Language Selection

English French German Italian Portuguese Spanish

Security Advisories

Filed under
Security

Less critical

Ubuntu has issued updates for the kernel. These fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

Solution:

Apply updated packages. Links to updates

Highly critical

SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited by malicious, local users to escalate their privileges and by malicious people to compromise a vulnerable system.

Solution:

Apply updated packages.

Updated packages are available using YaST Online Update or the SUSE FTP site. Full description.

Less critical

Noam Rathaus has discovered a vulnerability in KMail, which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability is caused due to an error where HTML code can overlay part of the user interface. This can e.g. be exploited to trick a user into believing a specially crafted mail is signed and coming from a trusted source.

Successful exploitation requires that the option "Prefer HTML to plain text" is enabled (not default setting).

The vulnerability has been confirmed in KMail 1.7.1 on KDE 3.3.1. KDE 3.3.2 is reportedly also affected. Other versions may also be affected.

Solution:

Disable the "Prefer HTML to plain text" setting. Link.

Serious
Red Hat Inc. is warning enterprise Linux users to update their installations of XFree86 to fix a number of serious security bugs, some of which could allow attackers to take over a system. Affected operating systems include Enterprise Linux AS 3, Enterprise Linux ES 3 and Enterprise Linux WS 3, Red Hat said in an advisory. XFree86 is an implementation of the X Window System that provides low-level graphics functionality for graphical user interface systems such as KDE and Gnome. The most serious flaw is an integer overflow in the libXpm library, used by some applications in opening XPixMap images, Red Hat said. An attacker could use a malicious XPixMap file to execute code on a user's system. Source for this one.

More in Tux Machines

Open-Source Radeon 2D Performance Is Better With Ubuntu 14.10

While we're most often looking at the OpenGL 3D performance of the Linux graphics drivers, in the tests currently being done of Ubuntu 14.04 LTS vs. Ubuntu 14.10 are also a number of 2D graphics benchmarks. In the article today are our 2D benchmarks between Ubuntu 14.04.1 and Ubuntu 14.10 for various AMD Radeon graphics cards and it shows off significant performance improvements. Read more

Today in Techrights

Today's articles: Links outline:

KDE With Theoretical Client-Side Decorations, Windows 10 Influence

KDE contributor and graphics designer Ken Vermette has penned an interesting series of KDE "What if..." articles where he talks about (and has some visual mock-ups) about what KDE might look like with client-side decorations along and separately if KDE were to use Windows 10 design components. Read more Also: What if… Plasma Used Launchers from Other Systems & Enviornments? (Part 1) What if… KDE Used Windows 10 Design Components?

Pondering FOSS foundations

In the case of the Document Foundation, the LibreOffice project needed an independent, solid and meritocratic entity dedicated to support it. In other terms, the OpenOffice.org community wanted to be its own boss and stop relying on corporate – or even third party – good will. If you attend the Community Track on the 31st you will be able to learn more about the Document Foundation and the other entities, but my message here is that while there is no silver bullet in these matters, forcing a community be hosted or to bend to a software vendor never works. It bends if it wants to; it goes whereever it wishes to go. In the case of the Document Foundation, independence and community rule prevailed over convenience; today the results do not need to be proven anymore. But it does not mean we hold the truth more than anybody else: we just ensured the community was in charge. Read more