Language Selection

English French German Italian Portuguese Spanish Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 2 hours 27 min ago

Debian LTS: DLA-2792-1: faad2 security update>

13 hours 47 min ago
Several issues have been found in faad2, a freeware Advanced Audio Decoder player. They are related to heap buffer overflows or null pointer dereferences, which both might allow an attacker to execute code by

Mageia 2021-0488: virtualbox security update>

Saturday 23rd of October 2021 03:49:37 PM
This update provides the upstream 6.1.28 maintenance release that fixes atleast the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.28 contains an easily exploitable vulnerability that allows high privileged attacker with

Mageia 2021-0487: ansible security update>

Saturday 23rd of October 2021 08:06:41 AM
Do not include params in exception when a call to set_options fails. Additionally, block the exception that is returned from being displayed to stdout. (CVE-2021-3620) References:

Mageia 2021-0486: flatpak security update>

Saturday 23rd of October 2021 08:06:40 AM
Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp

Mageia 2021-0485: tomcat security update>

Saturday 23rd of October 2021 08:06:39 AM
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. (CVE-2021-30640) Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66

Mageia 2021-0484: docker-containerd security update>

Saturday 23rd of October 2021 08:06:38 AM
A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky.

Fedora 33: libzapojit 2021-7f5a82ef57>

Friday 22nd of October 2021 11:25:57 PM
Security fix for CVE-2021-39360

Fedora 33: nodejs 2021-cbad295a90>

Friday 22nd of October 2021 11:25:54 PM
## 2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams This is a security release. ### Notable changes * **CVE-2021-22959**: HTTP Request Smuggling due to spaced in headers (Medium) * The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at

Fedora 33: vim 2021-84f4cf3244>

Friday 22nd of October 2021 11:25:44 PM
The newest upstream commit Security fix for CVE-2021-3778 Security fix for CVE-2021-3796 Security fix for CVE-2021-3875 Security fix for CVE-2021-3872

Fedora 34: libzapojit 2021-c3395a5df6>

Friday 22nd of October 2021 11:22:52 PM
Security fix for CVE-2021-39360

Fedora 34: nodejs 2021-9807b754d9>

Friday 22nd of October 2021 11:22:47 PM
## 2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams This is a security release. ### Notable changes * **CVE-2021-22959**: HTTP Request Smuggling due to spaced in headers (Medium) * The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at

Fedora 34: watchdog 2021-31748c40a6>

Friday 22nd of October 2021 11:22:20 PM
fix memory leak when verbose mode is on

Debian: DSA-4991-1: mailman security update>

Friday 22nd of October 2021 02:24:25 PM
Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page.

Ubuntu 5121-1: Mailman vulnerabilities>

Friday 22nd of October 2021 01:57:20 AM
Several security issues were fixed in Mailman.

Ubuntu 5116-2: Linux kernel vulnerabilities>

Thursday 21st of October 2021 09:06:25 PM
Several security issues were fixed in the Linux kernel.

Ubuntu 5120-1: Linux kernel (Azure) vulnerabilities>

Thursday 21st of October 2021 08:31:46 PM
Several security issues were fixed in the Linux kernel.

ArchLinux: 202110-6: nodejs-lts-erbium: multiple issues>

Thursday 21st of October 2021 04:57:51 PM
The package nodejs-lts-erbium before version 12.22.7-1 is vulnerable to multiple issues including arbitrary code execution, url request injection and certificate verification bypass.

ArchLinux: 202110-5: nodejs-lts-fermium: multiple issues>

Thursday 21st of October 2021 04:57:40 PM
The package nodejs-lts-fermium before version 14.18.1-1 is vulnerable to multiple issues including arbitrary code execution, url request injection and certificate verification bypass.

ArchLinux: 202110-4: nodejs: url request injection>

Thursday 21st of October 2021 04:57:29 PM
The package nodejs before version 16.11.1-1 is vulnerable to url request injection.

ArchLinux: 202110-3: virtualbox: multiple issues>

Thursday 21st of October 2021 04:57:18 PM
The package virtualbox before version 6.1.28-1 is vulnerable to multiple issues including sandbox escape, denial of service and information disclosure.

More in Tux Machines

Security Leftovers

9to5Linux Weekly Roundup: October 24th, 2021

This week has been really educational for Linux fans as we were able to install the UnityX desktop environment on Arch Linux, as well as the KDE Plasma 5.23 desktop environment on Kubuntu 21.10. In addition, we were able to test drive the upcoming Ubuntu 22.04 LTS distribution and Ubuntu’s new Desktop Installer. On top of that, this week we saw new releases of the lightweight and systemd-free MX Linux 21 distribution, Gentoo-based Redcore Linux, as well as the Porteus Kiosk distribution for public computers and kisoks. Read more

Programming Leftovers

  • GNU Toolchain Begins Landing LoongArch Support - Phoronix

    In addition to Loongson working on Linux kernel support for their MIPS-derived LoongArch CPU architecture, the first bits of the GNU toolchain support for this Chinese CPU architecture have been merged. The GNU Compiler Collection (GCC) LoongArch support hasn't yet been merged but the GNU Binutils archive saw the initial collection of LoongArch patches merged on Sunday morning.

  • Capacitive Touch Controller for FPGAs

    Most projects that interface with the real world need some sort of input device. Obviously this article is being written from a standardized “human interface device” but when the computers become smaller the problem can get more complicated. We can’t hook up a USB keyboard to every microcontroller since we often only need a few buttons, but even buttons can be a little bit too cumbersome for some applications. For something even simpler, we would like to turn your attention to capacitive touch controllers.

  • Meson v0.60 Build System Brings Numerous Improvements

    Meson 0.60 was released on Sunday as the newest version of this increasingly popular and widely-used cross-platform build system.

  • Josef Strzibny: You can in fact use schemas in migrations

    I saw well-intended recommendations not to use schemas in migrations lately. Although the advice of switching to raw SQL is a good one, we don’t have to give up on schemas entirely.

  • Software Development Life Cycle (SDLC) Automation

    Gone are the days when manual labor used to go through a rigorous time taking process in order to furnish quality products. Today, organizations have shifted their attention towards automated software. Each software goes through a development lifecycle to meet customer requirements of a high-quality product known as SDLC. In the growing software industry, developers compete to produce high-quality software while remaining within their range of cost and time limits. SDLC Automation helps achieve the above goals with minimum manual labor, time, and cost while maintaining a high level of productivity as well as efficiency. This article expounds upon the need for automation in the SDLC process and further sheds light on some of the aspects that software companies must start automating.

  • What is the Difference Between =, == and === in JavaScript?

    JavaScript is a programming language that allows us to create and develop web applications and web pages as well as make our websites more dynamic/interactive. Data can be calculated, manipulated, and validated using JavaScript. Like any other language, JavaScript has operators. An operator produces a result by performing some action on a single or multiple operands (data value). Let’s look at an example of 2+2 where the numbers are left and right side operands and the + is the operator. This + operator adds the two numbers together. With examples, we’ll examine and answer the question that what is the difference between the =,==, and === operators in JavaScript in this article.

  • Is JavaScript Object-Oriented?

    Object-Oriented Programming (OOP), is a programming approach that is used by every developer at some point in their life to organize software design around objects or data rather than logic or functions where an object is an entity that has some properties and some type. The benefits of using the OOP technique include modularity, reusability, security, productivity, flexibility, and is easily scalable and upgradeable.

  • TOAST.UI: Free, Open-source Interactive JavaScript application components

    While working on a project, I need a calendar library. As I do for every project, I tend to not use previously used libraries and try to learn and use something new. That's how I found Toast.ui, an open-source features-rich UI library for building production-ready apps.

  • YAML vs JSON – Which is better?

    Nowadays, almost every person is familiar with the standard format of JSON. Contrarily, individuals who use Docker are surely familiar with YAML. In simpler words, Docker is a toolkit which permits developers to run, build, deploy, modify as well as stop packages through a single API or commands. YAML is a new but popular language used to serialize data. First of all, we should perceive what data serialization is. Data serialization is the most common way of transforming data objects into byte streams used to store, transfer and distribute data on devices. However, they have similar objectives to store structures and data objects into files but distinctive ways to work. In this article, we first go through the features of JSON and YAML, then compare them in-depth to completely comprehend their advantages, and then briefly discuss which one is better.

  • Some Perl Code In Memory of a Great Scientist | martin []

    On August 21, 2021, famous Polish mathematician Andrzej Schinzel passed away at the age of 84. He was one of the great minds behind modern number theory. May he rest in peace. I have extended one of my CPAN modules relating to his work and dedicated the release to his memory.

  • Remove None from the List Python

    In python, when a function returns nothing, it indirectly returns ‘None’. Due to the forthcoming ML (Machine Learning), our focus is now on understanding the None values. The goal behind this is that it is the crucial phase of data preprocessing. Hence, elimination of None values is crucial, so you must know how important it is. Let’s discuss certain techniques in which this is achieved. To replace none in python, we use different techniques such as DataFrame, fillna, or Series. No keyword in python declares the null objects and variables. In python, none refers to the class ‘NoneType’. We can allot None to many variables, and they all point toward a similar object. The interesting fact about none is that we can’t consider false as any. None is a blank string or a 0. Let’s demonstrate it with the help of examples. We use the Spyder compiler or different strategies to explain how python removes null values from the list.

  • Python LDAP example

    LDAP is a LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL. It is an internet protocol that works on TCP/IP, and it is used to access/fetch the information from the directories. All the directories are not preferable; it is usually used to access those directories that are active.

  • Python Multiply List by Scalar

    In Python, the most elementary data building is the sequence. Each sequence element allotted a number – its index or placement. The starting point of the index is ‘0’, the second point is ‘1’, and so forth. Python offers six in-built types of sequences, but the most important or commonly used are lists, which we would discuss in this guide. Python list is the most useful data type. It can be written within a square bracket, and a comma separates every item in the list.

Rocky Linux: An Enterprise-Ready CentOS Replacement

For a long time, CentOS was a reliable choice for a Linux-based servers, because it was effectively a free version of Red Hat Enterprise Linux (RHEL). All the features that made RHEL the dominant enterprise-class Linux were included in CentOS. On December 8th, 2020, Red Hat, which had acquired the CentOS project, abruptly announced a change in its focus in the wake of Red Hat’s acquisition by IBM. They announced they would be shifting all of their investment in CentOS Linux from the popular downstream CentOS distribution. This move also meant that CentOS would be upstream of RHEL, rather than downstream, so CentOS users would be in effect beta testers for RHEL. Since there were so many users relying on a CentOS version that would be unsupported sooner than they planned for, the community sensed a need for a new project. In response, the original CentOS founder Gregory Kurtzer is leading the effort to create a new version of the distro, to achieve the original goals of CentOS. Kurtzer told he was thinking about creating a new version of CentOS ever since Red Hat acquired it in 2014. Read more