Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 1 day 50 min ago

Red Hat: 2015:1347-01: pki-core: Moderate Advisory

Wednesday 22nd of July 2015 02:41:00 AM
LinuxSecurity.com: Updated pki-core packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security [More...]

Fedora 22 java-1.8.0-openjdk-1.8.0.51-4.b16.fc22

Tuesday 21st of July 2015 04:25:00 AM
LinuxSecurity.com: security update to oracle CPU july 2015 - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Fedora 21 polkit-0.113-4.fc21

Tuesday 21st of July 2015 04:24:00 AM
LinuxSecurity.com: Security fix for CVE-2015-3218, CVE-2015-3255, CVE-2015-3256, CVE-2015-4625.Please make sure to reboot or run (systemctl restart polkit.service) after applying this update.

Fedora 21 bind-9.9.6-9.P1.fc21

Tuesday 21st of July 2015 04:22:00 AM
LinuxSecurity.com: fix for CVE-2015-4620

Fedora 22 php-horde-Horde-Core-2.20.6-1.fc22

Tuesday 21st of July 2015 04:22:00 AM
LinuxSecurity.com: **Horde_Form 2.0.10*** [jan] SECURITY: Fixed XSS in form renderer.**Horde_Icalendar 2.1.1*** [jan] Fix generated VALARM TRIGGER attributes with empty duration (Ralf Becker).**Horde_Auth 2.1.10*** [jan] SECURITY: Don't allow to login to LDAP with an emtpy password.**Horde_Core 2.20.6*** [jan] SECURITY: Don't allow to login with an emtpy password.* [jan] Give administrators access to all groups, even with $conf['share']['any_group'] disabled.

Fedora 22 php-horde-Horde-Icalendar-2.1.1-1.fc22

Tuesday 21st of July 2015 04:22:00 AM
LinuxSecurity.com: **Horde_Form 2.0.10*** [jan] SECURITY: Fixed XSS in form renderer.**Horde_Icalendar 2.1.1*** [jan] Fix generated VALARM TRIGGER attributes with empty duration (Ralf Becker).**Horde_Auth 2.1.10*** [jan] SECURITY: Don't allow to login to LDAP with an emtpy password.**Horde_Core 2.20.6*** [jan] SECURITY: Don't allow to login with an emtpy password.* [jan] Give administrators access to all groups, even with $conf['share']['any_group'] disabled.

Fedora 22 php-horde-Horde-Form-2.0.10-1.fc22

Tuesday 21st of July 2015 04:22:00 AM
LinuxSecurity.com: **Horde_Form 2.0.10*** [jan] SECURITY: Fixed XSS in form renderer.**Horde_Icalendar 2.1.1*** [jan] Fix generated VALARM TRIGGER attributes with empty duration (Ralf Becker).**Horde_Auth 2.1.10*** [jan] SECURITY: Don't allow to login to LDAP with an emtpy password.**Horde_Core 2.20.6*** [jan] SECURITY: Don't allow to login with an emtpy password.* [jan] Give administrators access to all groups, even with $conf['share']['any_group'] disabled.

Fedora 22 php-horde-Horde-Auth-2.1.10-1.fc22

Tuesday 21st of July 2015 04:22:00 AM
LinuxSecurity.com: **Horde_Form 2.0.10*** [jan] SECURITY: Fixed XSS in form renderer.**Horde_Icalendar 2.1.1*** [jan] Fix generated VALARM TRIGGER attributes with empty duration (Ralf Becker).**Horde_Auth 2.1.10*** [jan] SECURITY: Don't allow to login to LDAP with an emtpy password.**Horde_Core 2.20.6*** [jan] SECURITY: Don't allow to login with an emtpy password.* [jan] Give administrators access to all groups, even with $conf['share']['any_group'] disabled.

Fedora 22 asterisk-13.3.2-1.fc22

Tuesday 21st of July 2015 04:18:00 AM
LinuxSecurity.com: The Asterisk Development Team has announced security releases for CertifiedAsterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The availablesecurity releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11,11.17.1, 12.8.2, 13.1-cert2, and 13.3.2.These releases are available for immediate download athttp://downloads.asterisk.org/pub/telephony/asterisk/releasesThe release of these versions resolves the following security vulnerability:* AST-2015-003: TLS Certificate Common name NULL byte exploit When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected. This potentially allows for a man in the middle attack.For more information about the details of this vulnerability, please readsecurity advisory AST-2015-003, which was released at the same time as thisannouncement.For a full list of changes in the current releases, please see the ChangeLogs:http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.28-cert5http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert11http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.8.2http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-13.1-cert2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.3.2The security advisory is available at: * http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

Fedora 21 java-1.8.0-openjdk-1.8.0.51-4.b16.fc21

Tuesday 21st of July 2015 04:16:00 AM
LinuxSecurity.com: security update to oracle CPU july 2015 - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Fedora 21 php-horde-Horde-Form-2.0.10-1.fc21

Tuesday 21st of July 2015 04:15:00 AM
LinuxSecurity.com: **Horde_Form 2.0.10*** [jan] SECURITY: Fixed XSS in form renderer.**Horde_Icalendar 2.1.1*** [jan] Fix generated VALARM TRIGGER attributes with empty duration (Ralf Becker).**Horde_Auth 2.1.10*** [jan] SECURITY: Don't allow to login to LDAP with an emtpy password.**Horde_Core 2.20.6*** [jan] SECURITY: Don't allow to login with an emtpy password.* [jan] Give administrators access to all groups, even with $conf['share']['any_group'] disabled.

Fedora 21 php-horde-Horde-Auth-2.1.10-1.fc21

Tuesday 21st of July 2015 04:15:00 AM
LinuxSecurity.com: **Horde_Form 2.0.10*** [jan] SECURITY: Fixed XSS in form renderer.**Horde_Icalendar 2.1.1*** [jan] Fix generated VALARM TRIGGER attributes with empty duration (Ralf Becker).**Horde_Auth 2.1.10*** [jan] SECURITY: Don't allow to login to LDAP with an emtpy password.**Horde_Core 2.20.6*** [jan] SECURITY: Don't allow to login with an emtpy password.* [jan] Give administrators access to all groups, even with $conf['share']['any_group'] disabled.

Fedora 21 php-horde-Horde-Icalendar-2.1.1-1.fc21

Tuesday 21st of July 2015 04:15:00 AM
LinuxSecurity.com: **Horde_Form 2.0.10*** [jan] SECURITY: Fixed XSS in form renderer.**Horde_Icalendar 2.1.1*** [jan] Fix generated VALARM TRIGGER attributes with empty duration (Ralf Becker).**Horde_Auth 2.1.10*** [jan] SECURITY: Don't allow to login to LDAP with an emtpy password.**Horde_Core 2.20.6*** [jan] SECURITY: Don't allow to login with an emtpy password.* [jan] Give administrators access to all groups, even with $conf['share']['any_group'] disabled.

Debian: 3311-1: mariadb-10.0: Summary

Monday 20th of July 2015 01:28:00 AM
LinuxSecurity.com: Security Report Summary

Debian: 3310-1: freexl: Summary

Sunday 19th of July 2015 01:50:00 PM
LinuxSecurity.com: Security Report Summary

Fedora 21 xen-4.4.2-7.fc21

Saturday 18th of July 2015 10:02:00 PM
LinuxSecurity.com: xl command line config handling stack overflow [XSA-137, CVE-2015-3259]

Fedora 22 drupal7-migrate-2.8-1.fc22

Saturday 18th of July 2015 10:01:00 PM
LinuxSecurity.com: ## 7.x-2.8**See [SA-CONTRIB-2015-130](https://www.drupal.org/node/2516678)****Features and enhancements*** Issue #2379289: migrate-import --update does not seem to work as expected, if map is not joinable, due to highwater field?* Issue #2403643: Migration::applyMappings() unable to handle multifield subfields* Issue #2472045: Add language subfields only if field is translatable* Issue #2474809: Obtuse error message when migration dependencies are missing* Issue #2397791: MigrationBase::handleException should handle multiple errors via field_attach_validate()* Issue #2309563: Add support for running migrations via wildcard name* Issue #2095841: Add MigrationBase methods to enable/disable mail system.* Issue #2419373: Performance improvement when using Source migrations in combination with MigrateSQLMap* Issue #2141687: Make error messages include more information when migrating files**Bug fixes*** Field sanitization added to prevent possibility of XSS - see security advisory https://security.drupal.org/node/155268.* Issue #2447115: Mapping editor does not properly save XML mappings* Issue #2497015: Remapping taxonomy terms breaks term reference import on dependant migrations* Issue #2488560: MigrateSourceList and MigrateSourceMultiItems getNextRow() stops after only one iteration* Issue #2446105: Source fields getting reset as "do not migrate" after mapping and saving* Issue #2415977: /tmp is hard-coded in migrate_ui* Issue #2475473: Drush idlist option broken* Issue #2465387: Unknown option: --stop during migrate-import via Drush**Important: If you are upgrading from Migrate 2.5 or earlier**Migration developers will need to add the "advanced migration information" permission to their roles to continue seeing all the info in the UI they're used to.Auto-registration (having classes be registered just based on their class name, with no call to registerMigration or definition in hook_migrate_api()) is no longer supported. Registration of classes defined in hook_migrate_api() is no longer automatic - do a drush migrate-register or use the Register button in the UI to register them.Migration class constructors should now always accept an $arguments array as the first parameter and pass it to its parent. This version does support legacy migrations which pass a group object, or nothing, but these methods are deprecated.

Fedora 22 python-keystonemiddleware-1.3.2-1.fc22

Saturday 18th of July 2015 10:01:00 PM
LinuxSecurity.com: Update to upstream 1.3.2 which incldes fix for CVE-2015-1852Update to upstream 1.3.1 + S3token incorrect condition expression for ssl_insecure CVE-2015-1852

Fedora 21 drupal7-views_bulk_operations-3.3-1.fc21

Saturday 18th of July 2015 10:00:00 PM
LinuxSecurity.com: ## 7.x-3.3**See [SA-CONTRIB-2015-131](https://www.drupal.org/node/2516688)****Changes since 7.x-3.2:*** Fix security vulnerability, by AdamPS.* Remove an entity_label() workaround that core no longer needs.* Issue #2427381 by axel.rutz: Rules component lacks entity type* Issue #2418751 by anrikun: Archive action fails silently* Issue #2318273 by bojanz, PascalAnimateur: Added Hide action links from confirmation pages.* Issue #2364849 by rudiedirkx: Fixed Don't export unselected actions.* Issue #1817978 by ofry, samalone: Fixed Undefined index: triggers in flag_flag->get_valid_actions() .* Issue #2341283 by JvE: Fixed views_bulk_operations_cron says 1 day but uses 10 days.* Issue #2345667 by PascalAnimateur: Fixed Translate properties / available tokens titles.* Issue #2312547 by bennybobw, lmeurs: Fixed Broken view titles, they often only display a < character.* Issue #2317867 by Chi: Fixed Make tokens fieldset title translatable.* Issue #2173259 by Garrett Albright, my-family: Fixed Confirmation message not visible.* Issue #2305999 by gcb: Fixed Inaccurate Position -> Total being passed to action with Views 3.8.* Clean up previous patch.* Issue #1781704 by juampy: Added Make the ability to click on a row and activate the checkbox optional.* Issue #2254871 by jorisdejong: Fixed No default action behavior set in getAccessMask().* Issue #2280213: Make the OR string in theme_views_bulk_operations_select_all() translatable.* Issue #1618474 followup by acbramley: Hide operations selector & checkboxes if no operation available.* Issue #2192775 by Berdir: views_bulk_operations_load_action_includes() uses relative path in include_once

Fedora 22 xen-4.5.1-2.fc22

Saturday 18th of July 2015 10:00:00 PM
LinuxSecurity.com: xl command line config handling stack overflow [XSA-137, CVE-2015-3259]

More in Tux Machines

Leftovers: Ubuntu Touch

Canonical Patches Two BIND Vulnerabilities in All Supported Ubuntu OSes, Update Now

On July 28, Canonical, through Marc Deslauriers, published details about the availability of a new important update for the BIND packages in the Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems. Read more

KDE and Akademy

  • KDE unveils Plasma Mobile, a free and open Linux OS for phones
    Move over, Ubuntu Touch and Android. There's new competition in town. The KDE community just unveiled Plasma Mobile, a free and open-source mobile operating system. This is nothing new for the KDE project. Before Ubuntu Touch was ever announced, the KDE community had a long-term vision of convergence. Plasma 5 on the desktop has a “converged shell” that can switch between different interfaces for different device types. KDE even attempted to release tablets with their Plasma software preinstalled, but this never worked out.
  • Keeping Up With Akademy 2015 In A Coruña
    For KDE fans interested in the Akademy conference that started on Saturday in A Coruña, Galicia, Spain, there are a lot of daily reports coming out of the event.
  • Akademy A Coruña Photos
  • Akademy 2015 videos available
    Video recordings of the Akademy talks are now available in a low quality version to enable them to be released quickly. Higher quality version will be available later.

Second Release Candidate of NetBSD 7.0 Brings Latest OpenSSL and BIND Updates

On July 28, the NetBSD Project, through Soren Jacobsen, announced the immediate availability for download and testing of the second RC (Release Candidate) version of the anticipated NetBSD 7.0 distribution. Read more