Find the information you need for your favorite open source distribution .
miniserv.pl in the webmin package does not properly handle metacharacters, such as line feeds and carriage returns, in Base64-encoded strings used in Basic authentication.
The CUPS print server in Debian is vulnerable to a denial of service when an HTTP request is received without being properly terminated.
The slashem package is vulnerable to a buffer overflow exploited via a long '-s' command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where slashem is installed.
The nethack package is vulnerable to a buffer overflow exploited via a long '-s' command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where nethack is installed.
Bas Wijnen discovered that the gnocatan server is vulnerable to several buffer overflows which could be exploited to execute arbitrary code on the server system
Rick Patel discovered that atftpd is vulnerable to a buffer overflow when a long filename is sent to the server. An attacker could exploit this bug remotely to execute arbitrary code on the server.
Timo Sirainen discovered several vulnerabilities in ethereal, a network traffic analyzer. These include one-byte buffer overflows in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors, and integer overflows in the Mount and PPP dissectors.
A number of vulnerabilities have been discovered in the Linux kernel.
XaoS, a program for displaying fractal images, is installed setuidroot on certain architectures in order to use svgalib, which requiresaccess to the video hardware. However, it is not designed for securesetuid execution, and can be exploited to gain root privileges.
"bazarr" discovered that eterm is vulnerable to a buffer overflow ofthe ETERMPATH environment variable. This bug can be exploited to gainthe privileges of the group "utmp" on a system where eterm isinstalled.
In release 1.1.0 of the gps package, several security vulnerabilities were fixed,as detailed in the changelog.
Timo Sirainen discovered several overflow problems in BitchX.
aul Szabo discovered bugs in three scripts included in the sendmail package where temporary files were created insecurely (expn, checksendmail and doublebounce.pl).
There are multiple vulnerabilities in the mysql package.
lv reads options from a configuration file in the current directory. Because such a file could be placed there by a malicious user, and lv configuration options can be used to execute commands, this represented a security vulnerability.
This bug could allow an attacker to gain the privilegesof the user invoking fuzz, excluding root (fuzz does not allow itselfto be invoked as root).
The gtop daemon, used for monitoring remote machines, contains abuffer overflow which could be used by an attacker to executearbitrary code with the privileges of the daemon process.
Due to a packaging error, the program /usr/bin/KATAXWR was inadvertently installed setuid root.
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt.
A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
