresql96-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

RedHat: RHSA-2017-3404:01 Moderate: rh-postgresql95-postgresql security

Friday 8th of December 2017 03:00:00 AM
LinuxSecurity.com: An update for rh-postgresql95-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

RedHat: RHSA-2017-3403:01 Moderate: rh-postgresql94-postgresql security

Friday 8th of December 2017 02:42:00 AM
LinuxSecurity.com: An update for rh-postgresql94-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

More in Tux Machines

Linux Foundation News

  • Juniper Networks Reinforces Longstanding Commitment to Open Source by Moving OpenContrail's Codebase to the Linux Foundation
    Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, today further bolstered its support for open standards during its annual NXTWORK user conference, by announcing its intent to move the codebase for OpenContrail™, an open-source network virtualization platform for the cloud, to the Linux Foundation. Juniper first released its Juniper® Contrail® products as open sourced in 2013 and built a vibrant user and developer community around this project. Earlier this year, Juniper expanded the project's governance, creating an even more open, community-led effort to strengthen the project for its next growth phase. Adding OpenContrail's codebase to the Linux Foundation's networking projects will further its objective to grow the use of open source platforms in cloud ecosystems.
  • Hyperledger Hub Supports Open Source Blockchain Development
    Hyperledger is a global blockchain collaboration hub created and hosted by nonprofit The Linux Foundation. Its members are leaders in finance, banking, the Internet of Things, supply chains, manufacturing and technology. Now two years in, Hyperledger compares closely to the Ethereum Enterprise Alliance. Hyperledger is a hub for communities of software developers building blockchain frameworks and platforms. These developers, on the other hand, are a mix of individuals and teams from organizations around the world.
  • Linux Foundation Continues to Emphasize Diversity and Inclusiveness at Events
    This has been a pivotal year for Linux Foundation events. Our largest gatherings, which include Open Source Summit, Embedded Linux Conference, KubeCon + CloudNativeCon, Open Networking Summit, and Cloud Foundry Summit, attracted a combined 25,000 people from 4,500 different organizations globally. Attendance was up 25 percent over 2016. Linux Foundation events are often the only time that developers, maintainers, and other pros who contribute to Linux and other critical open source projects — like AGL, Kubernetes and Hyperledger to name a few — get together in person. Face-to-face meetings are crucial because they speed collaboration, engagement and innovation, improving the sustainability of projects over time.  

today's leftovers

  • Personal Backups with Duplicati on Linux
  • Flatpak'ed Epiphany Browser Becomes More Useful
    Epiphany 3.27.3 was released this morning as the newest release of GNOME's web browser in the road to the GNOME 3.28 stable desktop debut next March.
  • BlackArch 2017.12.11
    Today we released new BlackArch Linux ISOs. For details see the ChangeLog below. Here's the ChangeLog: update blackarch-installer to version 0.6.2 (most important change) included kernel 4.14.4 updated lot's of blackarch tools and packages updated all blackarch tools and packages updated all system packages bugfix release! (see blackarch-installer)
  • Latest Linux Distribution Releases (The Always Up-to-date List)
  • Mining cryptocurrency with Raspberry Pi and Storj
    I'm always looking for ways to map hot technologies to fun, educational classroom use. One of the most interesting, and potentially disruptive, technologies over the past few years is cryptocurrencies. In the early days, one could profitably mine some of the most popular cryptocurrencies, like Bitcoin, using a home PC. But as cryptocurrency mining has become more popular, thanks in part to dedicated mining hardware, the algorithms governing it have boosted computational complexity, making home PC mining often impractical, unprofitable, and environmentally unwise.
  • Huawei Collaborated with the Developers of Phoenix OS for the Mate 10’s Easy Projection Feature
    Though the company has virtually no presence in the United States, Huawei is a top 3 smartphone manufacturer in the world. Its subsidiary, Honor, aims to penetrate the Indian market with budget smartphones. Elsewhere, Huawei recently launched the Huawei Mate 10 and Mate 10 Pro in several markets around the world, and rumors have it the device will launch in the United States as well. Apart from the AI features powered by the company’s HiSilicon Kirin 970 SoC, one of the company’s most publicized features is Easy Projection. While not as powerful as Samsung DeX, it brings a desktop OS-like experience without needing to purchase an expensive accessory. Huawei is pushing the feature on its flagship devices, though there’s something about Easy Projection that hasn’t really been mentioned in the press yet. Behind Huawei’s Easy Projection feature is a relatively unheard of player—Beijing Chaozhuo Technology, developers of Phoenix OS.
  • Namaste ! (on the road to Swatantra 2017)
    I’ll have the pleasure to give a talk about GCompris, and another one about Synfig studio. It’s been a long time since I didn’t talk about the latter, but since Konstantin Dmitriev and the Morevna team were not available, I’ll do my best to represent Synfig there.
  • #PeruRumboGSoC2018 – Session 4
    We celebrated yesterday another session of the local challenge 2017-2 “PeruRumboGSoC2018”. It was held at the Centro Cultural Pedro Paulet of FIEE UNI. GTK on C was explained during the fisrt two hours of the morning based on the window* exercises from my repo to handle some widgets such as windows, label and buttons.
  • Chrome 63 revamps Bookmark Manager w/ Material Design on Mac, Windows, Linux, Chrome OS
    Chrome 63 began rolling out to Android and desktop browsers last week with the usual security fixes and new developer features. On the latter platform, this update introduces Material Design to the Bookmark Manager. Several versions ago, Google began updating various aspects of the browser with Material Design, including History, Downloads, and Settings. Like the Flags page for enabling experiments and in-development features, which Google also revamped in version 63, the Bookmark Manager (Menu > Bookmarks > Bookmark Manager) adopts the standard Materials UI elements. This includes an app bar that houses a large search bar. It adopts the same dark blue theme and includes various Material animations and flourishes.
  • ExpressVPN Unveils Industry’s First Suite of Open-Source Tools to Test for Privacy and Security Leaks
  • New format in GIMP: HGT
    Lately a recurrent contributor to the GIMP project (Massimo Valentini) contributed a patch to support HGT files. From this initial commit, since I found this data quite cool, I improved the support a bit (auto-detection of the variants and special-casing in particular, as well as making an API for scripts). So what is HGT? That’s topography data basically just containing elevation in meters of various landscape (HGT stands for “height“), gathered by the Shuttle Radar Topography Mission (SRTM) run by various space agencies (NASA, National Geospatial-Intelligence Agency, German and Italian space agencies…).
  • What You Need To Know About The Intel Management Engine
    Over the last decade, Intel has been including a tiny little microcontroller inside their CPUs. This microcontroller is connected to everything, and can shuttle data between your hard drive and your network adapter. It’s always on, even when the rest of your computer is off, and with the right software, you can wake it up over a network connection. Parts of this spy chip were included in the silicon at the behest of the NSA. In short, if you were designing a piece of hardware to spy on everyone using an Intel-branded computer, you would come up with something like the Intel Managment Engine. Last week, researchers [Mark Ermolov] and [Maxim Goryachy] presented an exploit at BlackHat Europe allowing for arbitrary code execution on the Intel ME platform. This is only a local attack, one that requires physical access to a machine. The cat is out of the bag, though, and this is the exploit we’ve all been expecting. This is the exploit that forces Intel and OEMs to consider the security implications of the Intel Management Engine. What does this actually mean?

Red Hat News

Tizen News: TVs, Cars, Devices