Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 2 hours 36 min ago

Fedora 34: linux-firmware 2021-2443b22fa0>

Sunday 18th of July 2021 09:13:47 PM
* Update to upstream 20210716 release * update NXP 8897/8997 firmware images * rtlwifi: de-dupe rtl8723b/rtl8192e SDIO/USB WiFi firmware * Mediatek: update WiFi/bluetooth chip (MT7921) * Mediatek: update MT7915 firmware to 20201105 * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2946 * cxgb4: Update firmware to revision 1.26.0.0 * firmware/i915/guc: Add HuC v7.9.3 for TGL & DG1 *

Debian: DSA-4940-1: thunderbird security update>

Sunday 18th of July 2021 11:15:11 AM
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the stable distribution (buster), these problems have been fixed in

Gentoo: GLSA-202107-41: Dovecot: Multiple vulnerabilities>

Saturday 17th of July 2021 11:48:58 PM
Multiple vulnerabilities have been found in Dovecot, the worst of which could result in a Denial of Service condition.

Fedora 34: firefox 2021-722e2543fe>

Saturday 17th of July 2021 09:26:14 PM
New upstream version (90.0) Disabled Wayland on KDE by default due to popup bugs.

Fedora 33: chromium 2021-ca58c57bdf>

Saturday 17th of July 2021 09:04:26 PM
Fix crash in ThemeService (thanks to OpenSUSE) ---- Security fixes. CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 CVE-2021-30521 CVE-2021-30522 CVE-2021-30523 CVE-2021-30524 CVE-2021-30525

openSUSE: 2021:1050-1 moderate: fossil>

Saturday 17th of July 2021 08:18:55 PM
An update that contains security fixes can now be installed.

openSUSE: 2021:1051-1 moderate: fossil>

Saturday 17th of July 2021 08:17:52 PM
An update that contains security fixes can now be installed.

openSUSE: 2021:1052-1 moderate: fossil>

Saturday 17th of July 2021 08:15:50 PM
An update that contains security fixes can now be installed.

Gentoo: GLSA-202107-40: MediaWiki: Multiple vulnerabilities>

Saturday 17th of July 2021 01:12:48 AM
Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition.

Gentoo: GLSA-202107-39: Apache Commons FileUpload: Multiple vulnerabilities>

Saturday 17th of July 2021 01:11:35 AM
Multiple vulnerabilities have been found in Apache Commons FileUpload, the worst of which could result in a Denial of Service condition.

Gentoo: GLSA-202107-38: Apache: Multiple vulnerabilities>

Saturday 17th of July 2021 01:06:50 AM
Multiple vulnerabilities have been found in Apache, the worst of which could result in a Denial of Service condition.

ArchLinux: 202107-31: vivaldi: arbitrary code execution>

Friday 16th of July 2021 12:53:01 PM
The package vivaldi before version 4.0.2312.41-1 is vulnerable to arbitrary code execution.

ArchLinux: 202107-30: chromium: arbitrary code execution>

Friday 16th of July 2021 12:52:54 PM
The package chromium before version 91.0.4472.164-1 is vulnerable to arbitrary code execution.

ArchLinux: 202107-29: systemd: denial of service>

Friday 16th of July 2021 12:52:47 PM
The package systemd before version 249-2 is vulnerable to denial of service.

ArchLinux: 202107-28: varnish: url request injection>

Friday 16th of July 2021 12:52:40 PM
The package varnish before version 6.6.1-1 is vulnerable to url request injection.

ArchLinux: 202107-27: mbedtls: information disclosure>

Friday 16th of July 2021 12:52:33 PM
The package mbedtls before version 2.26.0-1 is vulnerable to information disclosure.

ArchLinux: 202107-26: python-pillow: arbitrary code execution>

Friday 16th of July 2021 12:52:25 PM
The package python-pillow before version 8.3.0-1 is vulnerable to arbitrary code execution.

Mageia 2021-0356: python-django security update>

Friday 16th of July 2021 06:26:35 AM
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability (CVE-2021-28658).

Mageia 2021-0355: thunderbird security update>

Friday 16th of July 2021 06:26:34 AM
IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969). Use-after-free in accessibility features of a document (CVE-2021-29970).

Mageia 2021-0354: firefox security update>

Friday 16th of July 2021 06:26:33 AM
A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility was enabled (CVE-2021-29970). Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and

More in Tux Machines

Today in Techrights

today's leftovers

  • Closed Hands is a deep interactive fiction about a terror attack out now for Linux

    Developer Passenger has announced that their interactive fiction game Closed Hands is now available with a native Linux version from itch.io. While the story itself and the city are fictional, it pulls from Passenger founder and artist Dan Hett's own personal experience of losing his brother Martyn Hett in the Manchester terror attack in 2017. It's a pretty powerful piece of fiction that isn't often explored, especially not in this way.

  • Nanotale Now Available on Mac and Linux From Fishing Cactus

    Fishing Cactus has revealed that their latest fantasy adventure in the Typing Chronicles series, Nanotale, is now available on Linux and Mac. If that wasn’t enough, they are also bringing the hotly requested Arena mode to all versions of the game, as well as a 25% off discount on Steam if you buy the game within the first 48 hours of the update, starting from today at 7pm CEST/10am PT, bringing endless replayability to keyboard wielding adventurers and travellers alike.

  • LibreOffice Conference Sponsorship Package

    By sponsoring the LibreOffice Conference you will have the opportunity to connect with one of the largest and most dynamic FOSS communities, with supporters, volunteers and users in every country in the world. The virtual event lasts for three days, from 23 to 25 September 2021.

  • Support for Istio 1.9 ends on August 18th, 2021

    According to Istio’s support policy, minor releases like 1.9 are supported for three months after the next minor release. Since 1.10 was released on May 18th, support for 1.9 will end on August 18th, 2021.

  • Corporate Participation in the Open Source Community [Ed: Corporate Participation or Corporate Takeover? This mentions GitHub, which is a hostile abduction of projects to undermine the freedom of software and to interfere with communities (giving Microsoft control over them)]

    Open-source software is prolific in technology today. Just about everything from supercomputers to consumer electronics is powered by at least one piece of open source code. But many businesses find themselves launching open-source products at a rapidly accelerating pace without truly understanding either the benefits that come with it or the potential pitfalls that must be avoided. Let’s talk about what open source means to your business, and how you can leverage it to serve both your customers and your business needs.

  • Week 6-7 KDE GSoc

    setting up mingw on windows is PITA, at first since i am not used to backslash for filepaths, it load the gdb printers, i then realised that it does not come with python enabled. Downloaded a new one it does not come with python3 instead it is python 2.7. [...] it inherits from a QFiledeviceprivate, but the size of the qfiledeviceprivate is not consistent across operating system, architectures and qt5 versions.I got the list of offset from the qtcreator types this problem exists for also qprocess (not fully implemented as of now) and for others as i may not be able to get it size for all operating systems, architectures and qt5 versions.

  • Eclipse OpenJ9 0.27 Released For OpenJDK 8/11/16 Alternative

    The Eclipse Foundation has released OpenJ9 as the latest version of their high performance virtual machine that continues advancing four years after IBM donated the original J9 code.

Kernel: WiFiWart, antiX, Floppy Disk Driver

  • WiFiWart Boots Linux, Moves To Next Design Phase | Hackaday

    Over the last few months we’ve been keeping an eye on WiFiWart, an ambitious project to develop a Linux single-board computer (SBC) small enough to fit inside a USB wall charger. Developer [Walker] says the goal is to create an easily concealable “drop box” for penetration testing, giving security researchers a valuable foothold inside a target network from which to preform reconnaissance or launch attacks. Of course, we don’t need to tell Hackaday readers that there’s plenty of other things you can do with such a tiny open hardware Linux SBC. Today we’re happy to report that [Walker] has gotten the first version of the board booted into Linux, though as you might expect given a project of this complexity, there were a few bumps along the way. From the single missing resistor that caused U-Boot to throw up an error to the finer points of compiling the kernel for an embedded board, the latest blog post he’s written up about his progress provides fascinating insight into the little gotchas of bringing up a SBC from scratch.

  • antiX Security updated kernels

    Latest security fix kernels should now be in the repos. All users are strongly advised to upgrade (via synaptic, cli-aptiX or package-installer).

  • Linux X86 Assembly – How To Make Payload Extraction Easier - Security Boulevard [Ed: Very Linux-hostile site with connections to Microsoft]

    In the last blog post of the X86 Linux assembly series, we focused on how to make our Hello World payload friendly for use as a payload in exploits. However, we didn’t cover how to extract the payload itself for use in exploits. Sure you could view the Objdump output and copy each hex byte out by hand, but that would be tedious and time consuming. Today I want to cover a method for extracting our custom payload from an object file created with GAS using Objcopy.

  • Linux Regressed Its Floppy Disk Driver - Someone Actually Noticed Just A Few Months Later - Phoronix

    It turns out there is actually people running modern versions of the Linux kernel in 2021 that also are using floppy disks. There remains a lot of vintage hardware code within the Linux kernel like enthusiasts maintaining the Motorola 68000 series support, among a lot of other older hardware and many drivers for peripherals that haven't been sold new in many years -- including the floppy disk code. But as is often the case, besides it becoming increasingly rare for users of old hardware in general, it's increasingly rare to find vintage computer owners running modern versions of the Linux kernel. But some still do, with the latest example being a regression report over the Linux floppy driver.

Audiocasts/Shows: Linux in the Ham Shack, Linux Mint 20.2 “Uma” Xfce, and a Look at InfinityBook

  • LHS Episode #421: YOTA Camp Deep Dive | Linux in the Ham Shack

    Hello and welcome to Episode 421 of Linux in the Ham Shack. In this episode, the hosts interview Neil Rapp, WB2VPG, coordinator of the IARU Region 2 YOTA camp and Peter Lafreniere, N8JPL, one of the youth participants. The topics include an in-depth look at what the campers experienced, events held, challenges faced, and the future of the event. We hope you enjoy this interview and deep and have a great week until the next time we meet.

  • Linux overview | Linux Mint 20.2 “Uma” Xfce

    In this video, I am going to show an overview of Linux Mint 20.2 "Xfce" and some of the applications pre-installed.

  • Full Review: The new InfinityBook Pro 14 Linux Notebook from Tuxedo Computers

    Tuxedo sent over their InfinityBook Pro 14 Linux notebook to the studio for me to review, and in this video, I'll give you my thoughts. And it very well might have the best screen from any notebook I've ever reviewed.