Find the information you need for your favorite open source distribution .
Apache's mod_python module could crash the httpd process if a specific, malformed query string was sent.
Identification of Honeyd installations allows an adversary to launch attacks specifically against Honeyd. No remote root exploit is currently known. [More...]
A critical security vulnerability has been found in recent Linux kernels which allows for local privilege escalation.
This release adds code to the CVS server to prevent it from continuing as root after a user login, as an extra failsafe against a compromise of the CVSROOT/passwd file.
Quote from : "Stable CVS 1.11.11 has been released. Stable releases contain only bug fixes from previous versions of CVS. This release adds code to [More...]
Two buffer overflow problems have been found in lftp, a multithreadedcommand-line based FTP client.
Two buffer overflow problems have been found in lftp, a multithreaded command-line based FTP client. A specially created directory on a web server could be used to execute arbitrary code on the connecting machine. The user's machine has to connect to a malicious web server using HTTP or [More...]
There is a remotely exploitable bug in xchat 2.0.6 that could lead to a denialof service attack. This is caused by sending a malformed DCC packet to xchat2.0.6, causing it to crash.
Two flaws have been found in GnuPG 1.2.3. First, ElGamal signing keys can be compromised. These keys are not commonly used. Quote from [More...]
Two flaws have been found in GnuPG 1.2.3 including a format string vulnerability and the compromise of ElGamal signing keys.
This release fixes a security issue with no known exploits that could cause previous versions of CVS to attempt to create files and directories in the filesystem root.
Quote from : Stable CVS 1.11.10 has been released. Stable releases contain only bug fixes from previous versions of CVS. This release fixes a [More...]
Lack of proper bounds checking exists in the do_brk() kernel function in Linux kernels prior to 2.4.23. This bug can be used to give a userland program or malicious service access to the full kernel address space and gain root privileges. This issue is known to be exploitable. [More...]
Rsync version 2.5.6 contains a vulnerability that can be used to run arbitrary code. The Gentoo infrastructure team has some reasonably good forensic evidence that this exploit may have been used in combination with the Linux kernel brk vulnerability (see GLSA 200312-02) to exploit a [More...]
Lack of proper bounds checking exists in the do_brk() kernel function inLinux kernels prior to 2.4.23. This bug can be used to give a userlandprogram or malicious service access to the full kernel address space andgain root privileges. This issue is known to be exploitable.
Rsync version 2.5.6 contains a vulnerability that can be used to runarbitrary code. The Gentoo infrastructure team has some reasonably goodforensic evidence that this exploit may have been used in combination withthe Linux kernel brk vulnerability (see GLSA 200312-02) to exploit arsync.gentoo.org rotation server (see GLSA-200312-01.)
On December 2nd at approximately 03:45 UTC, one of the servers that makes up the rsync.gentoo.org rotation was compromised via a remote exploit. At this point, we are still performing forensic analysis. However, the compromised system had both an IDS and a file integrity checker installed and we have a [More...]
phpSysInfo contains two vulnerabilities which could allow local files to beread or arbitrary PHP code to be executed, under the privileges of the webserver process.
There is a bug in the part of libnids code responsible for TCP reassembly.The flaw probably allows remote code execution.
A bug in the getgrouplist function can cause a buffer overflow if the size ofthe group list is too small to hold all the user's groups. This overflow cancause segmentation faults in user applications. This vulnerability existsonly when an administrator has placed a user in a number of groups largerthan that expected by an application.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
