Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 2 hours 34 min ago

RedHat: RHSA-2021-3838:01 Important: thunderbird security update>

Wednesday 13th of October 2021 05:32:04 AM
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2021-3840:01 Important: thunderbird security update>

Wednesday 13th of October 2021 05:29:32 AM
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Fedora 33: mediawiki 2021-56d8173b5e>

Tuesday 12th of October 2021 07:47:22 PM
https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.4

Fedora 33: redis 2021-8913c7900c>

Tuesday 12th of October 2021 07:47:15 PM
**Redis 6.0.16** - Released Mon Oct 4 12:00:00 IDT 2021 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2021-41099**) Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value [reported by yiyuaner]. *

Fedora 33: xstream 2021-fbad11014a>

Tuesday 12th of October 2021 07:47:14 PM
``` * Mon Oct 04 2021 Didik Supriadi - 1.4.18-2 - Enable activation, cglib, dom4j, jdom, and jdom2 * Fri Oct 01 2021 Didik Supriadi - 1.4.18-1 - Update to version 1.4.18 ```

Fedora 34: flatpak 2021-4b201d15e6>

Tuesday 12th of October 2021 07:46:05 PM
Update to 1.10.5 Fix CVE-2021-41133

Fedora 34: httpd 2021-2a10bc68a4>

Tuesday 12th of October 2021 07:46:03 PM
This update addresses CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these

Fedora 34: mediawiki 2021-eee8b7514f>

Tuesday 12th of October 2021 07:45:15 PM
https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.4

Debian: DSA-4984-1: flatpak security update>

Tuesday 12th of October 2021 05:27:27 PM
It was discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could be bypassed for a Flatpak app with direct access to AF_UNIX sockets, by manipulating the VFS using mount-related syscalls that are not blocked by Flatpak's denylist

openSUSE: 2021:3387-1 important: the Linux Kernel>

Tuesday 12th of October 2021 05:23:33 PM
An update that solves 7 vulnerabilities and has 53 fixes is now available.

SciLinux: SLSA-2021-3801-1 Important: kernel on SL7.x x86_64>

Tuesday 12th of October 2021 05:05:43 PM
kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) * kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653) * kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656) For more details about the security issue(s), [More...]

SciLinux: SLSA-2021-3810-1 Moderate: libxml2 on SL7.x x86_64>

Tuesday 12th of October 2021 05:05:23 PM
libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6 [More...]

SciLinux: SLSA-2021-3798-1 Moderate: openssl on x86_64>

Tuesday 12th of October 2021 05:04:45 PM
openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE - Scientific Linux Development Team

SciLinux: SLSA-2021-3807-1 Low: 389-ds-base on SL7.x x86_64>

Tuesday 12th of October 2021 05:04:12 PM
389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * A plugin can create an index. Even if the index can be used immediately (for searches) the index remains offline until further rein [More...]

RedHat: RHSA-2021-3816:01 Important: httpd:2.4 security update>

Tuesday 12th of October 2021 12:18:10 PM
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

openSUSE: 2021:1350-1 important: chromium>

Tuesday 12th of October 2021 11:58:47 AM
An update that fixes 25 vulnerabilities is now available.

RedHat: RHSA-2021-3810:01 Moderate: libxml2 security update>

Tuesday 12th of October 2021 11:32:47 AM
An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2021-3798:01 Moderate: openssl security update>

Tuesday 12th of October 2021 11:32:33 AM
An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2021-3801:01 Important: kernel security and bug fix update>

Tuesday 12th of October 2021 11:32:28 AM
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2021-3807:01 Low: 389-ds-base security and bug fix update>

Tuesday 12th of October 2021 11:32:21 AM
An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

More in Tux Machines

C/C++ Programming/Development

  • How to pass a struct to a function in C

    A structure has been widely used as a user-defined data type in the C language. The purpose of using structures in C is to create a single data type that would be used further to group various data type variables or elements into one type. The structure has been used as a global variable so all the functions can access it easily. This means it can’t be declared in the main method so that we can use it anywhere.

  • C++ String Reverse

    If the string, “vwxyz“, is reproduced in the new order as, “zyxwv“. Then the string has been reversed. Unfortunately, such direct reversibility is not possible in C++. However, there is a classical workaround for reversing a string in C++. Keep reading this article to know-how. A string can be created in two main ways in C++. A string can be created as a constant pointer to a sequence of characters. A string can also be created by instantiating a string object from the string class. This article deals with string objects instantiated from the string class. This means the string library has to be included in order to execute the code samples in this article. A string object is a data structure where the string literal is a list. Each character is of one element in the list. And so, a literal string can be handled like an array of elements. This article explains the classical workaround to reverse a string in C++. This essentially iterates the string literal, backward. Having a summary knowledge of forward iteration enables the reader to understand reverse iteration better. This article deals with string objects instantiated from the string class.

  • C++ String starts with

    There comes a time when the programmer has to know what a string starts with. This knowledge can be used to choose or eliminate items in a list of characters. So, a programmer may want to know if a string starts with a particular character or with a particular sub-string. A programmer can write code that will check the initial characters of a string, one-by-one, and compare that with a prefix sub-string. However, all the strategies involved have already been done by the C++ string library. The C++ string class of the string library has the member function, starts_with(). This does the work for the programmer, but the programmer needs to know how to use the function. And that is why this tutorial is being produced. There are three variants of the string starts_with() member function. Variants of the same function are called overloaded functions. The basic approach for the start_with() member function is to compare a short independent sub-string with the first short segment of the string in question. If they are the same, then the function returns true. If they are different, the function returns false.

  • Function Overloading in C

    Function overloading is a very well-known concept used in object-oriented languages having many functions with the same name and different parameters in a single code. The object-oriented programming languages which support function overloading include Java and C++. As the C compiler doesn’t allow it to be used in the code hence, it isn’t easy to implement function overloading in C. Yet; we can still achieve the same thing with some technique. Let’s start this article with the opening of the shell terminal of Ubuntu 20.04 LTS.

PineTime Smartwatch and Good Code Play Bad Apple

PineTime is the open smartwatch from our friends at Pine64. [TT-392] wanted to prove the hardware can play a full-motion music video, and they are correct, to a point. When you watch the video below, you should notice the monochromatic animation maintaining a healthy framerate, and there lies all the hard work. Without any modifications, video would top out at approximately eight frames per second. To convert an MP4, you need to break it down into images, which will strip out the sound. Next, you load them into the Linux-only video processor, which looks for clusters of pixels that need changing and ignores the static ones. Relevant pixel selection takes some of the load off the data running to the display and boosts the fps since you don’t waste time reminding it that a block of black pixels should stay the way they are. Lastly, the process will compress everything to fit it into the watch’s onboard memory. Even though it is a few minutes of black and white pictures, compiling can take a couple of hours. Read more

today's howtos

  • How to play Dungeon Defenders on Linux

    Dungeon Defenders is a hybrid multiplayer video game developed by Trendy Entertainment. The game was released on Microsoft Windows, Xbox, iOS, Mac OS, Linux, etc. Here’s how to play the game on Linux.

  • How to play Company of Heroes on Linux

    Company of Heroes is a real-time strategy game developed by Relic Entertainment. The game takes place during WWII and was released on Windows, OS X, iOS, Android, and Linux. Here’s how you can play Company of Heroes on your Linux PC.

  • How to Install TeamViewer on Ubuntu Linux

    TeamViewer is a popular cross-platform tool that allows a user to remotely access and control another user’s computer in an easy and secure way. File sharing, remote desktop control and web conferencing between computers are all possible using TeamViewer. TeamViewer is useful for providing remote customer support in organizations, collaborating with colleagues who are far away, and connecting to your own device remotely. This article will walk you through the process of installing TeamViewer on Ubuntu systems.

  • How to Upgrade Ubuntu 21.04 to 21.10 Impish Indri

    Ubuntu has officially released the Ubuntu 21.10 codenamed Impish Indri. This has seen the introduction of GNOME 40 as the default desktop, and sadly GNOME 41 did not make the final cut. The release also introduces Linux Kernel 5.13 among new applications and other back-end performance improvements.

  • How to Extract Tar Bz2 File in Linux - ByteXD

    In this tutorial, we will be showing you how to use tar command to extract tar.bz2 files. Tar stands for tape archive, and it is one of the most used commands that deals with compressed archive files. Bz2 stands for bzip2. It is a specific compression algorithm. The tar command comes pre-installed in most Linux distributions. The tar utility is used to compress and extract files using different algorithms. Tar supports a wide array of compression algorithms such as gzip, bzip2, xz, lzip, etc.

  • How to mount ISO in Kubuntu Linux - Darryl Dias

    Dolphin file manager in Kubuntu (Tested this in Kubuntu 21.04) does not ship with Mount ISO option in the right click menu, but with the help of the dolphin-plugins package we can add this and many other features.

  • Setup OpenWRT on BPi-R2 | Zamir's Board

    It’s pretty easy to get OpenWRT start and running on BPi-R2. However, I realized that I need to extend the root filesystem to the whole disk, which is where the struggling starts.

GNOME Gingerblue 2.0.0 Recording Software supports XSPF 1.0

GNOME Gingerblue 2.0.0 is Free Recording Software for GNOME. In the 2.0.0 release I have added support for XSPF 1.0 from Xiph.org. Read more Also: Free Software Review: Balena Etcher couldn’t be easier for writing ISO images, but do they really need telemetry? – BaronHK's Rants