A bug was discovered in versions older than 0.8.6 that is believed to be exploitable by malicious server admins to crash clients or, if they defeat mitigations, execute arbitrary code. No working exploit code is known to exist at this time, See referenced release notes for other changes.
Remote unauthenticated attacker may redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. (CVE-2023-28370) References:
Forwarding proxy credentials to the destination server unintentionally (CVE-2023-32681) References: - https://bugs.mageia.org/show_bug.cgi?id=32032
The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. (CVE-2023-32307) References:
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. (CVE-2016-6153)
Denail of service through excessive use of memory. (CVE-2023-2253) References: - https://bugs.mageia.org/show_bug.cgi?id=32017 - https://www.debian.org/security/2023/dsa-5414
Buffer overflows in InitExt.c in libX11 prior to 1.8.6. (CVE-2023-3138) References: - https://bugs.mageia.org/show_bug.cgi?id=32015 - https://lists.x.org/archives/xorg-announce/2023-June/003406.html
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. (CVE-2023-2602) A vulnerability was found in libcap. This issue occurs in the _libcap_strdup()
Bundled PapaParse copy in VisualEditor has known ReDos (CVE-2020-36649). An issue was discovered in MediaWiki before 1.35.9. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users.
Multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. (CVE-2023-33204) References:
This kernel-linus update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs
This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs
Click-jacking certificate exceptions through rendering lag (CVE-2023-34414) Memory safety bugs fixed in Thunderbird 102.12 (CVE-2023-34416) References: - https://bugs.mageia.org/show_bug.cgi?id=31996
Click-jacking certificate exceptions through rendering lag. (CVE-2023-34414) Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12. (CVE-2023-34416)
A heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function 'format_log_line' could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file 'cupsd.conf' sets the value of
Out-of-bounds read (CVE-2023-28204) Use-after-free issue (CVE-2023-32373) References: - https://bugs.mageia.org/show_bug.cgi?id=31986
Cookie exposure to third parties (CVE-2022-24737) References: - https://bugs.mageia.org/show_bug.cgi?id=30188 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/R5VYSYKEKVZEVEBIWAADGDXG4Y3EWCQ3/
Possible DoS translating ASN.1 object identifiers. (CVE-2023-2650) References: - https://bugs.mageia.org/show_bug.cgi?id=31981 - https://www.openssl.org/news/secadv/20230530.txt
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less
Client 'session' cookie sent to other clients (CVE-2023-30861) References: - https://bugs.mageia.org/show_bug.cgi?id=31953 - https://lists.suse.com/pipermail/sle-security-updates/2023-May/014935.html
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
