Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 9 hours 47 min ago

Fedora 23 vagrant-1.8.1-3.fc23

Tuesday 29th of November 2016 06:57:00 PM
LinuxSecurity.com: Fix nfs_cleanup security race and permissions (rhbz#1395040).

Fedora 23 teeworlds-0.6.4-1.fc23

Tuesday 29th of November 2016 06:56:00 PM
LinuxSecurity.com: Fix for CVE-2016-9400

Fedora 23 drupal7-7.52-1.fc23

Tuesday 29th of November 2016 06:56:00 PM
LinuxSecurity.com: https://www.drupal.org/SA-CORE-2016-005

Red Hat: 2016:2825-01: thunderbird: Important Advisory

Tuesday 29th of November 2016 01:11:00 AM
LinuxSecurity.com: An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact [More...]

Debian: 3725-1: icu: Summary

Sunday 27th of November 2016 12:40:00 PM
LinuxSecurity.com: Security Report Summary

Fedora 23 bind-9.10.4-2.P4.fc23

Sunday 27th of November 2016 10:24:00 AM
LinuxSecurity.com: Security fix for CVE-2016-8864

Debian: 3726-1: imagemagick: Summary

Saturday 26th of November 2016 11:10:00 PM
LinuxSecurity.com: Security Report Summary

Fedora 25 python-tornado-4.4.2-1.fc25

Saturday 26th of November 2016 06:01:00 PM
LinuxSecurity.com: Update to 4.4.2: Security fixes * A difference in cookie parsing betweenTornado and web browsers (especially when combined with Google Analytics) couldallow an attacker to set arbitrary cookies and bypass XSRF protection. Thecookie parser has been rewritten to fix this attack. Backwards-compatibilitynotes * Cookies containing certain special characters (in particular semicolonand square brackets) are now parsed differently. * If the cookie headercontains a combination of valid and invalid cookies, the valid ones will bereturned (older versions of Tornado would reject the entire header for a singleinvalid cookie).

Fedora 23 sudo-1.8.18p1-1.fc23

Friday 25th of November 2016 02:29:00 AM
LinuxSecurity.com: - update to 1.8.18p1 - fixes CVE-2016-7076

Debian: 3724-1: gst-plugins-good0.10: Summary

Thursday 24th of November 2016 03:56:00 PM
LinuxSecurity.com: Security Report Summary

Debian: 3723-1: gst-plugins-good1.0: Summary

Thursday 24th of November 2016 03:49:00 PM
LinuxSecurity.com: Security Report Summary

Fedora 24 icu-56.1-7.fc24

Thursday 24th of November 2016 03:46:00 PM
LinuxSecurity.com: Security fix for CVE-2016-7415

Fedora 24 zathura-pdf-mupdf-0.3.0-3.fc24

Thursday 24th of November 2016 03:46:00 PM
LinuxSecurity.com: Security fix for CVE-2016-7504, CVE-2016-7505, CVE-2016-7506, CVE-2016-9017,CVE-2016-9108, CVE-2016-9109, CVE-2016-9294

Fedora 24 mujs-0-6.20161031gita0ceaf5.fc24

Thursday 24th of November 2016 03:46:00 PM
LinuxSecurity.com: Security fix for CVE-2016-7504, CVE-2016-7505, CVE-2016-7506, CVE-2016-9017,CVE-2016-9108, CVE-2016-9109, CVE-2016-9294

Fedora 24 perl-DBD-MySQL-4.039-1.fc24

Thursday 24th of November 2016 03:45:00 PM
LinuxSecurity.com: Security fix for CVE-2016-1249

Fedora 24 moodle-3.1.3-1.fc24

Thursday 24th of November 2016 03:39:00 PM
LinuxSecurity.com: 3.1.3

Fedora 25 zathura-pdf-mupdf-0.3.0-3.fc25

Thursday 24th of November 2016 11:44:00 AM
LinuxSecurity.com: Security fix for CVE-2016-7504, CVE-2016-7505, CVE-2016-7506, CVE-2016-9017,CVE-2016-9108, CVE-2016-9109, CVE-2016-9294

Fedora 25 mujs-0-6.20161031gita0ceaf5.fc25

Thursday 24th of November 2016 11:43:00 AM
LinuxSecurity.com: Security fix for CVE-2016-7504, CVE-2016-7505, CVE-2016-7506, CVE-2016-9017,CVE-2016-9108, CVE-2016-9109, CVE-2016-9294

Fedora 23 kernel-4.8.8-100.fc23

Thursday 24th of November 2016 03:38:00 AM
LinuxSecurity.com: The 4.8.8 stable kernel update contains a number of important fixes across thetree. ---- The 4.8.7 kernel rebase contains new hardware support, additionalfeatures, and a number of important bug fixes across the tree.

Fedora 23 moodle-3.0.7-1.fc23

Thursday 24th of November 2016 03:36:00 AM
LinuxSecurity.com: 3.0.7

More in Tux Machines

today's leftovers

  • How fast is KVM? Host vs virtual machine performance!
  • Kernel maintenance, Brillo style
    Brillo, he said, is a software stack for the Internet of things based on the Android system. These deployments bring a number of challenges, starting with the need to support a different sort of hardware than Android normally runs on; target devices may have no display or input devices, but might well have "fun buses" to drive interesting peripherals. The mix of vendors interested in this area is different; handset vendors are present, but many more traditional embedded vendors can also be found there. Brillo is still in an early state of development.
  • Reviewing Project Management Service `Wrike` And Seems Interesting
    I have been testing some services for our project and found this amazing service, thought why not share it with you guys, it might be useful for you. Project management is a term that in some respects appears common, yet in practice still seems to be limited to large companies. While this may be true, the foundations of project management are actually rather simple and can be adopted by anyone, in any industry. One of the major requirements you need to consider when selecting a good project management software is the ability to run and operate it on the go via your mobile devices. Other factors include the ability to access the software from any platform whether it be Linux, Mac, or Windows. This can be achieved when the project management software is web-based. Wrike is a software that does of all this.
  • World Wine News Issue 403
  • OSVR on Steam, Unity drops legacy OpenGL, and more gaming news
  • GNOME Core Apps Hackfest 2016
    This November from Friday 25 to Sunday 27 was held in Berlin the GNOME Core Apps Hackfest. My focus during this hackfest was to start implementing a widget for the series view of the Videos application, following a mockup by Allan Day.
  • Worth Watching: What Will Happen to Red Hat Inc Next? The Stock Just Declined A Lot
  • Vetr Inc. Lowers Red Hat Inc. (RHT) to Buy
  • Redshift functionality on Fedora 25 (GNOME + Wayland). Yes, it's possible!
    For those who can't live without screen colour shifting technology such as Redshift or f.lux, myself being one of them, using Wayland did pose the challenge of having these existing tools not working with the Xorg replacement. Thankfully, all is not lost and it is possible even right now. Thanks to a copr repo, it's particularly easy on Fedora 25. One of the changes that comes with Wayland is there is currently no way for third-party apps to modify screen gamma curves. Therefore, no redshift apps, such as Redshift itself (which I recently covered here) will work while running under Wayland.
  • My Free Software Activities in November 2016
  • Google's ambitious smartwatch vision is failing to materialise
    In February this year, Google's smartwatch boss painted me a rosy picture of the future of wearable technology. The wrist is, David Singleton said, "the ideal place for the power of Google to help people with their lives."
  • Giving Thanks (along with a Shipping Update)
    Mycroft will soon be available as a pre-built Raspberry Pi 3 image for any hobbyist to use. The new backend we have been quietly building is emerging from beta, making the configuration and management of you devices simple. We are forming partnerships to get Mycroft onto laptops, desktops and other devices in the world. Mycroft will soon be speaking to you throughout your day.
  • App: Ixigo Indian Rail Train PNR Status for Tizen Smart Phones
    Going on a train journey in India? Ixigo will check the PNR status, the train arrival and departure & how many of the particular tickets are left that you can purchase. You can also do a PNR status check to make sure that your seat is booked and confirmed.

Networking and Servers

  • How We Knew It Was Time to Leave the Cloud
    In my last infrastructure update, I documented our challenges with storage as GitLab scales. We built a CephFS cluster to tackle both the capacity and performance issues of NFS and decided to replace PostgreSQL standard Vacuum with the pg_repack extension. Now, we're feeling the pain of running a high performance distributed filesystem on the cloud.
  • Hype Driven Development
  • SysAdmins Arena in a nutshell
    Sysadmins can use the product to improve their skills or prepare for an interview by practicing some day to day job scenarios. There is an invitation list opened for the first testers of the product.

Desktop GNU/Linux

  • PINEBOOK Latest News: Affordable Linux Laptop at Only $89 Made by Raspberry Pi Rival, PINE
    PINE, the rival company of Raspberry Pi and maker of the $20 Pine A64, has just announced its two below $100-priced Linux laptops, known as PINEBOOK. The affordable Linux laptop is powered by Quad-Core ARM Cortex A53 64-bit processor and comes with an 11.6" or 14" monitor.
  • Some thoughts about options for light Unix laptops
    I have an odd confession: sometimes I feel (irrationally) embarrassed that despite being a computer person, I don't have a laptop. Everyone else seems to have one, yet here I am, clearly behind the times, clinging to a desktop-only setup. At times like this I naturally wind up considering the issue of what laptop I might get if I was going to get one, and after my recent exposure to a Chromebook I've been thinking about this once again. I'll never be someone who uses a laptop by itself as my only computer, so I'm not interested in a giant laptop with a giant display; giant displays are one of the things that the desktop is for. Based on my experiences so far I think that a roughly 13" laptop is at the sweet spot of a display that's big enough without things being too big, and I would like something that's nicely portable.
  • What is HiDPI and Why Does it Matter?

Google and Mozilla

  • Google Rolls Out Continuous Fuzzing Service For Open Source Software
    Google has launched a new project for continuously testing open source software for security vulnerabilities. The company's new OSS-Fuzz service is available in beta starting this week, but at least initially it will only be available for open source projects that have a very large user base or are critical to global IT infrastructure.
  • Mozilla is doing well financially (2015)
    Mozilla announced a major change in November 2014 in regards to the company's main revenue stream. The organization had a contract with Google in 2014 and before that had Google pay Mozilla money for being the default search engine in the Firefox web browser. This deal was Mozilla's main source of revenue, about 329 million US Dollars in 2014. The change saw Mozilla broker deals with search providers instead for certain regions of the world.