Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 1 hour 7 min ago

RedHat: RHSA-2021-3431:01 Moderate: go-toolset-1.15-golang security update>

Tuesday 7th of September 2021 04:37:07 AM
An update for go-toolset-1.15-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

openSUSE: 2021:1231-1 important: xerces-c>

Monday 6th of September 2021 02:19:28 PM
An update that fixes one vulnerability is now available.

openSUSE: 2021:2958-1 important: xerces-c>

Monday 6th of September 2021 11:20:13 AM
An update that fixes one vulnerability is now available.

Debian LTS: DLA-2755-1: btrbk security update>

Sunday 5th of September 2021 05:47:02 PM
An issue has been found in btrbk, a backup tool for btrfs subvolumes. Due to mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys an arbitrary code execution would

Fedora 33: xen 2021-4f129cc0c1>

Sunday 5th of September 2021 05:27:29 PM
IOMMU page mapping issues on x86 [XSA-378, CVE-2021-28694, CVE-2021-28695, CVE-2021-28696] (#1997531) (#1997568) (#1997537) grant table v2 status pages may remain accessible after de-allocation [XSA-379, CVE-2021-28697] (#1997520) long running loops in grant table handling [XSA-380, CVE-2021-28698] (#1997526) inadequate grant-v2 status frames array bounds check [XSA-382, CVE-2021-28699]

openSUSE: 2021:1230-1 moderate: gstreamer-plugins-good>

Sunday 5th of September 2021 05:15:54 PM
An update that fixes two vulnerabilities is now available.

Fedora 34: xen 2021-d68ed12e46>

Sunday 5th of September 2021 05:14:47 PM
IOMMU page mapping issues on x86 [XSA-378, CVE-2021-28694, CVE-2021-28695, CVE-2021-28696] (#1997531) (#1997568) (#1997537) grant table v2 status pages may remain accessible after de-allocation [XSA-379, CVE-2021-28697] (#1997520) long running loops in grant table handling [XSA-380, CVE-2021-28698] (#1997526) inadequate grant-v2 status frames array bounds check [XSA-382, CVE-2021-28699]

Debian: DSA-4967-1: squashfs-tools security update>

Saturday 4th of September 2021 05:24:25 PM
Etienne Stalmans discovered that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not validate filenames for traversal outside of the destination directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem

Fedora 33: libss7 2021-91d42ce83e>

Saturday 4th of September 2021 03:35:59 PM
Update to 2.0.1 (fix RHBZ#1998578); fix RHBZ#1932066 (unsafe use of strncpy)

Fedora 34: libguestfs 2021-c0235d9d79>

Saturday 4th of September 2021 03:32:50 PM
Update NTFS-3G to 2021.8.22 to fix multiple CVEs ---- New upstream development version 1.45.7. ---- Upstream patch to work with qemu 6.1 (RHBZ#1998820)

Fedora 34: ntfs-3g 2021-c0235d9d79>

Saturday 4th of September 2021 03:32:50 PM
Update NTFS-3G to 2021.8.22 to fix multiple CVEs ---- New upstream development version 1.45.7. ---- Upstream patch to work with qemu 6.1 (RHBZ#1998820)

Fedora 34: partclone 2021-c0235d9d79>

Saturday 4th of September 2021 03:32:50 PM
Update NTFS-3G to 2021.8.22 to fix multiple CVEs ---- New upstream development version 1.45.7. ---- Upstream patch to work with qemu 6.1 (RHBZ#1998820)

Fedora 34: ntfs-3g-system-compression 2021-c0235d9d79>

Saturday 4th of September 2021 03:32:50 PM
Update NTFS-3G to 2021.8.22 to fix multiple CVEs ---- New upstream development version 1.45.7. ---- Upstream patch to work with qemu 6.1 (RHBZ#1998820)

Debian LTS: DLA-2754-1: pywps security update>

Saturday 4th of September 2021 12:45:46 PM
An XML external entity (XXE) injection in pywps allows an attacker to view files on the application server filesystem by assigning a path to the entity.

SUSE: 2021:304-1 suse/sle15 Security Update>

Saturday 4th of September 2021 05:58:52 AM
The container suse/sle15 was updated. The following patches have been included in this update:

SUSE: 2021:299-1 suse/sle15 Security Update>

Saturday 4th of September 2021 05:54:20 AM
The container suse/sle15 was updated. The following patches have been included in this update:

SUSE: 2021:298-1 suse/sle15 Security Update>

Saturday 4th of September 2021 05:41:14 AM
The container suse/sle15 was updated. The following patches have been included in this update:

SUSE: 2021:297-1 suse/sle15 Security Update>

Saturday 4th of September 2021 05:21:10 AM
The container suse/sle15 was updated. The following patches have been included in this update:

SUSE: 2021:296-1 suse/sles12sp5 Security Update>

Saturday 4th of September 2021 04:55:28 AM
The container suse/sles12sp5 was updated. The following patches have been included in this update:

SUSE: 2021:295-1 suse/sles12sp4 Security Update>

Saturday 4th of September 2021 04:43:51 AM
The container suse/sles12sp4 was updated. The following patches have been included in this update:

More in Tux Machines

Fairphone 4 5G Revealing Snapdragon 750G SoC Spotted on Geekbench, Launch Expected Soon

We are aware of the fact that Fairphone is prepping up for the launch of the Fairphone 3 successor – the Fairphone 4 5G (FP4). The device’s key specifications and renders were revealed last week, courtesy of a retailer listing. As per the preliminary retailer listing, the Fairphone 4 5G is expected to pack 6GB of RAM and 128GB/256GB storage. The hardware specs of the device remained a mystery up till now. However, these details now are out courtesy of the Geekbench listing. MySmartPrice is the first to spot the Fairphone 4 Geekbench listing. The test results reveal that the device will pack Snapdragon 750G SoC and 6GB of RAM. Read more

Günther Wagner: GNOME Builder 41 Highlights

Builder now maintains a private Flatpak installation to install SDKs and SDK extensions that are not available in the user’s Flatpak installation. This means Builder will no longer add flathub or gnome-nightly to your user’s Flatpak installation. Builder now uses an out-of-process Flatpak helper (gnome-builder-flatpak) to vastly improve its ability to track and resolve SDK extensions. This will improve the situation for applications requiring Rust, LLVM, and others going forward. You can update your SDKs and dependencies together using the “Update Dependencies” button in the build popover. More information can be found in Christian’s blog post. Read more

Games: Steam Deck, FUTEX2, and Anti-Cheat Support

  • Steam Deck, Linux and Mac Get Easy Anti-Cheat Support

    Epic Games has just released an update to its Easy Anti-Cheat software that will add support for the Steam Deck, as well as Linux and macOS operating systems. According to an Epic blog post today, the new update is now available to developers for free and is designed to work with Wine and Steam's Proton compatibility layer to ensure all platforms under Linux get full anti-cheat support. This is great news for Linux Gamers and for the new Steam Deck, since the anti-cheat services were previously locked to Windows operating systems. Even though the games could be fully functional in a compatibility environment such as Proton or Wine. Now, more platforms have the capability to run all multiplayer games with Epic's popular anti-cheat software, as long as developers enable Linux and Mac support. This is especially important for Valve's Steam Deck, which counts on its SteamOS being able to run the entire Steam library. Obviously, lacking anti-cheat support could have been a major problem for the new console.

  • Valve's Steam Deck supports dual boot and booting from a microSD card - Liliputing

    The Valve Steam Deck is expected to begin shipping in December to customers who pre-orders the handheld gaming computer for $399 or more. But ever since introducing the Linux-powered PC with a custom AMD processor this summer, Valve has been getting a lot of questions.

  • Updated "FUTEX2" futex_waitv Patches Posted To Address Latest Feedback - Phoronix

    The promising FUTEX2 work focused on improving the Linux performance for running Windows games via Wine/Proton by extending futex to wait on multiple locks is still moving forward. Last month the work was revised in simpler form by just focusing on the new "futex_waitv" system call and postpone additional improvements planned around variable-sized futexes, NUMA-awareness, and more. That additional work will come later while the immediate focus is on the "futex_waitv" system call to address the needs of Wine/Proton by better matching Windows' WaitForMultipleObjects behavior with more efficient emulation.

Epic Boost to GNU//Linux Gamers

  • Epic Online Services launches Anti-Cheat support for Linux, Mac, and Steam Deck - Epic Online Services

    Easy Anti-Cheat now supports all major PC operating systems, including Linux, Mac, and Steam Deck.

  • Epic Games Announces Easy Anti-Cheat For Linux - Including Wine/Proton - Phoronix

    Not too surprising given the Steam Deck is inching closer towards release and we've known Valve has been working to improve the anti-cheat situation for games on Linux, but today EAC owner Epic Games officially announced Easy Anti-Cheat for both Linux and macOS. Easy Anti-Cheat is one of the popular anti-cheating solutions used by a number of Windows games. Epic Games is now making EAC available for Linux and macOS. Plus they are also making it supported under Wine/Proton too.

  • Epic Games announce full Easy Anti-Cheat support for Linux including Wine & Proton | GamingOnLinux

    Today, Easy Anti-Cheat from Epic Games / Epic Online Services has officially announced a full expansion for Linux including native builds and Wine + Proton. This is big for Linux Gaming and the Steam Deck. For those who don't know, Epic Games owns Easy Anti-Cheat and earlier this year they made it free for all developers making Windows games. Today this has been expanded to fully support developers doing native Linux games (and macOS too). Not only that, this is the big one we've been waiting for — they've also expanded Easy Anti-Cheat support officially for the Wine and Steam Play Proton compatibility layers.

  • Epic Games makes Easy Anti Cheat available for Linux, paving the way for Steam Deck | Windows Central

    One of the big flies in the Steam Deck ointment has always been how anti-cheat software will be handled. The truth is that a lot of the popular Windows games that can't be played on Linux through Steam's Proton Compatibility layer, or through WINE, are because of anti-cheat software. The first big step forward has just happened, though, right as game developers are starting to receive their Steam Deck dev kits. Epic Games, owner of Easy Anti Cheat, has announced that the software is now compatible with Linux, including WINE and Proton, as well as macOS. And all for the low price of free.