Find the information you need for your favorite open source distribution .
ProFTPD's PostgreSQL authentication module is vulnerable to a SQL injection attack.
A number of vulnerabilities have been discovered in the Linux kernel.
mantis, a PHP/MySQL web based bug tracking system, stores the passwordused to access its database in a configuration file which isworld-readable.
Thisvulnerability could be exploited by a local user to create oroverwrite files with the privileges of another user who is invoking a program using this library.
This advisory provides corrected source code for Linux 2.4.17, andcorrected binary kernel images for the mips and mipsel architectures.Other versions and architectures will be covered by separateadvisories.
acm, a multi-player aerial combat simulation, uses a network protocolbased on the same RPC implementation used in many C libraries. Thisimplementation was found to contain an integer overflow vulnerabilitywhich could be exploited to execute arbitrary code.
Steve Kemp discovered several buffer overflows in xgalaga, a game,which can be triggered by a long HOME environment variable. Thisvulnerability could be exploited by a local attacker to gain gid'games'.
tcptraceroute is a setuid-root program which drops root privileges after obtaining a file descriptor used for raw packet capture. However, it did not fully relinquish all privileges, and in the event of an exploitable vulnerability, root privileges could be regained.
Steve Kemp discovered that osh, a shell intended to restrict the actions of the user, contains two buffer overflows, in processing environment variables and file redirections. These vulnerabilities could be used to execute arbitrary code, overriding any restrictions placed on the shell.
webfs, a lightweight HTTP server for static content, contains a buffer overflow whereby a long Request-URI in an HTTP request could cause arbitrary code to be executed.
eldav, a WebDAV client for Emacs, creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of the user running emacs and eldav.
Steve Kemp discovered several buffer overflows in xbl, a game, which can be triggered by long command line arguments. This vulnerability could be exploited by a local attacker to gain gid 'games'.
Orville Write, a replacement for the standard write(1) command, contains a number of buffer overflows. These could be exploited to gain either gid tty or root privileges, depending on the configuration selected when the package is installed.
Several of the packet dissectors in ethereal contain string handlingbugs which could be exploited using a maliciously crafted packet tocause ethereal to consume excessive amounts of memory, crash, orexecute arbitrary code.
Multiple vulnerabilities including a buffer overflow and potential malicious code execution vulnerabilities have been fixed.
Jakob Lell discovered a bug in the 'noroff' script included in noweb whereby a temporary file was created insecurely.
The network code contains a buffer overflow which could allow a remote attacker toexecute arbitrary code under the privileges of the user invoking typespeed, in addition to gid games.
radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port attribute is received.
Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod.
Calle Dybedahl discovered a bug in lyskom-server which could result in a denial of service where an unauthenticated user could cause the server to become unresponsive as it processes a large query.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
