Language Selection

English French German Italian Portuguese Spanish Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 20 min 28 sec ago

Fedora 30: samba FEDORA-2019-e3e521e5b3

Wednesday 18th of September 2019 09:31:54 PM
Update to Samba 4.10.8 - Security fixes for CVE-2019-10197

Fedora 31: python34 FEDORA-2019-50772cf122

Wednesday 18th of September 2019 09:08:29 PM
Fix CVE-2019-16056 (rhbz#1750457) ---- Fix CVE-2019-10160 (rhbz#1718867)

SUSE: 2019:2403-1 moderate: openssl-1_1

Wednesday 18th of September 2019 05:13:15 PM
An update that fixes two vulnerabilities is now available.

CentOS: CESA-2019-2729: Critical CentOS 7 firefox

Wednesday 18th of September 2019 05:10:48 PM
Upstream details at :

Debian: DSA-4525-1: ibus security update

Wednesday 18th of September 2019 05:02:42 PM
Simon McVittie reported a flaw in ibus, the Intelligent Input Bus. Due to a misconfiguration during the setup of the DBus, any unprivileged user could monitor and send method calls to the ibus bus of another user, if able to discover the UNIX socket used by another user connected

CentOS: CESA-2019-2101: Low CentOS 7 exiv2

Wednesday 18th of September 2019 04:54:21 PM
Upstream details at :

CentOS: CESA-2019-2600: Important CentOS 7 kernel

Wednesday 18th of September 2019 04:39:01 PM
Upstream details at :

CentOS: CESA-2019-2343: Moderate CentOS 7 httpd

Wednesday 18th of September 2019 04:21:26 PM
Upstream details at :

CentOS: CESA-2019-2258: Moderate CentOS 7 http-parser

Wednesday 18th of September 2019 04:20:44 PM
Upstream details at :

CentOS: CESA-2019-2607: Low CentOS 7 qemu-kvm

Wednesday 18th of September 2019 02:53:46 PM
Upstream details at :

CentOS: CESA-2019-2571: Important CentOS 7 pango

Wednesday 18th of September 2019 02:53:11 PM
Upstream details at :

CentOS: CESA-2019-2606: Important CentOS 7 kde-settings

Wednesday 18th of September 2019 02:48:54 PM
Upstream details at :

CentOS: CESA-2019-2606: Important CentOS 7 kdelibs

Wednesday 18th of September 2019 02:48:06 PM
Upstream details at :

CentOS: CESA-2019-2586: Important CentOS 7 ghostscript

Wednesday 18th of September 2019 02:44:20 PM
Upstream details at :

CentOS: CESA-2019-2773: Important CentOS 7 thunderbird

Wednesday 18th of September 2019 02:40:25 PM
Upstream details at :

SUSE: 2019:2400-1 moderate: python-Werkzeug

Wednesday 18th of September 2019 02:16:13 PM
An update that fixes one vulnerability is now available.

SUSE: 2019:2399-1 moderate: python-urllib3

Wednesday 18th of September 2019 02:10:57 PM
An update that fixes three vulnerabilities is now available.

Ubuntu 4128-2: Tomcat vulnerabilities

Wednesday 18th of September 2019 11:16:40 AM
Several security issues were fixed in Tomcat 9.

SUSE: 2019:2397-1 moderate: openssl

Wednesday 18th of September 2019 11:10:38 AM
An update that fixes two vulnerabilities is now available.

SciLinux: SLSA-2019-2773-1 Important: thunderbird on SL7.x x86_64

Wednesday 18th of September 2019 11:02:23 AM
This update upgrades Thunderbird to version 60.9.0. * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mo [More...]

More in Tux Machines

Ubuntu: Video Encoder Performance, Ubuntu Touch, LZ4 Compression

  • Clear Linux vs. Ubuntu 19.10 Video Encoder Performance On The Core i9 9900K

    Often when doing cross-distribution benchmarks, readers often comment on the performance of Clear Linux particularly for video encoding use-cases as surprisingly different from other distributions. Some argue that it's just over the default CPU frequency scaling governor or compiler flag defaults, so here is a look at that with Ubuntu 19.10 daily benchmarked against Clear Linux. On the same Core i9 9900K system I recently ran some benchmarks looking at Clear Linux vs. Ubuntu 19.10 and then Ubuntu 19.10 with various common tunables to make it more akin to Clear Linux. Ubuntu 19.10 was used due to its recent software components being at similar versions to Intel's rolling-release distribution.

  • Serge Hallyn: First experience with Ubuntu Touch

    For the past few weeks I’ve been using a nexus 4 running ubuntu touch as, mostly, my daily driver. I’ve enjoyed it quite a bit. In part that’s just the awesome size of the nexus 4. In part, it’s the ubuntu touch interface itself. If you haven’t tried it, you really should. (Sailfish ambiances are so much prettier, but ubuntu touch is much nicer to use – the quick switch to switch between two apps, for instance. Would that I could have both.). And in part it’s just the fact that it really feels like – is – a regular ubuntu system.

  • Ubuntu 19.10 to use LZ4 compression to boot even faster

    anonical’s Ubuntu 19.10 “Eoan Ermine” will boot even faster than its predecessor, Ubuntu 19.04 “Disco Dingo” according to Ubuntu’s kernel team. After extensive testing on a variety of compression options on the Ubuntu installation image, Canonical engineers determined that the LZ4 decompression method provided a most appreciable gain in speed.

The Vivaldi 2.8 Release (Proprietary)

  • Vivaldi 2.8 Released with Unified Sync Support for Desktop and Android

    Vivaldi Technologies released today the Vivaldi 2.8 web browser for desktop platforms, including GNU/Linux, macOS, and Windows, an incremental update that adds significant improvements. With Vivaldi 2.8, Vivaldi Technologies continues to give desktop users full control over their browsing experience by adding various improvements across the board, starting with Vivaldi Sync, which now lets you sync bookmarks, passwords, history, notes, and autofill information across desktop and mobile. That's right, starting with Vivaldi 2.8, all your browsing data will be automatically synchronized between your installations of Vivaldi on desktop platforms, such as Linux, Mac, or Windows, and your mobile device where Vivaldi for Android is installed if you use Vivaldi Sync.

  • New Version Vivaldi Web Browser Has Been Released, Install in Ubuntu/Linux

    Vivaldi is the new web browser compare to other famous browsers, the initial release of Vivaldi was in January, 2015. It has improved a lot and evolved since the first release. Basically it is based on the open-source frameworks of Chromium, Blink and Google's V8 JavaScript engine and has a lot of great feature which I will table later. It is known to be the most customizable browser for power users, debuts features that make browsing more personal than ever before. Do we really need another browser? Since we already have a lot of them such as mostly used Firefox, Chrome, Opera and so on. The former CEO of Opera Software Jon Von Tetzchner didn't liked the direction of Opera Web Browser and said "Sadly, it is no longer serving its community of users and contributors - who helped build the browser in the first place." Then created a web browser which has to be fast, rich feature, highly flexible and puts the user first, so Vivaldi was born.

  • Vivaldi 2.8: Inspires new desktop and mobile experiences

    Today we are launching a new upgrade to our desktop version – Vivaldi 2.8. We’re always focused on giving you complete control over your desktop experience, while also making sure to protect your privacy and security online. Vivaldi on the desktop has been our foundation. And now – our inspiration. It continuously pushes us forward to deliver a browser that is made for you.

  • Privacy and the rise of the alternative search engine

    Over the summer we opened our blog to guest bloggers eager to share their perspectives on privacy. In this story, Finn Brownbill explains how we can put an end to tracking in search for the purpose of data collection.

Security Leftovers

  • Security updates for Friday

    Security updates have been issued by Debian (bird, opendmarc, php7.3, and qemu), Fedora (bird, dino, nbdkit, and openconnect), Oracle (nginx:1.14, patch, and thunderbird), Red Hat (dovecot, kernel, kernel-alt, and kernel-rt), Scientific Linux (thunderbird), and SUSE (kernel, openssl, openssl-1_1, python-SQLAlchemy, and python-Werkzeug).

  • Skidmap malware drops LKMs on Linux machines to enable cryptojacking, backdoor access [Ed: This is not a "Linux" issue any more than Adobe Photoshop malicious files are a "Windows" issue ]

    Researchers have discovered a sophisticated cryptomining program that uses loadable kernel modules (LKMs) to help infiltrate Linux machines, and hides its malicious activity by displaying fake network traffic stats. Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access to any user account in the system, according to Trend Micro threat analysts Augusto Remillano II and Jakub Urbanec in a company blog post.

  • Linux for ethical hackers 101

    In order to familiarize yourself with the full range of ethical hacking tools, it is important to be conversant with the Linux OS. As the systems engineer Yasser Ibrahim said in a post on Quora: “In Linux you need to understand from the basics to the advanced, learn the console commands and how to navigate and do everything from your console, also shell programming (not a must, but always preferable), know what a kernel is and how it works, understand the Linux file systems, how to network on Linux.”

today's howtos