Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 1 hour 59 min ago

Mageia 2022-0039: roundcubemail security update>

Thursday 27th of January 2022 06:27:38 PM
XSS in handling an attachment's filename extension when displaying a MIME type warning message (CVE-2021-44025). Potential SQL injection via search or search_params (CVE-2021-44026). References:

CentOS: CESA-2022-0306: Moderate CentOS 7 java-1.8.0-openjdk >

Thursday 27th of January 2022 06:14:09 PM
Upstream details at : https://access.redhat.com/errata/RHSA-2022:0306

openSUSE: 2022:0214-1 important: log4j>

Thursday 27th of January 2022 04:19:18 PM
An update that fixes three vulnerabilities is now available.

Ubuntu 5247-1: Vim vulnerabilities>

Thursday 27th of January 2022 04:13:42 PM
Several security issues were fixed in Vim.

Fedora 34: grafana 2022-c6ae206be7>

Thursday 27th of January 2022 02:38:51 PM
* fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens

Ubuntu 5255-1: WebKitGTK vulnerabilities>

Thursday 27th of January 2022 01:36:04 PM
Several security issues were fixed in WebKitGTK.

Oracle8: ELSA-2022-0290: parfait Important Security Update>

Thursday 27th of January 2022 01:29:58 PM
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

openSUSE: 2022:0210-1: qemu>

Thursday 27th of January 2022 01:24:49 PM
An update that fixes two vulnerabilities is now available.

RedHat: RHSA-2022-0310:04 Important: java-1.7.1-ibm security update>

Thursday 27th of January 2022 01:22:08 PM
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2022-0318:06 Moderate: Red Hat OpenShift distributed tracing>

Thursday 27th of January 2022 01:21:36 PM
An update is now available for Red Hat Openshit distributed tracing 2.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2022-0307:03 Moderate: java-1.8.0-openjdk security and bug fix>

Thursday 27th of January 2022 01:21:21 PM
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Ubuntu 5254-1: shadow vulnerabilities>

Thursday 27th of January 2022 10:36:28 AM
Several security issues were fixed in shadow.

RedHat: RHSA-2022-0181:05 Moderate: OpenShift Container Platform 4.6.54>

Thursday 27th of January 2022 06:18:32 AM
Red Hat OpenShift Container Platform release 4.6.54 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.6.

RedHat: RHSA-2022-0303:02 Important: httpd24-httpd security update>

Thursday 27th of January 2022 06:18:25 AM
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

SUSE: 2022:98-1 caasp/v4/velero-plugin-for-microsoft-azure Security Update>

Thursday 27th of January 2022 05:07:20 AM
The container caasp/v4/velero-plugin-for-microsoft-azure was updated. The following patches have been included in this update:

SUSE: 2022:97-1 caasp/v4/velero-plugin-for-gcp Security Update>

Thursday 27th of January 2022 05:06:49 AM
The container caasp/v4/velero-plugin-for-gcp was updated. The following patches have been included in this update:

SUSE: 2022:96-1 caasp/v4/velero-plugin-for-aws Security Update>

Thursday 27th of January 2022 05:06:18 AM
The container caasp/v4/velero-plugin-for-aws was updated. The following patches have been included in this update:

SUSE: 2022:95-1 caasp/v4/velero Security Update>

Thursday 27th of January 2022 05:05:45 AM
The container caasp/v4/velero was updated. The following patches have been included in this update:

SUSE: 2022:94-1 caasp/v4/test-update Security Update>

Thursday 27th of January 2022 05:05:11 AM
The container caasp/v4/test-update was updated. The following patches have been included in this update:

SUSE: 2022:93-1 caasp/v4/skuba-tooling Security Update>

Thursday 27th of January 2022 05:03:39 AM
The container caasp/v4/skuba-tooling was updated. The following patches have been included in this update:

More in Tux Machines

Chrome and Mozilla: Privacy, Net Neutrality, and Firefox Changes

  • Google Just Gave You the Best Reason Yet to Finally Quit Using Chrome

    Ultimately, that change in the way Google is looking at Chrome--that it isn't a tool that serves its users, but is a tool that serves up users to advertisers, albeit in a slightly more privacy protective way--is a bad sign. It's also the best reason to finally ditch it altogether.

  • In California, an Important Victory for Net Neutrality

    Today, the Ninth Circuit court upheld California’s net neutrality law, affirming that California residents can continue to benefit from the fundamental safeguards of equal treatment and open access to the internet. This decision clears the way for states to enforce their own net neutrality laws, ensuring that consumers can freely access ideas and services without unnecessary roadblocks. Net neutrality matters, as much of our daily life is now online. It ensures that consumers are protected from ISPs blocking or throttling their access to websites, or creating fast lanes and slow lanes for popular services.

  • How to restore Firefox's classic download behavior

    Mozilla plans to change the download behavior of the Firefox web browser in Firefox 97; this guide helps restore the classic download functionality of the browser. Firefox users who download files currently get a download prompt when they do so. The prompt displays options to open the file using an application or save it to the local system. Starting in Firefox 97, Firefox is not displaying the prompt anymore by default.

This week in KDE: Getting Plasma 5.24 ready for release - Adventures in Linux and KDE

Plasma 5.24 is almost ready! I mentioned last week that I haven’t been posting about fixes for regressions in 5.24 that never got released, because there would be too many. Nonetheless people have been working very hard on this, and we’re down to only 7, with two of them having open merge requests! Working on those is appreciated, as it helps improve the stability of the final release in a week and a half. Read more

Open Hardware/Modding: Olimex, Arduino, and More

  • iMX8MPlus-SOM is alive and boots!

    This board development started in April 2021 and finished August 2021 but the semiconductor shortages didn’t allow us to test the prototypes until recently. We assembled 4 boards and all theyare alive and boot.

  • Arduino Portenta gets an LTE Cat. M1/NB IoT GNSS shield - CNX Software

    Arduino PRO Portenta family of industrial boards is getting a new LTE Cat. M1/NB-IoT GNSS shield that adds global connectivity and positioning capabilities through the Cinterion TX62-W LPWAN IoT module by Thales.

  • Long Range Burglar Alarm Relies On LoRa Modules | Hackaday

    [Elite Worm] had a problem; there had been two minor burglaries from a storage unit. The unit had thick concrete walls, cellular signal was poor down there, and permanent wiring wasn’t possible. He thus set about working on a burglar alarm that would fit his unique requirements. An ESP32 is the heart of the operation, paired with a long-range LoRa radio module running at 868 MHz. This lower frequency has much better penetration when it comes to thick walls compared to higher-frequency technologies like 4G, 5G or WiFi. With a little coil antenna sticking out the top of the 3D-printed enclosure, the device was readily able to communicate back to [Elite Worm] when the storage unit was accessed illegitimately.

You Should Be In Control of Your Tech

On the hardware front having control means hardware you can open and inspect and is designed for repairability. That hardware should ideally run firmware (as much as possible) that is free software so you can also inspect and update it. If the hardware provides security features, they should be designed to put you in control, not the vendor, including control of any keys. The hardware should not require the vendor’s signatures (and therefore their permission) to boot an operating system, but instead should let you boot into whatever operating system you prefer. The operating system and the software it runs, should all be free software. Free software by its very nature puts you in full control. You have control because you can not only inspect the software to see what it does, you (or someone else in the community with software development knowledge) can change the software if it operates outside your interests. You may have noticed that you don’t tend to have a lot of adware or spyware in the free software world. That’s because it’s difficult to hide spyware inside of code that anyone can inspect. Another reason is that if free software behaves in a way that runs counter to the user’s wishes (such as capturing and selling their data, or popping up unwanted ads), the user (or someone else in the community) could simply create a legitimate fork of the project with those objectionable bits removed. Read more