Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 3 hours 39 min ago

Fedora 29: libmodbus FEDORA-2019-355f6e10c1

Saturday 24th of August 2019 11:04:18 PM
Addresses CVE-2019-14462 and CVE-2019-14463

Fedora 30: libmodbus FEDORA-2019-4942e01cdc

Saturday 24th of August 2019 08:58:05 PM
Addresses CVE-2019-14462 and CVE-2019-14463

Fedora 30: nodejs FEDORA-2019-5a6a7bc12c

Saturday 24th of August 2019 08:58:04 PM
Update to Node.js 10.6.13

openSUSE: 2019:2005-1: moderate: qbittorrent

Saturday 24th of August 2019 08:17:05 PM
An update that fixes one vulnerability is now available.

openSUSE: 2019:2007-1: moderate: Recommended dkgpg, libTMCG

Saturday 24th of August 2019 08:13:32 PM
An update that contains security fixes can now be installed.

openSUSE: 2019:2008-1: moderate: zstd

Saturday 24th of August 2019 08:11:24 PM
An update that solves one vulnerability and has two fixes is now available.

openSUSE: 2019:2000-1: important: go1.12

Saturday 24th of August 2019 02:12:22 PM
An update that solves three vulnerabilities and has two fixes is now available.

Debian LTS: DLA-1896-1: commons-beanutils security update

Saturday 24th of August 2019 11:49:34 AM
It was discovered that there was a remote arbitrary code vulnerability in commons-beanutils, a set of utilities for manipulating JavaBeans code.

ArchLinux: 201908-13: nginx: denial of service

Saturday 24th of August 2019 11:41:44 AM
The package nginx before version 1.16.1-1 is vulnerable to denial of service.

ArchLinux: 201908-12: nginx-mainline: denial of service

Saturday 24th of August 2019 11:40:52 AM
The package nginx-mainline before version 1.17.3-1 is vulnerable to denial of service.

ArchLinux: 201908-11: firefox: information disclosure

Saturday 24th of August 2019 11:39:19 AM
The package firefox before version 68.0.2-1 is vulnerable to information disclosure.

ArchLinux: 201908-10: subversion: denial of service

Saturday 24th of August 2019 11:38:15 AM
The package subversion before version 1.12.2-1 is vulnerable to denial of service.

ArchLinux: 201908-9: libreoffice-still: multiple issues

Saturday 24th of August 2019 11:36:52 AM
The package libreoffice-still before version 6.2.6-1 is vulnerable to multiple issues including arbitrary command execution and information disclosure.

openSUSE: 2019:1997-1: important: neovim

Saturday 24th of August 2019 11:11:43 AM
An update that fixes one vulnerability is now available.

Debian: DSA-4508-1: h2o security update

Saturday 24th of August 2019 10:44:01 AM
Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP server, which could result in denial of service. For the stable distribution (buster), these problems have been fixed in

Debian: DSA-4507-1: squid security update

Saturday 24th of August 2019 07:46:36 AM
Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform denial of service and cross-site scripting

Debian: DSA-4506-1: qemu security update

Saturday 24th of August 2019 05:55:59 AM
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs.

Fedora 29: nfdump FEDORA-2019-9013b5e75d

Friday 23rd of August 2019 10:01:02 PM
2019-08-14 - Fix compile issues - Fix output buffer size for lzo1x_decompress_safe() 2019-08-07 - Fix VerifyExtensionMap #179 2019-08-06 - Fix compile errors 2019-08-05 - Fix nfdump.1 man page. #175 - Fix off by 1 array. #173 - Fix use after free in ModifyCompressFile - Add bound checks in AddExporterStat #174 - Add bound checks in AddSamplerInfo #176 - Add bound

Fedora 30: nfdump FEDORA-2019-0fbfb00cbb

Friday 23rd of August 2019 09:03:54 PM
2019-08-14 - Fix compile issues - Fix output buffer size for lzo1x_decompress_safe() 2019-08-07 - Fix VerifyExtensionMap #179 2019-08-06 - Fix compile errors 2019-08-05 - Fix nfdump.1 man page. #175 - Fix off by 1 array. #173 - Fix use after free in ModifyCompressFile - Add bound checks in AddExporterStat #174 - Add bound checks in AddSamplerInfo #176 - Add bound

Debian LTS: DLA-1895-1: libmspack security update

Friday 23rd of August 2019 06:48:53 PM
JsHuang found an issue in libmspack, a library for Microsoft compression format. Opening a crafted chm file might result in a buffer overflow which might

More in Tux Machines

DragonFlyBSD Pulls In AMD Radeon Graphics Code From Linux The 4.7 Kernel

It was just last month that DragonFlyBSD pulled in Radeon's Linux 4.4 kernel driver code as an upgrade from the Linux 3.19 era code they had been using for their open-source AMD graphics support. This week that's now up to a Linux 4.7 era port. François Tigeot who continues doing amazing work on pulling in updates to DragonFlyBSD's graphics driver now upgraded the Radeon DRM code to match that of what is found in the upstream Linux 4.7.10 kernel. Read more

Android Leftovers

TenFourFox FPR16b1 available

FPR16 got delayed because I really tried very hard to make some progress on our two biggest JavaScript deficiencies, the infamous issues 521 (async and await) and 533 (this is undefined). Unfortunately, not only did I make little progress on either, but the speculative fix I tried for issue 533 turned out to be the patch that unsettled the optimized build and had to be backed out. There is some partial work on issue 521, though, including a fully working parser patch. The problem is plumbing this into the browser runtime which is ripe for all kinds of regressions and is not currently implemented (instead, for compatibility, async functions get turned into a bytecode of null throw null return, essentially making any call to an async function throw an exception because it wouldn't have worked in the first place). This wouldn't seem very useful except that effectively what the whole shebang does is convert a compile-time error into a runtime warning, such that other functions that previously might not have been able to load because of the error can now be parsed and hopefully run. With luck this should improve the functionality of sites using these functions even if everything still doesn't fully work, as a down payment hopefully on a future implementation. It may not be technically possible but it's a start. Read more

Simon Steinbeiß of Xfce, Dalton Durst of UBports, KDE Apps 19.08, Huawei – Destination Linux 135

Simon Steinbeiß of Xfce, Dalton Durst of UBports, KDE Applications, CutiePi Open Source Tablet, Huawei To Create Open Source Foundation, Rust Removes Linux Support, Stranded Deep Survival Game Fix Read more