The chromium-browser-stable package has been updated to the 116.0.5845.140 release, fixing 5 vulnerabilities. High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02
A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. (CVE-2023-2908)
It was discovered that python-pypdf2 contained a vulnerability whereby an attacker can craft a PDF which leads to unexpected long runtime. (CVE-2023-36810). References:
AES-SIV implementation ignores empty associated data entries. (CVE-2023-2975) Excessive time spent checking DH keys and parameters. (CVE-2023-3446)
Null pointer dereference in ber_memalloc_x() function (CVE-2023-2953) References: - https://bugs.mageia.org/show_bug.cgi?id=32073 - https://ubuntu.com/security/notices/USN-6197-1
This kerne-linusl update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors
This kernel update is based on upstream 5.15.126 and fixes or adds mitigations for atleast the following security issues: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors
This update adds initial microcode updates for AMD and Intel CPUs for the following security issues: AMD:
Libxml - GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) Phar - GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()) (CVE-2023-3824)
Out-of-bounds read due to insufficient length checks in winbindd_pam_auth_crap.c (CVE-2022-2127) Improper SMB2 packet signing mechanism leading to man in the middle risk (CVE-2023-3347) Infinite loop vulnerability was found in Samba's mdssvc RPC service for
A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. (CVE-2022-24834) References:
Memory leak. (CVE-2022-23471) Denial of service with maliciously crafted image with a large file (CVE-2023-25153) Security bypass due to improper supplementary group handling. (CVE-2023-25173)
Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information (CVE-2023-20593, also known as Zenbleed).
This kernel-linus update is based on upstream 5.15.122 and fixes atleast the following security issues: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another
This kernel update is based on upstream 5.15.122 and fixes atleast the following security issue: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n
Denial of service due to memory or disk exhaustion. (CVE-2022-1708) References: - https://bugs.mageia.org/show_bug.cgi?id=30526 - https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j
This update provides the upstream 7.0.10 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 7.0.10 contains an easily exploitable vulnerability that allows high privileged attacker
This kernel-linus update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the
This kernel update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
