Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 58 min 57 sec ago

RedHat: RHSA-2021-2467:01 Important: glib2 security update>

Thursday 17th of June 2021 06:07:23 AM
An update for glib2 is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Fedora 33: xen 2021-993693c914>

Wednesday 16th of June 2021 09:12:18 PM
xen/arm: Boot modules are not scrubbed [XSA-372, CVE-2021-28693] inappropriate x86 IOMMU timeout detection / handling [XSA-373, CVE-2021-28692] Speculative Code Store Bypass [XSA-375, CVE-2021-0089] x86: TSX Async Abort protections not restored after S3 [XSA-377, CVE-2021-28690]

Fedora 33: microcode_ctl 2021-598dbab9a9>

Wednesday 16th of June 2021 09:12:03 PM
Update to upstream 2.1-33. 20210608 * Addition of 06-55-05/0xb7 (CLX-SP A0) microcode at revision 0x3000010; * Addition of 06-6a-05/0x87 (ICX-SP C0) microcode at revision 0xc0002f0; * Addition of 06-6a-06/0x87 (ICX-SP D0) microcode at revision 0xd0002a0; * Addition of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f; * Addition of 06-86-05/0x01 (SNR B1) microcode (in intel-

Mageia 2021-0265: apache security update>

Wednesday 16th of June 2021 06:23:48 PM
mod_proxy_wstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization

Mageia 2021-0264: libgd security update>

Wednesday 16th of June 2021 06:23:47 PM
A potential integer overflow is fixed in version 2.3.1. References: - https://bugs.mageia.org/show_bug.cgi?id=29019 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WICW2DNQLH3YU4LYNAZADUCBZYHJZRCQ/

Mageia 2021-0263: gsoap security update>

Wednesday 16th of June 2021 06:23:45 PM
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability (CVE-2020-13574).

Mageia 2021-0262: qt4 and qtsvg5 security update>

Wednesday 16th of June 2021 06:23:44 PM
An out of bounds read in function QRadialFetchSimd from crafted svg file may lead to information disclosure or other potential consequences. This update includes the backported upstream fix and should resolve the security issue (CVE-2021-3481).

Mageia 2021-0261: openssh security update>

Wednesday 16th of June 2021 06:23:43 PM
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host (CVE-2021-28041).

Mageia 2021-0260: python-bleach security update>

Wednesday 16th of June 2021 06:23:42 PM
It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, 'p' or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp" are in allowed tags and 'strip_comments=False' is set (CVE-2021-23980).

RedHat: RHSA-2021-2461:01 Moderate: Red Hat Advanced Cluster Management>

Wednesday 16th of June 2021 03:38:26 PM
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact

CentOS: CESA-2018-3140: Moderate CentOS 7 gupnp >

Wednesday 16th of June 2021 11:56:04 AM
Upstream details at : https://access.redhat.com/errata/RHSA-2018:3140

CentOS: CESA-2021-1512: Important CentOS 7 postgresql >

Wednesday 16th of June 2021 11:54:03 AM
Upstream details at : https://access.redhat.com/errata/RHSA-2021:1512

Ubuntu 4989-2: BlueZ vulnerabilities>

Wednesday 16th of June 2021 10:54:41 AM
Several security issues were fixed in BlueZ.

Ubuntu 4989-1: BlueZ vulnerabilities>

Wednesday 16th of June 2021 09:45:37 AM
Several security issues were fixed in BlueZ.

RedHat: RHSA-2021-2459:01 Important: gupnp security update>

Wednesday 16th of June 2021 09:15:25 AM
An update for gupnp is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2021-2456:01 Important: Red Hat OpenStack Platform 13.0>

Wednesday 16th of June 2021 06:59:23 AM
An update for openvswitch2.11 is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Debian LTS: DLA-2687-1: prosody security update>

Wednesday 16th of June 2021 02:28:06 AM
Two security issues have been discovered in prosody: CVE-2021-32917

Fedora 33: dotnet3.1 2021-e9c84e6d26>

Tuesday 15th of June 2021 09:08:06 PM
This is the June update for .NET Core 3.1. It updates the .NET Core runtime to 3.1.16 and the .NET SDK to 3.1.116. This update includes a fix for CVE-2021-31957: ASP.NET Denial of Service Vulnerability

Fedora 33: dotnet5.0 2021-4b3fc547fe>

Tuesday 15th of June 2021 09:08:05 PM
This is the .NET 5.0 update for June 2021. It includes a fix for CVE-2021-31957: ASP.NET Denial of Service Vulnerability

Fedora 33: dino 2021-3cf08ffe38>

Tuesday 15th of June 2021 09:08:03 PM
Update for [CVE-2021-33896](https://dino.im/security/cve-2021-33896/).

More in Tux Machines

Excellent Utilities: duf – disk usage utility

This is a series highlighting best-of-breed utilities. We cover a wide range of utilities including tools that boost your productivity, help you manage your workflow, and lots more besides. There’s a complete list of the tools in this series in the Summary section. The Command Line Interface (CLI) is a way of interacting with your computer. To harness all the power of Linux, it’s highly recommended mastering the interface. It’s true the CLI is often perceived as a barrier for users migrating to Linux, particularly if they’re grown up using GUI software exclusively. While Linux rarely forces anyone to use the CLI, some tasks are better suited to this method of interaction, offering inducements like superior scripting opportunities, remote access, and being far more frugal with a computer’s resources. duf is a simple disk usage utility that offers a more attractive representation than the classic df utility. It’s written in Go. Read more

Sway 1.6.1 Wayland Compositor Released With WLROOTS 0.14

Simon Ser has released Sway 1.6.1 as the newest version of this popular i3-inspired Wayland compositor. Sway 1.6 came back in April with better Flatpak/Snap application integration, smoother move/resize operations, X11 clipboard handling improvements, and many other improvements for this popular "indie" Wayland compositor. Read more

today's howtos

  • Kali Linux Man in the Middle Attack Tutorial for Beginners 2021

    Man in the middle attack is the most popular and dangerous attack in Local Area Network. With the help of this attack, A hacker can capture the data including username and password traveling over the network. He/she is not only captured data from the network he/she can alter data as well. For example, if you send a letter to your friend the hacker can capture the letter before reaching the destination, and can edit and then send to your friend a modified letter. But a good thing is this attack only can be performed in a local area network it means one of the victims must be in the same network of the attacker. May be possible you have heard that using a public Wi-Fi network is not as secure as your home network the only reason is a man in the middle attack.

  • How to Install chrome in Ubuntu 20.04 complete Guide

    Google Chrome is a web browser, most used widely in the world. It is fast, simple, and easy to use and secure browser built for the modern web. Neither Google Chrome comes with Ubuntu default, nor included in the Ubuntu repositories. But here, I am telling about another open-source web browser. It is available in the default Ubuntu repositories. If you don’t want to install chromium and looking only for chrome, this article will help you.

  • How to Install and Use Tilix Terminal Emulator in Linux

    Tilix is an open-source advanced Linux terminal emulator that uses GTK+ 3 and offers a lot of features that are not part of the default terminal that ships with Linux distributions.

  • How to Install NetBeans IDE 12 on Fedora 34/33 – TecAdmin

    NetBeans is an open-source integrated development environment for the application development on Windows, Mac, Linux, and Solaris operating systems. It offers excellent debugging capabilities, coding, plugins, and extensions with multiple out-of-the-box features. The NetBeans is widely used by the PHP and Java application developers. A shell script is provided by the official team for easier installation of Netbeans on Linux systems. However, we can have also use the Snap package to install the latest NetBeans IDE on the Fedora system quickly. This tutorial will help you to install NetBeans IDE on a Fedora system using the Snap package manager.

  • How to Fix 504 Gateway Timeout in Nginx Server

    I use NGINX a lot. I recently deployed a Node.js web application with NGINX as a reverse proxy server for it. One of the key features of the application is support for data imports using excel templates. However, it didn’t take long before users uploading bulky files started getting a 504 Gateway Timeout error from NGINX.

  • How To Install Next.js on Ubuntu 20.04 LTS - idroot

    In this tutorial, we will show you how to install Next.js on Ubuntu 20.04 LTS. For those of you who didn’t know, Next.js is a Javascript framework built on React.js, which allows developers to build static and dynamic websites and web applications. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Next.js open-source Javascript framework on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

  • How To Install AlmaLinux Desktop

    This tutorial explains the installation of AlmaLinux Desktop to computer. This begins with where to grab the OS itself, make a bootable medium of it, boot the computer with it, then starts the installation and partitioning until finished. The final result will be a fully functional computer with AlmaLinux GNOME.

  • Generate Rainbow Tables and Crack Hashes in Kali Linux Complete Guide

    Rcracki_mt is a tool used to crack hashes and found in kali linux by default. It is used rainbow tables to crack the password. Some other tools generate rainbow tables. You can download Rainbow table https://www.freerainbowtables.com/tables2/ if you don’t want to download rainbow table you can create you own by Using winrtgen in window and rtgen in Kali Linux

AMD SFH Linux Driver Updated For "Next Gen" Ryzen Laptops

There's the next chapter to the unfortunately rather sad state of the AMD Sensor Fusion Hub (SFH) driver support under Linux. Since 2018 with AMD Ryzen laptops there has been the Sensor Fusion Hub for various accelerometer/gyroscopic sensor functionality, among other uses and akin to Intel's Sensor Hub. It wasn't though until January 2020 that AMD published their SFH driver for Linux. Read more