Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 3 hours 21 min ago

Fedora 35: seamonkey 2021-53dfa4d114>

10 hours 3 min ago
Update to 2.53.10 . Backport support for custom date format, see https://support.mozilla.org/en-US/kb/customize-date-time-formats-thunderbird for more info.

Oracle8: ELSA-2021-4903: nss Critical Security Update>

10 hours 51 min ago
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Oracle7: ELSA-2021-4904: nss Critical Security Update>

12 hours 39 min ago
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Oracle7: ELSA-2021-4904: nss Critical Security Update>

12 hours 40 min ago
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

openSUSE: 2021:3834-1 moderate: go1.16>

12 hours 47 min ago
An update that solves two vulnerabilities and has one errata is now available.

openSUSE: 2021:3857-1 moderate: python-sqlparse>

12 hours 51 min ago
An update that fixes one vulnerability is now available.

openSUSE: 2021:3854-1 important: poppler>

13 hours 7 min ago
An update that fixes 21 vulnerabilities is now available.

openSUSE: 2021:3841-1 important: python-Pygments>

13 hours 24 min ago
An update that fixes one vulnerability is now available.

openSUSE: 2021:3839-1 important: python-Pygments>

13 hours 26 min ago
An update that fixes one vulnerability is now available.

Debian: DSA-5016-1: nss security update>

13 hours 28 min ago
Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code.

Mageia 2021-0526: glibc security update>

13 hours 30 min ago
This update fixes a few security related bugs: - regex: fix buffer read overrun in search [BZ# 28470] - nptl: Do not set signal mask on second setjmp return [BZ #28607] References:

openSUSE: 2021:3844-1 moderate: openexr>

13 hours 36 min ago
An update that fixes two vulnerabilities is now available.

Ubuntu 5168-3: NSS vulnerability>

16 hours 58 min ago
NSS could be made to crash or run programs if it verified a specially crafted signature.

Ubuntu 5168-2: Thunderbird vulnerability>

17 hours 38 min ago
Thunderbird could be made to crash or run programs if it verified a specially crafted signature.

Ubuntu 5168-1: NSS vulnerability>

17 hours 38 min ago
NSS could be made to crash or run programs if it verified a specially crafted signature.

RedHat: RHSA-2021-4801:06 Important: OpenShift Container Platform 4.7.38>

20 hours 37 min ago
Red Hat OpenShift Container Platform release 4.7.38 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Debian LTS: DLA-2835-1: rsyslog security update>

Tuesday 30th of November 2021 08:36:30 PM
Two heap overflows were fixed in the rsyslog logging daemon. CVE-2019-17041

Debian LTS: DLA-2834-1: uriparser security update>

Tuesday 30th of November 2021 08:31:17 PM
Out-of-bounds read for an incomplete URI with an IPv6 address containing an embedded IPv4 address has been fixed in uriparser, a library to parse Uniform Resource Identifiers (URIs).

Fedora 35: xen 2021-03645e9807>

Tuesday 30th of November 2021 08:21:44 PM
guests may exceed their designated memory limit [XSA-385, CVE-2021-28706] PoD operations on misaligned GFNs [XSA-388, CVE-2021-28704, CVE-2021-28707 CVE-2021-28708] issues with partially successful P2M updates on x86 [XSA-389, CVE-2021-28705, CVE-2021-28709] certain VT-d IOMMUs may not work in shared page table mode [XSA-390, CVE-2021-28710]

Fedora 35: golang-github-containerd-ttrpc 2021-79ba5abef6>

Tuesday 30th of November 2021 08:21:43 PM
Update containerd and moby-engine - Security fix for CVE-2021-41190

More in Tux Machines

Hardware/Modding and 3D Printing (RIP, Sanjay Mortimer)

  • Remembering Sanjay Mortimer, Pioneer And Visionary In 3D Printing | Hackaday

    Over the weekend, Sanjay Mortimer passed away. This is a tremendous blow to the many people who he touched directly and indirectly throughout his life. We will remember Sanjay as pioneer, hacker, and beloved spokesperson for the 3D printing community. If you’ve dabbled in 3D printing, you might recall Sanjay as the charismatic director and co-founder of the extrusion company E3D. He was always brimming with enthusiasm to showcase something that he and his company had been developing to push 3D printing further and further. But he was also thoughtful and a friend to many in the community. Let’s talk about some of his footprints.

  • Grafana Weather Dashboard on the reTerminal by Seeed Studio - The DIY Life

    Today we’re going to be taking a look at the reTerminal, by Seeed Studio. We’ll unbox the device to see what is included and we’ll then set up a weather dashboard on it using Grafana. We’re going to use weather data that is being recorded by an ESP32 microcontroller and is being posted to an InfluxDB database. The reTerminal is a compact HMI (human-machine interface) device that is powered by a Raspberry Pi compute module 4 (CM4). It has a 5″ capacitive touch display, along with four physical function buttons, some status LEDs, and a host of IO options.

  • The Medieval History Of Your Favourite Dev Board | Hackaday

    It’s become something of a trope in our community, that the simplest way to bestow a level of automation or smarts to a project is to reach for an Arduino. The genesis of the popular ecosystem of boards and associated bootloader and IDE combination is well known, coming from the work of a team at the Interaction Design Institute Ivrea, in Northern Italy. The name “Arduino” comes from their favourite watering hole, the Bar di Re Arduino, in turn named for Arduin of Ivrea, an early-mediaeval king. As far as we can see the bar no longer exists and has been replaced by a café, which appears on the left in this Google Street View link. The bar named for Arduin of Ivrea is always mentioned as a side note in the Arduino microcontroller story, but for the curious electronics enthusiast it spawns the question: who was Arduin, and why was there a bar named after him in the first place? The short answer is that Arduin was the Margrave of Ivrea, an Italian nobleman who became king of Italy in 1002 and abdicated in 1014. The longer answer requires a bit of background knowledge of European politics around the end of the first millennium, so if you’re ready we’ll take Hackaday into a rare tour of medieval history.

Programming Leftovers

  • Anti-patterns You Should Avoid in Your Code

    Every developer wants to write structured, simply planned, and nicely commented code. There are even a myriad of design patterns that give us clear rules to follow, and a framework to keep in mind. But we can still find anti-patterns in software that was written some time go, or was written too quickly. A harmless basic hack to resolve an issue quickly can set a precedent in your codebase. It can be copied across multiple places and turn into an anti-pattern you need to address.

  • AsmREPL: Wing your way through x86-64 assembly language • The Register

    Ruby developer and internet japester Aaron Patterson has published a REPL for 64-bit x86 assembly language, enabling interactive coding in the lowest-level language of all. REPL stands for "read-evaluate-print loop", and REPLs were first seen in Lisp development environments such as Lisp Machines. They allow incremental development: programmers can write code on the fly, entering expressions or blocks of code, having them evaluated – executed – immediately, and the results printed out. This was viable because of the way Lisp blurred the lines between interpreted and compiled languages; these days, they're a standard feature of most scripting languages. Patterson has previously offered ground-breaking developer productivity enhancements such as an analogue terminal bell and performance-enhancing firmware for the Stack Overflow keyboard. This only has Ctrl, C, and V keys for extra-easy copy-pasting, but Patterson's firmware removes the tedious need to hold control.

  • Wasmer 2.1 WebAssembly Implementation Adds Virtual Filesystem, Lisp + Crystal Support - Phoronix

    Wasmer as "the universal WebAssembly runtime" that focuses on being able to run WASM code on any platform is out with its next major release. Released this summer was Wasmer 2.0 as a step forward for this open-source WASM implementation. The project remains focused on trying to compile "everything" to WebAssembly and to then run that on any operating system / platform or embed it in other languages or run it in a web browser. Wasmer 2.1 was released today as the next major iteration of the platform.

  • What's The Big Deal With Linux Capabilities? | Hacker Noon

    The prevalent perception is that Linux users benefit from and exercise privileges, however this is not the case. It's the process or executable that runs in a certain user context and exercises rights (permission to carry out to perform the privileged operations guarded by Linux kernel).

  • Built with the Rust programming language – LinuxBSDos.com

    Not too long ago, the talk in developer circles seemed to be mainly about Go, Go, Go, Go… I’m referring, of course, to the programming language from Google.  

  • Perl Weekly Challenge 141: Number Divisors and Like Numbers
  • Closures

    A casual remark about closures which I made in My Favorite Warnings: redefine touched off a long off-topic exchange with Aristotle that I thought ought to be promoted to a top-level blog entry. The big thing I learned was that any Perl subroutine can be a closure. The rest of this blog will try to make clear why I now believe this. The words are my own, as are any errors or misconceptions. The second sentence of Wikipedia's definition of a closure says "Operationally, a closure is a record storing a function together with an environment." This makes it sound a lot like an object, and therefore of little additional interest in an O-O environment. But I came to closures pragmatically through Perl, and to me they were a magic way to make data available somewhere else. All I had to do was get a code reference where it needed to be, and any external lexical variables got the values at the time the reference was taken. So much I understood up to the fatal blog post, and it sufficed for my simple needs.

Servers: Kubernetes, Uptime/Availability Ranks, and EdgeX Foundry

  • Kubernetes Blog: Contribution, containers and cricket: the Kubernetes 1.22 release interview

    The Kubernetes release train rolls on, and we look ahead to the release of 1.23 next week. As is our tradition, I'm pleased to bring you a look back at the process that brought us the previous version. The release team for 1.22 was led by Savitha Raghunathan, who was, at the time, a Senior Platform Engineer at MathWorks. I spoke to Savitha on the Kubernetes Podcast from Google, the weekly* show covering the Kubernetes and Cloud Native ecosystem. Our release conversations shine a light on the team that puts together each Kubernetes release. Make sure you subscribe, wherever you get your podcasts so you catch the story of 1.23. And in case you're interested in why the show has been on a hiatus the last few weeks, all will be revealed in the next episode!

  • Most Reliable Hosting Company Sites in November 2021

    Rackspace had the most reliable hosting company site in November 2021, with an average connection time of just 8ms across the month and no failed requests. Rackspace has appeared in the top 10 most reliable hosting company sites every month of the past 12 months, and has taken the number one spot in five of those. Rackspace offers a wide variety of cloud hosting solutions from over 40 data centres across the Americas, Europe, Asia and Australia. [...] Nine of the top 10 hosting company sites used Linux in October, continuing the dominance of Linux. In ninth place, New York Internet (NYI) used FreeBSD.

  • EdgeX Foundry Announces Jakarta, the Project’s First Long Term Support Release - Linux Foundation

    EdgeX Foundry, a Linux Foundation project under the LF Edge project umbrella, today announced the release of version 2.1 of EdgeX, codenamed ‘Jakarta.’ The project’s ninth release, it follows the recent Ireland release, which was the project’s second major release (version 2.0). Jakarta is significant in that it is EdgeX’s first release to offer long term support (LTS).

Debian: Sparky's Annual Server Donations Drive and Latest Debian Development Reports

  • Sparky: Annual donations for our server 2021

    Until January 31, 2022 we have to collect and pay for the server 1500 PLN / 360 Euros / 430 USD plus min. 2800 PLN / ~ 670 Euros / ~ 800 USD for our monthly living and bills, such as: electricity, gas, water, internet, domains, expenses related to improving the functionality of websites, small computer equipment that wears out constantly (memory, pen drives, mice, batteries, etc. …), fuel, as well as rent, food, drugs and immortal taxes. We are starting the fundraising campaign today to make sure we will pay for the server on time, so we could stay online for you another year. It is our passion and work we do all the times, therefore we believe that with your help we will succeed.

  • Thorsten Alteholz: My Debian Activities in November 2021

    This month I accepted 564 and rejected 93 packages. The overall number of packages that got accepted was 591.

  • Utkarsh Gupta: FOSS Activites in September 2021

    Here’s my (twenty-fourth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  • Utkarsh Gupta: FOSS Activites in October 2021

    Here’s my (twenty-fifth) monthly but brief update about the activities I’ve done in the F/L/OSS world.