Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 1 hour 45 min ago

Debian: DSA-4744-1: roundcube security update>

Wednesday 12th of August 2020 12:28:06 AM
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to cross-site scripting vulnerabilities in handling invalid svg and math tag content.

Fedora 31: python36 2020-efb908b6a8>

Tuesday 11th of August 2020 09:22:50 PM
Security fix for CVE-2019-20907, CVE-2020-14422.

RedHat: RHSA-2020-3425:01 Moderate: Red Hat OpenShift Service Mesh 1.1>

Tuesday 11th of August 2020 04:55:26 PM
An update for servicemesh is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2020-3422:01 Important: .NET Core 3.1 security and bugfix>

Tuesday 11th of August 2020 04:36:22 PM
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2020-3421:01 Important: .NET Core 3.1 security and bugfix>

Tuesday 11th of August 2020 04:31:21 PM
An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

SUSE: 2020:2194-1 moderate: dpdk>

Tuesday 11th of August 2020 02:22:43 PM
An update that solves two vulnerabilities and has two fixes is now available.

SUSE: 2020:2196-1 important: libX11>

Tuesday 11th of August 2020 02:20:28 PM
An update that fixes one vulnerability is now available.

SUSE: 2020:2197-1 important: libX11>

Tuesday 11th of August 2020 02:19:36 PM
An update that fixes one vulnerability is now available.

SUSE: 2020:14448-1 important: xen>

Tuesday 11th of August 2020 02:18:13 PM
An update that fixes 7 vulnerabilities is now available.

SUSE: 2020:2199-1 important: webkit2gtk3>

Tuesday 11th of August 2020 02:17:31 PM
An update that fixes 6 vulnerabilities is now available.

SUSE: 2020:2198-1 important: webkit2gtk3>

Tuesday 11th of August 2020 02:15:33 PM
An update that fixes 6 vulnerabilities is now available.

Debian LTS: DLA-2321-1: firmware-nonfree new upstream version>

Tuesday 11th of August 2020 10:17:30 AM
The firmware-nonfree package has been updated to include additional firmware that may be requested by some drivers in Linux 4.19. Along with additional kernel packages that will be announced later,

openSUSE: 2020:1179-1: important: MozillaThunderbird>

Tuesday 11th of August 2020 08:12:54 AM
An update that fixes four vulnerabilities is now available.

Debian LTS: DLA-2320-1: golang-github-seccomp-libseccomp-golang>

Tuesday 11th of August 2020 07:37:09 AM
A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.

RedHat: RHSA-2020-3389:01 Important: kernel-rt security and bug fix update>

Tuesday 11th of August 2020 03:17:21 AM
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

openSUSE: 2020:1178-1: moderate: go1.13>

Monday 10th of August 2020 08:13:30 PM
An update that solves one vulnerability and has one errata is now available.

openSUSE: 2020:1177-1: moderate: perl-XML-Twig>

Monday 10th of August 2020 08:12:44 PM
An update that fixes one vulnerability is now available.

Ubuntu 4454-2: Samba vulnerability>

Monday 10th of August 2020 03:49:14 PM
Samba could be made to crash if it received specially crafted network traffic.

Debian: DSA-4743-1: ruby-kramdown security update>

Monday 10th of August 2020 03:21:19 PM
A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown parser and converter, which could result in unintended read access to files or unintended embedded Ruby code execution when the {::options /} extension is used together with the 'template' option.

Ubuntu 4455-1: NSS vulnerabilities>

Monday 10th of August 2020 03:01:25 PM
Several security issues were fixed in NSS.

More in Tux Machines

Debian Janitor: 8,200 landed changes landed so far

The Debian Janitor is an automated system that commits fixes for (minor) issues in Debian packages that can be fixed by software. It gradually started proposing merges in early December. The first set of changes sent out ran lintian-brush on sid packages maintained in Git. This post is part of a series about the progress of the Janitor. The bot has been submitting merge requests for about seven months now. The rollout has happened gradually across the Debian archive, and the bot is now enabled for all packages maintained on Salsa , GitLab , GitHub and Launchpad. Read more

Optimised authentication methods for Ubuntu Desktop

Still counting on passwords to protect your workstation? When set up properly, alternatives to passwords provide a streamlined user experience while significantly improving security. These alternative authentication methods can also easily be combined to create a custom and adaptive authentication profile. This whitepaper introduces three popular authentication methods that provide a solid alternative to passwords. Perhaps you’d like to configure your laptop for login using a YubiKey hardware token connected to a dock. Another option could be to login with a Duo push notification when not connected to the dock, but use a Google Authenticator one-time password when no network is available. Maybe you need a separate hardware token just for ssh authentication, and you always need to keep a long, complex password for emergency authentication should all other methods fail. All of these scenarios can be easily configured within Ubuntu. Read more

Open Hardware: Arduino, RISC-V and 96Boards

  • Arduino-controlled robot arm is ready to play you in a game of chess

    If you’re tired of playing chess on a screen, then perhaps you could create a robotic opponent like Instructables user Michalsky. The augmented board runs micro-Max source code, enabling chess logic to be executed on an Arduino Mega with room for control functions for a 6DOF robotic arm. The setup uses magnetic pieces, allowing it to pick up human moves via an array of 64 reed switches underneath, along with a couple shift registers. The Mega powers the robot arm accordingly, lifting the appropriate piece and placing it on the correct square.

  • New RISC-V CTO On Open Source Chip Architecture’s Global Data Center Momentum

    With more big international players on board, the foundation's new head of technology sees signs of "state of the art moving forward."

  • Snapdragon 410 based 96Boards CE SBC gets an upgrade

    Geniatech has launched a Linux-ready, $109 “Developer Board 4 V3” compliant with 96Boards CE that offers a Snapdragon 410E, GbE, 3x USB, 802.11ac, GPS, and-25 to 70°C support. Geniatech has released a V3 edition of its 96Boards CE form-factor Developer Board 4 SBC, the third update of the Development Board IV we covered back in 2016. Starting at $109, the Developer Board 4 V3 still runs Linux, Android, and Windows 10 IoT Core on Qualcomm’s 1.2GHz, quad -A53 Snapdragon 410m, although it has been upgraded to the 10-year availability Snapdragon 410E. Geniatech also sells a line of Rockchip based SBCs, among other embedded products.

Audiocasts/Shows: Linux in the Ham Shack and Linux Headlines

  • LHS Episode #360: Zapped

    Welcome to the 360th episode of Linux in the Ham Shack. In this short-topic show, the hosts discuss 1.2GHz distance records, a hybrid antenna for geosynchronous satellite operation, data mode identification for your smart phone, being pwned, Ubuntu 20.04.1, LibreOffice, HamClock and much more. Thanks for listening and hope you have a great week.

  • LHS Episode #361: The Weekender LIV

    It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

  • 2020-08-14 | Linux Headlines

    Google could be extending its Firefox search royalty deal, PyPy leaves the Software Freedom Conservancy, Ubuntu puts out a call for testing, Linspire removes snapd support, Microsoft showcases its open source contributions, and Facebook joins The Linux Foundation.