Find the information you need for your favorite open source distribution .
Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code.
Two heap overflows were fixed in the rsyslog logging daemon. CVE-2019-17041
Out-of-bounds read for an incomplete URI with an IPv6 address containing an embedded IPv4 address has been fixed in uriparser, a library to parse Uniform Resource Identifiers (URIs).
In rsync, a remote file-copying tool, remote attackers were able to bypass the argument-sanitization protection mechanism by passing additional --protect-args.
Several vulnerabilities were fixed in the OpenSC smart card utilities. CVE-2019-15945
Stack-based buffer over-reads for crafted NTLM requests were fixed in libntlm, a library that implements Microsoft's NTLM authentication. For Debian 9 stretch, this problem has been fixed in version
An infinite loop when --sparse is used with file shrinkage during read access was fixed in the GNU tar archiving utility. For Debian 9 stretch, this problem has been fixed in version
An out-of-bounds buffer read on truncated key frames in vp8_decode_frame has been fixed in libvpx, a popular library for the VP8 and VP9 video codecs. For Debian 9 stretch, this problem has been fixed in version
Several vulnerabilities were fixed in libvorbis, a popular library for the Vorbis audio codec. CVE-2017-14160
Several vulnerabilities were discovered in BlueZ, the Linux Bluetooth protocol stack. An attacker could cause a denial-of-service (DoS) or leak information.
Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, which could result in denial of service, information disclosure or side-channel attacks.
Two issues have been found in libmodbus, a library for the Modbus protocol. Both issues are related to out of bound reads, which could result in a
The security update of Salt, a remote execution manager, to fix CVE-2021-21996 introduced a regression in salt/fileclient.py which raised an unexpected exception and made file.managed states fail.
An authenticated remote attacker can execute arbitrary code in Firebird, a relational database based on InterBase 6.0, by executing a malformed SQL statement. The only known solution is to disable external UDF libraries from being loaded. In order to achieve this,
Jonathan Schlue discovered a vulnerability in Salt, a powerful remote execution manager. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
Two issues have been found in netkit-rsh, client and server programs for remote shell connections. Due to insufficient input validation in path names sent by server, a
An issue has been found in axis, a SOAP implementation in Java. The issue is related to a cross-site scripting (XSS) attack in the default servlet/services.
Two issues have been found in atftp, an advanced TFTP client. Both are related to sending crafted requests to the server and triggering a denial-of-service due to for example a buffer overflow.
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation.
Multiple issues have been discovered in ffmpeg - tools for transcoding, streaming and playing of multimedia files. CVE-2020-20445
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
