Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryFedorabug fixFedora 30 Shotwell: FEDORA-2019-ac2a21ff07 Moderate: SELinux Stack Issue
This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-ac2a21ff07 2019-04-17 16:04:32.355044 --------------------------------------------------------------------------------Name : shotwell Product : Fedora 30 Version : 0.31.0 Release : 2.fc30 URL : https://wiki.gnome.org/Apps/Shotwell Summary : A photo organizer for the GNOME desktop Description : Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten. Shotwell's non-destructive photo editor does not alter your master photos, making it easy to experiment and correct errors. --------------------------------------------------------------------------------Update Information: This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy Meson, excepting packages for updates were already pending (in those cases, those updates have been edited instead). This includes gnome-initial-setup, which was affected by this problem, resulting in a[release-blocking bug](https://bugzilla.redhat.com/show_bug.cgi?id=1699099) that prevented it running correctly with SELinux in enforcing mode. --------------------------------------------------------------------------------References: [ 1 ] Bug #1699099 - gnome-initial-setup 3.32.0+ crashes due to SELinux denials (because it has execstack flag set, because meson 0.50.0 sets it when it shouldn't) https://bugzilla.redhat.com/show_bug.cgi?id=1699099 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-ac2a21ff07' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 17, 2019
Fedora
172
security advisoryupdatecriticalUbuntu 17.04: USN-3379-1 High Severity Vulnerability in Shotwell App
Shotwell could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-3379-1 August 07, 2017 shotwell vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Shotwell could be made to expose sensitive information over the network. Software Description: - shotwell: digital photo organizer Details: It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: shotwell 0.22.0+git20160108.r1.f2fb1f7-0ubuntu3.1 shotwell-common 0.22.0+git20160108.r1.f2fb1f7-0ubuntu3.1 Ubuntu 16.04 LTS: shotwell 0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1 shotwell-common 0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1 Ubuntu 14.04 LTS: shotwell 0.18.0-0ubuntu4.5 shotwell-common 0.18.0-0ubuntu4.5 In general, a standard system update will make all the necessary changes. References: CVE-2017-1000024 Package Information: 2fb1f7-0ubuntu3.1 2fb1f7-0ubuntu1.1 https://launchpad.net/ubuntu/+source/shotwell/0.18.0-0ubuntu4.5 . Affecting various Ubuntu releases, this notice highlights Shotwell's potential data vulnerability via network access, necessitating a prompt corrective action.. Shotwell Information Disclosure, Ubuntu Security Update, Shotwell Vulnerability. . LinuxSecurity.com Team
Aug 07, 2017
Ubuntu
89
security advisorysecurity updateFedoraFedora 24 Shotwell Security Advisory: Update for HTTPS Enhancements
This release turns on HTTPS encyption all over the publishing plugins. Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of Picasa and Youtube publishing are strongly advised to reauthenticate (Log out and back in) Shotwell to those services after upgrade. Changes in shotwell. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-ddee871dd1 2017-02-02 16:34:58.790356 -------------------------------------------------------------------------------- Name : shotwell Product : Fedora 24 Version : 0.24.5 Release : 1.fc24 URL : https://wiki.gnome.org/Apps/Shotwell Summary : A photo organizer for the GNOME desktop Description : Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten. Shotwell's non-destructive photo editor does not alter your master photos, making it easy to experiment and correct errors. -------------------------------------------------------------------------------- Update Information: This release turns on HTTPS encyption all over the publishing plugins. Usersusing Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of Picasa and Youtube publishing are strongly advised to reauthenticate (Log out and back in) Shotwell to those services after upgrade. Changes in shotwell 0.24.5 release: * Publishing: Use HTTPS consistently * Updated translations Changes in shotwell 0.24.4 release: * Piwigo: Fix title and comments for uploaded images * Fix icon file name for Serbian and Korean * Improved duplicatedetection -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade shotwell' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Feb 02, 2017
•Important
Fedora
89
security advisoryfedorasoftware updateFedora 25: Shotwell Security Update: Enhances HTTPS and Authentications
This release turns on HTTPS encyption all over the publishing plugins. Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of Picasa and Youtube publishing are strongly advised to reauthenticate (Log out and back in) Shotwell to those services after upgrade. Changes in shotwell. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-8c3c43cc4f 2017-02-02 16:35:20.084125 -------------------------------------------------------------------------------- Name : shotwell Product : Fedora 25 Version : 0.24.5 Release : 1.fc25 URL : https://wiki.gnome.org/Apps/Shotwell Summary : A photo organizer for the GNOME desktop Description : Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten. Shotwell's non-destructive photo editor does not alter your master photos, making it easy to experiment and correct errors. -------------------------------------------------------------------------------- Update Information: This release turns on HTTPS encyption all over the publishing plugins. Usersusing Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of Picasa and Youtube publishing are strongly advised to reauthenticate (Log out and back in) Shotwell to those services after upgrade. Changes in shotwell 0.24.5 release: * Publishing: Use HTTPS consistently * Updated translations Changes in shotwell 0.24.4 release: * Piwigo: Fix title and comments for uploaded images * Fix icon file name for Serbian and Korean * Improved duplicatedetection -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade shotwell' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Feb 02, 2017
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!