Find the information you need for your favorite open source distribution .
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
debian-security-support, the Debian security support coverage checker, has been updated in buster-security to mark the end of life of the following packages: * gnupg1: see #982258.
This update includes the latest changes to the leap second list, including an update to its expiry date, which was set for the end of December.
Rene Rehme discovered a cross-site scripting (XSS) vulnerability in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could allow a remote attacker to load arbitrary JavaScript code from attachment preview/download via crafted Content-Type and/or
Issues were found in ncurses, a collection of shared libraries for terminal handling, which could lead to denial of service. CVE-2021-39537
Multiple vulnerabilties have been found in Amanda,a backup system designed to archive many computers on a network to a single large-capacity tape drive. The vulnerabilties potentially allows local privilege escalation from the backup user to root or leak information
An issue (CVE-2022-48521) was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address
zbar, a barcode and qrcode scanner was vulnerable. CVE-2023-40889
[ NB: The original message sent included the wrong DLA reference ID. This message corrects the reference ID in the subject line. Everything else about the content of the former message, including the CVE identified as fixed and the version of the package in which it is fixed,
Two vulnerabilities in the MMS over HTTP protocol have been fixed in the VLC media player, which has also been upgraded to the latest upstream version. CVE-2023-47359
Phan Nguyên Long discovered an Open Redirect vulnerability in horizon, a web application to control an OpenStack cloud, which could lead to phishing.
Multiple issues were found in libde265, an open source implementation of the h.265 video codec. CVE-2023-27102
File parsing heap buffer overflow was fixed in gimp-dds, a DDS (DirectDraw Surface) plugin for GIMP. For Debian 10 buster, this problem has been fixed in version
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version
An issue has been found in gst-plugins-bad1.0, which contains several GStreamer plugins from the "bad" set. The issue is related to use-after-free of some pointers within the MXF
postgresql-mulicorn python version was non conformant to PEP440, and may break unreleated software like pip, a python package manager, used for local development of python packages.
Multiple vulnerabilities were found in mediawiki, a website engine for collaborative work, that could lead to information disclosure, privilege escalation, or denial of service.
An issue has been found in minizip, a compression library. When using long filenames, an integer overflow might happen, which results in a heap-based buffer overflow in zipOpenNewFileInZip4_64().
Thomas Neil James Shadwell reported that cryptojs, a collection of cryptographic algorithms implemented in JavaScript, had default PBKDF2 settings 1000 times weaker than when specified back in 1993, and 1.3M times weaker than OWASP's current recommendations.
Vulnerabilities were found in opensc, a set of libraries and utilities to access smart cards, which could lead to application crash or PIN bypass.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
