Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 3 hours 41 min ago

SUSE: 2021:400-1 suse/sle15 Security Update>

Wednesday 13th of October 2021 05:49:18 AM
The container suse/sle15 was updated. The following patches have been included in this update:

SUSE: 2021:399-1 suse/sle15 Security Update>

Wednesday 13th of October 2021 05:49:03 AM
The container suse/sle15 was updated. The following patches have been included in this update:

RedHat: RHSA-2021-3838:01 Important: thunderbird security update>

Wednesday 13th of October 2021 05:32:04 AM
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2021-3840:01 Important: thunderbird security update>

Wednesday 13th of October 2021 05:29:32 AM
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Fedora 33: mediawiki 2021-56d8173b5e>

Tuesday 12th of October 2021 07:47:22 PM
https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.4

Fedora 33: redis 2021-8913c7900c>

Tuesday 12th of October 2021 07:47:15 PM
**Redis 6.0.16** - Released Mon Oct 4 12:00:00 IDT 2021 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2021-41099**) Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value [reported by yiyuaner]. *

Fedora 33: xstream 2021-fbad11014a>

Tuesday 12th of October 2021 07:47:14 PM
``` * Mon Oct 04 2021 Didik Supriadi - 1.4.18-2 - Enable activation, cglib, dom4j, jdom, and jdom2 * Fri Oct 01 2021 Didik Supriadi - 1.4.18-1 - Update to version 1.4.18 ```

Fedora 34: flatpak 2021-4b201d15e6>

Tuesday 12th of October 2021 07:46:05 PM
Update to 1.10.5 Fix CVE-2021-41133

Fedora 34: httpd 2021-2a10bc68a4>

Tuesday 12th of October 2021 07:46:03 PM
This update addresses CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these

Fedora 34: mediawiki 2021-eee8b7514f>

Tuesday 12th of October 2021 07:45:15 PM
https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.4

Debian: DSA-4984-1: flatpak security update>

Tuesday 12th of October 2021 05:27:27 PM
It was discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could be bypassed for a Flatpak app with direct access to AF_UNIX sockets, by manipulating the VFS using mount-related syscalls that are not blocked by Flatpak's denylist

openSUSE: 2021:3387-1 important: the Linux Kernel>

Tuesday 12th of October 2021 05:23:33 PM
An update that solves 7 vulnerabilities and has 53 fixes is now available.

SciLinux: SLSA-2021-3801-1 Important: kernel on SL7.x x86_64>

Tuesday 12th of October 2021 05:05:43 PM
kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) * kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653) * kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656) For more details about the security issue(s), [More...]

SciLinux: SLSA-2021-3810-1 Moderate: libxml2 on SL7.x x86_64>

Tuesday 12th of October 2021 05:05:23 PM
libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6 [More...]

SciLinux: SLSA-2021-3798-1 Moderate: openssl on x86_64>

Tuesday 12th of October 2021 05:04:45 PM
openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE - Scientific Linux Development Team

SciLinux: SLSA-2021-3807-1 Low: 389-ds-base on SL7.x x86_64>

Tuesday 12th of October 2021 05:04:12 PM
389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * A plugin can create an index. Even if the index can be used immediately (for searches) the index remains offline until further rein [More...]

RedHat: RHSA-2021-3816:01 Important: httpd:2.4 security update>

Tuesday 12th of October 2021 12:18:10 PM
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

openSUSE: 2021:1350-1 important: chromium>

Tuesday 12th of October 2021 11:58:47 AM
An update that fixes 25 vulnerabilities is now available.

RedHat: RHSA-2021-3810:01 Moderate: libxml2 security update>

Tuesday 12th of October 2021 11:32:47 AM
An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2021-3798:01 Moderate: openssl security update>

Tuesday 12th of October 2021 11:32:33 AM
An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

More in Tux Machines

Raspberry Pi 4 2GB jumps to $45 as 1GB model returns from the dead at $35

Citing chip shortages, Raspberry Pi announced its first price increase, bumping the RPi 4 with 2GB RAM up to $45. Meanwhile, the discontinued RPi 4 1GB has come back to life at $35. In the spirit of Halloween, Raspberry Pi Trading has reanimated the 1GB RAM version of the Raspberry Pi 4 Model B, which it killed off when it dropped the price of the 2GB model from $45 to $35 in Feb. 2020. The company also increased the 2GB price to $45. With the 1GB version returning at its old $35 price, we have essentially turned back the clock to early 2020. (In which case, maybe we could get a second chance on stopping the pandemic.) In the Raspberry Pi blog post announcing the changes, CEO Eben Upton cited industry-wide supply chain issues for its first price increase in Pi history. The chip shortages, combined with heightened demand, have caused severe shortages of the RPi Zero and the RPi4 2GB. Read more

The love/hate relationship the cloud has with Linux

The cloud is run by Linux and open-source. There is no debating that claim at this point. It's fact. And not only does Linux power all of those cloud services we deploy and use, but the hold it has over that particular tech sector is also only going to get stronger as we march into the future. I predict that, over the next five years, the cloud and Linux will become synonymous to the point everyone (from CEOs to end-users) will finally get just how important and powerful the platform is. So it's safe to say, there would be no cloud without Linux. There would also be no cloud-native development, Kubernetes, Docker, virtual machines or containers in general. With that in mind, it should stand to reason that the relationship between Linux and the cloud would be all love. Read more

You Can Now Install the UnityX Desktop in Arch Linux, Here's How

UnityX is the successor of the Unity7 desktop environment created by Canonical for its popular Ubuntu Linux distribution back in 2011 with the Ubuntu 11.04 release. But Canonical pulled the plug on Unity7 after seven years of development, yet the community wasn’t ready for this major change. In May 2020, developer Rudra Saraswat created an unofficial Ubuntu flavor called Ubuntu Unity, which features the good old Unity7 desktop environment. Now, the Ubuntu Unity creator wants to take Unity7 to the next level and created UnityX, a modern, yet simple desktop environment. Read more

PSA: gnome-settings-daemon's MediaKeys API is going away

In 2007, Jan Arne Petersen added a D-Bus API to what was still pretty much an import into gnome-control-center of the "acme" utility I wrote to have all the keys on my iBook working. It switched the code away from remapping keyboard keys to "XF86Audio*", to expecting players to contact the D-Bus daemon and ask to be forwarded key events. In 2013, we added support for controlling media players using MPRIS, as another interface. Fast-forward to 2021, and MPRIS support is ubiquitous, whether in free software, proprietary applications or even browsers. So we'll be parting with the "org.gnome.SettingsDaemon.MediaKeys" D-Bus API. If your application still wants to work with older versions of GNOME, it is recommended to at least quiet the MediaKeys API's unavailability. Read more