Find the information you need for your favorite open source distribution .
Khan Shirani discovered a format string vulnerability in gnats, the GNU problem report management system. This problem may be exploited to execute arbitrary code.
"infamous41md" discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim's machine.
Trustix developers discovered insecure temporary file creation in supplemental scripts in the gzip package which may allow local users to overwrite files via a symlink attack.
Luigi Auriemma discovered a buffer overflow condition in the playlist module of freeamp which could lead to arbitrary code execution. Recent versions of freeamp were renamed into zinf.
The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles.
A vulnerability has been discovered in the shadow suite which provides programs like chfn and chsh. It is possible for a user, who is logged in but has an expired password to alter his account information with chfn or chsh without having to change the password. The problem was originally thought to be more severe.
"infamous41md" noticed that the log functions in dhcp 2.x, which is still distributed in the stable Debian release, contained pass parameters to function that use format strings. One use seems to be exploitable in connection with a malicious DNS server.
Trustix developers discovered insecure temporary file creation in a supplemental script in the lvm10 package that didn't check for existing temporary directories, allowing local users to overwrite files via a symlink attack.
"infamous41md" discovered several buffer overflows in libxml and libxml2, the XML C parser and toolkits for GNOME. Missing boundary checks could cause several buffers to be overflown, which may cause the client to execute arbitrary code.
Chris Evans discovered several integer overflows in xpdf, a viewer for PDF files, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code.
Faheem Mitha noticed that the iptables command, an administration tool for IPv4 packet filtering and NAT, did not always load the required modules on it own as it was supposed to.
A buffer overflow vulnerability has been disovered in the wv library, used for converting and previewing word documents. On exploition an attacker could execute arbitrary code with the privileges of the user running the vulnerable application.
Carlos Barros has discovered a buffer overflow in the HTTP authentication routine of mpg123, a popular (but non-free) MPEG layer 1/2/3 audio player.
Trustix Security Engineers identified insecure temporary file creation in a script included in the postgresql suite, an object-relational SQL database. This could lead an attacker to trick a user to overwrite arbitrary files he has write access to.
Several security vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache.
A temporary file problem has been discovered in xlsview from the catdoc suite, convertors from Word to TeX and plain text, which could lead to local users being able to overwrite arbitrary files via a symlink attack on predictable temporary file names.
The upstream developers discovered a problem in cabextract, a tool to extract cabinet files. The program was able to overwrite files in upper directories. This could lead an attacker to overwrite arbitrary files.
Chris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document.
A problem has been discovered in ecartis, a mailing-list manager, which allows an attacker in the same domain as the list admin to gain administrator privileges and alter list settings.
Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
