Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 9 hours 23 sec ago

Fedora 21 perl-DBD-Firebird-1.19-1.fc21

Saturday 18th of April 2015 05:55:00 AM
LinuxSecurity.com: DBD::Firebird 1.19 [2015-03-22]=============================== * Fix $VERSION in Firebird.pm * Fix typo in ISC_PASSWORD spelling * Positive logic and early return * Allow re-executing/fetch on prepared sth [RT#92810, Tux] * Add rests for $dbh->{Name} and others * Implement $dbh->{Name} * Fix attributions to Mike Pomraning * use strict and warnings in all modules * add a test for inserting/fetching float and double numbers as an attempt to reproduce RT#101650 * fix File::Which configure prerequisite declaration [RT#101672, dmn] * 03-dbh-attr.t: plan tests after creating the TestFirebird object * Buffer Overflow in dbdimp.c * use snprintf instead of sprintf everywhere

Fedora 21 mediawiki-1.24.2-1.fc21

Saturday 18th of April 2015 05:54:00 AM
LinuxSecurity.com: Changes since 1.24.1* (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that contain XML entities, to prevent various DoS attacks.* (bug T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce likelihood of DoS.* (bug T88310) SECURITY: Always expand xml entities when checking SVG's.* (bug T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.* (bug T85855) SECURITY: Don't execute another user's CSS or JS on preview.* (bug T64685) SECURITY: Allow setting maximal password length to prevent DoS when using PBKDF2.* (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues fixed in SVG filtering to prevent XSS and protect viewer's privacy.* Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix loading these special pages when $wgAutoloadAttemptLowercase is false.* (bug T70087) Fix Special:ActiveUsers page for installations using PostgreSQL.* (bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change and running update.php to fix.

Fedora 21 rest-0.7.93-1.fc21

Saturday 18th of April 2015 05:51:00 AM
LinuxSecurity.com: CVE-2015-2675 rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url

Fedora 20 perl-Module-Signature-0.78-1.fc20

Saturday 18th of April 2015 05:50:00 AM
LinuxSecurity.com: This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a "skip" parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior is included in this update.Security issues: * Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. * When verifying the contents of a CPAN module, Module::Signature before version 0.75 ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would executeautomatically during "make test". * Module::Signature before version 0.75 used two argument open() calls to read the files when generating checksums from the signed manifest. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. * Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a maliciousmodule so that they would load from the '.' path in @INC.

Fedora 20 perl-Test-Signature-1.11-1.fc20

Saturday 18th of April 2015 05:50:00 AM
LinuxSecurity.com: This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a "skip" parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior is included in this update.Security issues: * Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. * When verifying the contents of a CPAN module, Module::Signature before version 0.75 ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would executeautomatically during "make test". * Module::Signature before version 0.75 used two argument open() calls to read the files when generating checksums from the signed manifest. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. * Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a maliciousmodule so that they would load from the '.' path in @INC.

Fedora 20 tor-0.2.5.12-1.fc20

Saturday 18th of April 2015 05:49:00 AM
LinuxSecurity.com: Update to upstream release 0.2.5.12.

Fedora 20 tcpdump-4.5.1-4.fc20

Saturday 18th of April 2015 05:48:00 AM
LinuxSecurity.com: Contains security fix for CVE-2015-0261, CVE-2015-2154, CVE-2015-2153, CVE-2015-2155.

Fedora 21 libtasn1-4.4-1.fc21

Saturday 18th of April 2015 05:48:00 AM
LinuxSecurity.com: new upstream release (#1206968)

Fedora 21 groovy-sandbox-1.8-1.fc21

Saturday 18th of April 2015 05:45:00 AM
LinuxSecurity.com: Fix CVE-2015-1806 (SECURITY-125)

Fedora 21 Update: jenkins-script-security-plugin-1.13-2.fc21

Saturday 18th of April 2015 05:45:00 AM
LinuxSecurity.com: Fix CVE-2015-1806 (SECURITY-125)

Red Hat: 2015:0854-01: java-1.8.0-oracle: Critical Advisory

Friday 17th of April 2015 07:28:00 AM
LinuxSecurity.com: Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security [More...]

Fedora 22 qt5-qtwebkit-5.4.1-4.fc22

Thursday 16th of April 2015 10:31:00 PM
LinuxSecurity.com: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode.

Fedora 22 firefox-37.0.1-1.fc22

Thursday 16th of April 2015 10:30:00 PM
LinuxSecurity.com: New upstream version - 37.0.1

Fedora 22 libzip-0.11.2-5.fc22

Thursday 16th of April 2015 10:30:00 PM
LinuxSecurity.com: CVE-2015-2331: integer overflow when processing ZIP archives (#1204676,#1204677)

Red Hat: 2015:0844-01: openstack-nova: Important Advisory

Thursday 16th of April 2015 03:42:00 PM
LinuxSecurity.com: Updated OpenStack Compute (nova) packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]

Red Hat: 2015:0843-01: openstack-nova: Important Advisory

Thursday 16th of April 2015 03:41:00 PM
LinuxSecurity.com: Updated OpenStack Compute (nova) packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]

Red Hat: 2015:0835-01: openstack-swift: Moderate Advisory

Thursday 16th of April 2015 03:41:00 PM
LinuxSecurity.com: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]

Red Hat: 2015:0834-01: novnc: Moderate Advisory

Thursday 16th of April 2015 03:39:00 PM
LinuxSecurity.com: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]

Red Hat: 2015:0838-01: openstack-glance: Low Advisory

Thursday 16th of April 2015 03:37:00 PM
LinuxSecurity.com: Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]

Red Hat: 2015:0836-01: openstack-swift: Moderate Advisory

Thursday 16th of April 2015 03:36:00 PM
LinuxSecurity.com: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]

More in Tux Machines

Android Leftovers

  • Nexus 9 Android 5.1.1 Release Rumored
    This week the latest Android 5.1.1 Lollipop update has finally arrived for the Nexus 7 and Nexus 10 tablets, and even a few lucky Samsung Galaxy S6 and Galaxy S6 Edge owners are getting the absolute latest version of Android with loads of bug fixes from Google. However, the Nexus 9 hasn’t seen an update since November, and is the only device still on Android 5.0.1 Lollipop.
  • Android Wear vs. Apple Watch: Which one will “wow” your wrist?
    Wearable tech is fast becoming the next big thing. We’ve seen fitness trackers gain popularity, smart jewellery take off, and even luxury brands start to sit up and take notice. However, it’s smartwatches which are one of the most popular choices amongst early adopters of wearable tech. The affordable Pebble works regardless of what phone you use, while big names such as Samsung, Motorola, Sony, and LG all have Android-based products on sale. Now, Apple is taking them all on with the Apple Watch.
  • Videostream for Android Streams Movies from Your PC to Your Chromecast
    Videostream for Chrome already makes it easy to play any video on your computer or network through your Chromecast, but the new Videostream app for Android gives you a remote control to stream movies on your PC, monitor downloads, and control playback without installing a special media server.
  • Meerkat’s Android app is live on Google Play
    Good news for Android users who want to get involved in the livestreaming craze that’s sweeping Twitter: Meerkat has officially made it to the Google Play Store with a beta app. Its main rival, the Twitter-owned Periscope, remains iOS-only for the time being.
  • HTC One (M8) Android 5.1 Lollipop Update: How to Install CyanogenMod [Official] CM12.1 Custom ROM
    Earlier in the week, HTC announced that their 2014 flagship smartphone One (M8) would get the new Android 5.1 Lollipop firmware in August, which means device owners would have to wait for more than two months to savour the new update.
  • Android 5.1 rollout to Moto X devices starting next week
    Motorola has announced that the Moto X 2014 will receive the long awaited Android 5.1 update next week, as reported in this article at Load the Game. The software update will first be made available to users in Brazil, and a United States rollout is expected in the week thereafter. An exact release date for European users has yet to be announced but is expected to be released around the middle of May.
  • 7 best Android apps for screen recording and other ways too!
    One of our more frequent requests from readers is to tell them how to record your screen on Android. The functionality has been around for quite some time but usually requires some tinkering and adjustment to get it. In Android Lollipop, they have a screen recording method building into the OS and that’s how most people do it these days. Let’s take a look at a few Android apps and some other methods to get you screen recording.
  • Fanboy Fight: How One Apple/Android Argument Ended In A Stabbing
    Every one of us has already had this fight at some point: Apple or Android? The two dominant players in the mobile space carry with them very loyal fanbases who, for some reason, like to spar off with one another over whose tech-daddy could beat up the other. The companies compete with the same level of petty at times, which doesn't help. Apple screws around with text messages from Android users, Android pokes back at Apple over the controlling hand it has in its app store, and the two companies spend a great deal of time in legal battles because of course they do. C'mon, guys, can't we all just spend our time pointing and laughing at Windows Mobile? [..] Yeah, no kidding. I have my brand loyalty, too, but I'm pretty sure I wouldn't feel so offended at a roommate's opinion of my phone that I felt I had to avenge the inanimate object by getting all stabby. Both men ended up getting arrested and were sent to the hospital to have their wounds treated. In a perfect world, they would be laid up next to each other, Instagram-selfying from their beds with comments about how awesome the pictures from their respective phones looked.

World’s first Ubuntu powered Drone launched

It seems world is slowly and steadily moving towards Linux powered devices. After Linux was used to power destroyers for US Navy, now Erle Robotics has used Ubuntu to power a drone. Read more

Linux vs Windows: What do people want from their next computer?

The Gnome desktop version can also be made to look stunning too, so users shouldn’t think that choosing Linux will make things ugly or clunky, as this is not the case. In conclusion, Windows adding a Start button, which the company axed two years ago, and multiple desktops (a long established Linux feature) will not make the transition and subsequent day-to-day usage much less frustrating than the Windows 8 experience. However, one of the main downsides about the Linux operating system is that by being free, this means that there is no huge marketing budget to get the message out. Read more

The loudest lesson from Ubuntu Vivid Vervet: If it’s not broken …

Those who are partial to Ubuntu know that every six months the good people at Canonical, the people behind Ubuntu, release a new version to its popular Operating System. Well if you somehow missed the big event, the latest iteration of Ubuntu and all its cousins like Kubuntu, Ubuntu Mate, Lubuntu, Xubuntu and Ubuntu Gnome, were released on the 24th of April. As usual, you get to decide which flavor you prefer depending on your hardware some of the flavors like Lubuntu are to be recommended over the default Unity based installation especially if your hardware is dated. Read more