Language Selection

English French German Italian Portuguese Spanish Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 3 hours 54 min ago

Fedora 31: blis FEDORA-2019-27e101fdc3

Sunday 15th of September 2019 08:03:05 PM
Don't call popen on ARM (in case it's run with privileges). Also replace patch to use FMA with simd pragma.

Debian: DSA-4523-1: thunderbird security update

Sunday 15th of September 2019 05:16:22 PM
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.

Debian LTS: DLA-1919-2: linux-4.9 security update

Sunday 15th of September 2019 02:51:06 PM
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

openSUSE: 2019:2138-1: important: skopeo

Sunday 15th of September 2019 02:10:59 PM
An update that fixes one vulnerability is now available.

openSUSE: 2019:2137-1: important: buildah

Sunday 15th of September 2019 02:10:23 PM
An update that fixes one vulnerability is now available.

Mageia 2019-0282: wireguard security update

Sunday 15th of September 2019 12:46:31 PM
Updated wireshark packages fix security vulnerability: The Gryphon dissector could go into an infinite loop. For other fixes in this update, see the referenced releasenotes.

Mageia 2019-0281: webkit2 security update

Sunday 15th of September 2019 12:46:29 PM
Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8644).

Mageia 2019-0280: openldap security update

Sunday 15th of September 2019 12:46:28 PM
Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations (CVE-2019-13057).

Mageia 2019-0279: mediawiki security update

Sunday 15th of September 2019 12:46:27 PM
Updated mediawiki packages fix security vulnerabilities: Potential XSS in jQuery (CVE-2019-11358). An account can be logged out without using a token (CSRF) (CVE-2019-12466).

Mageia 2019-0278: kconfig security update

Sunday 15th of September 2019 12:46:26 PM
Updated kconfig packages fix security vulnerability: Dominik Penner discovered that KConfig supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets

Debian: DSA-4522-1: faad2 security update

Sunday 15th of September 2019 11:55:46 AM
Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.

Mageia 2019-0277: nodejs security update

Sunday 15th of September 2019 11:25:17 AM
This update provides nodejs v6.17.1 fixing atleast the following security issues: The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given

Mageia 2019-0276: poppler security update

Sunday 15th of September 2019 10:12:57 AM
The updated packages fix security vulnerabilities: The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap,

Mageia 2019-0275: thunderbird security update

Sunday 15th of September 2019 10:12:56 AM
Updated thunderbird packages fix security vulnerabilities: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message (CVE-2019-11739).

Mageia 2019-0274: expat security update

Sunday 15th of September 2019 10:12:55 AM
Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service (CVE-2018-20843).

openSUSE: 2019:2133-1: moderate: python-urllib3

Saturday 14th of September 2019 08:11:03 PM
An update that fixes three vulnerabilities is now available.

openSUSE: 2019:2135-1: important: rdesktop

Saturday 14th of September 2019 08:10:30 PM
An update that fixes 19 vulnerabilities is now available.

openSUSE: 2019:2131-1: moderate: python-urllib3

Saturday 14th of September 2019 02:11:31 PM
An update that fixes four vulnerabilities is now available.

openSUSE: 2019:2130-1: moderate: go1.12

Saturday 14th of September 2019 02:10:28 PM
An update that solves three vulnerabilities and has two fixes is now available.

Fedora 31: exim FEDORA-2019-1ed7bbb09c

Saturday 14th of September 2019 12:41:04 PM
This is an update fixing CVE-2019-15846.

More in Tux Machines

Ubuntu: Video Encoder Performance, Ubuntu Touch, LZ4 Compression

  • Clear Linux vs. Ubuntu 19.10 Video Encoder Performance On The Core i9 9900K

    Often when doing cross-distribution benchmarks, readers often comment on the performance of Clear Linux particularly for video encoding use-cases as surprisingly different from other distributions. Some argue that it's just over the default CPU frequency scaling governor or compiler flag defaults, so here is a look at that with Ubuntu 19.10 daily benchmarked against Clear Linux. On the same Core i9 9900K system I recently ran some benchmarks looking at Clear Linux vs. Ubuntu 19.10 and then Ubuntu 19.10 with various common tunables to make it more akin to Clear Linux. Ubuntu 19.10 was used due to its recent software components being at similar versions to Intel's rolling-release distribution.

  • Serge Hallyn: First experience with Ubuntu Touch

    For the past few weeks I’ve been using a nexus 4 running ubuntu touch as, mostly, my daily driver. I’ve enjoyed it quite a bit. In part that’s just the awesome size of the nexus 4. In part, it’s the ubuntu touch interface itself. If you haven’t tried it, you really should. (Sailfish ambiances are so much prettier, but ubuntu touch is much nicer to use – the quick switch to switch between two apps, for instance. Would that I could have both.). And in part it’s just the fact that it really feels like – is – a regular ubuntu system.

  • Ubuntu 19.10 to use LZ4 compression to boot even faster

    anonical’s Ubuntu 19.10 “Eoan Ermine” will boot even faster than its predecessor, Ubuntu 19.04 “Disco Dingo” according to Ubuntu’s kernel team. After extensive testing on a variety of compression options on the Ubuntu installation image, Canonical engineers determined that the LZ4 decompression method provided a most appreciable gain in speed.

The Vivaldi 2.8 Release (Proprietary)

  • Vivaldi 2.8 Released with Unified Sync Support for Desktop and Android

    Vivaldi Technologies released today the Vivaldi 2.8 web browser for desktop platforms, including GNU/Linux, macOS, and Windows, an incremental update that adds significant improvements. With Vivaldi 2.8, Vivaldi Technologies continues to give desktop users full control over their browsing experience by adding various improvements across the board, starting with Vivaldi Sync, which now lets you sync bookmarks, passwords, history, notes, and autofill information across desktop and mobile. That's right, starting with Vivaldi 2.8, all your browsing data will be automatically synchronized between your installations of Vivaldi on desktop platforms, such as Linux, Mac, or Windows, and your mobile device where Vivaldi for Android is installed if you use Vivaldi Sync.

  • New Version Vivaldi Web Browser Has Been Released, Install in Ubuntu/Linux

    Vivaldi is the new web browser compare to other famous browsers, the initial release of Vivaldi was in January, 2015. It has improved a lot and evolved since the first release. Basically it is based on the open-source frameworks of Chromium, Blink and Google's V8 JavaScript engine and has a lot of great feature which I will table later. It is known to be the most customizable browser for power users, debuts features that make browsing more personal than ever before. Do we really need another browser? Since we already have a lot of them such as mostly used Firefox, Chrome, Opera and so on. The former CEO of Opera Software Jon Von Tetzchner didn't liked the direction of Opera Web Browser and said "Sadly, it is no longer serving its community of users and contributors - who helped build the browser in the first place." Then created a web browser which has to be fast, rich feature, highly flexible and puts the user first, so Vivaldi was born.

  • Vivaldi 2.8: Inspires new desktop and mobile experiences

    Today we are launching a new upgrade to our desktop version – Vivaldi 2.8. We’re always focused on giving you complete control over your desktop experience, while also making sure to protect your privacy and security online. Vivaldi on the desktop has been our foundation. And now – our inspiration. It continuously pushes us forward to deliver a browser that is made for you.

  • Privacy and the rise of the alternative search engine

    Over the summer we opened our blog to guest bloggers eager to share their perspectives on privacy. In this story, Finn Brownbill explains how we can put an end to tracking in search for the purpose of data collection.

Security Leftovers

  • Security updates for Friday

    Security updates have been issued by Debian (bird, opendmarc, php7.3, and qemu), Fedora (bird, dino, nbdkit, and openconnect), Oracle (nginx:1.14, patch, and thunderbird), Red Hat (dovecot, kernel, kernel-alt, and kernel-rt), Scientific Linux (thunderbird), and SUSE (kernel, openssl, openssl-1_1, python-SQLAlchemy, and python-Werkzeug).

  • Skidmap malware drops LKMs on Linux machines to enable cryptojacking, backdoor access [Ed: This is not a "Linux" issue any more than Adobe Photoshop malicious files are a "Windows" issue ]

    Researchers have discovered a sophisticated cryptomining program that uses loadable kernel modules (LKMs) to help infiltrate Linux machines, and hides its malicious activity by displaying fake network traffic stats. Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access to any user account in the system, according to Trend Micro threat analysts Augusto Remillano II and Jakub Urbanec in a company blog post.

  • Linux for ethical hackers 101

    In order to familiarize yourself with the full range of ethical hacking tools, it is important to be conversant with the Linux OS. As the systems engineer Yasser Ibrahim said in a post on Quora: “In Linux you need to understand from the basics to the advanced, learn the console commands and how to navigate and do everything from your console, also shell programming (not a must, but always preferable), know what a kernel is and how it works, understand the Linux file systems, how to network on Linux.”

today's howtos