Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 3 hours 47 min ago

Fedora 24 firefox-51.0.1-2.fc24

Sunday 29th of January 2017 05:29:00 PM
LinuxSecurity.com: Update to Firefox 51.0.1. ---- - new upstream version (51.0.1)

Fedora 24 libXpm-3.5.12-1.fc24

Sunday 29th of January 2017 05:29:00 PM
LinuxSecurity.com: Security fix for CVE-2016-10164

Fedora 24 ghostscript-9.20-6.fc24

Sunday 29th of January 2017 05:28:00 PM
LinuxSecurity.com: This is a security update for these CVEs: *[CVE-2016-9601](https://bugzilla.redhat.com/show_bug.cgi?id=1410021) - *Heap-buffer overflow in jbig2_image_new function* This update also solves possiblelicensing issues with ghostscritpt's source code.

Fedora 25 mapserver-7.0.4-1.gitb4bc015.fc25

Sunday 29th of January 2017 04:55:00 PM
LinuxSecurity.com: Update to 7.0.4

Debian: 3775-1: tcpdump: Summary

Sunday 29th of January 2017 12:27:00 PM
LinuxSecurity.com: Security Report Summary

Gentoo: 201701-74 libpng: Remote execution of arbitrary code

Sunday 29th of January 2017 12:18:00 PM
LinuxSecurity.com: A null pointer dereference in libpng might allow remote attackers to execute arbitrary code.

Gentoo: 201701-73 SQUASHFS: Multiple vulnerabilities

Sunday 29th of January 2017 12:08:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been discovered in SQUASHFS, the worst of which may allow execution of arbitrary code

Gentoo: 201701-72 libXpm: Remote execution of arbitrary code

Sunday 29th of January 2017 12:04:00 PM
LinuxSecurity.com: An integer overflow in libXpm might allow remote attackers to execute arbitrary code or cause a Denial of Service Condition.

Gentoo: 201701-71 FFmpeg: Multiple vulnerabilities

Sunday 29th of January 2017 11:39:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition.

Gentoo: 201701-70 Firewalld: Improper authentication methods

Sunday 29th of January 2017 11:34:00 AM
LinuxSecurity.com: A vulnerability in Firewalld allows firewall configurations to be modified by unauthenticated users.

Fedora 25 ikiwiki-3.20170111-1.fc25

Friday 27th of January 2017 02:25:00 PM
LinuxSecurity.com: Update to the latest stable version. See https://ikiwiki.info/news/ for the listof changes. Security fix for CVE-2016-10026, CVE-2016-9646, CVE-2017-0356.

Fedora 24 fedmsg-0.18.2-1.fc24

Friday 27th of January 2017 02:22:00 PM
LinuxSecurity.com: Fix validation logic in the base consumer The base consumer is intended to onlyderive its validation switch from the on-disk configuration if the child classdoesn't override the validate_signatures switch. There was a bug here where thedefault value provided in the base class made it appear as if *all* childconsumers had turned *off* validation, which is incorrect. This fix turns onsignature validation by default while preserving the ability of child consumersto override the on-disk configuration in special cases. - Fixes:CVE-2017-1000001 - Reviewed-by: Patrick Uiterwijk

Fedora 24 ikiwiki-3.20170111-1.fc24

Friday 27th of January 2017 02:21:00 PM
LinuxSecurity.com: Update to the latest stable version. See https://ikiwiki.info/news/ for the listof changes. Security fix for CVE-2016-10026, CVE-2016-9646, CVE-2017-0356.

Slackware: 2017-026-01: mozilla-thunderbird: Security Update

Friday 27th of January 2017 12:59:00 AM
LinuxSecurity.com: New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues. [More Info...]

Red Hat: 2017:0206-01: chromium-browser: Important Advisory

Thursday 26th of January 2017 05:22:00 PM
LinuxSecurity.com: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact [More...]

Red Hat: 2017:0200-01: puppet-swift: Moderate Advisory

Thursday 26th of January 2017 05:17:00 PM
LinuxSecurity.com: An update for puppet-swift is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact [More...]

Debian: 3772-1: libxpm: Summary

Thursday 26th of January 2017 02:32:00 PM
LinuxSecurity.com: Security Report Summary

Red Hat: 2017:0196-01: kernel: Important Advisory

Thursday 26th of January 2017 05:53:00 AM
LinuxSecurity.com: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact [More...]

Red Hat: 2017:0195-01: ansible: Important Advisory

Wednesday 25th of January 2017 05:40:00 PM
LinuxSecurity.com: An update for ansible is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact [More...]

Debian: 3771-1: firefox-esr: Summary

Wednesday 25th of January 2017 04:49:00 PM
LinuxSecurity.com: Security Report Summary

More in Tux Machines

Leftovers: Software

  • Picard 1.4 released
    The last time we put out a stable release was more than 2 years ago, so a lot of changes have made it into this new release. If you’re in a hurry and just want to try it out, the downloads are available from the Picard website.
  • Linux Digital Audio Workstations: Open Source Music Production
    Linux Digital Audio Workstations When most people think of music programs, they’ll usually think Mac OS or Windows. However, there are also a few Linux digital audio workstations. The support and features of these programs can vary, but they’re a good choice to setup a cheap recording studio. Some of them are even good competitors for paid programs, offering features such as multitrack recording, MIDI, and virtual instruments. Keep in mind that many audio editing programs for Linux rely on the Jack backend. You’ll need a dedicated system to install these programs on, since it doesn’t work properly in a virtual machine. In the following article, we’ll cover audio editing programs that are available for Linux. We’ll talk about the available features, as well as help you decide which program to use for your needs.
  • i2pd 2.12 released
    i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client. I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses.
  • 4 Command-Line Graphics Tools for Linux
    For the most part, they’re wrong. Command-line image tools do much of what their GUI counterparts can, and they can do it just as well. Sometimes, especially when dealing with multiple image files or working on an older computer, command-line tools can do a better job. Let’s take a look at four command-line tools that can ably handle many of your basic (and not-so-basic) image manipulation tasks.
  • CloudStats - Best Server Monitoring Tool for Linux Servers
    CloudStats is an effective tool for Linux server monitoring and network monitoring. With CloudStats you get whole visibility into key performance criteria of your Linux Server. You can proactively track different server metrics like CPU, disk and memory usage, services, apps, processes and more. The best thing is that you don’t need to have any special technical skills – this tool for server monitoring is very easy to install and run from any device.
  • New Inkscape 0.92.1 fixes your previous works done with Inkscape
    This blog-post is about a happy-end after a previously published blog-post named New Inkscape 0.92 breaks your previous works done with Inkscape published on 20 January. A lot of reactions did happen about this previous blog-post and the news get quickly viral. That's why I thought it was nice to make another blog post to "close this case".
  • Qt 5.10 To Have Built-In Vulkan Support
    With Qt 5.8 there was experimental Direct3D 12 support that left some disappointed the toolkit didn't opt for supporting Vulkan first as a cross-platform, high-performance graphics API. Fortunately, with Qt 5.10, there will be built-in Vulkan support. Going back nearly one year there has been Vulkan work around Qt while with Qt 5.10 it's becoming a reality. However, with Qt 5.9 not even being released until the end of May, Qt 5.10 isn't going to officially debut until either the very end of 2017 or early 2018.
  • Rusty Builder
    Thanks to Georg Vienna, Builder can now manage your Rust installations using RustUp!
  • GNOME MPlayer knows how to grow your playlist size

today's howtos

Leftovers: Gaming

  • Unvanquished Open-Source Shooter Game Prepares For An Exciting 2017
    The Unvanquished open-source first person shooter game had been very promising and issuing monthly alpha releases all the way up to 48 alpha versions while they ended that one year ago without any new releases. The project is still ongoing and they are preparing for a great 2017. The Unvanquished team posted a teaser to their project site this weekend. They have been working on some "much bigger" changes. They aren't saying what the next release will be, but most will know what generally follows alpha builds... I'm a big supporter of Unvanquished, and have heard from their project lead and look forward to what's next ;)
  • OSS: RPG Maker MV CoreScript
    "RPG Maker MV CoreScript" is a game engine player for 2D games that runs on the browser. "RPG Maker MV CoreScript" is designed as a game engine dedicated to "RPG Maker MV", the latest work of "RPG Maker" series of 2DRPG world number one software with more than 20 years history, and more than 1000 games are running. (February 2017)
  • HITMAN released for Linux, initial port report and two gameplay videos
    HITMAN [Steam, Feral Store] is the brand new Linux port from Feral Interactive and what a game it is! This is some serious fun to keep you occupied for many hours!
  • Hitman is Coming to Your Home
  • Castle Game Engine 6.0 Released
    Castle Game Engine is yet another open-source cross-platform game engine. What separates this game engine from others is that interestingly it's written in Object Pascal. Up until seeing this Castle Game Engine 6.0 release, I hadn't thought of Object Pascal in a few years and interesting it's being used by this game engine. Castle Engine 6.0 continues to be fitted for both 2D and 3D games and this latest release incorporates about one year of development work.

Fedora: The Latest

  • Anaconda Install Banners get a Makeover!
    A redesign/ update for Anaconda install banners has been an ongoing project for me since the summer and has recently, in the passed month or so, had a fair amount of conversation on its Pagure ticket. I have done multiple series of iterations for these banners, and in the couple of weeks have established a design that represents the Fedora vibe. There are three, sort of, sub-categories for the banners: Common Banners, Server-specific Banners, and Desktop-specific Banners. At this point I have completed drafts of the Common banners (available on all editions) and the Desktop-specific banners (available in addition to Common for Desktop editions).
  • This is why I drink: a discussion of Fedora's legal state
    Tom Callaway seems to be a very nice person who has been overclocked to about 140% normal human speed. In only 20 minutes he gave an interesting and highly-amusing talk that could have filled a 45-minute slot on the legal principles that underpin Fedora, how they got that way, and how they work out in practice. In the old days, Callaway said, Red Hat made Red Hat Linux, entirely in-house. What the company didn't make was any money; sales of hats generated more profit than sales of Red Hat box sets, which apparently were sold at a loss. It was felt that this plan wouldn't work out in the long term, so Red Hat changed to making Enterprise Linux. It didn't want to stop doing a hobbyist Linux, however, so Fedora Core was launched. Red Hat also wanted the community to have input into what Fedora was, and how it looked, but the company couldn't just drop the reins and let the community take over, because it was still legally the distributor.
  • Modularity & Generational Core: The future of Fedora?
  • Fedora 25: running Geekbench.