Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 3 hours 54 min ago

SUSE: 2019:3294-1 important: the Linux Kernel>

Friday 13th of December 2019 07:15:04 PM
An update that solves 16 vulnerabilities and has 124 fixes is now available.

SUSE: 2019:3296-1 important: xen>

Friday 13th of December 2019 07:13:50 PM
An update that fixes 6 vulnerabilities is now available.

SUSE: 2019:3293-1 important: libssh>

Friday 13th of December 2019 07:13:05 PM
An update that fixes one vulnerability is now available.

Debian: DSA-4565-2: intel-microcode security update>

Friday 13th of December 2019 03:15:51 PM
This update ships updated CPU microcode for CFL-S (Coffe Lake Desktop) models of Intel CPUs which were not yet included in the Intel microcode update released as DSA 4565-1. For details please refer to https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/IPU-2019.2-microcode-update-guidance-v1.01.pdf

Debian: DSA-4583-1: spip security update>

Friday 13th of December 2019 02:33:56 PM
A vulnerability was discovered in the SPIP publishing system, which could result in unauthorised writes to the database by authors. The oldstable distribution (stretch) is not affected.

Debian: DSA-4582-1: davical security update>

Friday 13th of December 2019 02:33:01 PM
Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For the oldstable distribution (stretch), these problems have been fixed

Mageia 2019-0385: proftpd security update>

Friday 13th of December 2019 02:26:37 PM
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server

Mageia 2019-0384: wireshark security update>

Friday 13th of December 2019 02:26:36 PM
Version 3.0.7 fixes the following security vulnerability: CMS dissector crash (CVE-2019-19553). This update also brings the Mageia package from version 3.0.4 to 3.0.7.

Mageia 2019-0383: openafs security update>

Friday 13th of December 2019 02:26:35 PM
Update to security-release 1.8.5, adresses: * OPENAFS-SA-2019-001: Skip server OUT args on error * OPENAFS-SA-2019-002: Zero all server RPC args * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref

Fedora 30: knot-resolver FEDORA-2019-44ccfa9b29>

Thursday 12th of December 2019 08:04:59 PM
- update to upstream version 4.3.0 - fixes CVE-2019-19331 - root.keys is moved to /var/lib/knot-resolver - knot-resolver no longer requires write permission to /etc/knot-resolver/

Fedora 30: xen FEDORA-2019-3d7105bd2a>

Thursday 12th of December 2019 08:04:42 PM
Device quarantine for alternate pci assignment methods [XSA-306]

Fedora 31: knot-resolver FEDORA-2019-866dc03603>

Thursday 12th of December 2019 07:55:08 PM
- update to upstream version 4.3.0 - fixes CVE-2019-19331 - root.keys is moved to /var/lib/knot-resolver - knot-resolver no longer requires write permission to /etc/knot-resolver/

RedHat: RHSA-2019-4201:01 Moderate: CloudForms 5.0.1 security,>

Thursday 12th of December 2019 07:36:10 PM
An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

SUSE: 2019:3288-1 important: haproxy>

Thursday 12th of December 2019 04:12:12 PM
An update that fixes one vulnerability is now available.

SUSE: 2019:14249-1 important: openssl>

Thursday 12th of December 2019 04:11:32 PM
An update that fixes one vulnerability is now available.

More in Tux Machines

Today in Techrights

21 Important Penetration Tools in Kali Linux

Kali Linux uses many kinds of penetration tools to assess the security situation of your devices and networks. Whether you are looking to advance your career as an ethical tester or find the vulnerabilities of your systems, these powerful tools yield excellent results. Almost all of them should be accessible from the main Kali Linux terminal. Note: if you are an ethical tester, you must have the necessary permissions to access another person’s device, unless you’re testing on your own devices. Read more

Hello, LineageOS 17.1

We have been working extremely hard since Android 10’s release last August to port our features to this new version of Android. Thanks to massive refactoring done in some parts of AOSP, we had to work harder than anticipated to bring some features forward, and in some cases, introduced implementations similar to some of our features into AOSP (but we’ll get to that later). First, let’s talk about naming versioning - you may be thinking “Shouldn’t this be 17.0, as AOSP is on 10, and not 10.1?”. and given our previous versioning, you’d be correct. When the December Android Security Bulletin (ASB) dropped, we rebased on the more feature filled Google Pixel 4/4 XL tag of AOSP. We decided that, in the future, if we decide for any reason to rebase a large number of repos on a different tag, we will uprev our subversion, eg. 17.0 -> 17.1. As per this migration, on March 4th, we locked all lineage-17.0 branches and abandoned existing 17.0 changes. Not to fear, you can always cherry-pick your changes to 17.1, even via the Gerrit UI if you’d like! Read more Also: LineageOS 17.1 released

Red Hat Enterprise Linux helps pioneering unmanned marine research

In 1620, the Mayflower embarked on an uncertain journey across the Atlantic Ocean, with more than 100 pilgrims on board hoping to begin a new life in the New World. Now, 400 years later, The Mayflower Autonomous Ship (MAS) will follow in the footsteps of the original ship from Plymouth, England to Plymouth, Massachusetts. Only this time, there will be no human captain or onboard crew. It will be one of the first full-sized, fully-autonomous and unmanned vessels to cross the Atlantic Ocean. The MAS project is a global collaboration led by marine research organization Promare. Conceived as a way to commemorate the 400th anniversary of the Mayflower voyage, it could have long-lasting implications for the shipping industry and the future of oceanographic research. The autonomous shipping market is projected to grow from $90BN today to over $130BN by 2030. However; many of today's autonomous ships are just automated and do not dynamically adapt to new situations. Using an integrated set of IBM's AI, cloud, and edge technologies, ProMare is aiming to give the Mayflower the ability to operate independently in some of the most challenging circumstances on the planet. Read more