Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 1 hour 34 min ago

Fedora 27: jackson-databind Security Update

Wednesday 7th of February 2018 01:18:00 PM
LinuxSecurity.com: Security fixes for CVE-2017-17485 and CVE-2018-5968.

Fedora 26: jackson-databind Security Update

Wednesday 7th of February 2018 01:00:00 PM
LinuxSecurity.com: Security fixes for CVE-2017-17485 and CVE-2018-5968.

Slackware: 2018-037-01: Slackware 14.2 kernel Security Update

Wednesday 7th of February 2018 06:34:00 AM
LinuxSecurity.com: New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 2.

Debian: DSA-4105-1: mpv security update

Wednesday 7th of February 2018 02:49:00 AM
LinuxSecurity.com: It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user.

Fedora 27: p7zip Security Update

Tuesday 6th of February 2018 03:40:00 PM
LinuxSecurity.com: Security fix for CVE-2017-17969 (from Debian)

Fedora 27: zziplib Security Update

Tuesday 6th of February 2018 03:39:00 PM
LinuxSecurity.com: Security fix for CVE-2018-6381

Fedora 27: tomcat Security Update

Tuesday 6th of February 2018 03:39:00 PM
LinuxSecurity.com: This update includes a rebase from 8.0.47 to 8.0.49.

Fedora 27: flatpak Security Update

Tuesday 6th of February 2018 03:39:00 PM
LinuxSecurity.com: This is a security fix release that fixes a sandbox escape in the flatpak dbus proxy. This issue was found by Gabriel Campana of The Google Security Team. Major changes in 0.10.3 * Fix dbus proxy vulnerability in authentication phase * Make permission handling ignore unknown permissions for forwards compatibility * Removed incorrect error message in update --appdata when ther

Fedora 27: thunderbird Security Update

Tuesday 6th of February 2018 03:39:00 PM
LinuxSecurity.com: Update to latest upstream stable version.

Fedora 27: rsync Security Update

Tuesday 6th of February 2018 03:39:00 PM
LinuxSecurity.com: New version 3.1.3, includes security fix for CVE-2018-5764

Fedora 27: mupdf Security Update

Tuesday 6th of February 2018 03:38:00 PM
LinuxSecurity.com: CVE-2017-17858 (rh bz #1537952) (gs bz #698819) CVE-2018-5686 (rh bz #1539854) gs bz #698860)

Fedora 27: squid Security Update

Tuesday 6th of February 2018 03:38:00 PM
LinuxSecurity.com: Bugfix + security update

Fedora 27: community-mysql Security Update

Tuesday 6th of February 2018 03:37:00 PM
LinuxSecurity.com: **MySQL 5.7.21** Bugs fixed: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html CVE fixed: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html CVE-2018-2696 CVE-2018-2703 CVE-2018-2565 CVE-2018-2573 CVE-2018-2576 CVE-2018-2583 CVE-2018-2586 CVE-2018-2590 CVE-2018-2600 CVE-2018-2612

SUSE: 2018:0374-1: important: MozillaFirefox

Tuesday 6th of February 2018 03:08:00 PM
LinuxSecurity.com: An update that fixes 11 vulnerabilities is now available.

Debian LTS: DLA-1270-1: xen security update

Tuesday 6th of February 2018 01:35:00 PM
LinuxSecurity.com: Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation. For Debian 7 "Wheezy", these problems have been fixed in version

Fedora 26: p7zip Security Update

Tuesday 6th of February 2018 10:54:00 AM
LinuxSecurity.com: Security fix for CVE-2017-17969 (from Debian)

Ubuntu 3550-2: ClamAV vulnerabilities

Monday 5th of February 2018 04:29:00 PM
LinuxSecurity.com: Several security issues were fixed in ClamAV.

Fedora 26: rsync Security Update

Monday 5th of February 2018 02:39:00 PM
LinuxSecurity.com: Removing dependencies on systemd-units ---- New version 3.1.3, includes security fix for CVE-2018-5764

RedHat: RHSA-2018-0275:01 Important: jboss-ec2-eap security, bug fix,

Monday 5th of February 2018 02:25:00 PM
LinuxSecurity.com: An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2018-0273:01 Important: Red Hat Satellite 6 security, bug fix,

Monday 5th of February 2018 01:56:00 PM
LinuxSecurity.com: An update is now available for Red Hat Satellite 6.2 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

More in Tux Machines

Security: Vista10 and uTorrent Holes Found by Google

  • Google drops new Edge zero-day as Microsoft misses 90-day deadline

    Google originally shared details of the flaw with Microsoft on 17 November 2017, but Microsoft wasn’t able to come up with a patch within Google’s non-negotiable “you have 90 days to do this” period.

  • Google Goes Public with Another Major Windows 10 Bug
    After revealing an Edge browser vulnerability that Microsoft failed to fix, Google is now back with another disclosure, this time aimed at Windows 10 Fall Creators Update (version 1709), but potentially affecting other Windows versions as well. James Forshaw, a security researcher that’s part of Google’s Project Zero program, says the elevation of privilege vulnerability can be exploited because of the way the operating system handles calls to Advanced Local Procedure Call (ALPC). This means a standard user could obtain administrator privileges on a Windows 10 computer, which in the case of an attack, could eventually lead to full control over the impacted system. But as Neowin noted, this is the second bug discovered in the same function, and both of them, labeled as 1427 and 1428, were reported to Microsoft on November 10, 2017. Microsoft said it fixed them with the release of the February 2018 Patch Tuesday updates, yet as it turns out, only issue 1427 was addressed.
  • uTorrent bugs let websites control your computer and steal your downloads

    The vulnerabilities, according to Project Zero, make it possible for any website a user visits to control key functions in both the uTorrent desktop app for Windows and in uTorrent Web, an alternative to desktop BitTorrent apps that uses a web interface and is controlled by a browser. The biggest threat is posed by malicious sites that could exploit the flaw to download malicious code into the Windows startup folder, where it will be automatically run the next time the computer boots up. Any site a user visits can also access downloaded files and browse download histories.

  • BitTorrent Client uTorrent Suffers Security Vulnerability (Updated)

    BitTorrent client uTorrent is suffering from an as yet undisclosed vulnerability. The security flaw was discovered by Google security researcher Tavis Ormandy, who previously said he would reveal a series of "remote code execution flaws" in torrent clients. BitTorrent Inc. has rolled out a 'patch' in the latest Beta release and hopes to fix the stable uTorrent client later this week.

Red Hat introduces updated decision management platform

Troubleshoot a network? No problem. Write a 3,000 word article on Kubernetes cloud container management? When do you want it. Talk to a few hundred people about Linux's history? Been there, done that. Manage a business's delivery routing and shift scheduling? I'll break out in a cold sweat. If you too find the nuts and bolts of business processing management a nightmare, you'll want to check out Red Hat's latest program: Red Hat Decision Manager 7. Read more

KDE Says Its Next Plasma Desktop Release Will Start a Full Second Faster

According to the developer, the upcoming KDE Plasma 5.13 desktop environment release will start a full second faster than previous versions because of the removal of the QmlObjectIncubationController component, which apparently slowed down the entire desktop, and promises to let users pin apps on the panel that contain spaces in their desktop file names. Goodies are also coming to the upcoming KDE Applications 18.04 software suite this spring, which makes creating of new files with the Dolphin file manager instantaneous, improves drag-and-drop support from Spectacle to Chromium, and lets users configure the Gwenview image viewer to no longer display the image action buttons on thumbnails when they hover with the mouse cursor over them. Read more

Intel Coffee Lake OpenGL Performance On Windows 10 vs. Linux

For those curious about the state of Intel's open-source Mesa OpenGL driver relative to the company's closed-source Windows OpenGL driver, here are some fresh benchmark results when making use of an Intel Core i7 8700K "Coffee Lake" processor with UHD Graphics 630 and testing from Windows 10 Pro x64 against Ubuntu 16.04.3 LTS, Ubuntu with the Linux 4.16 Git kernel and Mesa 18.1-dev, and then Intel's own Clear Linux distribution. Read more