Assertion failure in BPMDetect class in BPMDetect.cpp (CVE-2018-17096). Out-of-bounds heap write in WavOutFile::write() (CVE-2018-17097). Heap corruption in WavFileBase class in WavFile.cpp (CVE-2018-17098). References:
It was discovered that mishandled search requests in servers/slapd/search.c:do_search() in 389-ds-base allows for denial of service (CVE-2018-14648). References:
mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example,
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption (CVE-2018-16843). nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the
Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message (CVE-2018-17141).
Due to incorrect input handling, Squid is vulnerable to a Cross-Site Scripting vulnerability when generating HTTPS response messages about TLS errors (CVE-2018-19131). Due to a memory leak in SNMP query rejection code, Squid is vulnerable
Hanno B?ck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service (CVE-2018-14679, CVE-2018-14680). Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ
This update fixes various security vulnerabilities affecting the SDL2_image library, listed below. The fixes are provided in SDL2_image 2.0.4, which depends on SDL2 2.0.8 or later. As such, the SDL2 and SDL2_mixer libraries are also updated to their current stable releases, providing various bug fixes and features.
The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling (CVE-2018-16554).
A flaw was found in gdal up to version 2.3.0. A Heap-buffer-overflow in GTiffOddBitsBand::IReadBlock. A flaw was found in gdal. A Heap-buffer-overflow in NITFRasterBand::Unpack.
Updated php-pear-CAS packages fix security vulnerabilities: An XSS vulnerabilities has been fixed for proxy mode. References: - https://bugs.mageia.org/show_bug.cgi?id=23833
An important vulnerability in Adobe Flash Player 31.0.0.122 and earlier versions. Successful exploitation could lead to information disclosure. (CVE-2018-15978) References:
There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`.Applications that expect the scheme to be limited to "http" or "https" and do not escape the return value could be vulnerable to an XSS attack (CVE-2018-16471).
It was discovered that incorrect connection setup in the server for Teeworlds, an online multi-player platform 2D shooter, could result in denial of service via forged connection packets (rendering all game server slots occupied) (CVE-2018-18541). This update fixes it.
It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357).
A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches (CVE-2018-6951). A double-free flaw was found in the way the patch utility processed
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database (CVE-2018-1058).
Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname (CVE-2017-16228). References:
It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result (CVE-2018-10874). It was found that ansible.cfg is being read from the current working
It was discovered that opencc contained an out of bounds pointer in BinaryDict.cpp which could lead to segment fault and a Denial of Service (CVE-2018-16982). References:
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
