Find the information you need for your favorite open source distribution .
Multiple security issues were discovered in mruby, a lightweight implementation of the Ruby language CVE-2017-9527
Smarty3, a template engine for PHP, allowed template authors to run restricted static php methods. The same authors could also run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Several issues were discovered in OpenVPN, a Virtual Private Network server and client, that could lead to authentication bypass when using deferred auth plugins.
The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling.
It was discovered that the implementation of UntypedObjectDeserializer in jackson-databind, a fast and powerful JSON library for Java, was prone to a denial of service attack when deeply nested object and array values were processed.
A security vulnerability was found in Ghostscript, the GPL PostScript/PDF interpreter. It was discovered that some privileged Postscript operators remained accessible from various places. For instance a specially crafted PostScript file could use this flaw in order to have access to the file
An issue has been found in tinyxml, a C++ XML parsing library. Crafted XML messages could lead to an infinite loop in
Three issues have been found in libarchive, a multi-format archive and compression library.
Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS) or invalid cryptographic computation.
Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS) or invalid cryptographic computation.
Jaime Frey discovered a flaw in HTCondor, a distributed workload management system. An attacker need only have READ-level authorization to a vulnerable daemon using the CLAIMTOBE authentication method. This means they are able to run tools like condor_q or condor_status. Many pools do not restrict who can
Multiple vulnerabilities have been discovered in abcm2ps: program which translates ABC music description files to PostScript. CVE-2018-10753
Several issues have been found in fribidi, a free Implementation of the Unicode BiDi algorithm. The issues are related to stack-buffer-overflow, heap-buffer-overflow, and a SEGV.
Several security vulnerabilities have been discovered in lrzip, a compression program. Invalid pointers, use-after-free and infinite loops would allow attackers to cause a denial of service or possibly other unspecified impact via a crafted compressed file.
Several security vulnerabilities have been discovered in zabbix, a network monitoring solution. An authenticated user can create a link with reflected Javascript code inside it for graphs, actions and services pages and send it to other users. The payload can be executed only with a known CSRF token value of
A flaw was found in usbguard, an USB device authorization policy framework. When using the usbguard-dbus daemon an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version
An arbitrary-file-write vulnerability was discovered in xz-utils, which provides XZ-format compression utilities. For Debian 9 stretch, this problem has been fixed in version
An arbitrary-file-write vulnerability was discovered in gzip, which provides GNU compression utilities. For Debian 9 stretch, this problem has been fixed in version
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
