Here is a roundup of last week's Linux security updates for Arch Linux, AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
The PostgreSQL JDBC team has released version 42.7.7 to address CVE-2025-49146. This update prevents incorrect connection progress when using non-channel binding authentication methods, which could potentially allow a man-in-the-middle attacker to intercept connections.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
A new version of the OWASP CRS for ModSecurity or similar web application firewalls has come out with improvements and new ways to detect issues, including adding User-Agent and Referer to the targets, updating java-classes.data, and adding ways to block database YAML files. Other changes include fixing false positives with title_strip_tags, removing the self command, getting rid of the rc shell, eliminating unnecessary character classes, and adding word endings to the Unix command sendmail. You can find the full list of changes in the coreruleset/coreruleset release. Additional modifications involve addressing false positives with title_strip_tags, eliminating the self command, removing the rc shell, discarding unnecessary character classes, and incorporating word endings into the Unix command sendmail.
Here is a roundup of last week's Linux security updates for Arch Linux, AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
Here is a roundup of last week's Linux security updates for Arch Linux, AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
IPFire 2.29 - Core Update 195 has been released for testing. The update features a comprehensive interface designed for the configuration and management of WireGuard tunnels via the web user interface. WireGuard serves as a versatile solution for both net-to-net and host-to-net VPN connections, offering a streamlined alternative to IPsec and OpenVPN. The configuration process is simple, and the IPFire implementation features complete integration within the firewall GUI. It supports multiple peers, includes a QR code display, offers a connection importer, and is compatible with the Intrusion Prevention System and Connection Tracking. The update incorporates enhancements to Pakfire, featuring the automatic updating of its SMART database with hard drive information.
IPFire 2.29 - Core Update 194 has been released and represents the most recent enhancement to the secure and high-performance open-source firewall. This update encompasses various enhancements and bug resolutions, prioritizing the improvement of security and usability while maintaining simplicity. The update reestablishes the IPFire kernel on Linux 6.12.23, incorporating enhancements for security and stability. Stephen Cuka made a significant update to the Pakfire page, enhancing controls and language translation. The firewall has been configured to permit outgoing connections utilizing an alias IP address, which will be NATed to the default IP address on RED. The process for renewing the IPsec host certificate now accurately updates internal files. The update encompasses enhancements to packages, add-ons, and Zabbix Server 6.x.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
The release of OWASP CRS 4.14.0 brings new features and detections, such as the ability to detect ASP web shells, compressed database dumps, and JavaScript methods. Other changes include fixing FPs related to rule 951220, blocking TTF font files, detecting forward slashes in paths, and removing .application from restricted extensions.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, SUSE Linux, and Ubuntu Linux.
IPFire 2.29 - Core Update 194 has been released for testing, introducing a variety of package updates, new features, and enhancements in security. The update reestablishes the IPFire kernel on Linux 6.12.23, enhancing security and stability. Stephen Cuka has made a significant update to the Pakfire page, enhancing controls and incorporating language translation features.
The release additionally encompasses enhancements for firewalls, improvements to the IPsec host certificate renewal processes, and the substitution of libidn. The update cover fixes for CVE-2024-8176, Zabbix Server 7.0.11 LTS, along with enhancements for add-ons such as Bacula, cifs-utils, FFmpeg, Git, mpd, mympd, OVMF, and Samba.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
IPFire 2.29 - Core Update 193 has been released, incorporating support for post-quantum cryptography within IPsec tunnels, along with a substantial update to the core toolchain. This update is an integral component of our continuous efforts to maintain the security, modernity, and efficiency of IPFire. IPsec tunnels now allow for secure key exchanges using the post-quantum Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), which is safe from attacks by those using quantum computers. This decision guarantees the utilization of modern cryptography whenever feasible, while ensuring that IPFire maintains compatibility with legacy solutions from various vendors. The standard selection of ciphers for newly established tunnels has been revised to incorporate AES-256 in either GCM or CBC mode, or ChaCha20-Poly1305 as the default option.
IPFire has been updated to utilize glibc and Binutils, essential components of the operating system, to produce the most efficient code that leverages the latest hardware capabilities. Recent updates include removing the old Botnet C2 blocklist from abuse.ch, improving the collection of firmware and microcodes, and fixing security issues related to INTEL-SA-01166, INTEL-SA-01139, INTEL-SA-01228, and INTEL-SA-01194, as well as correcting a bug with an incorrect serial number.
IPFire has been updated to utilize glibc and Binutils, essential components of the operating system, to produce the most efficient code that leverages the latest hardware capabilities. Recent updates include removing the old Botnet C2 blocklist from abuse.ch, improving the collection of firmware and microcodes, and fixing security issues related to INTEL-SA-01166, INTEL-SA-01139, INTEL-SA-01228, and INTEL-SA-01194, as well as correcting a bug with an incorrect serial number.
Here is a roundup of last week's Linux security updates for Arch Linux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, SUSE Linux, and Ubuntu Linux.
A new release candidate for the upcoming 1.7.0 release of the OpenSnitch GNU/Linux application firewall has been released for testing, showcasing enhanced integration with third-party software and resolving issues related to crashes when compiling unknown operator rules. The GUI has been enhanced with an upgraded popup layout and refined row selection. The release encompasses bug fixes, enhancements to the Weblate widget, and updates to the Indonesian translation.
Here is a roundup of last week's Linux security updates for Arch Linux, Debian GNU/Linux, Fedora Linux, Red Hat Enterprise Linux, SUSE Linux, and Ubuntu Linux.
