Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 1 day 1 hour ago

Ubuntu 3582-2: Linux kernel (Xenial HWE) vulnerabilities

Thursday 22nd of February 2018 10:13:00 AM
LinuxSecurity.com: Several security issues were fixed in the Linux kernel.

Ubuntu 3582-1: Linux kernel vulnerabilities

Thursday 22nd of February 2018 10:13:00 AM
LinuxSecurity.com: Several security issues were fixed in the Linux kernel.

Ubuntu 3581-2: Linux kernel (HWE) vulnerabilities

Thursday 22nd of February 2018 10:12:00 AM
LinuxSecurity.com: Several security issues were fixed in the Linux kernel.

Ubuntu 3581-1: Linux kernel vulnerabilities

Thursday 22nd of February 2018 10:12:00 AM
LinuxSecurity.com: Several security issues were fixed in the Linux kernel.

RedHat: RHSA-2018-0342:01 Important: rh-maven35-jackson-databind security

Thursday 22nd of February 2018 09:22:00 AM
LinuxSecurity.com: An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

ArchLinux: 201802-10: strongswan: denial of service

Thursday 22nd of February 2018 12:32:00 AM
LinuxSecurity.com: The package strongswan before version 5.6.2-1 is vulnerable to denial of service.

Ubuntu 3580-1: Linux kernel vulnerabilities

Thursday 22nd of February 2018 12:14:00 AM
LinuxSecurity.com: Several security issues were fixed in the Linux kernel.

ArchLinux: 201802-9: libmspack: multiple issues

Wednesday 21st of February 2018 04:28:00 PM
LinuxSecurity.com: The package libmspack before version 1:0.6alpha-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

Debian LTS: DLA-1287-1: zziplib security update

Tuesday 20th of February 2018 10:37:00 PM
LinuxSecurity.com: It was discovered that there was a uncontrolled memory allocation issue in zziplib, a ZIP archive library. Remote attackers could leverage this vulnerability to cause a denial of service via a specially-crafted file.

RedHat: RHSA-2018-0334:01 Important: chromium-browser security update

Tuesday 20th of February 2018 09:33:00 PM
LinuxSecurity.com: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

openSUSE: 2018:0497-1: important: p7zip

Tuesday 20th of February 2018 06:16:00 PM
LinuxSecurity.com: An update that solves three vulnerabilities and has one errata is now available.

openSUSE: 2018:0494-1: important: glibc

Tuesday 20th of February 2018 06:13:00 PM
LinuxSecurity.com: An update that fixes 5 vulnerabilities is now available.

Fedora 27: freetype Security Update

Tuesday 20th of February 2018 05:21:00 PM
LinuxSecurity.com: Security fix for CVE-2018-6942.

Fedora 27: patch Security Update

Tuesday 20th of February 2018 05:21:00 PM
LinuxSecurity.com: New upstream release, including security fixes for CVE-2016-10713, CVE-2018-6951, CVE-2018-6952.

Fedora 27: firefox Security Update

Tuesday 20th of February 2018 05:20:00 PM
LinuxSecurity.com: Update to latest upstream stable version. For changes see: https://www.mozilla.org/en-US/firefox/58.0.2/releasenotes/

Fedora 27: zziplib Security Update

Tuesday 20th of February 2018 05:20:00 PM
LinuxSecurity.com: Security fix for CVE-2018-6869, CVE-2018-6484

Fedora 27: krb5 Security Update

Tuesday 20th of February 2018 05:20:00 PM
LinuxSecurity.com: Fix CVE-2018-5729, CVE-2018-5730. These are low-impact, requiring administrator access to exploit. ---- Fix leak in previous version. ---- Always read config snippets in alphabetical order per-directory.

Fedora 27: golang Security Update

Tuesday 20th of February 2018 05:20:00 PM
LinuxSecurity.com: * Security fix for CVE-2018-6574 * Rebase to latest point release

Fedora 27: monit Security Update

Tuesday 20th of February 2018 05:19:00 PM
LinuxSecurity.com: Update to upstream release 5.25.1 (includes security fix for CVE-2016-7067)

Fedora 26: libreoffice Security Update

Tuesday 20th of February 2018 04:41:00 PM
LinuxSecurity.com: - CVE-2018-1055 Remote arbitrary file disclosure vulnerability via WEBSERVICE formula

More in Tux Machines

Introducing the potential new Ubuntu Studio Council

Back in 2016, Set Hallström was elected as the new Team Lead for Ubuntu Studio, just in time for the 16.04 Xenial Long Term Support (LTS) release. It was intended that Ubuntu Studio would be able to utilise Set’s leadership skills at least up until the next LTS release in April 2018. Unfortunately, as happens occasionally in the world of volunteer work, Set’s personal circumstances changed and he is no longer able to devote as much time to Ubuntu Studio as he would like. Therefore, an IRC meeting was held between interested Ubuntu Studio contributors on 21st May 2017 to agree on how to fill the void. We decided to follow the lead of Xubuntu and create a Council to take care of Ubuntu Studio, rather than continuing to place the burden of leadership on the shoulder of one particular person. Unfortunately, although the result was an agreement to form the first Ubuntu Studio Council from the meeting participants, we all got busy and the council was never set up. Read more

today's leftovers

  • My Experience with MailSpring on Linux
    On the Linux Desktop, there are quite a few choices for email applications. Each of these has their own pros and cons which should be weighed depending on one’s needs. Some clients will have MS Exchange support. Others do not. In general, because email is reasonably close to free (and yes, we can thank Hotmail for that) it has been a difficult place to make money. Without a cash flow to encourage developers, development has trickled at best.
  • Useful FFMPEG Commands for Managing Audio and Video Files
  • Set Up A Python Django Development Environment on Debian 9 Stretch Linux
  • How To Run A Command For A Specific Time In Linux
  • Kubuntu 17.10 Guide for Newbie Part 7
  •  
  • Why Oppo and Vivo are losing steam in Chinese smartphone market
    China’s smartphone market has seen intense competition over the past few years with four local brands capturing more than 60 percent of sales in 2017. Huawei Technologies, Oppo, Vivo and Xiaomi Technology recorded strong shipment growth on a year-on-year basis. But some market experts warned that Oppo and Vivo may see the growth of their shipments slow this year as users become more discriminating.
  • iPhones Blamed for More than 1,600 Accidental 911 Calls Since October
    The new Emergency SOS feature released by Apple for the iPhone is the one to blame for no less than 1,600 false calls to 911 since October, according to dispatchers. And surprisingly, emergency teams in Elk Grove and Sacramento County in California say they receive at least 20 such 911 calls every day from what appears to be an Apple service center. While it’s not exactly clear why the iPhones that are probably brought in for repairs end up dialing 911, dispatchers told CBS that the false calls were first noticed in the fall of the last year. Apple launched new iPhones in September 2017 and they went on sale later the same month and in November, but it’s not clear if these new devices are in any way related to the increasing number of accidental calls to 911.
  • Game Studio Found To Install Malware DRM On Customers' Machines, Defends Itself, Then Apologizes
    The thin line that exists between entertainment industry DRM software and plain malware has been pointed out both recently and in the past. There are many layers to this onion, ranging from Sony's rootkit fiasco, to performance hits on machines thanks to DRM installed by video games, up to and including the insane idea that copyright holders ought to be able to use malware payloads to "hack back" against accused infringers. What is different in more recent times is the public awareness regarding DRM, computer security, and an overall fear of malware. This is a natural kind of progression, as the public becomes more connected and reliant on computer systems and the internet, they likewise become more concerned about those systems. That may likely explain the swift public backlash to a small game-modding studio seemingly installing something akin to malware in every installation of its software, whether from a legitimate purchase or piracy.

Server: Benchmarks, IBM and Red Hat

  • 36-Way Comparison Of Amazon EC2 / Google Compute Engine / Microsoft Azure Cloud Instances vs. Intel/AMD CPUs
    Earlier this week I delivered a number of benchmarks comparing Amazon EC2 instances to bare metal Intel/AMD systems. Due to interest from that, here is a larger selection of cloud instance types from the leading public clouds of Amazon Elastic Compute Cloud, Microsoft Azure, and Google Compute Engine.
  • IBM's Phil Estes on the Turbulent Waters of Container History
    Phil Estes painted a different picture of container history at Open Source 101 in Raleigh last weekend, speaking from the perspective of someone who had a front row seat. To hear him tell it, this rise and success is a story filled with intrigue, and enough drama to keep a daytime soap opera going for a season or two.
  • Red Hat CSA Mike Bursell on 'managed degradation' and open data
    As part of Red Hat's CTO office chief security architect Mike Bursell has to be informed of security threats past, present and yet to come – as many as 10 years into the future. The open source company has access to a wealth of customers in verticals including health, finance, defence, the public sector and more. So how do these insights inform the company's understanding of the future threat landscape?
  • Red Hat Offers New Decision Management Tech Platform
    Red Hat (NYSE: RHT) has released a platform that will work to support information technology applications and streamline the deployment of rules-based tools in efforts to automate processes for business decision management, ExecutiveBiz reported Thursday.

Vulkan Anniversary and Generic FBDEV Emulation Continues To Be Worked On For DRM Drivers

  • Vulkan Turns Two Years Old, What Do You Hope For Next?
    This last week marked two years since the debut of Vulkan 1.0, you can see our our original launch article. My overworked memory missed realizing it by a few days, but it's been a pretty miraculous two years for this high-performance graphics and compute API.
  • Generic FBDEV Emulation Continues To Be Worked On For DRM Drivers
    Noralf Trønnes has spent the past few months working on generic FBDEV emulation for Direct Rendering Manager (DRM) drivers and this week he volleyed his third revision of these patches, which now includes a new in-kernel API along with some clients like a bootsplash system, VT console, and fbdev implementation.