Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 2 hours 1 min ago

openSUSE: 2021:1052-1 moderate: fossil>

Saturday 17th of July 2021 08:15:50 PM
An update that contains security fixes can now be installed.

Gentoo: GLSA-202107-40: MediaWiki: Multiple vulnerabilities>

Saturday 17th of July 2021 01:12:48 AM
Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition.

Gentoo: GLSA-202107-39: Apache Commons FileUpload: Multiple vulnerabilities>

Saturday 17th of July 2021 01:11:35 AM
Multiple vulnerabilities have been found in Apache Commons FileUpload, the worst of which could result in a Denial of Service condition.

Gentoo: GLSA-202107-38: Apache: Multiple vulnerabilities>

Saturday 17th of July 2021 01:06:50 AM
Multiple vulnerabilities have been found in Apache, the worst of which could result in a Denial of Service condition.

ArchLinux: 202107-31: vivaldi: arbitrary code execution>

Friday 16th of July 2021 12:53:01 PM
The package vivaldi before version 4.0.2312.41-1 is vulnerable to arbitrary code execution.

ArchLinux: 202107-30: chromium: arbitrary code execution>

Friday 16th of July 2021 12:52:54 PM
The package chromium before version 91.0.4472.164-1 is vulnerable to arbitrary code execution.

ArchLinux: 202107-29: systemd: denial of service>

Friday 16th of July 2021 12:52:47 PM
The package systemd before version 249-2 is vulnerable to denial of service.

ArchLinux: 202107-28: varnish: url request injection>

Friday 16th of July 2021 12:52:40 PM
The package varnish before version 6.6.1-1 is vulnerable to url request injection.

ArchLinux: 202107-27: mbedtls: information disclosure>

Friday 16th of July 2021 12:52:33 PM
The package mbedtls before version 2.26.0-1 is vulnerable to information disclosure.

ArchLinux: 202107-26: python-pillow: arbitrary code execution>

Friday 16th of July 2021 12:52:25 PM
The package python-pillow before version 8.3.0-1 is vulnerable to arbitrary code execution.

Mageia 2021-0356: python-django security update>

Friday 16th of July 2021 06:26:35 AM
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability (CVE-2021-28658).

Mageia 2021-0355: thunderbird security update>

Friday 16th of July 2021 06:26:34 AM
IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969). Use-after-free in accessibility features of a document (CVE-2021-29970).

Mageia 2021-0354: firefox security update>

Friday 16th of July 2021 06:26:33 AM
A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility was enabled (CVE-2021-29970). Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and

Mageia 2021-0353: tpm2-tools security update>

Friday 16th of July 2021 06:26:32 AM
A flaw was found in tpm2-tools. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality (CVE-2021-3565).

Mageia 2021-0352: aom security update>

Friday 16th of July 2021 06:26:31 AM
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap (CVE-2021-30473). aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free (CVE-2021-30474).

Gentoo: GLSA-202107-37: Apache Commons Collections: Remote code execution>

Friday 16th of July 2021 12:14:31 AM
Apache Commons Collections unsafely deserializes untrusted input, potentially resulting in arbitrary code execution.

openSUSE: 2021:1045-1 moderate: claws-mail>

Thursday 15th of July 2021 11:18:06 PM
An update that fixes one vulnerability is now available.

Fedora 33: linuxptp 2021-a5b584004c>

Thursday 15th of July 2021 09:06:08 PM
Security fixes for CVE-2021-3570 and CVE-2021-3571.

CentOS: CESA-2021-2741: Important CentOS 7 firefox >

Thursday 15th of July 2021 06:22:46 PM
Upstream details at : https://access.redhat.com/errata/RHSA-2021:2741

SciLinux: SLSA-2021-2741-1 Important: firefox on SL7.x x86_64>

Thursday 15th of July 2021 05:33:51 PM
This update upgrades Firefox to version 78.12.0 ESR. * Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970) * Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976) * chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and [More...]

More in Tux Machines

C/C++ Programming/Development

  • How to pass a struct to a function in C

    A structure has been widely used as a user-defined data type in the C language. The purpose of using structures in C is to create a single data type that would be used further to group various data type variables or elements into one type. The structure has been used as a global variable so all the functions can access it easily. This means it can’t be declared in the main method so that we can use it anywhere.

  • C++ String Reverse

    If the string, “vwxyz“, is reproduced in the new order as, “zyxwv“. Then the string has been reversed. Unfortunately, such direct reversibility is not possible in C++. However, there is a classical workaround for reversing a string in C++. Keep reading this article to know-how. A string can be created in two main ways in C++. A string can be created as a constant pointer to a sequence of characters. A string can also be created by instantiating a string object from the string class. This article deals with string objects instantiated from the string class. This means the string library has to be included in order to execute the code samples in this article. A string object is a data structure where the string literal is a list. Each character is of one element in the list. And so, a literal string can be handled like an array of elements. This article explains the classical workaround to reverse a string in C++. This essentially iterates the string literal, backward. Having a summary knowledge of forward iteration enables the reader to understand reverse iteration better. This article deals with string objects instantiated from the string class.

  • C++ String starts with

    There comes a time when the programmer has to know what a string starts with. This knowledge can be used to choose or eliminate items in a list of characters. So, a programmer may want to know if a string starts with a particular character or with a particular sub-string. A programmer can write code that will check the initial characters of a string, one-by-one, and compare that with a prefix sub-string. However, all the strategies involved have already been done by the C++ string library. The C++ string class of the string library has the member function, starts_with(). This does the work for the programmer, but the programmer needs to know how to use the function. And that is why this tutorial is being produced. There are three variants of the string starts_with() member function. Variants of the same function are called overloaded functions. The basic approach for the start_with() member function is to compare a short independent sub-string with the first short segment of the string in question. If they are the same, then the function returns true. If they are different, the function returns false.

  • Function Overloading in C

    Function overloading is a very well-known concept used in object-oriented languages having many functions with the same name and different parameters in a single code. The object-oriented programming languages which support function overloading include Java and C++. As the C compiler doesn’t allow it to be used in the code hence, it isn’t easy to implement function overloading in C. Yet; we can still achieve the same thing with some technique. Let’s start this article with the opening of the shell terminal of Ubuntu 20.04 LTS.

PineTime Smartwatch and Good Code Play Bad Apple

PineTime is the open smartwatch from our friends at Pine64. [TT-392] wanted to prove the hardware can play a full-motion music video, and they are correct, to a point. When you watch the video below, you should notice the monochromatic animation maintaining a healthy framerate, and there lies all the hard work. Without any modifications, video would top out at approximately eight frames per second. To convert an MP4, you need to break it down into images, which will strip out the sound. Next, you load them into the Linux-only video processor, which looks for clusters of pixels that need changing and ignores the static ones. Relevant pixel selection takes some of the load off the data running to the display and boosts the fps since you don’t waste time reminding it that a block of black pixels should stay the way they are. Lastly, the process will compress everything to fit it into the watch’s onboard memory. Even though it is a few minutes of black and white pictures, compiling can take a couple of hours. Read more

today's howtos

  • How to play Dungeon Defenders on Linux

    Dungeon Defenders is a hybrid multiplayer video game developed by Trendy Entertainment. The game was released on Microsoft Windows, Xbox, iOS, Mac OS, Linux, etc. Here’s how to play the game on Linux.

  • How to play Company of Heroes on Linux

    Company of Heroes is a real-time strategy game developed by Relic Entertainment. The game takes place during WWII and was released on Windows, OS X, iOS, Android, and Linux. Here’s how you can play Company of Heroes on your Linux PC.

  • How to Install TeamViewer on Ubuntu Linux

    TeamViewer is a popular cross-platform tool that allows a user to remotely access and control another user’s computer in an easy and secure way. File sharing, remote desktop control and web conferencing between computers are all possible using TeamViewer. TeamViewer is useful for providing remote customer support in organizations, collaborating with colleagues who are far away, and connecting to your own device remotely. This article will walk you through the process of installing TeamViewer on Ubuntu systems.

  • How to Upgrade Ubuntu 21.04 to 21.10 Impish Indri

    Ubuntu has officially released the Ubuntu 21.10 codenamed Impish Indri. This has seen the introduction of GNOME 40 as the default desktop, and sadly GNOME 41 did not make the final cut. The release also introduces Linux Kernel 5.13 among new applications and other back-end performance improvements.

  • How to Extract Tar Bz2 File in Linux - ByteXD

    In this tutorial, we will be showing you how to use tar command to extract tar.bz2 files. Tar stands for tape archive, and it is one of the most used commands that deals with compressed archive files. Bz2 stands for bzip2. It is a specific compression algorithm. The tar command comes pre-installed in most Linux distributions. The tar utility is used to compress and extract files using different algorithms. Tar supports a wide array of compression algorithms such as gzip, bzip2, xz, lzip, etc.

  • How to mount ISO in Kubuntu Linux - Darryl Dias

    Dolphin file manager in Kubuntu (Tested this in Kubuntu 21.04) does not ship with Mount ISO option in the right click menu, but with the help of the dolphin-plugins package we can add this and many other features.

  • Setup OpenWRT on BPi-R2 | Zamir's Board

    It’s pretty easy to get OpenWRT start and running on BPi-R2. However, I realized that I need to extend the root filesystem to the whole disk, which is where the struggling starts.

GNOME Gingerblue 2.0.0 Recording Software supports XSPF 1.0

GNOME Gingerblue 2.0.0 is Free Recording Software for GNOME. In the 2.0.0 release I have added support for XSPF 1.0 from Xiph.org. Read more Also: Free Software Review: Balena Etcher couldn’t be easier for writing ISO images, but do they really need telemetry? – BaronHK's Rants