Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 1 hour 16 min ago

Fedora 32: python36 2020-1ddd5273d6>

Thursday 6th of August 2020 12:03:40 AM
Security fix for CVE-2019-20907, CVE-2020-14422.

Fedora 32: python37 2020-87c0a0a52d>

Thursday 6th of August 2020 12:03:32 AM
Security fix for CVE-2019-20907, CVE-2020-14422. Provide a versioned pathfix3.7.py command.

Fedora 31: python2 2020-826b24c329>

Wednesday 5th of August 2020 11:57:04 PM
Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)

Debian: DSA-4741-1: json-c security update>

Wednesday 5th of August 2020 05:21:13 PM
Tobias Stoeckmann discovered an integer overflow in the json-c JSON library, which could result in denial of service or potentially the execution of arbitrary code if large malformed JSON files are processed.

SUSE: 2020:2134-1 important: the Linux Kernel>

Wednesday 5th of August 2020 05:12:57 PM
An update that solves 14 vulnerabilities and has four fixes is now available.

Ubuntu 4453-1: OpenJDK 8 vulnerabilities>

Wednesday 5th of August 2020 02:28:50 PM
Several security issues were fixed in OpenJDK 8.

openSUSE: 2020:1147-1: important: MozillaFirefox>

Wednesday 5th of August 2020 11:17:08 AM
An update that fixes 10 vulnerabilities is now available.

openSUSE: 2020:1148-1: moderate: opera>

Wednesday 5th of August 2020 11:15:51 AM
An update that fixes 26 vulnerabilities is now available.

SUSE: 2020:14445-1 important: xorg-x11-libX11>

Wednesday 5th of August 2020 11:13:42 AM
An update that fixes one vulnerability is now available.

RedHat: RHSA-2020-3328:01 Moderate: Red Hat Ansible Tower 3.7.2-1 - RHEL7>

Wednesday 5th of August 2020 10:49:46 AM
Red Hat Ansible Tower 3.7.2-1 - RHEL7 Container 2. Description: * Updated Named URLs to allow for testing the presence or absence of objects (CVE-2020-14337)

RedHat: RHSA-2020-3329:01 Moderate: Red Hat Ansible Tower 3.6.5-1 - RHEL7>

Wednesday 5th of August 2020 10:49:19 AM
Red Hat Ansible Tower 3.6.5-1 - RHEL7 Container 2. Description: * Removed reports option for Satellite inventory script * Fixed Tower Server Side Request Forgery on Credentials (CVE-2020-14327)

Ubuntu 4441-2: MySQL regression>

Wednesday 5th of August 2020 09:59:54 AM
USN-4441-1 introduced a regression in MySQL

RedHat: RHSA-2020-3184:01 Moderate: OpenShift Container Platform 4.3.31>

Wednesday 5th of August 2020 06:28:22 AM
An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

RedHat: RHSA-2020-3183:01 Moderate: OpenShift Container Platform 4.3.31>

Wednesday 5th of August 2020 06:15:22 AM
An update for openshift is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Fedora 32: mingw-curl 2020-ad05132742>

Tuesday 4th of August 2020 09:20:49 PM
Major update includes security fixes.

SUSE: 2020:2122-1 important: the Linux Kernel>

Tuesday 4th of August 2020 08:23:40 PM
An update that solves 13 vulnerabilities and has 70 fixes is now available.

SUSE: 2020:2122-1 important: the Linux Kernel>

Tuesday 4th of August 2020 08:13:18 PM
An update that solves 13 vulnerabilities and has 70 fixes is now available.

SUSE: 2020:2118-1 important: MozillaFirefox>

Tuesday 4th of August 2020 05:42:26 PM
An update that fixes 10 vulnerabilities is now available.

SUSE: 2020:2117-1 important: libX11>

Tuesday 4th of August 2020 05:41:41 PM
An update that fixes one vulnerability is now available.

Ubuntu 4432-2: GRUB2 regression>

Tuesday 4th of August 2020 05:40:29 PM
USN-4432-1 introduced a regression in the GRUB2 bootloader.

More in Tux Machines

Linspire 9.0 Released

Today our development team is excited to announce the release of Linspire 9.0; packed with a TON of improvements and security updates, this is a major update that we’ve been working hard to get out to our faithful users. The global pandemic has delayed its release, but the development team has worked diligently and meticulously behind-the-scenes over the past few months, fine-tuning every detail of what is widely considered to be the premier Linux desktop on the market today. The Linspire 9.0 series will be the last one featuring the 18.04 LTS codebase; upcoming Linspire X will be based on the 20.04 LTS code and kernel. Read more Also: Linspire 9.0 Officially Released, Based on Ubuntu 18.04 LTS and Linux 5.4 LTS

today's leftovers

  • Fast Bare Metal provisioning and infrastructure automation with MAAS
  • [Updated] Michael Stapelberg: Optional dependencies don’t work

    In the i3 projects, we have always tried hard to avoid optional dependencies. There are a number of reasons behind it, and as I have recently encountered some of the downsides of optional dependencies firsthand, I summarized my thoughts in this article.

  • Benchmarking NetBSD, second evaluation report

    This report was written by Apurva Nandan as part of Google Summer of Code 2020. This blog post is in continuation of GSoC Reports: Benchmarking NetBSD, first evaluation report blog and describes my progress in the second phase of GSoC 2020 under The NetBSD Foundation. In this phase, I worked on the automation of the regression suite made using Phoronix Test Suite (PTS) and its integration with Anita. The automation framework consists of two components Phoromatic server, provided by Phoronix Test Suite in pkgsrc, and Anita, a Python tool for automating NetBSD installation.

  • Interest in Kodi Declines After a Turmultuous Few Years of Piracy Headlines

    After many years of being mentioned in the same breath as movie and TV show piracy, interest in the Kodi media player appears to have peaked and is now on the decline. That's according to Google Trends data which suggests that after reaching a high in early 2017, interest via search is now on a continuous downward trend.

Programming Leftovers

  • RcppSimdJson 0.1.1: More Features

    A first update following for the exciting RcppSimdJson 0.1.0 release last month is now on CRAN. Version 0.1.1 brings further enhancements such direct parsing of raw chars, working with compressed files as well as much expanded querying ability all thanks to Brendan, some improvements to our demos thanks to Daniel as well as a small fix via a one-liner borrowed from upstream for a reported UBSAN issue. RcppSimdJson wraps the fantastic and genuinely impressive simdjson library by Daniel Lemire and collaborators. Via very clever algorithmic engineering to obtain largely branch-free code, coupled with modern C++ and newer compiler instructions, it results in parsing gigabytes of JSON parsed per second which is quite mindboggling. The best-case performance is ‘faster than CPU speed’ as use of parallel SIMD instructions and careful branch avoidance can lead to less than one cpu cycle use per byte parsed; see the video of the talk by Daniel Lemire at QCon (also voted best talk).

  • Jonathan Dowland: Generic Haskell

    When I did the work described earlier in template haskell, I also explored generic programming in Haskell to solve a particular problem. StrIoT is a program generator: it outputs source code, which may depend upon other modules, which need to be imported via declarations at the top of the source code files. The data structure that StrIoT manipulates contains information about what modules are loaded to resolve the names that have been used in the input code, so we can walk that structure to automatically derive an import list. The generic programming tools I used for this are from Structure Your Boilerplate (SYB), a module written to complement a paper of the same name.

  • 9 reasons I upgraded from AngularJS to Angular

    In 2010, Google released AngularJS, an open source, JavaScript-based frontend structure for developing single-page applications (SPAs) for the internet. With its move to version 2.0 in 2016, the framework's name was shortened to Angular. AngularJS is still being developed and used, but Angular's advantages mean it's a smart idea to migrate to the newer version.

  • [Old/Odd] 5 news feautures of PHP-7.2

    Before PHP 7.2 the object keyword was used to convert one data type to another (boxing and unboxing), for example, an array to an object of the sdtClass class and/or vice versa, as of PHP 7.2 the object data type can be used as parameter type or as function return type.

  • This Week In Rust: This Week in Rust 351

Proprietary Software and Linux Foundation

  • [PCLinuxOS] Opera Browser updated to 70.0.3728.106

    Opera is a Chromium-based browser using the Blink layout engine. It differentiates itself because of a distinct user interface and other features.

  • Vivaldi Explains Why They Make "Proprietary Garbage"

    It is unfair to say that Vivaldi is not open source at all as someone like Distrotube has done, the way the company behind Vivaldi has decided to handle this application is by using a dual licensing system where the open source portion of the application is licensed under an open source BSD license but that's not the point of today, the point is to explain why they have decided to license their software in such a way.

  • Scientists Forced To Change Names Of Human Genes Because Of Microsoft's Failure To Patch Excel

    Six years ago, Techdirt wrote about a curious issue with Microsoft's Excel. A default date conversion feature was altering the names of genes, because they looked like dates. For example, the tumor suppressor gene DEC1 (Deleted in Esophageal Cancer 1) was being converted to "1-DEC". Hardly a widespread problem, you might think. Not so: research in 2016 found that nearly 20% of 3500 papers taken from leading genomic journals contained gene lists that had been corrupted by Excel's re-interpretation of names as dates. Although there don't seem to be any instances where this led to serious errors, there is a natural concern that it could distort research results. The good news is this problem has now been fixed. The rather surprising news is that it wasn't Microsoft that fixed it, even though Excel was at fault. As an article in The Verge reports:

  • The Linux Foundation Wants Open-Source Tech to Address Future Pandemics

    The Linux Foundation, which supports open-source innovation in blockchain tech, launched the Linux Foundation Public Health Initiative (LFPHI) at the end of July. The LFPHI’s goal is to promote the use of open source by public health authorities, which can be scrutinized by anyone, to fight not just COVID-19 but future pandemics as well.

  • LF Edge’s Akraino Project Release 3 Now Available, Unifying Open Source Blueprints Across MEC, AI, Cloud and Telecom Edge

    LF Edge, an umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced the availability of Akraino Release 3 (“Akraino R3”). Akraino’s third and most mature release to date delivers fully functional edge solutions– implemented across global organizations– to enable a diversity of edge deployments across the globe. New blueprints include a focus on MEC, AI/ML, and Cloud edge. In addition, the community authored the first iteration of a new white paper to bring common open edge API standards to align the industry.

  • Linux Foundation Launches Jenkins X Training Course

    Linux Foundation has launched a new training course, LFS268 – CI/CD with Jenkins X. Developed in conjunction with the Continuous Delivery Foundation, the course will introduce the fundamentals of Jenkins X.