Find the information you need for your favorite open source distribution .
MIMEDefang 2.81 Sys::Syslog has a developer tag added (like 0.33_01 on Debian Stretch). * Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid an unprivileged user tampering with the pidfiles. Thanks to Michael Orlitzky for pointing this issue out.
**Version 1.3.0** It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are: * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing.
**passwd 5.0.7** * [jan] Officially support PHP 7. * [jan] SECURITY: Fix open redirects.
**wicked 2.0.8** * [jan] SECURITY: Fix unauthorized access to page attachments.
**nag 4.2.17** * [jan] SECURITY: Fix unauthorized access to task exports. * [jan] Fix regression when exporting single tags to iCalendar CATEGORIES. * [jan] Officially support PHP 7.
**Version 2.2.5** - 2017-08-30 * **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** * **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386:
Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections.
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections.
- CVE-2017-14520 Floating point exception in Splash::scaleImageYuXd
These releases are about hardening `git shell` that is used on servers against an unsafe user input, which `git cvsserver` copes with poorly. From the release notes: * "git cvsserver" no longer is invoked by "git shell" by default, as it is old and largely unmaintained. * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to
This release fixes a crash when parsing an empty code string of a codewscope type.
This release fixes a crash when parsing an empty code string of a codewscope type.
The 4.12.14 stable kernel update contains a number of important fixes across the tree.
The 4.13.3 stable update contains a number of important fixes across the tree.
This update fixes CVE-2017-14348. ---- This update fixes CVE-2017-13735.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
