Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 59 min 24 sec ago

SUSE: 2019:2426-1 important: nmap

Friday 20th of September 2019 08:13:58 PM
An update that fixes one vulnerability is now available.

SUSE: 2019:2427-1 important: ibus

Friday 20th of September 2019 08:11:44 PM
An update that fixes one vulnerability is now available.

SUSE: 2019:2425-1 important: nmap

Friday 20th of September 2019 08:10:48 PM
An update that fixes two vulnerabilities is now available.

Fedora 31: firefox FEDORA-2019-7f7bace5b4

Friday 20th of September 2019 08:04:58 PM
- Updated to new upstream (69.0.1) - Wayland rendering fixes ---- - The update to 69.0.1 - Fix flickering issues - Fix disappearing webrtc dialogs ---- - Fixed rendering artifacts on Wayland backend

Fedora 31: libldb FEDORA-2019-41c7fa478a

Friday 20th of September 2019 08:04:33 PM
Update to Samba 4.11.0 ---- Update to Samba 4.11.0rc4 ---- Update to Samba 4.11.0rc3 - Security fixes for CVE-2019-10197

Fedora 31: samba FEDORA-2019-41c7fa478a

Friday 20th of September 2019 08:04:33 PM
Update to Samba 4.11.0 ---- Update to Samba 4.11.0rc4 ---- Update to Samba 4.11.0rc3 - Security fixes for CVE-2019-10197

Fedora 31: libtalloc FEDORA-2019-41c7fa478a

Friday 20th of September 2019 08:04:33 PM
Update to Samba 4.11.0 ---- Update to Samba 4.11.0rc4 ---- Update to Samba 4.11.0rc3 - Security fixes for CVE-2019-10197

Fedora 31: libtevent FEDORA-2019-41c7fa478a

Friday 20th of September 2019 08:04:33 PM
Update to Samba 4.11.0 ---- Update to Samba 4.11.0rc4 ---- Update to Samba 4.11.0rc3 - Security fixes for CVE-2019-10197

Fedora 31: openssl FEDORA-2019-9ab7ee6309

Friday 20th of September 2019 08:04:27 PM
Minor update release 1.1.1d with low impact security fixes.

Fedora 31: expat FEDORA-2019-613edfe68b

Friday 20th of September 2019 08:04:26 PM
This update of `expat` fixes the following security issue: * **CVE-2019-15903** -- Fix heap overflow triggered by `XML_GetCurrentLineNumber` (or `XML_GetCurrentColumnNumber`), and deny internal entities closing the doctype The following bug fixes are also included: * Fix cases where `XML_StopParser` did not have any effect when called from inside of an end element handler *

Fedora 31: curl FEDORA-2019-6d7f6fa2c8

Friday 20th of September 2019 08:04:17 PM
- double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) ---- - avoid reporting spurious error in the HTTP2 framing layer (#1690971)

Fedora 31: compat-openssl10 FEDORA-2019-db06efdea1

Friday 20th of September 2019 08:04:14 PM
Patch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html

Debian LTS: DLA-1929-1: php-pecl-http security update

Friday 20th of September 2019 03:07:55 PM
A vulnerability has been discovered in php-pecl-http, the pecl_http module for PHP 5 Extended HTTP Support. A type confusion vulnerability in the merge_param() function allows attackers to crash PHP and possibly

Debian: DSA-4529-1: php7.0 security update

Friday 20th of September 2019 01:58:44 PM
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service.

openSUSE: 2019:2156-1: important: chromium

Friday 20th of September 2019 12:39:20 PM
An update that fixes 35 vulnerabilities is now available.

openSUSE: 2019:2155-1: important: chromium

Friday 20th of September 2019 12:37:56 PM
An update that fixes 35 vulnerabilities is now available.

SciLinux: SLSA-2019-2836-1 Important: dovecot on SL7.x x86_64

Friday 20th of September 2019 11:31:22 AM
dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SL7 x86_64 dovecot-2.2.36-3.el7_7.1.i686.rpm [More...]

SciLinux: SLSA-2019-2829-1 Important: kernel on SL7.x x86_64

Friday 20th of September 2019 11:30:44 AM
A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) SL7 x86 [More...]

RedHat: RHSA-2019-2809:01 Important: kernel-alt security, bug fix,

Friday 20th of September 2019 07:55:11 AM
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2019-2781:01 Important: qpid-proton security update

Friday 20th of September 2019 07:41:15 AM
An update for qpid-proton is now available for Satellite Tools 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

More in Tux Machines

Audiocasts/Shows

  • LHS Episode #303: The Weekender XXXIV

    It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

  • 09/20/2019 | Linux Headlines

    The first Open Core Summit, an activist programmer takes aim at Chef, a French court disagrees with Valve’s licensing model, and Lennart Poettering wants to rethink the Home directory.

  • Too Good To Be True | TechSNAP 412

    It's TechSNAP story time as we head out into the field with Jim and put Sure-Fi technology to the test. Plus an update on Wifi 6, an enlightening Chromebook bug, and some not-quite-quantum key distribution.

Graphics: AMD, GNOME Shell on Wayland and NVIDIA Nsight Graphics

  • AMD Pushes Back 3rd Gen Threadripper & Ryzen 9 3950X Until November

    While the Ryzen 9 3950X and 3rd Gen Ryzen Threadripper processors were reportedly on track for launching in October with updates as of a few weeks ago, today AMD announced a slight delay in launching these new processors.

  • AMD have delayed the Ryzen 9 3950X and 3rd generation Threadripper until November

    Today, AMD sent out a brief statement about a delay in their 16 core Ryzen 9 3950X and the 3rd generation Threadripper. [...] So if you were looking to grab either, keep an eye out in November. Will share any more news when they send it about the expected date and pricing.

  • AMD Sends In Initial Batch Of Fixes To Linux 5.4 - Includes Dali Support

    While just yesterday the big DRM feature pull was sent in for Linux 5.4, AMD has also volleyed out their initial batch of fixes for this next version of the kernel. This new AMDGPU pull isn't strictly fixes but as anticipated does include the recently reported Dali APU support. Dali along with Renoir -- also newly-supported in Linux 5.4 -- are some of AMD's 2020 APUs. Dali will be targeting the lower-end of the spectrum it's expected for value mobile/embedded. From the driver code, Dali looks like a newer revved version of the current-gen Picasso APUs. Both Dali and Renoir are based on the Vega architecture.

  • Linux Plumbers Conference 2019, part 2

    Pain points and missing pieces with Wayland, or specifically GNOME Shell: GNOME Shell is slower Synergy doesn't work(?) - needs to be in the compositor With Nvidia proprietary driver, mutter and native Wayland clients get GPU acceleration but X clients don't No equivalent to ssh -X. Pipewire goes some way to the solution. The whole desktop can be remoted over RDP which can be tunnelled over SSH. No remote login protocol like XDMCP No Xvfb equivalent Various X utilities that grab hot-keys don't have equivalents for Wayland Not sure if all X's video acceleration features are implemented. Colour format conversion and hardware scaling are implemented. Pointer movement becomes sluggish after a while (maybe related to GC in GNOME Shell?) Performance, in general. GNOME Shell currently has to work as both a Wayland server and an X compositor, which limits the ability to optimise for Wayland.

  • NVIDIA's Nsight Graphics 2019.5 Released With Better Vulkan Coverage

    NVIDIA this week released Nsight Graphics 2019.5 as the newest feature update to their proprietary developer tool for graphics profiling and debugging across multiple APIs. The Nsight Graphics 2019.5 release brings support for more than a dozen new Vulkan extensions, a variety of user-interface improvements, compatibility enhancements, and better syntax highlighting.

Ubuntu: Video Encoder Performance, Ubuntu Touch, LZ4 Compression

  • Clear Linux vs. Ubuntu 19.10 Video Encoder Performance On The Core i9 9900K

    Often when doing cross-distribution benchmarks, readers often comment on the performance of Clear Linux particularly for video encoding use-cases as surprisingly different from other distributions. Some argue that it's just over the default CPU frequency scaling governor or compiler flag defaults, so here is a look at that with Ubuntu 19.10 daily benchmarked against Clear Linux. On the same Core i9 9900K system I recently ran some benchmarks looking at Clear Linux vs. Ubuntu 19.10 and then Ubuntu 19.10 with various common tunables to make it more akin to Clear Linux. Ubuntu 19.10 was used due to its recent software components being at similar versions to Intel's rolling-release distribution.

  • Serge Hallyn: First experience with Ubuntu Touch

    For the past few weeks I’ve been using a nexus 4 running ubuntu touch as, mostly, my daily driver. I’ve enjoyed it quite a bit. In part that’s just the awesome size of the nexus 4. In part, it’s the ubuntu touch interface itself. If you haven’t tried it, you really should. (Sailfish ambiances are so much prettier, but ubuntu touch is much nicer to use – the quick switch to switch between two apps, for instance. Would that I could have both.). And in part it’s just the fact that it really feels like – is – a regular ubuntu system.

  • Ubuntu 19.10 to use LZ4 compression to boot even faster

    anonical’s Ubuntu 19.10 “Eoan Ermine” will boot even faster than its predecessor, Ubuntu 19.04 “Disco Dingo” according to Ubuntu’s kernel team. After extensive testing on a variety of compression options on the Ubuntu installation image, Canonical engineers determined that the LZ4 decompression method provided a most appreciable gain in speed.

The Vivaldi 2.8 Release (Proprietary)

  • Vivaldi 2.8 Released with Unified Sync Support for Desktop and Android

    Vivaldi Technologies released today the Vivaldi 2.8 web browser for desktop platforms, including GNU/Linux, macOS, and Windows, an incremental update that adds significant improvements. With Vivaldi 2.8, Vivaldi Technologies continues to give desktop users full control over their browsing experience by adding various improvements across the board, starting with Vivaldi Sync, which now lets you sync bookmarks, passwords, history, notes, and autofill information across desktop and mobile. That's right, starting with Vivaldi 2.8, all your browsing data will be automatically synchronized between your installations of Vivaldi on desktop platforms, such as Linux, Mac, or Windows, and your mobile device where Vivaldi for Android is installed if you use Vivaldi Sync.

  • New Version Vivaldi Web Browser Has Been Released, Install in Ubuntu/Linux

    Vivaldi is the new web browser compare to other famous browsers, the initial release of Vivaldi was in January, 2015. It has improved a lot and evolved since the first release. Basically it is based on the open-source frameworks of Chromium, Blink and Google's V8 JavaScript engine and has a lot of great feature which I will table later. It is known to be the most customizable browser for power users, debuts features that make browsing more personal than ever before. Do we really need another browser? Since we already have a lot of them such as mostly used Firefox, Chrome, Opera and so on. The former CEO of Opera Software Jon Von Tetzchner didn't liked the direction of Opera Web Browser and said "Sadly, it is no longer serving its community of users and contributors - who helped build the browser in the first place." Then created a web browser which has to be fast, rich feature, highly flexible and puts the user first, so Vivaldi was born.

  • Vivaldi 2.8: Inspires new desktop and mobile experiences

    Today we are launching a new upgrade to our desktop version – Vivaldi 2.8. We’re always focused on giving you complete control over your desktop experience, while also making sure to protect your privacy and security online. Vivaldi on the desktop has been our foundation. And now – our inspiration. It continuously pushes us forward to deliver a browser that is made for you.

  • Privacy and the rise of the alternative search engine

    Over the summer we opened our blog to guest bloggers eager to share their perspectives on privacy. In this story, Finn Brownbill explains how we can put an end to tracking in search for the purpose of data collection.