Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 6 weeks 3 days ago

Debian LTS: DLA-1315-1: libvirt security update

Saturday 24th of March 2018 05:24:00 PM
LinuxSecurity.com: Daniel P. Berrange and Peter Krempa of Red Hat discovered a flaw in libvirt, a virtualization API. A lack of restriction for the amount of data read by QEMU Monitor socket can lead to a denial of service by exhaustion of memory resources.

openSUSE: 2018:0799-1: important: python-paramiko

Saturday 24th of March 2018 12:10:00 AM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

SUSE: 2018:0785-1: important: the Linux Kernel

Friday 23rd of March 2018 06:08:00 PM
LinuxSecurity.com: An update that solves 10 vulnerabilities and has 70 fixes is now available.

Ubuntu 3595-2: Samba vulnerability

Friday 23rd of March 2018 06:00:00 PM
LinuxSecurity.com: Samba could be made to crash if it received specially crafted input.

Debian LTS: DLA-1314-1: simplesamlphp security update

Friday 23rd of March 2018 12:58:00 PM
LinuxSecurity.com: Cure53 discovered that in SimpleSAMLphp, in rare circumstances an invalid signature on the SAML 2.0 HTTP Redirect binding could be considered valid.

openSUSE: 2018:0780-1: important: qemu

Friday 23rd of March 2018 12:07:00 AM
LinuxSecurity.com: An update that solves 8 vulnerabilities and has four fixes is now available.

Debian: DSA-4149-1: plexus-utils2 security update

Thursday 22nd of March 2018 11:17:00 PM
LinuxSecurity.com: Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.

Debian: DSA-4148-1: kamailio security update

Thursday 22nd of March 2018 11:08:00 PM
LinuxSecurity.com: Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.

Debian LTS: DLA-1313-1: isc-dhcp security update

Thursday 22nd of March 2018 10:18:00 PM
LinuxSecurity.com: Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues:

Debian LTS: DLA-1312-1: libvorbisidec security update

Thursday 22nd of March 2018 10:15:00 PM
LinuxSecurity.com: Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened.

Ubuntu 3605-1: Sharutils vulnerability

Thursday 22nd of March 2018 05:44:00 PM
LinuxSecurity.com: Sharutils could be made to execute arbitrary code if it opened a specially crafted file.

SUSE: 2018:0778-1: important: memcached

Thursday 22nd of March 2018 05:27:00 PM
LinuxSecurity.com: An update that fixes 9 vulnerabilities is now available.

Debian LTS: DLA-1311-1: adminer security update

Thursday 22nd of March 2018 03:11:00 PM
LinuxSecurity.com: It was discovered that there was a server-side request forgery exploit in adminer, a web-based database administration tool. Adminer allowed unauthenticated connections to be initiated to arbitrary

RedHat: RHSA-2018-0577:01 Important: Red Hat JBoss BPM Suite 6.4.9 security

Thursday 22nd of March 2018 08:11:00 AM
LinuxSecurity.com: An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2018-0576:01 Important: Red Hat JBoss BRMS 6.4.9 security

Thursday 22nd of March 2018 08:10:00 AM
LinuxSecurity.com: An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

ArchLinux: 201803-21: lib32-libvorbis: multiple issues

Thursday 22nd of March 2018 02:52:00 AM
LinuxSecurity.com: The package lib32-libvorbis before version 1.3.6-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

Gentoo: GLSA-201803-11: WebKitGTK+: Multiple Vulnerabilities

Thursday 22nd of March 2018 12:30:00 AM
LinuxSecurity.com: Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.

Gentoo: GLSA-201803-10: collectd: Multiple vulnerabilities

Thursday 22nd of March 2018 12:20:00 AM
LinuxSecurity.com: Gentoo's collectd package contains multiple vulnerabilities, the worst of which may allow local attackers to escalate privileges.

SUSE: 2018:0762-1: important: qemu

Wednesday 21st of March 2018 09:07:00 PM
LinuxSecurity.com: An update that solves 8 vulnerabilities and has four fixes is now available.

Debian LTS: DLA-1310-1: exempi security update

Wednesday 21st of March 2018 07:49:00 PM
LinuxSecurity.com: Various issues were discovered in exempi, a library to parse XMP metadata that may cause a denial-of-service or may have other unspecified impact via crafted files.

More in Tux Machines

Android Leftovers

Graphics: XWayland and Mesa

  • XWayland Gets Patches For Better EGLStreams Handling
    While the recently released X.Org Server 1.20 has initial support for XWayland with EGLStreams so X11 applications/games on Wayland can still benefit from hardware acceleration, in its current state it doesn't integrate too well with Wayland desktop compositors wishing to support it. That's changing with a new patch series.
  • Intel Mesa Driver Finally Supports Threaded OpenGL
    Based off the Gallium3D "mesa_glthread" work for threaded OpenGL that can provide a measurable win in some scenarios, the Intel i965 Mesa driver has implemented this support now too. Following the work squared away last year led in the RadeonSI driver, the Intel i965 OpenGL driver supports threaded OpenGL when the mesa_glthread=true environment variable is set.
  • Geometry & Tessellation Shaders For Mesa's OpenGL Compatibility Context
    With the recent Mesa 18.1 release there is OpenGL 3.1 support with the ARB_compatibility context for the key Gallium3D drivers, but Marek Olšák at AMD continues working on extending that functionality under the OpenGL compatibility context mode.
  • Mesa Begins Its Transition To Gitlab
    Following the news from earlier this month that FreeDesktop.org would move its infrastructure to Gitlab, the Mesa3D project has begun the process of adopting this Git-centered software.

Welcome to Ubuntu 18.04: Make yourself at GNOME. Cup of data-slurping dispute, anyone?

Comment Ubuntu 18.04, launched last month, included a new Welcome application that runs the first time you boot into your new install. The Welcome app does several things, including offering to opt you out of Canonical's new data collection tool. The tool also provides a quick overview of the new GNOME interface, and offers to set up Livepatch (for kernel patching without a reboot). In my review I called the opt-out a ham-fisted decision, but did note that if Canonical wanted to actually gather data, opt-out was probably the best choice. Read more

How CERN Is Using Linux and Open Source

CERN really needs no introduction. Among other things, the European Organization for Nuclear Research created the World Wide Web and the Large Hadron Collider (LHC), the world’s largest particle accelerator, which was used in discovery of the Higgs boson. Tim Bell, who is responsible for the organization’s IT Operating Systems and Infrastructure group, says the goal of his team is “to provide the compute facility for 13,000 physicists around the world to analyze those collisions, understand what the universe is made of and how it works.” Read more