| 2:51p |
Security updates for Monday
Security updates have been issued by CentOS (dovecot, kernel, and qemu-kvm), Debian (cimg, cups, e2fsprogs, exim4, file-roller, golang-1.11, httpie, and wpa), Fedora (curl, ghostscript, ibus, krb5, mod_md, and nbdkit), Mageia (chromium-browser-stable, libheif, and nghttp2), openSUSE (djvulibre, expat, libopenmpt, mosquitto, phpMyAdmin, and webkit2gtk3), Red Hat (nodejs:10), SUSE (gpg2), and Ubuntu (e2fsprogs and exim4). |
| 3:12p |
Exim 4.92.3 security release
Exim 4.92.3 has been released with a fix for CVE-2019-16928, a heap-based
buffer overflow in string_vformat that could lead to remote code
execution. "The currently known exploit uses a extraordinary long
EHLO string to crash the Exim process that is receiving the message. While
at this mode of operation Exim already dropped its privileges, other paths to
reach the vulnerable code may exist." |
| 7:33p |
The 5.4-rc1 kernel is out
Linus has tagged the 5.4-rc1 release, thus ending the merge window for this
development cycle. An apparent linux-kernel outage means that there is no
announcement to post yet; we'll do that as soon as it becomes available.
Meanwhile, though, everything can be seen in his repository. |