Find the information you need for your favorite open source distribution .
Steve Kemp discovered a buffer overflow in xconq, in processing theUSER environment variable. In the process of fixing this bug, asimilar problem was discovered with the DISPLAY environmentvariable.
sup fails to take appropriate securityprecautions when creating temporary files.
fdclone creates a temporary directory in /tmp as a workspace.However, if this directory already exists, the existing directory isused instead, regardless of its ownership or permissions.
The transparent session ID feature in the php4 package does notproperly escape user-supplied input before inserting it into thegenerated HTML page.
The falconseye package is vulnerable to a buffer overflow exploited via a long '-s' command line option.
traceroute-nanog, contains an integer overflow bug which could be exploited toexecute arbitrary code.
The logging code in nfs-utils contains an off-by-one buffer overrunwhen adding a newline to the string being logged.
The SQL modules do not properlyescape user-supplied strings before using them in SQL queries.
There are two vulnerabilities which could allow local files to be read,or arbitrary PHP code to be executed, under the privileges of the webserver process (usually www-data).
A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters.
Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option.
skk does not take appropriate security precautions when creating temporary files.
A malicious Oz program could execute arbitrary codeunder the uid of a user running a MIME-aware client program if theuser selected a file .
liece, does not take appropriate securityprecautions when creating temporary files.
due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee.
due to a combination of administrative problems, this advisorywas erroneously released with the identifier "DSA-338-1". DSA-338-1correctly refers to an earlier advisory regarding proftpd.
x-face-el does not take appropriate security precautions when creating temporary files.
semi, a MIME library for GNU Emacs, does not take appropriate security precautions when creating temporary files.
Viliam Holub discovered a bug in gtksee whereby, when loading PNG images of certain color depths, gtksee would overflow a heap-allocated buffer.
This advisory is being released as a factual correction to DSA-336-1.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
