Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 1 week 6 days ago

Debian LTS: DLA-1338-1: beep security update

Tuesday 3rd of April 2018 07:46:00 AM
LinuxSecurity.com: It was discovered that there was a local privilege escalation vulnerability in beep, an "advanced PC speaker beeper". For Debian 7 "Wheezy", this issue has been fixed in beep version

Debian LTS: DLA-1337-1: jruby security update

Monday 2nd of April 2018 11:10:00 PM
LinuxSecurity.com: Multiple vulnerabilities were found in the rubygems package management framework, embedded in JRuby, a pure-Java implementation of the Ruby programming language.

Debian: DSA-4163-1: beep security update

Monday 2nd of April 2018 10:30:00 PM
LinuxSecurity.com: It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation. For the oldstable distribution (jessie), this problem has been fixed

Ubuntu 3614-1: OpenJDK 7 vulnerabilities

Monday 2nd of April 2018 07:36:00 PM
LinuxSecurity.com: Several security issues were fixed in OpenJDK 7.

Ubuntu 3613-1: OpenJDK 8 vulnerabilities

Monday 2nd of April 2018 07:36:00 PM
LinuxSecurity.com: Several security issues were fixed in OpenJDK 8.

Ubuntu 0036-1: Linux kernel vulnerability

Monday 2nd of April 2018 01:54:00 PM
LinuxSecurity.com: Several security issues were fixed in the kernel.

Ubuntu 3587-2: Dovecot vulnerabilities

Monday 2nd of April 2018 01:31:00 PM
LinuxSecurity.com: Several security issues were fixed in Dovecot.

Debian: DSA-4162-1: irssi security update

Sunday 1st of April 2018 10:30:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service. For the stable distribution (stretch), these problems have been fixed in

Debian LTS: DLA-1336-1: rubygems security update

Sunday 1st of April 2018 07:18:00 PM
LinuxSecurity.com: Multiple vulnerabilities were found in rubygems, a package management framework for Ruby. CVE-2018-1000075

Debian: DSA-4160-1: libevt security update

Sunday 1st of April 2018 02:52:00 PM
LinuxSecurity.com: It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log (EVT) format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.

Debian: DSA-4159-1: remctl security update

Sunday 1st of April 2018 02:11:00 PM
LinuxSecurity.com: Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code.

Debian: DSA-4161-1: python-django security update

Sunday 1st of April 2018 01:16:00 PM
LinuxSecurity.com: James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize() function or django.utils.text.Truncator's chars() and words() methods

Debian LTS: DLA-1335-1: zsh security update

Sunday 1st of April 2018 12:19:00 AM
LinuxSecurity.com: Two security vulnerabilities were discovered in the Z shell. CVE-2018-1071 Stack-based buffer overflow in the exec.c:hashcmd() function.

Debian LTS: DLA-1334-1: mosquitto security update

Saturday 31st of March 2018 08:24:00 PM
LinuxSecurity.com: CVE-2017-7651 A crafted CONNECT packet from an unauthenticated client could result in extraordinary memory consumption.

Debian LTS: DLA-1333-1: dovecot security update

Saturday 31st of March 2018 08:13:00 PM
LinuxSecurity.com: Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues:

Debian LTS: DLA-1332-1: libvncserver security update

Saturday 31st of March 2018 12:57:00 AM
LinuxSecurity.com: libvncserver version through 0.9.11. does not sanitize msg.cct.length which may result in access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

Debian LTS: DLA-1331-1: mercurial security update

Friday 30th of March 2018 03:34:00 PM
LinuxSecurity.com: Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in

Debian LTS: DLA-1330-1: openssl security update

Friday 30th of March 2018 03:24:00 PM
LinuxSecurity.com: It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.

openSUSE: 2018:0855-1: important: memcached

Friday 30th of March 2018 03:08:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

openSUSE: 2018:0851-1: important: LibVNCServer

Friday 30th of March 2018 12:07:00 AM
LinuxSecurity.com: An update that fixes three vulnerabilities is now available.

More in Tux Machines

Microsoft Linuxwashing and Research Openwashing

today's howtos

Why Everyone should know vim

Vim is an improved version of Vi, a known text editor available by default in UNIX distributions. Another alternative for modal editors is Emacs but they’re so different that I kind of feel they serve different purposes. Both are great, regardless. I don’t feel vim is necessarily a geeky kind of taste or not. Vim introduced modal editing to me and that has changed my life, really. If you have ever tried vim, you may have noticed you have to press “I” or “A” (lower case) to start writing (note: I’m aware there are more ways to start editing but the purpose is not to cover Vim’s functionalities.). The fun part starts once you realize you can associate Insert and Append commands to something. And then editing text is like thinking of what you want the computer to show on the computer instead of struggling where you at before writing. The same goes for other commands which are easily converted to mnemonics and this is what helped getting comfortable with Vim. Note that Emacs does not have this kind of keybindings but they do have a Vim-like mode - Evil (Extensive Vi Layer). More often than not, I just need to think of what I want to accomplish and type the first letters. Like Replace, Visual, Delete, and so on. It is a modal editor after all, meaning it has modes for everything. This is also what increases my productivity when writing files. I just think of my intentions and Vim does the things for me. Read more

Graphics: Intel and Mesa 18.1 RC1 Released

  • Intel 2018Q1 Graphics Stack Recipe
    Last week Intel's Open-Source Technology Center released their latest quarterly "graphics stack recipe" for the Linux desktop. The Intel Graphics Stack Recipe is the company's recommended configuration for an optimal and supported open-source graphics driver experience for their Intel HD/UHD/Iris Graphics found on Intel processors.
  • Mesa 18.1-RC1 Released With The Latest Open-Source 3D Driver Features
    Seemingly flying under our radar is that Mesa 18.1 has already been branched and the first release candidate issued. While the Mesa website hasn't yet been updated for the 18.1 details, Dylan Baker appears to be the release manager for the 18.1 series -- the second quarter of 2018 release stream.