An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed (CVE-2020-24330). An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started
This kernel update is based on upstream 5.10.46 and fixes atleast the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an
This kernel-linus update is based on upstream 5.10.46 and fixes atleast the following security issues: In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately (CVE-2021-33560). References:
Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it (CVE-2021-34548).
A heap-based buffer overflow was found in openjpeg. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg (CVE-2021-3575). References:
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences (CVE-2021-20231). A flaw was found in gnutls. A use after free issue in client_send_params in
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c (CVE-2020-36277). Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c (CVE-2020-36278).
A vulnerability was found in the iconv program provided by glibc when it's invoked with the -c option. It can enter an infinite loop while parsing an invalid multi-byte sequence (CVE-2016-10228). References:
A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local attacker could exploit this flaw to escalate their privileges on the system
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability (CVE-2020-27840).
Updated graphicsmagick packages fix security vulnerabilities: The graphicsmagick package has been updated to version 1.3.36, fixing several security issues and other bugs. See the upstream NEWS file for details.
A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case (CVE-2019-20052). References: - https://bugs.mageia.org/show_bug.cgi?id=27969
Updated stunnel package fixes security vulnerability: Client certificate not correctly verified when redirect and verifyChain options are used (CVE-2021-20230).
The kernel-linus update in MGASA-2021-0258 contained some security fixes that caused regressions in atleast some container and chroot setups. This update provides upstream 5.10.45 that adds follow-up fixes to resolve the regressions and other various security-related and other bugfixes.
The kernel update in MGASA-2021-0257 contained some security fixes that caused regressions in atleast some container and chroot setups. This update provides upstream 5.10.45 that adds follow-up fixes to resolve the regressions and other various security-related and other bugfixes.
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing
mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of- service (DoS) condition via unspecified vectors (CVE-2021-20718). References: - https://bugs.mageia.org/show_bug.cgi?id=29103
The DVB-S2-BB dissector could go into an infinite loop. References: - https://bugs.mageia.org/show_bug.cgi?id=29088 - https://www.wireshark.org/security/wnpa-sec-2021-05
An issue allowing to cause crash and locked screen bypass (CVE-2021-34557). References: - https://bugs.mageia.org/show_bug.cgi?id=29086 - https://www.openwall.com/lists/oss-security/2021/06/05/1
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
