It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result (CVE-2018-10874). It was found that ansible.cfg is being read from the current working
It was discovered that opencc contained an out of bounds pointer in BinaryDict.cpp which could lead to segment fault and a Denial of Service (CVE-2018-16982). References:
An out-of-bounds read during parsing of a malformed manifest entry (CVE-2018-17983). References: - https://bugs.mageia.org/show_bug.cgi?id=23763
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. (CVE-2018-18661) References:
A NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup() allows for denial of service via crafted file (CVE-2018-13440). A Heap-based buffer overflow was found in Expand3To4Module::run when running sfconvert (CVE-2018-17095).
A flaw was found in iniparser version prior to 4.1. A stack buffer underflow in the function iniparser_load() in iniparser.c file which can be triggered by parsing a file that containing a zero-byte. This vulnerability may allow an attacker to cause a Denial of Service (DoS).
Updated cimg and gmic packages fix security vulnerabilities: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h (CVE-2018-7587).
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136).
The updated packages fix security vulnerabilities: It was found that the GnuTLS implementation of HMAC-SHA-256 and HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and
Updated mbedtls package fixes security vulnerabilities: Fixed a vulnerability in the TLS ciphersuites based on use of CBC and SHA-384 in DTLS/TLS 1.0 to 1.2, that allowed an active network attacker to partially recover the plaintext of messages under certains conditions
This update provides virtualbox 5.2.20 and fixes the following security vulnerabilities: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This
Updated gitolite package fixes security vulnerability: Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been
Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' (CVE-2018-0503). When a log event is (partially) hidden Special:Redirect/logid can link
Dancer2 0.206000 addresses several potential security issues. There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. Parsing requests now uses HTTP::Entity::Parser which reduces the amount of code needed
The python-cryptography and python-cryptography-vectors packages have been updated to version 2.3.1 and fixes the following security issue: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to
Updated lighttpd package fixes security vulnerabilities: Potential path traversal with specific configs or in some use cases in mod_alias.
Updated axis packages fix security vulnerability: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services (CVE-2018-8032).
Updated dnsmasq packages fix a security issue Upstream dnsmasq run as nobody user which could lead to security issue if multiple services run as this same user.
Updated samba packages fix security vulnerabilities: A malicious server could return a directory entry that could corrupt libsmbclient memory (CVE-2018-10858).
The updated packages fix security vulnerabilities: An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
