Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 1 hour 44 min ago

Ubuntu: 2887-1: Linux kernel vulnerabilities

Monday 1st of February 2016 09:28:00 PM
LinuxSecurity.com: Several security issues were fixed in the kernel.

Ubuntu: 2886-1: Linux kernel vulnerabilities

Monday 1st of February 2016 09:28:00 PM
LinuxSecurity.com: Several security issues were fixed in the kernel.

Ubuntu: 2886-2: Linux kernel (OMAP4) vulnerabilities

Monday 1st of February 2016 09:28:00 PM
LinuxSecurity.com: Several security issues were fixed in the kernel.

Fedora 22 bind-9.10.3-8.P3.fc22

Monday 1st of February 2016 07:57:00 PM
LinuxSecurity.com: Update to the latest upstream version due to security fixes

Fedora 22 qemu-2.3.1-11.fc22

Monday 1st of February 2016 07:57:00 PM
LinuxSecurity.com: * CVE-2015-8567: net: vmxnet3: host memory leakage (bz #1289818) *CVE-2016-1922: i386: avoid null pointer dereference (bz #1292766) *CVE-2015-8613: buffer overflow in megasas_ctrl_get_info (bz #1284008) *CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bz #1294787)

Fedora 22 chrony-2.1.1-2.fc22

Monday 1st of February 2016 07:57:00 PM
LinuxSecurity.com: Security fix for CVE-2016-1567

Fedora 22 webkitgtk4-2.10.4-1.fc22

Monday 1st of February 2016 01:39:00 AM
LinuxSecurity.com: Update to 2.10.4. Major new features: * New HTTP disk cache for the NetworkProcess. * IndexedDB support. * New Web Inspector UI. * AutomaticScreenServer inhibition when playing fullscreen videos. * Initial Editor API.* Performance improvements. This update addresses the followingvulnerabilities: * CVE-2015-1122 * CVE-2015-1152 * CVE-2015-1155 *CVE-2015-3660 * CVE-2015-3730 * CVE-2015-3738 * CVE-2015-3740 *CVE-2015-3742 * CVE-2015-3744 * CVE-2015-3746 * CVE-2015-3750 *CVE-2015-3751 * CVE-2015-3754 * CVE-2015-3755 * CVE-2015-5804 *CVE-2015-5805 * CVE-2015-5807 * CVE-2015-5810 * CVE-2015-5813 *CVE-2015-5814 * CVE-2015-5815 * CVE-2015-5817 * CVE-2015-5818 *CVE-2015-5825 * CVE-2015-5827 * CVE-2015-5828 * CVE-2015-5929 *CVE-2015-5930 * CVE-2015-5931 * CVE-2015-7002 * CVE-2015-7013 *CVE-2015-7014 * CVE-2015-7048 * CVE-2015-7095 * CVE-2015-7097 *CVE-2015-7099 * CVE-2015-7100 * CVE-2015-7102 * CVE-2015-7103 *CVE-2015-7104 For further information on the new features, see the [Igalia blogpost](http://blogs.igalia.com/carlosgc/2015/09/21/webkitgtk-2-10/). Forinformation on the security vulnerabilities, refer to [WebKitGTK+ SecurityAdvisory WSA-2015-0002](http://webkitgtk.org/security/WSA-2015-0002.html).

Fedora 22 gsi-openssh-6.9p1-7.fc22

Monday 1st of February 2016 01:37:00 AM
LinuxSecurity.com: Sync with latest openssh package.

Fedora 22 moodle-2.8.10-1.fc22

Monday 1st of February 2016 01:36:00 AM
LinuxSecurity.com: Security update.

Fedora 22 xen-4.5.2-7.fc22

Monday 1st of February 2016 01:36:00 AM
LinuxSecurity.com: PV superpage functionality missing sanity checks [XSA-167, CVE-2016-1570] VMX:intercept issue with INVLPG on non-canonical address [XSA-168, CVE-2016-1571]Qemu: pci: null pointer dereference issue CVE-2015-7549 qemu: DoS by infiniteloop in ehci_advance_state CVE-2015-8558 qemu: Heap-based buffer overrun duringVM migration CVE-2015-8666 Qemu: net: vmxnet3: incorrect l2 header validationleads to a crash via assert(2) call CVE-2015-8744 qemu: Support reading IMRregisters on bar0 CVE-2015-8745 Qemu: net: vmxnet3: host memory leakageCVE-2015-8567 CVE-2015-8568 Qemu: net: ne2000: OOB memory access in ioport r/wfunctions CVE-2015-8743

Fedora 22 privoxy-3.0.23-3.fc22

Monday 1st of February 2016 01:35:00 AM
LinuxSecurity.com: Patches for CVE-2016-1982,3

Fedora 22 kernel-4.3.4-200.fc22

Monday 1st of February 2016 01:34:00 AM
LinuxSecurity.com: Update to latest upstream stable release, Linux v4.3.4. Elan touchpad fixes.---- Update to 4.3.y stable series. Fixes across the tree.

Fedora 22 phpMyAdmin-4.5.4-1.fc22

Monday 1st of February 2016 01:34:00 AM
LinuxSecurity.com: phpMyAdmin 4.5.4 (2016-01-28) ============================= - live data edit ofbig sets is not working - Table list not saved in db QBE bookmarked search -While 'changing a column', query fails with a syntax error after the 'CHARSET='keyword - Avoid syntax error in javascript messages on invalid PHP setting formax_input_vars - Properly handle errors in upacking zip archive - Set PHP'sinternal encoding to UTF-8 - Fixed Kanji encoding in some specific cases - Checkwhether iconv works before using it - Avoid conversion of MySQL error messages -Undefined index: parameters - Undefined index: field_name_orig - Undefinedindex: host - 'Add to central columns' (per column button) does nothing - SQLduplicate entry error trying to INSERT in designer_settings table - Fix handlingof databases with dot in a name - Fix hiding of page content behind menu - FROMclause not generated after loading search bookmark - Fix creating/editing VIEWwith DEFINER containing special chars - Do not invoke FLUSH PRIVILEGES whenserver in --skip-grant-tables - Misleading message for configuration storage -Table pagination does nothing when session expired - Index comments not workingproperly - Better handle local storage errors - Improve detection of privilegesfor privilege adjusting - Undefined property: stdClass::$releases at versioncheck when disabled in config - SQL comment and variable stripped from bookmarkon save - Gracefully handle errors in regex based javascript search - [Security]Multiple full path disclosure vulnerabilities, see PMASA-2016-1 - [Security]Unsafe generation of CSRF token, see PMASA-2016-2 - [Security] Multiple XSSvulnerabilities, see PMASA-2016-3 - [Security] Insecure password generation inJavaScript, see PMASA-2016-4 - [Security] Unsafe comparison of CSRF token, seePMASA-2016-5 - [Security] Multiple full path disclosure vulnerabilities, seePMASA-2016-6 - [Security] XSS vulnerability in normalization page, seePMASA-2016-7 - [Security] Full path disclosure vulnerability in SQL parser, seePMASA-2016-8 - [Security] XSS vulnerability in SQL editor, see PMASA-2016-9

Fedora 23 privoxy-3.0.23-3.fc23

Sunday 31st of January 2016 09:26:00 PM
LinuxSecurity.com: Patches for CVE-2016-1982,3

Fedora 23 kernel-4.3.4-300.fc23

Sunday 31st of January 2016 09:25:00 PM
LinuxSecurity.com: Update to latest upstream stable release, Linux v4.3.4. Fixes for Elantouchpads.

Debian: 3464-1: rails: Summary

Sunday 31st of January 2016 01:44:00 PM
LinuxSecurity.com: Security Report Summary

Debian: 3463-1: prosody: Summary

Sunday 31st of January 2016 01:16:00 PM
LinuxSecurity.com: Security Report Summary

Debian: 3461-1: freetype: Summary

Sunday 31st of January 2016 03:12:00 AM
LinuxSecurity.com: Security Report Summary

Fedora 23 gsi-openssh-7.1p2-1.fc23

Thursday 28th of January 2016 07:27:00 PM
LinuxSecurity.com: Sync with latest openssh package.

Red Hat: 2016:0085-01: qemu-kvm-rhev: Important Advisory

Thursday 28th of January 2016 03:52:00 PM
LinuxSecurity.com: Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]

More in Tux Machines

Kernel Space: Linux, Graphics

  • Linux kernel bug delivers corrupt TCP/IP data to Mesos, Kubernetes, Docker containers
    The Linux Kernel has a bug that causes containers that use veth devices for network routing (such as Docker on IPv6, Kubernetes, Google Container Engine, and Mesos) to not check TCP checksums. This results in applications incorrectly receiving corrupt data in a number of situations, such as with bad networking hardware. The bug dates back at least three years and is present in kernels as far back as we’ve tested. Our patch has been reviewed and accepted into the kernel, and is currently being backported to -stable releases back to 3.14 in different distributions (such as Suse, and Canonical). If you use containers in your setup, I recommend you apply this patch or deploy a kernel with this patch when it becomes available. Note: Docker’s default NAT networking is not affected and, in practice, Google Container Engine is likely protected from hardware errors by its virtualized network.
  • Performance problems
    Just over a year ago I implemented an optimization to the SPI core code in Linux that avoids some needless context switches to a worker thread in the main data path that most clients use. This was really nice, it was simple to do but saved a bunch of work for most drivers using SPI and made things noticeably faster. The code got merged in v4.0 and that was that, I kept on kicking a few more ideas for optimizations in this area around but that was that until the past month.
  • Compute Shader Code Begins Landing For Gallium3D
    Samuel Pitoiset began pushing his Gallium3D Mesa state tracker changes this morning for supporting compute shaders via the GL_ARB_compute_shader extension. Before getting too excited, the hardware drivers haven't yet implemented the support. It was back in December that core Mesa received its treatment for compute shader support and came with Intel's i965 driver implementing CS.
  • Libav Finally Lands VDPAU Support For Accelerated HEVC Decoding
    While FFmpeg has offered hardware-accelerated HEVC decoding using NVIDIA's VDPAU API since last summer, this support for the FFmpeg-forked libav landed just today. In June was when FFmpeg added support to its libavcodec for handling HEVC/H.265 video decoding via NVIDIA's Video Decode and Presentation API for Unix interface. Around that same time, developer Philip Langdale who had done the FFmpeg patch, also submitted the patch for Libav for decoding HEVC content through VDPAU where supported.

Unixstickers, Linux goes to Washington, Why Linux?

  • Unixstickers sent me a package!
    There's an old, popular saying, beware geeks bearing gifts. But in this case, I was pleased to see an email in my inbox, from unixstickers.com, asking me if I was interested in reviewing their products. I said ye, and a quick few days later, there was a surprise courier-delivered envelope waiting for me in the post. Coincidentally - or not - the whole thing happened close enough to the 2015 end-of-the-year holidays to classify as poetic justice. On a slightly more serious note, Unixstickers is a company shipping T-shirts, hoodies, mugs, posters, pins, and stickers to UNIX and Linux aficionados worldwide. Having been identified one and acquired on the company's PR radar, I am now doing a first-of-a-kind Dedoimedo non-technical technical review of merchandise related to our favorite software. So not sure how it's gonna work out, but let's see.
  • Linux goes to Washington: How the White House/Linux Foundation collaboration will work
    No doubt by now you've heard about the Obama Administration's newly announced Cybersecurity National Action Plan (CNAP). You can read more about it on CIO.com here and here. But what you may not know is that the White House is actively working with the Linux and open source community for CNAP. In a blog post Jim Zemlin, the executive director of the Linux Foundation said, “In the proposal, the White House announced collaboration with The Linux Foundation’s Core Infrastructure Initiative (CII) to better secure Internet 'utilities' such as open-source software, protocols and standards.”
  • Why Linux?
    Linux may inspire you to think of coders hunched over their desks (that are littered with Mountain Dew cans) while looking at lines of codes, faintly lit by the yellow glow of old CRT monitors. Maybe Linux sounds like some kind of a wild cat and you have never heard the term before. Maybe you have use it every day. It is an operating system loved by a few and misrepresented to many.

RebeccaBlackOS 2016-02-08 Review. Why? Because it’s Friday.

These are the types of problems found in an independent distro build from scratch. I cannot understand how a system built on Debian could be this buggy and apparently have zero VM support which Debian comes with by default. I can take some solace in the fact that it was built by one person and that one person is a Rebecca Black fan but as far as a Linux Distribution is concerned there is not much here. Some could say “Well its not supposed to be taken as a serious Distribution.” True except it is listed and kept up with on DistroWatch therefor it should be held as a system ready distribution especially when it was not released as a beta or an RC. If this distribution is ever going to be considered a real platform it has a long way to go. I give it about as many thumbs down as the Rebecca Black Friday video. Read more

Android More Leftovers