Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 9 hours 3 min ago

Debian LTS: DLA-1276-1: tomcat-native security update

Sunday 11th of February 2018 08:51:00 PM
LinuxSecurity.com: Jonas Klempel discovered that, when parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the

Debian: DSA-4111-1: libreoffice security update

Sunday 11th of February 2018 03:26:00 PM
LinuxSecurity.com: Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.

Debian LTS: DLA-1275-1: uwsgi security update

Saturday 10th of February 2018 11:01:00 PM
LinuxSecurity.com: It was discovered that the uwsgi_expand_path function in utils.c in Unbit uWSGI, an application container server, has a stack-based buffer overflow via a large directory length that can cause a denial-of-service (application crash) or stack corruption.

Debian LTS: DLA-1274-1: exim4 security update

Saturday 10th of February 2018 08:05:00 PM
LinuxSecurity.com: Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted

Debian: DSA-4110-1: exim4 security update

Saturday 10th of February 2018 06:35:00 PM
LinuxSecurity.com: Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted

Debian: DSA-4109-1: ruby-omniauth security update

Saturday 10th of February 2018 02:35:00 AM
LinuxSecurity.com: Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web

ArchLinux: 201802-4: plasma-workspace: arbitrary command execution

Friday 9th of February 2018 11:02:00 PM
LinuxSecurity.com: The package plasma-workspace before version 5.12.0-1 is vulnerable to arbitrary command execution.

ArchLinux: 201802-4: plasma-workspace: arbitrary command execution

Friday 9th of February 2018 11:00:00 PM
LinuxSecurity.com: The package plasma-workspace before version 5.12.0-1 is vulnerable to arbitrary command execution.

ArchLinux: 201802-3: go-pie: arbitrary code execution

Friday 9th of February 2018 10:38:00 PM
LinuxSecurity.com: The package go-pie before version 1.9.4-1 is vulnerable to arbitrary code execution.

ArchLinux: 201802-2: go: arbitrary code execution

Friday 9th of February 2018 10:36:00 PM
LinuxSecurity.com: The package go before version 1.9.4-1 is vulnerable to arbitrary code execution.

SUSE: 2018:0416-1: important: the Linux Kernel

Friday 9th of February 2018 09:15:00 PM
LinuxSecurity.com: An update that solves 9 vulnerabilities and has 44 fixes is now available.

SUSE: 2018:0414-1: important: freetype2

Friday 9th of February 2018 09:13:00 PM
LinuxSecurity.com: An update that fixes four vulnerabilities is now available.

Fedora 27: tomcat-native Security Update

Friday 9th of February 2018 04:30:00 PM
LinuxSecurity.com: Security fix for CVE-2017-15698

Ubuntu 3564-1: PostgreSQL vulnerability

Friday 9th of February 2018 03:49:00 PM
LinuxSecurity.com: PostgreSQL could be made to expose sensitive information.

ArchLinux: 201802-1: clamav: multiple issues

Friday 9th of February 2018 03:44:00 PM
LinuxSecurity.com: The package clamav before version 0.99.3-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

openSUSE: 2018:0408-1: important: the Linux Kernel

Friday 9th of February 2018 03:09:00 PM
LinuxSecurity.com: An update that solves 9 vulnerabilities and has 70 fixes is now available.

RedHat: RHSA-2018-0292:01 Important: kernel security update

Friday 9th of February 2018 12:57:00 PM
LinuxSecurity.com: An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Fedora 26: tomcat-native Security Update

Friday 9th of February 2018 11:28:00 AM
LinuxSecurity.com: Security fix for CVE-2017-15698

Debian LTS: DLA-1273-1: simplesamlphp security update

Friday 9th of February 2018 08:41:00 AM
LinuxSecurity.com: simplesamlphp, an authentication and federation application has been found vulnerable to Cross Site Scripting (XSS), signature validation byepass and using insecure connection charset.

Debian LTS: DLA-1272-1: mailman security update

Friday 9th of February 2018 08:02:00 AM
LinuxSecurity.com: The mailman package has a Cross-site scripting (XSS) vulnerability in the web UI before 2.1.26 which allows remote attackers to inject arbitrary web script or HTML via a user-options URL

More in Tux Machines

How Linux became my job

I've been using open source since what seems like prehistoric times. Back then, there was nothing called social media. There was no Firefox, no Google Chrome (not even a Google), no Amazon, barely an internet. In fact, the hot topic of the day was the new Linux 2.0 kernel. The big technical challenges in those days? Well, the ELF format was replacing the old a.out format in binary Linux distributions, and the upgrade could be tricky on some installs of Linux. Read more

Linux 4.16-rc2

It's been a quiet week, and rc2 is out. I take the fairly quiet rc be a good sign for 4.16, but honestly, rc2 is often fairly calm. That's probably because people are taking a breather after the merge window, but also simply because it might take a while to find any issues. But let's be optimistic, and just assume - at least for now - that it's because all is well. The diffstat is fairly odd, but that often happens with small rc's just because then just a couple of pulls will skew things easily in one or two directions. This time the patch is about one third architecture updates (arm64, x86, powerpc), one third tooling (mostly 'perf') and one third "rest". And yes, the bulk of that rest is drivers (gpu, nvme, sound, misc), but those drivers are still distinctly *not* the bulk of the whole patch. Go out and test, it all looks fine. Read more Also: Linux 4.16-rc2 Kernel Released

OpenStreetMap in IkiWiki and Why OpenStreetMap is in Serious Trouble

  • OSM in IkiWiki
    Since about 15 years ago, I have been thinking of creating a geo-referenced wiki of pubs, with loads of structured data to help searching. I don't know if that would be useful for anybody else, but I know I would use it! Sadly, the many times I started coding something towards that goal, I ended blocked by something, and I keep postponing my dream project.
  • Why OpenStreetMap is in Serious Trouble
    That said, while I still believe in the goals of OpenStreetMap, I feel the OpenStreetMap project is currently unable to fulfill that mission due to poor technical decisions, poor political decisions, and a general malaise in the project. I'm going to outline in this article what I think OpenStreetMap has gotten wrong. It's entirely possible that OSM will reform and address the impediments to its success- and I hope it does. We need a Free as in Freedom geographic dataset.

Linux KPI-Based DRM Modules Now Working On FreeBSD 11

Thanks to work done by Hans Petter Selasky and others, this drm-next-kmod port is working on FreeBSD 11 stable. What's different with this package from the ports collection versus the ported-from-Linux Direct Rendering Modules found within the FreeBSD 11 kernel is that these DRM modules are using the linuxkpi interface. Read more