Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 1 hour 14 min ago

Fedora 25: php-horde-passwd Security Update

Saturday 30th of September 2017 10:19:00 AM
LinuxSecurity.com: **passwd 5.0.7** * [jan] Officially support PHP 7. * [jan] SECURITY: Fix open redirects.

Fedora 25: moodle Security Update

Saturday 30th of September 2017 10:19:00 AM
LinuxSecurity.com: Patches for CVE-2017-12156, CVE-2017-12157.

Fedora 25: php-horde-nag Security Update

Saturday 30th of September 2017 06:42:00 AM
LinuxSecurity.com: **nag 4.2.17** * [jan] SECURITY: Fix unauthorized access to task exports. * [jan] Fix regression when exporting single tags to iCalendar CATEGORIES. * [jan] Officially support PHP 7.

Fedora 25: php-horde-wicked Security Update

Saturday 30th of September 2017 06:41:00 AM
LinuxSecurity.com: **wicked 2.0.8** * [jan] SECURITY: Fix unauthorized access to page attachments.

Fedora 25: php-horde-passwd Security Update

Saturday 30th of September 2017 06:41:00 AM
LinuxSecurity.com: **passwd 5.0.7** * [jan] Officially support PHP 7. * [jan] SECURITY: Fix open redirects.

Fedora 25: moodle Security Update

Saturday 30th of September 2017 06:40:00 AM
LinuxSecurity.com: Patches for CVE-2017-12156, CVE-2017-12157.

Fedora 25: pkgconf Security Update

Saturday 30th of September 2017 06:39:00 AM
LinuxSecurity.com: # Security fixes - fix crash in edge case where a .pc file has misquoting in a fragment list. # Other bug fixes: - fix logic edge case when comparing relocated paths

Fedora 27: git Security Update

Saturday 30th of September 2017 06:35:00 AM
LinuxSecurity.com: These releases are about hardening `git shell` that is used on servers against an unsafe user input, which `git cvsserver` copes with poorly. From the release notes: * "git cvsserver" no longer is invoked by "git shell" by default, as it is old and largely unmaintained. * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to

Fedora 27: dnsmasq Security Update

Saturday 30th of September 2017 06:35:00 AM
LinuxSecurity.com: Fixes CVE-2017-13704

Fedora 27: poppler Security Update

Saturday 30th of September 2017 06:32:00 AM
LinuxSecurity.com: - CVE-2017-14520 Floating point exception in Splash::scaleImageYuXd

Fedora 27: MySQL-zrm Security Update

Saturday 30th of September 2017 06:30:00 AM
LinuxSecurity.com: Fix command logging

Fedora 27: chromium Security Update

Saturday 30th of September 2017 06:30:00 AM
LinuxSecurity.com: Update to 61.0.3163.100. Security fix for CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120, CVE-2017-5121, CVE-2017-5122

Fedora 27: mingw-LibRaw Security Update

Saturday 30th of September 2017 06:27:00 AM
LinuxSecurity.com: Update to version 0.18.5, see https://www.libraw.org/news/libraw-0-18-5 for details.

Fedora 27: LibRaw Security Update

Saturday 30th of September 2017 06:24:00 AM
LinuxSecurity.com: Fix for possible buffer overrun in kodak_65000 decoder Fix for possible heap overrun in Canon makernotes parser Fix for CVE-2017-13735 CVE-2017-14265: Additional check for X-Trans CFA pattern data

openSUSE: 2017:2604-1: important: spice

Friday 29th of September 2017 09:24:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

Slackware: 2017-271-01: mozilla-firefox Security Update

Thursday 28th of September 2017 08:57:00 PM
LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

Fedora 25: php-horde-Horde-Image Security Update

Thursday 28th of September 2017 08:20:00 PM
LinuxSecurity.com: **Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections.

Fedora 25: mercurial Security Update

Thursday 28th of September 2017 08:11:00 PM
LinuxSecurity.com: Security fix for CVE-2017-1000115, CVE-2017-1000116

Fedora 26: git Security Update

Thursday 28th of September 2017 04:40:00 PM
LinuxSecurity.com: These releases are about hardening `git shell` that is used on servers against an unsafe user input, which `git cvsserver` copes with poorly. From the release notes: * "git cvsserver" no longer is invoked by "git shell" by default, as it is old and largely unmaintained. * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to

Fedora 26: poppler Security Update

Thursday 28th of September 2017 04:39:00 PM
LinuxSecurity.com: - CVE-2017-14520 Floating point exception in Splash::scaleImageYuXd

More in Tux Machines

GNU/Linux Desktops/Laptops and Devices

OSS Leftovers

Security Leftovers

  • Google and IBM launch open-source security tool for containers
    Google and IBM, together with a few other partners, released an open-source project that gathers metadata that developers can use to secure their software. According to an IBM blog post, the goal of the project is to help developers keep security standards, while microservices and containers cut the software supply chain.
  • Top 10 Hacking Techniques Used By Hackers
    We live in a world where cyber security has become more important than physical security, thousands of websites and emails are hacked daily. Hence, It is important to know the Top hacking techniques used by hackers worldwide to exploit vulnerable targets all over the internet.
  • Protect your wifi on Fedora against KRACK
    You may have heard about KRACK (for “Key Reinstallation Attack”), a vulnerability in WPA2-protected Wi-Fi. This attack could let attackers decrypt, forge, or steal data, despite WPA2’s improved encryption capabilities. Fear not — fixes for Fedora packages are on their way to stable.
  • Federal watchdog tells Equifax—no $7.25 million IRS contract for you
    The Government Accountability Office (GAO) on Monday rejected Equifax's bid to retain its $7.25 million "taxpayer identity" contract—the one awarded days after Equifax announced it had exposed the Social Security numbers and other personal data of some 145 million people.
  • Adobe Flash vulnerability exploited by BlackOasis hacking group to plant FinSpy spyware

    Security researchers have discovered a new Adobe Flash vulnerability that has already been exploited by hackers to deploy the latest version of FinSpy malware on targets. Kaspersky Lab researchers said a hacker group called BlackOasis has already taken advantage of the zero-day exploit – CVE-2017-11292 – to deliver its malicious payload via a Microsoft Word document.

  • Companies turn a blind eye to open source risk [Ed: No, Equifax got b0rked due to bad practices, negligence, incompetence, not FOSS]
    For instance, criminals who potentially gained access to the personal data of the Equifax customers exploited an Apache Struts CVE-2017-5638 vulnerability.
  • Checking Your Passwords Against the Have I Been Pwned List
    Two months ago, Troy Hunt, the security professional behind Have I been pwned?, released an incredibly comprehensive password list in the hope that it would allow web developers to steer their users away from passwords that have been compromised in past breaches.

How to use an Arduino and Raspberry Pi to turn a fiber optic neural network into wall art

Hollywood has made many big promises about artificial intelligence (AI): how it will destroy us, how it will save us, and how it will pass us butter. One of the less memorable promises is how cool it will look. There's a great example of amazing AI visualization in Avengers: Age of Ultron when Tony Stark's AI butler Jarvis interacts with Ultron and we see an organic floating network of light morphing and pulsing. I wanted to make something similar to fill blank space on my apartment wall (to improve upon the usual Ikea art). Obviously, I couldn't create anything as amazing as Jarvis as a floating orb of light; however, I could use a machine learning algorithm that looks interesting with quirky data visualization: a neural network! It employs biologically inspired elements that were meant to replicate how (we thought) the human brain works. Read more