Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 11 hours 39 min ago

Fedora 27: java-1.8.0-openjdk Security Update

Saturday 11th of November 2017 01:50:00 PM
LinuxSecurity.com: updated to aarch64-jdk8u151-b12 (from aarch64-port/jdk8u)

Fedora 27: krb5 Security Update

Saturday 11th of November 2017 01:50:00 PM
LinuxSecurity.com: Fix CVE-2017-15088 (Buffer overflow in get_matching_data()) ---- Remove build dependency on python-pyrad. It is only used on the test suite, and we gracefully skip the tests if it is not present.

Fedora 27: tomcat Security Update

Saturday 11th of November 2017 01:50:00 PM
LinuxSecurity.com: This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features: rhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615

SuSE: 2017:2996-1: important: mysql

Saturday 11th of November 2017 12:07:00 AM
LinuxSecurity.com: An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one errata is now available. errata is now available.

Gentoo: GLSA-201711-05: X.Org Server: Multiple vulnerabilities

Friday 10th of November 2017 11:06:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been found in X.Org Server, the worst of which could allow an attacker to execute arbitrary code.

Gentoo: GLSA-201711-04: MariaDB, MySQL: Root privilege escalation

Friday 10th of November 2017 10:47:00 PM
LinuxSecurity.com: A vulnerability was discovered in MariaDB and MySQL which may allow local users to gain root privileges.

Gentoo: GLSA-201711-03: hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks

Friday 10th of November 2017 10:40:00 PM
LinuxSecurity.com: A flaw was discovered in the 4-way handshake in hostapd and wpa_supplicant that allows attackers to conduct a Man in the Middle attack. [More...]

Debian: DSA-4006-2: mupdf security update

Friday 10th of November 2017 08:53:00 PM
LinuxSecurity.com: It was discovered that the original patch applied for CVE-2017-15587 in DSA-4006-1 was incomplete. Updated packages are now available to address this problem. For reference, the relevant part of the original advisory text follows.

openSUSE: 2017:2993-1: important: krb5

Friday 10th of November 2017 06:23:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

openSUSE: 2017:2991-1: important: webkit2gtk3

Friday 10th of November 2017 06:22:00 PM
LinuxSecurity.com: An update that fixes 40 vulnerabilities is now available. An update that fixes 40 vulnerabilities is now available. An update that fixes 40 vulnerabilities is now available.

SuSE: 2017:2989-1: important: java-1_8_0-openjdk

Friday 10th of November 2017 06:18:00 PM
LinuxSecurity.com: An update that fixes 19 vulnerabilities is now available. An update that fixes 19 vulnerabilities is now available. An update that fixes 19 vulnerabilities is now available.

SuSE: 2017:2981-1: important: openssl

Friday 10th of November 2017 06:14:00 PM
LinuxSecurity.com: An update that solves one vulnerability and has 5 fixes is An update that solves one vulnerability and has 5 fixes is An update that solves one vulnerability and has 5 fixes is now available. now available.

Gentoo: GLSA-201711-02: Chromium, Google Chrome: Multiple vulnerabilities

Friday 10th of November 2017 04:04:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code.

Fedora 26: tomcat Security Update

Friday 10th of November 2017 03:18:00 PM
LinuxSecurity.com: This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features: rhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615

SuSE: 2017:2969-1: important: qemu

Friday 10th of November 2017 09:19:00 AM
LinuxSecurity.com: An update that solves 29 vulnerabilities and has two fixes An update that solves 29 vulnerabilities and has two fixes An update that solves 29 vulnerabilities and has two fixes is now available. is now available.

SuSE: 2017:2968-1: important: openssl1

Friday 10th of November 2017 09:18:00 AM
LinuxSecurity.com: An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.

SuSE: 2017:2963-1: important: kvm

Friday 10th of November 2017 09:05:00 AM
LinuxSecurity.com: An update that solves 23 vulnerabilities and has 6 fixes is An update that solves 23 vulnerabilities and has 6 fixes is An update that solves 23 vulnerabilities and has 6 fixes is now available. now available.

Gentoo: GLSA-201711-01: libxml2: Multiple vulnerabilities

Friday 10th of November 2017 02:52:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in libxml2, the worst of which could result in the execution of arbitrary code.

Debian: DSA-4029-1: postgresql-common security update

Thursday 9th of November 2017 10:43:00 PM
LinuxSecurity.com: It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

Debian: DSA-4028-1: postgresql-9.6 security update

Thursday 9th of November 2017 10:40:00 PM
LinuxSecurity.com: Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098

More in Tux Machines

today's howtos

Linux 4.15, Linux 4.16, and Linux Foundation's CNCF and CII

  • Linux 4.15 Gets Fixed To Report Current CPU Frequency Via /proc/cpuinfo
    A change recently in the Linux kernel led the CPU MHz reported value via /proc/cpuinfo to either be the nominal CPU frequency or the most recently requested frequency. This behavior changed compared to pre-4.13 kernels while now it's been fixed up to report the current CPU frequency.
  • Linux 4.16 Will Be Another Big Cycle For Intel's DRM Driver
    We are just through week one of two for the Linux 4.15 merge window followed by eight or so weeks after that before this next kernel is officially released. But Intel's open-source driver developers have already begun building up a growing stack of changes for Linux 4.16 when it comes to their DRM graphics driver.
  • CNCF Wants You to Use 'Certified Kubernetes'
  • Open Source Threat Modeling
    Application threat modeling is a structured approach to identifying ways that an adversary might try to attack an application and then designing mitigations to prevent, detect or reduce the impact of those attacks. The description of an application’s threat model is identified as one of the criteria for the Linux CII Best Practises Silver badge.

Linux World Domination and Microsoft Corruption in Munich

Programming/Development: 'DevOps', NumPy, Google SLING

  • 5 DevOps leadership priorities in 2018
    This week, DevOps professionals gathered in San Francisco to talk about the state of DevOps in the enterprise. At 1,400 attendees, the sold-out DevOps Enterprise Summit has doubled in size since 2014 – a testament to the growth of the DevOps movement itself. With an ear to this event and an eye on the explosion of tweets coming out of it, here are five key priorities we think IT leaders should be aware of as they take their DevOps efforts into the new year.
  • NumPy Plan for dropping Python 2.7 support
    The Python core team plans to stop supporting Python 2 in 2020. The NumPy project has supported both Python 2 and Python 3 in parallel since 2010, and has found that supporting Python 2 is an increasing burden on our limited resources; thus, we plan to eventually drop Python 2 support as well. Now that we're entering the final years of community-supported Python 2, the NumPy project wants to clarify our plans, with the goal of to helping our downstream ecosystem make plans and accomplish the transition with as little disruption as possible.
  • Google SLING: An Open Source Natural Language Parser
    Google Research has just released an open source project that might be of interest if you are into natural language processing. SLING is a combination of recurrent neural networks and frame based parsing. Natural language parsing is an important topic. You can get meaning from structure and parsing is how you get structure. It is important in processing both text and voice. If you have any hope that Siri, Cortana or Alexa are going to get any better then you need to have better natural language understanding - not just the slot and filler systems currently in use.