Language Selection

English French German Italian Portuguese Spanish

Security Advisories

Filed under
Security

Less critical

Ubuntu has issued updates for the kernel. These fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

Solution:

Apply updated packages. Links to updates

Highly critical

SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited by malicious, local users to escalate their privileges and by malicious people to compromise a vulnerable system.

Solution:

Apply updated packages.

Updated packages are available using YaST Online Update or the SUSE FTP site. Full description.

Less critical

Noam Rathaus has discovered a vulnerability in KMail, which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability is caused due to an error where HTML code can overlay part of the user interface. This can e.g. be exploited to trick a user into believing a specially crafted mail is signed and coming from a trusted source.

Successful exploitation requires that the option "Prefer HTML to plain text" is enabled (not default setting).

The vulnerability has been confirmed in KMail 1.7.1 on KDE 3.3.1. KDE 3.3.2 is reportedly also affected. Other versions may also be affected.

Solution:

Disable the "Prefer HTML to plain text" setting. Link.

Serious
Red Hat Inc. is warning enterprise Linux users to update their installations of XFree86 to fix a number of serious security bugs, some of which could allow attackers to take over a system. Affected operating systems include Enterprise Linux AS 3, Enterprise Linux ES 3 and Enterprise Linux WS 3, Red Hat said in an advisory. XFree86 is an implementation of the X Window System that provides low-level graphics functionality for graphical user interface systems such as KDE and Gnome. The most serious flaw is an integer overflow in the libXpm library, used by some applications in opening XPixMap images, Red Hat said. An attacker could use a malicious XPixMap file to execute code on a user's system. Source for this one.

More in Tux Machines

GNOME and GTK News: GNOME Release and More

These are the most exciting Linux powered devices

What started off as a hobby project for the Finnish engineer Linus Torvalds, has turned into a global phenomenon. Today Linux is literally powering the modern economy – everything from Amazon public clouds, stock exchanges, and social networks run on Linux. It also runs in devices like sensors, printers, routers…and what not. Linux virtually owns the smartphone market with Android. Read more

FreeBSD News: 64-bit Inodes and KDE

  • FreeBSD Lands Support For 64-bit Inodes (ino64 Project)
    While Linux and other operating systems (including DragonFlyBSD) have supported 64-bit inodes for data structures on file-systems, FreeBSD has been limited to 32-bit. But thanks to the work of many on the ino64 project, FreeBSD now has support for 64-bit inodes while retaining backwards compatibility.
  • KDE FreeBSD CI (2)
    The KDE Continuous Integration system builds KDE software from scratch, straight from the git repositories, and usually from master (or whatever is considered the development branch). It’s been building for Linux for a long time, and has recently been expanded with FreeBSD servers as well. KDE sysadmin has been kind enough to provide two more VMs (with some more compiling “oomph”) so that we can keep up better, and the CI has just been expanded with all of the Plasma products. That means we’re now building KDE Frameworks, and the Plasma desktop.

Enlightenment 0.21.8

  • Enlightenment DR 0.21.8 Release
    This is another bugfix and stability release for the Enlightenment 21 Release series.
  • Enlightenment 0.21.8 Released
    Enlightenment 0.21.8 was released this week as the latest stable point release to the E21 series. Enlightenment 0.21.8 has a number of fixes, including some display fixes, avoid starting XWayland repeatedly, X11 and Wayland specific alterations, and other routine work.