Find the information you need for your favorite open source distribution .
Improvements for 3.1.3.1: - [security] HTTP Response Splitting and file inclusion vulnerabilities - [security] XSS vulnerability on export page -[security] Insufficient output sanitizing when generating configuration file
This update fixes a security issue in the expo plugin which allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts.
Fixes important lcms security bug which gives unwarranted access to malicious users.
Fixes important lcms security bug which gives unwarranted access to malicious users.
Some patches that was collected in the fedora package have just been submitted upstream. Changes are hight that this update can be superseeded by a beta3 or a stable release from upstream.
Update to PostgreSQL 8.3.7, for various fixes described at https://www.postgresql.org/docs/8.3/release-8-3-7.html
Update to PostgreSQL 8.3.7, for various fixes described at https://www.postgresql.org/docs/8.3/release-8-3-7.html
Some patches that was collected in the fedora package have just been submitted upstream. Changes are hight that this update can be superseeded by a beta3 or a stable release from upstream.
Security update for integer overflows (CVE-2009-0583) and upper bounds checks (CVE-2009-0584) in the ICC profile handling.
Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled.
Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled.
Security update for integer overflows (CVE-2009-0583) and upper bounds checks (CVE-2009-0584) in the ICC profile handling.
Security update fixing CVE-2008-3972, CVE-2008-2235, and CVE-2009-0368.
This update fixes two security issues: Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582)
This update fixes two security issues: Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582)
Minor security issues are fixed in new version of wireshark. Security-related bugs in the Tektronix K12 and NetScreen file formats have been fixed.
* Fix local file access bug in internal http server * Optimized implementation of the ip_set module
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
