Find the information you need for your favorite open source distribution .
Previous versions permit a local user to copy any file to anywhere which is writable bythe uucp uid, which effectively means that a local user can completelysubvert the UUCP subsystem, including stealing mail, etc.
With the current version of wmtv, theconfiguration file is written back as the superuser, and without anyfurther checks. A mailicious user might use that to damage importantfiles
Unfortunately the patch used to fix that problem broke rsync.This has been fixed in version 2.3.2-1.5 and we recommend youupgrade to that version immediately.
The pic command was vulnerable to a printf format attackwhich made it possible to circumvent the `-S' option and executearbitrary code.
There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely.
The i386 package mention in the DSA-089-1 advisory was incorrectlycompiled and will not run on Debian GNU/Linux potato machines. Thishas been corrected in version 1.3.10-1.1.
The version of enscript (a tool to convert ASCII text to differentformats) has been found to create temporary files insecurely.
Basically, this is the same Security Advisory as DSA 102-1, exceptthat the uploaded binary packages really fix the problem this time.
zen-parse found a bug in the current implementation of at which leadsinto a heap corruption vulnerability which in turn could potentiallylead into an exploit of the daemon user.
Attackers may trick "sudo" to log failed sudo invocations executing the sendmail program with root-privileges and not completely cleaned environment.
Larry McVoy found a bug in the packet handling code for the CIPEVPN package: it did not check if a received packet was too shortand could crash.
A buffer overflow has been found in the globbing code for glibc.This code which is used to glob patterns for filenames and iscommonly used in applications like shells and FTP servers.
It is possible to trick XChat IRC clients into sending arbitrarycommands to the IRC server they are on, potentially allowing socialengineering attacks, channel takeovers, and denial of service.
GOBBLES found a buffer overflow in gzip that occurs when compressingfiles with really long filenames. Even though GOBBLES claims to havedeveloped an exploit to take advantage of this bug, it has been saidby others that this problem is not likely to be exploitable as othersecurity incidents.
libgtop_daemon runs as user nobody both bugs could be usedto gain access as the nobody user to a system running libgtop_daemon.
The sparc binary for the mutt security fix described in DSA-096-1is now available.
The bug's effect is that, instead of obeying the correctpipe command, a broken Exim runs the command encoded in the local partof the address.
Joost Pol found a buffer overflow in the address handling code ofmutt (a popular mail user agent). Even though this is a one byteoverflow this is exploitable.
Among other problems, the gpm-root program contains a format stringvulnerability, which allows an attacker to gain root privileges.
Barry A. Warsaw reported several cross-site scripting security holesin Mailman, due to non-existent escaping of CGI variables.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
