Find the information you need for your favorite open source distribution .
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or an information leak.
Multiple security issues were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, which could result in denial of service, information disclosure or privilege escalation.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.
Tavis Ormandy discovered a memory leak flaw in the rfc822 group recipient parsing in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which could result in denial of service.
The update for gst-plugins-bad1.0 released as DSA 4833-1 choosed a package version incompatible with binNMUs and prevented upgrades to the fixed packages. Updated gst-plugins-bad1.0 packages are now available to correct this issue.
Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the
The update for flatpak released as DSA 4830-1 introduced regressions with flatpak build and in the extra-data mechanism. Updated flatpak packages are now available to correct this issue.
Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, a software-based Ethernet virtual switch, which could result in denial of service.
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure. For the stable distribution (buster), these problems have been fixed in
Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed media file is opened.
Andrew Wesie discovered a buffer overflow in the H264 support of the GStreamer multimedia framework, which could potentially result in the execution of arbitrary code.
Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.
Johan Smits discovered that ruby-redcarpet, a markdown parser, did not properly validate its input. This would allow an attacker to mount a cross-site scripting attack.
Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape).
A flaw was discovered in coturn, a TURN and STUN server for VoIP. By default coturn does not allow peers on the loopback addresses (127.x.x.x and ::1). A remote attacker can bypass the protection via a specially crafted request using a peer address of '0.0.0.0' and trick
Liaogui Zhong discovered two security issues in XStream, a Java library to serialise objects to XML and back again, which could result in the deletion of files or server-side request forgery when unmarshalling.
A security issue was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For the stable distribution (buster), this problem has been fixed in
Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code or HTTP request smuggling.
The update for minidlna released as DSA 4806-1 introduced a regression when purging the package. Updated minidlna packages are now available to correct this issue.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
