Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 1 hour 4 min ago

openSUSE: 2020:1162-1: important: libX11>

Friday 7th of August 2020 08:12:46 PM
An update that fixes one vulnerability is now available.

SUSE: 2020:2172-1 moderate: perl-XML-Twig>

Friday 7th of August 2020 05:15:01 PM
An update that fixes one vulnerability is now available.

SUSE: 2020:2173-1 moderate: perl-XML-Twig>

Friday 7th of August 2020 05:14:13 PM
An update that fixes one vulnerability is now available.

SUSE: 2020:2171-1 important: xen>

Friday 7th of August 2020 05:13:20 PM
An update that solves one vulnerability and has one errata is now available.

SUSE: 2020:2166-1 important: xen>

Friday 7th of August 2020 02:17:50 PM
An update that contains security fixes can now be installed.

SUSE: 2020:2167-1 important: LibVNCServer>

Friday 7th of August 2020 02:16:01 PM
An update that fixes 12 vulnerabilities is now available.

openSUSE: 2020:1161-1: Security update of chromium>

Friday 7th of August 2020 02:13:42 PM
An update that fixes 6 vulnerabilities is now available.

CentOS: CESA-2020-3253: Important CentOS 7 firefox >

Friday 7th of August 2020 09:04:05 AM
Upstream details at : https://access.redhat.com/errata/RHSA-2020:3253

CentOS: CESA-2020-3344: Important CentOS 7 thunderbird >

Friday 7th of August 2020 09:03:15 AM
Upstream details at : https://access.redhat.com/errata/RHSA-2020:3344

CentOS: CESA-2020-3233: Important CentOS 6 firefox >

Friday 7th of August 2020 09:02:21 AM
Upstream details at : https://access.redhat.com/errata/RHSA-2020:3233

openSUSE: 2020:1156-1: moderate: python-rtslib-fb>

Friday 7th of August 2020 08:15:16 AM
An update that fixes one vulnerability is now available.

openSUSE: 2020:1155-1: important: MozillaFirefox>

Thursday 6th of August 2020 11:17:19 PM
An update that fixes 10 vulnerabilities is now available.

Fedora 32: radare2 2020-aa51efe207>

Thursday 6th of August 2020 09:20:12 PM
- Rebase radare2 to upstream version 4.5.0 - Rebase cutter to upstream version 1.11.0 - Provide cutter translation - Provide -devel sub package of cutter-re

Fedora 32: cutter-re 2020-aa51efe207>

Thursday 6th of August 2020 09:20:11 PM
- Rebase radare2 to upstream version 4.5.0 - Rebase cutter to upstream version 1.11.0 - Provide cutter translation - Provide -devel sub package of cutter-re

Fedora 32: postgresql-jdbc 2020-5a31ccfe66>

Thursday 6th of August 2020 09:19:39 PM
fixed XML external entity (XXE) vulnerability

Fedora 31: radare2 2020-d5b33b6e6c>

Thursday 6th of August 2020 09:09:52 PM
- Rebase radare2 to 4.5.0 - Rebase cutter-re to 1.11.0

Fedora 31: cutter-re 2020-d5b33b6e6c>

Thursday 6th of August 2020 09:09:52 PM
- Rebase radare2 to 4.5.0 - Rebase cutter-re to 1.11.0

SUSE: 2020:2160-1 important: xen>

Thursday 6th of August 2020 08:34:17 PM
An update that contains security fixes can now be installed.

SUSE: 2020:2157-1 important: python-ipaddress>

Thursday 6th of August 2020 08:33:27 PM
An update that fixes one vulnerability is now available.

SUSE: 2020:2152-1 important: the Linux Kernel>

Thursday 6th of August 2020 05:21:19 PM
An update that solves 11 vulnerabilities and has 12 fixes is now available.

More in Tux Machines

Devices: RaspAnd, Raspberry Pi and More

  • RaspAnd Project Now Lets You Run Android 10 on Your Raspberry Pi

    Arne Exton released today a new version of his RaspAnd project that lets you run the latest Android 10 mobile operating system on your tiny Raspberry Pi computer. For $9 USD, RaspAnd 10 promises to make it easier to install Google’s latest Android 10 mobile operating system on your Raspberry Pi computer, but let’s take a look at the new features and improvements it brings over previous versions. First and foremost, RaspAnd 10 is compatible with several recent Raspberry Pi models, including the recent Raspberry Pi 4 with 8GB RAM, but also older models, such as the Raspberry Pi 3 Model B and Raspberry Pi 3 Model B+.

  •      
  • Create a stop motion film with Digital Making at Home
             
  •        
  • The people problem

    Systems used to be designed by groups of engineers. Integration and test engineers waited on the developers and toes tended to get trodden on, with hidden code picked apart and untouchable historic designs questioned - all for product development. There was certainly no room for ego! Today, favourite tools may be replaced by those common to the technologies inside a device. Xilinx Zynq devices have two debug ports to allow individual debugging of the Processor Section or Programmable Logic. On Zynq you can chain these ports into one, so tools that are aware of both worlds deliver greater insight. Other devices may only offer specific insight. Vendors will offer a toolset to work with this, but it may be different to what people are used to. Suddenly, this new wonder-device to solve everyone’s design problems is upsetting the engineering apple cart across all engineering disciplines. [...] Silicon vendors offer a step-up in trying to build Linux for their device, and may offer a pre-built image to boot from. This will need modifying for your needs. It’s amazing how many common command-line tools don’t show up by default. Don’t be fooled into thinking moving from a Raspberry Pi to another platform will be straightforward.

Programming: Python, Rust, PHP, C++ and More

  • Python For Loop: Everything You Need to Know

    Loops are one of the essential elements in any programming language, and Python is not an exception to it. Loops are used to repeat a statement or a block of statements multiple times. If there were no concept of loops in programming languages, we have to write each statement again and again for the number of times we want to execute it. Python provides two types of loops to handle looping requirements, i.e., the while loop and the for loop. In this tutorial, we will learn everything about the for loop statement in Python. Before getting started with this tutorial, It is necessary to have Python installed and set up in your environment path. If you don’t have it installed already, refer to our step by step guide to install Python on Linux. The code presented in this tutorial can be run on the python shell, but it is recommended to run the code in a Python IDE. If you don’t have a python IDE installed in your system or want to know which IDE is a better choice to install, you can refer to our guide Top 10 best python IDE compared.

  • NihAV Is An Experimental Multimedia Framework Written In Rust

    NihAV is an experimental multimedia framework written in the Rust programming language. At the moment it's focused on diving into supporting decoders for different formats that lack open-source support right now / not yet reverse engineered, exploring new approaches for conventional multimedia concepts, and other experiments for advancing audio-video frameworks.

  • rra-c-util 8.3

    n this release of my utility library for my other packages, I finally decided to drop support for platforms without a working snprintf. This dates back to the early 2000s and a very early iteration of this package. At the time, there were still some older versions of UNIX without snprintf at all. More commonly, it was buggy. The most common problem was that it would return -1 if the buffer wasn't large enough rather than returning the necessary size of the buffer. Or, in some cases, it wouldn't support a buffer size of 0 and a NULL buffer to get the necessary size.

  • Embedded Programming and Beyond: An Interview with Warren Gay

    Interested in embedded programming? Warren Gay, an Ontario, Canada-based senior programmer, is an excellent resource for professional programmers, students, and makers alike. Here he talks about his new book, FreeRTOS for ESP32-Arduino (Elektor, 2020), and shares insights about FreeRTOS, ESP32, Arduino, embedded technologies, and more. You are sure to find his input informative and inspiring, especially if you plan to work with ESP32 or Arduino in the near future.

  • PHP 7.1 - 8 new features

    In the PHP 7.0 version function declaration accepts a return type, with the release of 7.1 version functions and parameters can return/accept null by prefixing the data type with a question mark(?). if the data type passed as parameter or returned by a function is different from the type specified a TypeError exception will be thrown.

  • Senior Developers don’t know Everything

    For about 20 years, I’ve been doing C++ and Qt and KDE development. I suppose that makes me a “senior software engineer”, also in the sense that I’ve hacked, programmed, futzed, designed, architected, tested, proved-correct, and cursed at a lot of software. But don’t let the label fool you: I look up just as much in the documentation as I ever did; senior developers don’t know everything.

Software and Games: Cloud Hypervisor, Joplin, Kodi, MuseScore, Bashtop, Grounded

  • Intel Cloud-Hypervisor 0.9 Brings io_uring Block Device Support For Faster Performance

    Intel's Cloud Hypervisor focused on being a Rustlang-based hypervisor focused for cloud workloads is closing in on the 1.0 milestone. With this week's release of Cloud-Hypervisor 0.9 there is one very exciting feature in particular but also a lot of other interesting changes. 

  • Joplin

    Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. The notes are searchable, can be copied, tagged and modified either from the applications directly or from your own text editor. The notes are in Markdown format. Notes exported from Evernote via .enex files can be imported into Joplin, including the formatted content (which is converted to Markdown), resources (images, attachments, etc.) and complete metadata (geolocation, updated time, created time, etc.). Plain Markdown files can also be imported. The notes can be synchronized with various cloud services including Nextcloud, Dropbox, OneDrive, WebDAV or the file system (for example with a network directory). When synchronizing the notes, notebooks, tags and other metadata are saved to plain text files which can be easily inspected, backed up and moved around.

  •          
  • Kodi 19 Alpha 1 Released With AV1 Decoding, Many Other HTPC Improvements

    Kodi 19 "Matrix" Alpha 1 has been released for this very popular, cross-platform open-source HTPC software.  Kodi 19 is bringing many exciting improvements as a major update to this open-source home theater software. 

  •        
  • Scorewriter MuseScore 3.5 Released with Chord Symbol Playback

    MuseScore, free music composition and notation software, released version 3.5 with long list of new features, bug fixes, and other improvements. MuseScore 3.5 contains one of the most requested features: Chord Symbol Playback. The feature is disabled by default so far. You can enable it by going to Edit > Preferences > Note Input.

  •        
  • Bashtop: An Htop Like System Monitor But Much More Useful

    As cool as Htop there is one thing that it's seriously lacking in and that is system monitoring tools, this may not be a problem for you but if you want a system monitor than bashtop is a much better option to choose, it let's you do most of the process management stuff that you want from htop but it comes with things like hard drive usage, network usage and cpu usage statistics. 

  • An Early Look at Grounded

    You’re in control of a child, who looks like he/she hasn’t entered the teenager years just yet. Among four different children — two boys and two girls — they’ve got a big problem: they’ve been shrunk to the size of an insect. Join them in their adventure — either by yourself or with a group of online friends — as they fight to survive in someone’s backyard, trying to build shelters whilst defending against bugs, and figure out why they’ve shrunk in the first place. Enter Grounded, developed by Obsidian Entertainment — the studio that brought us such titles as Pillars of Eternity, The Outer Worlds, and Star Wars: KOTOR2.

Fedora: LTO, Nest and More

  • Fedora 33 Moving Closer To LTO-Optimizing Packages

    Going back to last year Fedora has been working to enable link-time optimizations by default for their packages. That goal wasn't achieved for Fedora 32 but for Fedora 33 this autumn they still have chances of marking that feature off their TODO list.  LTO'ing the Fedora package set can offer not only performance advantages but in some cases smaller binaries as well. This is all about applying the compiler optimizations at link-time on the binary as a whole for yielding often sizable performance benefits and other optimizations not otherwise possible. LTO is great as we often show in benchmarks, especially in the latest GCC and LLVM Clang compilers. 

  • Zamir SUN: Report for session 1 of FZUG @ Nest with Fedora

    Last month, Alick suggested the Fedora Zhongwen User Group (FZUG) can do a online meetup during Nest with Fedora. And based on the survey, people registered for two time slots, the first one is 9:00 PM Saturday evening UTC+8 which is not a good time for Alick, so I take up the coordinating role for this session. As for the tool, we decided to use Jitsi, as it should work fine for most of us and do not have any limitations. What’s more, it’s totally open source. During the meeting, I firstly introduced Nest with Fedora and it’s previous offline version, Flock to Fedora, to the attendees. It’s interesting to see that during the past years, we not only have new users in China, but also new contributors. One attendee shares that his motivation of being a packager is that deploying packages for their research in the lab is cumbersome before. So he decided to package all into Fedora and then he can just simply install them on every machine. It is good to know that people contribute back because they want to solve their own problems. Maybe this can be a talking point to attract more contributors in the future. After the self introduction, we continue by sharing our interesting stores with Linux. That is a lot of fun.

  • Jon Chiappetta: Last piece of relay software needed for my home bridged network

    If you are running a bridged/relayd network with macs on it you may need to also forward the multicast broadcasts (mDNS related) that allow the devices to automatically discover each other. On the WRT wifi client side, there is a pkg called avahi-daemon and you can configure to operate in “reflector” mode to forward these broadcasts across the specified interfaces. Running this service along with the dhcprb C program which takes care of layer 2 arp requests & dhcp gateway forwarding has been pretty smooth so far!