Language Selection

English French German Italian Portuguese Spanish Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 1 min 14 sec ago

Fedora 31: jbig2dec FEDORA-2019-c8e2c3df22

Saturday 14th of September 2019 12:41:02 PM
rebase to 0.16 (bz #1741605)

Fedora 31: wordpress FEDORA-2019-6897642e3c

Saturday 14th of September 2019 12:40:38 PM
Upstream announcement: [WordPress 5.2.3 Security and Maintenance Release]( maintenance-release/)

Fedora 31: python38 FEDORA-2019-d11594bf0a

Saturday 14th of September 2019 12:39:55 PM
# This is a beta preview of Python 3.8 Python 3.8 is still in development. This release, 3.8.0b4 is the last of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release. # Call to action We **strongly encourage** maintainers of third-party

Fedora 31: pdfbox FEDORA-2019-88f53a7433

Saturday 14th of September 2019 12:39:49 PM
Update to 2.0.16

Fedora 31: irssi FEDORA-2019-d2257607b8

Saturday 14th of September 2019 12:38:55 PM
This is new version of irssi fixing CVE-2019-15717.

Fedora 31: SDL FEDORA-2019-f5558abfef

Saturday 14th of September 2019 12:38:50 PM
This release fixes a heap buffer over-read in BlitNtoN() function when processing an invalid BMP image.

Fedora 31: dovecot FEDORA-2019-ea638fb605

Saturday 14th of September 2019 12:38:16 PM
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes

Fedora 31: pdfresurrect FEDORA-2019-b20614ff74

Saturday 14th of September 2019 12:38:15 PM
* Security fix for CVE-2019-14267 * Security fix for CVE-2019-14934

Fedora 31: chromium FEDORA-2019-b90f48e9aa

Saturday 14th of September 2019 12:37:52 PM
Chromium 76.0.3809.132 update

openSUSE: 2019:2129-1: moderate: libmirage

Saturday 14th of September 2019 08:10:23 AM
An update that fixes one vulnerability is now available.

Fedora 29: sphinx FEDORA-2019-bdadf4c6f5

Friday 13th of September 2019 09:54:57 PM
Security fix for CVE-2019-14511

Fedora 29: libextractor FEDORA-2019-5628767261

Friday 13th of September 2019 09:54:55 PM
Patch for CVE-2019-15531

Debian LTS: DLA-1919-1: linux-4.9 security update

Friday 13th of September 2019 09:21:38 PM
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Fedora 30: sphinx FEDORA-2019-9231a18768

Friday 13th of September 2019 09:13:34 PM
Security fix for CVE-2019-14511

Fedora 30: libextractor FEDORA-2019-62b65ed7f6

Friday 13th of September 2019 09:13:29 PM
Patch for CVE-2019-15531

Debian LTS: DLA-1920-1: golang-go.crypto security update

Friday 13th of September 2019 12:19:49 PM
This package ignored the value of the Hash header, which allows an attacker to spoof it. An attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.

Debian LTS: DLA-1921-1: dnsmasq security update

Friday 13th of September 2019 10:40:28 AM
Samuel R Lovejoy discovered a security vulnerability in dnsmasq. Carefully crafted packets by DNS servers might result in out of bounds read operations, potentially leading to a crash and denial

openSUSE: 2019:2128-1: moderate: srt

Thursday 12th of September 2019 10:58:46 PM
An update that fixes one vulnerability is now available.

SUSE: 2019:2370-1 moderate: python-urllib3

Thursday 12th of September 2019 06:27:47 PM
An update that fixes four vulnerabilities is now available.

SUSE: 2019:2368-1 important: cri-o

Thursday 12th of September 2019 06:24:52 PM
An update that fixes one vulnerability is now available.

More in Tux Machines

Ubuntu: Video Encoder Performance, Ubuntu Touch, LZ4 Compression

  • Clear Linux vs. Ubuntu 19.10 Video Encoder Performance On The Core i9 9900K

    Often when doing cross-distribution benchmarks, readers often comment on the performance of Clear Linux particularly for video encoding use-cases as surprisingly different from other distributions. Some argue that it's just over the default CPU frequency scaling governor or compiler flag defaults, so here is a look at that with Ubuntu 19.10 daily benchmarked against Clear Linux. On the same Core i9 9900K system I recently ran some benchmarks looking at Clear Linux vs. Ubuntu 19.10 and then Ubuntu 19.10 with various common tunables to make it more akin to Clear Linux. Ubuntu 19.10 was used due to its recent software components being at similar versions to Intel's rolling-release distribution.

  • Serge Hallyn: First experience with Ubuntu Touch

    For the past few weeks I’ve been using a nexus 4 running ubuntu touch as, mostly, my daily driver. I’ve enjoyed it quite a bit. In part that’s just the awesome size of the nexus 4. In part, it’s the ubuntu touch interface itself. If you haven’t tried it, you really should. (Sailfish ambiances are so much prettier, but ubuntu touch is much nicer to use – the quick switch to switch between two apps, for instance. Would that I could have both.). And in part it’s just the fact that it really feels like – is – a regular ubuntu system.

  • Ubuntu 19.10 to use LZ4 compression to boot even faster

    anonical’s Ubuntu 19.10 “Eoan Ermine” will boot even faster than its predecessor, Ubuntu 19.04 “Disco Dingo” according to Ubuntu’s kernel team. After extensive testing on a variety of compression options on the Ubuntu installation image, Canonical engineers determined that the LZ4 decompression method provided a most appreciable gain in speed.

The Vivaldi 2.8 Release (Proprietary)

  • Vivaldi 2.8 Released with Unified Sync Support for Desktop and Android

    Vivaldi Technologies released today the Vivaldi 2.8 web browser for desktop platforms, including GNU/Linux, macOS, and Windows, an incremental update that adds significant improvements. With Vivaldi 2.8, Vivaldi Technologies continues to give desktop users full control over their browsing experience by adding various improvements across the board, starting with Vivaldi Sync, which now lets you sync bookmarks, passwords, history, notes, and autofill information across desktop and mobile. That's right, starting with Vivaldi 2.8, all your browsing data will be automatically synchronized between your installations of Vivaldi on desktop platforms, such as Linux, Mac, or Windows, and your mobile device where Vivaldi for Android is installed if you use Vivaldi Sync.

  • New Version Vivaldi Web Browser Has Been Released, Install in Ubuntu/Linux

    Vivaldi is the new web browser compare to other famous browsers, the initial release of Vivaldi was in January, 2015. It has improved a lot and evolved since the first release. Basically it is based on the open-source frameworks of Chromium, Blink and Google's V8 JavaScript engine and has a lot of great feature which I will table later. It is known to be the most customizable browser for power users, debuts features that make browsing more personal than ever before. Do we really need another browser? Since we already have a lot of them such as mostly used Firefox, Chrome, Opera and so on. The former CEO of Opera Software Jon Von Tetzchner didn't liked the direction of Opera Web Browser and said "Sadly, it is no longer serving its community of users and contributors - who helped build the browser in the first place." Then created a web browser which has to be fast, rich feature, highly flexible and puts the user first, so Vivaldi was born.

  • Vivaldi 2.8: Inspires new desktop and mobile experiences

    Today we are launching a new upgrade to our desktop version – Vivaldi 2.8. We’re always focused on giving you complete control over your desktop experience, while also making sure to protect your privacy and security online. Vivaldi on the desktop has been our foundation. And now – our inspiration. It continuously pushes us forward to deliver a browser that is made for you.

  • Privacy and the rise of the alternative search engine

    Over the summer we opened our blog to guest bloggers eager to share their perspectives on privacy. In this story, Finn Brownbill explains how we can put an end to tracking in search for the purpose of data collection.

Security Leftovers

  • Security updates for Friday

    Security updates have been issued by Debian (bird, opendmarc, php7.3, and qemu), Fedora (bird, dino, nbdkit, and openconnect), Oracle (nginx:1.14, patch, and thunderbird), Red Hat (dovecot, kernel, kernel-alt, and kernel-rt), Scientific Linux (thunderbird), and SUSE (kernel, openssl, openssl-1_1, python-SQLAlchemy, and python-Werkzeug).

  • Skidmap malware drops LKMs on Linux machines to enable cryptojacking, backdoor access [Ed: This is not a "Linux" issue any more than Adobe Photoshop malicious files are a "Windows" issue ]

    Researchers have discovered a sophisticated cryptomining program that uses loadable kernel modules (LKMs) to help infiltrate Linux machines, and hides its malicious activity by displaying fake network traffic stats. Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access to any user account in the system, according to Trend Micro threat analysts Augusto Remillano II and Jakub Urbanec in a company blog post.

  • Linux for ethical hackers 101

    In order to familiarize yourself with the full range of ethical hacking tools, it is important to be conversant with the Linux OS. As the systems engineer Yasser Ibrahim said in a post on Quora: “In Linux you need to understand from the basics to the advanced, learn the console commands and how to navigate and do everything from your console, also shell programming (not a must, but always preferable), know what a kernel is and how it works, understand the Linux file systems, how to network on Linux.”

today's howtos