Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 3 hours 52 min ago

Mageia 2021-0470: apache security update>

Friday 8th of October 2021 05:13:29 PM
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for

Debian: DSA-4982-1: apache2 security update>

Friday 8th of October 2021 04:56:04 PM
Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition a vulnerability was discovered in mod_proxy with which an attacker could trick the server to forward requests to arbitrary origin servers.

Ubuntu 5108-1: libntlm vulnerability>

Friday 8th of October 2021 03:04:07 PM
libntlm could be made to crash or possibly execute arbitrary code.

Mageia 2021-0469: firefox security update>

Friday 8th of October 2021 02:28:59 AM
Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this could have caused a double free and a memory leak (CVE-2021-32810).

Slackware: 2021-280-01: httpd Security Update>

Thursday 7th of October 2021 11:27:06 PM
New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

Ubuntu 5107-1: Firefox vulnerabilities>

Thursday 7th of October 2021 08:22:29 PM
Firefox could be made to crash or run programs as your login if it opened a malicious website.

Ubuntu 5022-3: MySQL vulnerabilities>

Thursday 7th of October 2021 01:39:58 PM
Several security issues were fixed in MySQL.

Fedora 33: libssh 2021-f2a020a065>

Thursday 7th of October 2021 01:08:12 PM
Rebase to libssh-0.9.6 Fix CVE-2021-3634

RedHat: RHSA-2021-3748:01 Moderate: OpenShift Container Storage 3.11.z>

Thursday 7th of October 2021 10:19:38 AM
Updated container images that fix various bugs are now available for Red Hat OpenShift Container Storage 3.11 Update 8 in the Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact

RedHat: RHSA-2021-3746:01 Important: Red Hat JBoss Core Services Apache>

Thursday 7th of October 2021 09:48:30 AM
Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9, and fix an important security issue, are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact

RedHat: RHSA-2021-3745:01 Important: Red Hat JBoss Core Services Apache>

Thursday 7th of October 2021 09:36:03 AM
Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact

Ubuntu 5105-1: Bottle vulnerability>

Thursday 7th of October 2021 07:18:20 AM
Bottle could be made to cache malicious requests if it received a specially crafted input.

openSUSE: 2021:3301-1 moderate: libcryptopp>

Wednesday 6th of October 2021 06:13:34 PM
An update that fixes one vulnerability is now available.

openSUSE: 2021:3291-1 moderate: glibc>

Wednesday 6th of October 2021 06:04:07 PM
An update that fixes two vulnerabilities is now available.

openSUSE: 2021:3293-1 moderate: ffmpeg>

Wednesday 6th of October 2021 06:01:54 PM
An update that fixes one vulnerability is now available.

Mageia 2021-0468: libcryptopp security update>

Wednesday 6th of October 2021 05:43:07 PM
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

Mageia 2021-0467: cockpit security update>

Wednesday 6th of October 2021 05:43:06 PM
Restrict frame embedding to same origin References: - https://bugs.mageia.org/show_bug.cgi?id=29518 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XQLK6K2XNAT4GT54IRSTVXU2RMN6V3YB/

Mageia 2021-0466: weechat security update>

Wednesday 6th of October 2021 05:43:05 PM
A crafted WebSocket frame could result in a crash in the weechat Relay plugin. References: - https://bugs.mageia.org/show_bug.cgi?id=29513 - https://www.debian.org/lts/security/2021/dla-2770

Mageia 2021-0461: apache security update>

Wednesday 6th of October 2021 12:39:47 PM
The updated packages fix a security vulnerabilities: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The

Debian: DSA-4981-1: firefox-esr security update>

Wednesday 6th of October 2021 12:37:03 PM
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

More in Tux Machines

PinePhone Pro is here, Finally. A premium Linux Smartphone

PINE64 announced that a pro version of the popular PinePhone is now available for pre-order. Here’s the spec and information. Read more

today's howtos (GIMP only)

C/C++ Programming/Development

  • How to pass a struct to a function in C

    A structure has been widely used as a user-defined data type in the C language. The purpose of using structures in C is to create a single data type that would be used further to group various data type variables or elements into one type. The structure has been used as a global variable so all the functions can access it easily. This means it can’t be declared in the main method so that we can use it anywhere.

  • C++ String Reverse

    If the string, “vwxyz“, is reproduced in the new order as, “zyxwv“. Then the string has been reversed. Unfortunately, such direct reversibility is not possible in C++. However, there is a classical workaround for reversing a string in C++. Keep reading this article to know-how. A string can be created in two main ways in C++. A string can be created as a constant pointer to a sequence of characters. A string can also be created by instantiating a string object from the string class. This article deals with string objects instantiated from the string class. This means the string library has to be included in order to execute the code samples in this article. A string object is a data structure where the string literal is a list. Each character is of one element in the list. And so, a literal string can be handled like an array of elements. This article explains the classical workaround to reverse a string in C++. This essentially iterates the string literal, backward. Having a summary knowledge of forward iteration enables the reader to understand reverse iteration better. This article deals with string objects instantiated from the string class.

  • C++ String starts with

    There comes a time when the programmer has to know what a string starts with. This knowledge can be used to choose or eliminate items in a list of characters. So, a programmer may want to know if a string starts with a particular character or with a particular sub-string. A programmer can write code that will check the initial characters of a string, one-by-one, and compare that with a prefix sub-string. However, all the strategies involved have already been done by the C++ string library. The C++ string class of the string library has the member function, starts_with(). This does the work for the programmer, but the programmer needs to know how to use the function. And that is why this tutorial is being produced. There are three variants of the string starts_with() member function. Variants of the same function are called overloaded functions. The basic approach for the start_with() member function is to compare a short independent sub-string with the first short segment of the string in question. If they are the same, then the function returns true. If they are different, the function returns false.

  • Function Overloading in C

    Function overloading is a very well-known concept used in object-oriented languages having many functions with the same name and different parameters in a single code. The object-oriented programming languages which support function overloading include Java and C++. As the C compiler doesn’t allow it to be used in the code hence, it isn’t easy to implement function overloading in C. Yet; we can still achieve the same thing with some technique. Let’s start this article with the opening of the shell terminal of Ubuntu 20.04 LTS.

PineTime Smartwatch and Good Code Play Bad Apple

PineTime is the open smartwatch from our friends at Pine64. [TT-392] wanted to prove the hardware can play a full-motion music video, and they are correct, to a point. When you watch the video below, you should notice the monochromatic animation maintaining a healthy framerate, and there lies all the hard work. Without any modifications, video would top out at approximately eight frames per second. To convert an MP4, you need to break it down into images, which will strip out the sound. Next, you load them into the Linux-only video processor, which looks for clusters of pixels that need changing and ignores the static ones. Relevant pixel selection takes some of the load off the data running to the display and boosts the fps since you don’t waste time reminding it that a block of black pixels should stay the way they are. Lastly, the process will compress everything to fit it into the watch’s onboard memory. Even though it is a few minutes of black and white pictures, compiling can take a couple of hours. Read more