Language Selection

English French German Italian Portuguese Spanish Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 3 hours 1 min ago

openSUSE: 2020:1175-1: important: java-11-openjdk>

8 hours 46 min ago
An update that fixes 8 vulnerabilities is now available.

Debian LTS: DLA-2319-1: xrdp security update>

12 hours 27 min ago
xrdp-sesman service in xrdp can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them

Debian LTS: DLA-2316-1: ruby-kramdown security update>

Sunday 9th of August 2020 04:29:47 AM
ruby-kramdown processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://

openSUSE: 2020:1172-1: moderate: opera>

Sunday 9th of August 2020 02:12:38 AM
An update that fixes 26 vulnerabilities is now available.

Fedora 31: ark 2020-cac5ae9b6e>

Saturday 8th of August 2020 11:12:53 PM
Security update for CVE-2020-16116,

Fedora 32: rpki-client 2020-25d8011cb4>

Saturday 8th of August 2020 10:18:34 PM
# rpki-client 6.7p1 * Security fix: Incorrect use of `EVP_PKEY_cmp` allowed an authentication bypass

Debian LTS: DLA-2318-1: wpa security update>

Saturday 8th of August 2020 10:13:17 PM
The following CVE(s) have been reported against src:wpa. CVE-2019-10064

Debian LTS: DLA-2317-1: pillow security update>

Saturday 8th of August 2020 07:33:22 PM
It was noticed that in Pillow before 7.1.0, there are multiple out-of-bounds reads in libImaging/FliDecode.c. For Debian 9 stretch, this problem has been fixed in version

openSUSE: 2020:1169-1: important: grub2>

Saturday 8th of August 2020 02:16:08 PM
An update that fixes 7 vulnerabilities is now available.

openSUSE: 2020:1168-1: important: grub2>

Saturday 8th of August 2020 02:14:14 PM
An update that fixes 7 vulnerabilities is now available.

openSUSE: 2020:1164-1: important: libX11>

Saturday 8th of August 2020 08:14:09 AM
An update that fixes one vulnerability is now available.

Gentoo: GLSA-202008-06: iproute2: Denial of service>

Saturday 8th of August 2020 01:20:21 AM
A use-after-free was found in iproute2, possibly allowing a Denial of Service condition.

Gentoo: GLSA-202008-05: gThumb: Arbitrary code execution>

Saturday 8th of August 2020 01:20:03 AM
A buffer overflow in gThumb might allow remote attacker(s) to execute arbitrary code.

Gentoo: GLSA-202008-04: Apache: Multiple vulnerabilities>

Saturday 8th of August 2020 01:19:44 AM
Multiple vulnerabilities have been found in Apache, the worst of which could result in the arbitrary execution of code.

Gentoo: GLSA-202008-03: Ark: Arbitrary code execution>

Saturday 8th of August 2020 01:19:05 AM
Ark was found to allow arbitrary file overwrite, possibly allowing arbitrary code execution.

Gentoo: GLSA-202008-02: GNU GLOBAL: Arbitrary code execution>

Saturday 8th of August 2020 01:17:46 AM
A vulnerability in GNU GLOBAL was discovered, possibly allowing remote attackers to execute arbitrary code.

Fedora 31: rpki-client 2020-9f31ce1df2>

Friday 7th of August 2020 08:54:09 PM
# rpki-client 6.7p1 * Security fix: Incorrect use of `EVP_PKEY_cmp` allowed an authentication bypass

openSUSE: 2020:1162-1: important: libX11>

Friday 7th of August 2020 08:12:46 PM
An update that fixes one vulnerability is now available.

SUSE: 2020:2172-1 moderate: perl-XML-Twig>

Friday 7th of August 2020 05:15:01 PM
An update that fixes one vulnerability is now available.

SUSE: 2020:2173-1 moderate: perl-XML-Twig>

Friday 7th of August 2020 05:14:13 PM
An update that fixes one vulnerability is now available.

More in Tux Machines

Fedora: LTO, Nest and More

  • Fedora 33 Moving Closer To LTO-Optimizing Packages

    Going back to last year Fedora has been working to enable link-time optimizations by default for their packages. That goal wasn't achieved for Fedora 32 but for Fedora 33 this autumn they still have chances of marking that feature off their TODO list.  LTO'ing the Fedora package set can offer not only performance advantages but in some cases smaller binaries as well. This is all about applying the compiler optimizations at link-time on the binary as a whole for yielding often sizable performance benefits and other optimizations not otherwise possible. LTO is great as we often show in benchmarks, especially in the latest GCC and LLVM Clang compilers. 

  • Zamir SUN: Report for session 1 of FZUG @ Nest with Fedora

    Last month, Alick suggested the Fedora Zhongwen User Group (FZUG) can do a online meetup during Nest with Fedora. And based on the survey, people registered for two time slots, the first one is 9:00 PM Saturday evening UTC+8 which is not a good time for Alick, so I take up the coordinating role for this session. As for the tool, we decided to use Jitsi, as it should work fine for most of us and do not have any limitations. What’s more, it’s totally open source. During the meeting, I firstly introduced Nest with Fedora and it’s previous offline version, Flock to Fedora, to the attendees. It’s interesting to see that during the past years, we not only have new users in China, but also new contributors. One attendee shares that his motivation of being a packager is that deploying packages for their research in the lab is cumbersome before. So he decided to package all into Fedora and then he can just simply install them on every machine. It is good to know that people contribute back because they want to solve their own problems. Maybe this can be a talking point to attract more contributors in the future. After the self introduction, we continue by sharing our interesting stores with Linux. That is a lot of fun.

  • Jon Chiappetta: Last piece of relay software needed for my home bridged network

    If you are running a bridged/relayd network with macs on it you may need to also forward the multicast broadcasts (mDNS related) that allow the devices to automatically discover each other. On the WRT wifi client side, there is a pkg called avahi-daemon and you can configure to operate in “reflector” mode to forward these broadcasts across the specified interfaces. Running this service along with the dhcprb C program which takes care of layer 2 arp requests & dhcp gateway forwarding has been pretty smooth so far!

Perl Programming: Exercises and DocKnot Release

  • The [Perl] Weekly Challenge #072

    I am glad, this week focus was more Array/List related. Technical speaking Array and List aren’t the same in Perl. I must admit until I read the article by brian d foy, I thought they were the same. As the famous saying, you learn something new every day.

  • Perl Weekly Challenge 72: One-Liners for Trailing Zeros and Line Ranges

    These are some answers to the Week 72 of the Perl Weekly Challenge organized by Mohammad S. Anwar. Spoiler Alert: This weekly challenge deadline is due in a few hours. This blog post offers some solutions to this challenge, please don’t read on if you intend to complete the challenge on your own.

  • Russ Allbery: DocKnot 3.05

    I keep telling myself that the next release of DocKnot will be the one where I convert everything to YAML and then feel confident about uploading it to Debian, and then I keep finding one more thing to fix to release another package I'm working on. Anyway, this is the package I use to generate software documentation and, in the long run, will subsume my static web site generator and software release workflow. This release tweaks a heuristic for wrapping paragraphs in text documents, fixes the status badge for software with Debian packages to do what I had intended, and updates dependencies based on the advice of Perl::Critic::Freenode.

Review: Zentyal Server 6.2

Zentyal is an Ubuntu-based server distribution which is designed to be easy to set up and then manage using a friendly, web-based interface. The distribution targets small and medium office and business environments. The Zentyal distribution is intended to take on such tasks a as a storage server, Internet gateway, or to provide other office IT infrastructure - all through a convenient, point-n-click web portal. The latest version of Zentyal is based on Ubuntu 18.04.4 and mostly features minor updates. There are new anti-virus packages, improved DNS management, easier management of hard drives, and the AppArmor security software is enabled by default. The download for Zentyal is 1GB in size and is available for 64-bit (x86_64) machines only. Booting from the install media brings up a menu asking us to select our preferred language from a list. Then we are given the choice of wiping the hard drive and installing Zentyal or launching an expert installer. Both menu options launch a text-based installer which should be familiar to people who have set up Ubuntu Server or used Debian's text installer. [...] After my second failed attempt at using Zentyal, and some troubleshooting, I came to the realization the distribution was not going to work as expected and put it aside. According to the documentation, I should be able to simply install the distribution and connect to it using a web browser, but this did not work, either locally or over the LAN. This was disappointing as I have used Zentyal in the past and generally had positive experiences with it. I've even recommended the distribution to a few people who wanted to run a light office server with an easy, point-n-click interface. I have three theories as to why Zentyal did not work for me this time around. One is that the documentation is out of date (or updated in places I'm not looking) and additional steps are now required to set up the web portal service. The second is that there is a bug in the web portal software that is preventing it from running. Personally, I suspect neither of these are true and, instead, something (or multiple somethings) are going wrong during the setup phase. While the installer appears to finish copying its files to my hard drive and reports it is done, the fact the system does not shut down cleanly afterwards suggests something is not finished in the background. The shutdown services never conclude and, while disk and CPU activity was virtually non-existent all twenty minutes I waited, I suspect additional configuration steps were supposed to be happening during that time. It is hard to say for certain though since no status messages are displayed and the installer claims to be finished. I would also consider it odd for services to be enabled during the shutdown phase of the live media, but stranger things have happened. Whatever the case, Zentyal did not work for me and, unfortunately, did not display any errors or status messages which would help explain why. The documentation, while normally helpful, did not offer any tips to help me get going. In the past Zentyal has proven to be easy for me to use, but this version has left me with a server-sized void to fill. Read more

Python Programming