Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 19 min 40 sec ago

SUSE: 2019:2426-1 important: nmap

Friday 20th of September 2019 08:13:58 PM
An update that fixes one vulnerability is now available.

SUSE: 2019:2427-1 important: ibus

Friday 20th of September 2019 08:11:44 PM
An update that fixes one vulnerability is now available.

SUSE: 2019:2425-1 important: nmap

Friday 20th of September 2019 08:10:48 PM
An update that fixes two vulnerabilities is now available.

Fedora 31: firefox FEDORA-2019-7f7bace5b4

Friday 20th of September 2019 08:04:58 PM
- Updated to new upstream (69.0.1) - Wayland rendering fixes ---- - The update to 69.0.1 - Fix flickering issues - Fix disappearing webrtc dialogs ---- - Fixed rendering artifacts on Wayland backend

Fedora 31: libldb FEDORA-2019-41c7fa478a

Friday 20th of September 2019 08:04:33 PM
Update to Samba 4.11.0 ---- Update to Samba 4.11.0rc4 ---- Update to Samba 4.11.0rc3 - Security fixes for CVE-2019-10197

Fedora 31: samba FEDORA-2019-41c7fa478a

Friday 20th of September 2019 08:04:33 PM
Update to Samba 4.11.0 ---- Update to Samba 4.11.0rc4 ---- Update to Samba 4.11.0rc3 - Security fixes for CVE-2019-10197

Fedora 31: libtalloc FEDORA-2019-41c7fa478a

Friday 20th of September 2019 08:04:33 PM
Update to Samba 4.11.0 ---- Update to Samba 4.11.0rc4 ---- Update to Samba 4.11.0rc3 - Security fixes for CVE-2019-10197

Fedora 31: libtevent FEDORA-2019-41c7fa478a

Friday 20th of September 2019 08:04:33 PM
Update to Samba 4.11.0 ---- Update to Samba 4.11.0rc4 ---- Update to Samba 4.11.0rc3 - Security fixes for CVE-2019-10197

Fedora 31: openssl FEDORA-2019-9ab7ee6309

Friday 20th of September 2019 08:04:27 PM
Minor update release 1.1.1d with low impact security fixes.

Fedora 31: expat FEDORA-2019-613edfe68b

Friday 20th of September 2019 08:04:26 PM
This update of `expat` fixes the following security issue: * **CVE-2019-15903** -- Fix heap overflow triggered by `XML_GetCurrentLineNumber` (or `XML_GetCurrentColumnNumber`), and deny internal entities closing the doctype The following bug fixes are also included: * Fix cases where `XML_StopParser` did not have any effect when called from inside of an end element handler *

Fedora 31: curl FEDORA-2019-6d7f6fa2c8

Friday 20th of September 2019 08:04:17 PM
- double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) ---- - avoid reporting spurious error in the HTTP2 framing layer (#1690971)

Fedora 31: compat-openssl10 FEDORA-2019-db06efdea1

Friday 20th of September 2019 08:04:14 PM
Patch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html

Debian LTS: DLA-1929-1: php-pecl-http security update

Friday 20th of September 2019 03:07:55 PM
A vulnerability has been discovered in php-pecl-http, the pecl_http module for PHP 5 Extended HTTP Support. A type confusion vulnerability in the merge_param() function allows attackers to crash PHP and possibly

Debian: DSA-4529-1: php7.0 security update

Friday 20th of September 2019 01:58:44 PM
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service.

openSUSE: 2019:2156-1: important: chromium

Friday 20th of September 2019 12:39:20 PM
An update that fixes 35 vulnerabilities is now available.

openSUSE: 2019:2155-1: important: chromium

Friday 20th of September 2019 12:37:56 PM
An update that fixes 35 vulnerabilities is now available.

SciLinux: SLSA-2019-2836-1 Important: dovecot on SL7.x x86_64

Friday 20th of September 2019 11:31:22 AM
dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SL7 x86_64 dovecot-2.2.36-3.el7_7.1.i686.rpm [More...]

SciLinux: SLSA-2019-2829-1 Important: kernel on SL7.x x86_64

Friday 20th of September 2019 11:30:44 AM
A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) SL7 x86 [More...]

RedHat: RHSA-2019-2809:01 Important: kernel-alt security, bug fix,

Friday 20th of September 2019 07:55:11 AM
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2019-2781:01 Important: qpid-proton security update

Friday 20th of September 2019 07:41:15 AM
An update for qpid-proton is now available for Satellite Tools 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

More in Tux Machines

Ubuntu: Video Encoder Performance, Ubuntu Touch, LZ4 Compression

  • Clear Linux vs. Ubuntu 19.10 Video Encoder Performance On The Core i9 9900K

    Often when doing cross-distribution benchmarks, readers often comment on the performance of Clear Linux particularly for video encoding use-cases as surprisingly different from other distributions. Some argue that it's just over the default CPU frequency scaling governor or compiler flag defaults, so here is a look at that with Ubuntu 19.10 daily benchmarked against Clear Linux. On the same Core i9 9900K system I recently ran some benchmarks looking at Clear Linux vs. Ubuntu 19.10 and then Ubuntu 19.10 with various common tunables to make it more akin to Clear Linux. Ubuntu 19.10 was used due to its recent software components being at similar versions to Intel's rolling-release distribution.

  • Serge Hallyn: First experience with Ubuntu Touch

    For the past few weeks I’ve been using a nexus 4 running ubuntu touch as, mostly, my daily driver. I’ve enjoyed it quite a bit. In part that’s just the awesome size of the nexus 4. In part, it’s the ubuntu touch interface itself. If you haven’t tried it, you really should. (Sailfish ambiances are so much prettier, but ubuntu touch is much nicer to use – the quick switch to switch between two apps, for instance. Would that I could have both.). And in part it’s just the fact that it really feels like – is – a regular ubuntu system.

  • Ubuntu 19.10 to use LZ4 compression to boot even faster

    anonical’s Ubuntu 19.10 “Eoan Ermine” will boot even faster than its predecessor, Ubuntu 19.04 “Disco Dingo” according to Ubuntu’s kernel team. After extensive testing on a variety of compression options on the Ubuntu installation image, Canonical engineers determined that the LZ4 decompression method provided a most appreciable gain in speed.

The Vivaldi 2.8 Release (Proprietary)

  • Vivaldi 2.8 Released with Unified Sync Support for Desktop and Android

    Vivaldi Technologies released today the Vivaldi 2.8 web browser for desktop platforms, including GNU/Linux, macOS, and Windows, an incremental update that adds significant improvements. With Vivaldi 2.8, Vivaldi Technologies continues to give desktop users full control over their browsing experience by adding various improvements across the board, starting with Vivaldi Sync, which now lets you sync bookmarks, passwords, history, notes, and autofill information across desktop and mobile. That's right, starting with Vivaldi 2.8, all your browsing data will be automatically synchronized between your installations of Vivaldi on desktop platforms, such as Linux, Mac, or Windows, and your mobile device where Vivaldi for Android is installed if you use Vivaldi Sync.

  • New Version Vivaldi Web Browser Has Been Released, Install in Ubuntu/Linux

    Vivaldi is the new web browser compare to other famous browsers, the initial release of Vivaldi was in January, 2015. It has improved a lot and evolved since the first release. Basically it is based on the open-source frameworks of Chromium, Blink and Google's V8 JavaScript engine and has a lot of great feature which I will table later. It is known to be the most customizable browser for power users, debuts features that make browsing more personal than ever before. Do we really need another browser? Since we already have a lot of them such as mostly used Firefox, Chrome, Opera and so on. The former CEO of Opera Software Jon Von Tetzchner didn't liked the direction of Opera Web Browser and said "Sadly, it is no longer serving its community of users and contributors - who helped build the browser in the first place." Then created a web browser which has to be fast, rich feature, highly flexible and puts the user first, so Vivaldi was born.

  • Vivaldi 2.8: Inspires new desktop and mobile experiences

    Today we are launching a new upgrade to our desktop version – Vivaldi 2.8. We’re always focused on giving you complete control over your desktop experience, while also making sure to protect your privacy and security online. Vivaldi on the desktop has been our foundation. And now – our inspiration. It continuously pushes us forward to deliver a browser that is made for you.

  • Privacy and the rise of the alternative search engine

    Over the summer we opened our blog to guest bloggers eager to share their perspectives on privacy. In this story, Finn Brownbill explains how we can put an end to tracking in search for the purpose of data collection.

Security Leftovers

  • Security updates for Friday

    Security updates have been issued by Debian (bird, opendmarc, php7.3, and qemu), Fedora (bird, dino, nbdkit, and openconnect), Oracle (nginx:1.14, patch, and thunderbird), Red Hat (dovecot, kernel, kernel-alt, and kernel-rt), Scientific Linux (thunderbird), and SUSE (kernel, openssl, openssl-1_1, python-SQLAlchemy, and python-Werkzeug).

  • Skidmap malware drops LKMs on Linux machines to enable cryptojacking, backdoor access [Ed: This is not a "Linux" issue any more than Adobe Photoshop malicious files are a "Windows" issue ]

    Researchers have discovered a sophisticated cryptomining program that uses loadable kernel modules (LKMs) to help infiltrate Linux machines, and hides its malicious activity by displaying fake network traffic stats. Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access to any user account in the system, according to Trend Micro threat analysts Augusto Remillano II and Jakub Urbanec in a company blog post.

  • Linux for ethical hackers 101

    In order to familiarize yourself with the full range of ethical hacking tools, it is important to be conversant with the Linux OS. As the systems engineer Yasser Ibrahim said in a post on Quora: “In Linux you need to understand from the basics to the advanced, learn the console commands and how to navigate and do everything from your console, also shell programming (not a must, but always preferable), know what a kernel is and how it works, understand the Linux file systems, how to network on Linux.”

today's howtos