Find the information you need for your favorite open source distribution .
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution.
vorbis-tools is vulnerable to multiple issues that can result in denial of service. CVE-2014-9638
Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing.
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167
CVE-2017-7375 Missing validation for external entities in xmlParsePEReference CVE-2017-9047
Multiple denial of services vulnerabilities have been identified in libarchive when manipulating specially crafted archives. CVE-2016-10209
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to
The security update announced as DLA-993-1 caused regressions for some applications using Java - including jsvc, LibreOffice and Scilab - due to the fix for CVE-2017-1000364. Updated packages are now available to correct this issue. For reference, the relevant part of the original
It was reported that unrar fixed a VMSF_DELTA memory corruption issue in their latest version unrarsrc-5.5.5.tar.gz. This problem was reported to Sophos AV in 2012 but never reach upstream rar.
Sebastian Krahmer from SUSE discovered that smb4k, a Samba (SMB) share advanced browser, contains a logic flaw in which the mount helper binary does not properly verify the mount command it is being asked to run.
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution.
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service if malformed MNG, JNG, ICON, PALM, MPC,
CVE-2017-1000381 The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response
It was discovered that there were multiple out-of-bounds memory read vulnerabilities in openvpn, a popular virtual private network (VPN) daemon. If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries.
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the
CVE-2017-8400 In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf.
CVE-2017-5974 Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
