Find the information you need for your favorite open source distribution .
An ACL bypass flaw was found in pacemaker, a cluster resource manager. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
Two vulnerabilities were discovered in moin, a Python clone of WikiWiki. CVE-2020-15275
The ppp de-capsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. The buffer should be big enough to hold the captured data, but it
It was discovered that ZeroMQ, a lightweight messaging kernel library does not properly handle connecting peers before a handshake is completed. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket
A heap-based buffer over-read has been found in libmaxminddb, an IP geolocation database library. This could be exploited when the mmdblookup tool is used to open a specially crafted database file.
golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.
A privilege escalation was discovered in Sympa, a modern mailing list manager. It is fixed when Sympa is used in conjunction with common MTAs (such as Exim or Postfix) by disabling a setuid executable, although no fix is currently available for all environments (such as
For Debian 9 stretch, these problems have been fixed in version 0.48.0-2+deb9u4. We recommend that you upgrade your poppler packages.
In libexif/exif-entry.c, through libexif 0.6.21-2+deb9u4, compiler optimization could remove a buffer overflow check, making a buffer overflow possible with some EXIF tags.
The server component of Apache Guacamole, a remote desktop gateway, did not properly validate data received from RDP servers. This could result in information disclosure or even the execution of arbitrary code.
Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-13224
Vaisha Bernard discovered that Blueman, a graphical bluetooth manager performed insufficient validation on a D-Bus interface, which could result in denial of service or privilege escalation.
There were several vulnerabilites reported against wordpress, as follows: CVE-2020-28032
In junit4 the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client (spice-gtk) and server are affected by
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1.
A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash)
tzdata, the time zone and daylight-saving time data, has been updated to the latest version. - Revised predictions for Morocco's changes starting in 2023.
Several vulnerabilities were fixed in the Wireshark network protocol analyzer. CVE-2019-10894
Malformed SVG images were able to cause a segmentation fault in qtsvg-opensource-src, the QtSvg module for displaying the contents of SVG files in Qt.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
