Find the information you need for your favorite open source distribution .
There are several remotely exploitable vulnerabilities in apache. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack.
There is a buffer overflow in log2mail. A specially crafted (remote) log message could overflow a static buffer, potentially leaving log2mail to execute arbitrary code as root.
A stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server was discovered.
There is another stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server.
There is another stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server.
This problem is triggered by scanningthe PostScript file and can be exploited by an attacker sending amalformed PostScript or PDF file. The attacker is able to causearbitrary code to be run with the privileges of the victim.
There is a cross site scripting problem in mod_ssl, an Apache module that adds Strong cryptography (i.e. HTTPS support) to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port.
A memory leak in allversions of ypserv prior to 2.5 is remotely exploitable. When amalicious user could request a non-existing map the server will leakparts of an old domainname and mapname.
There is a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in gnome-gv.
The Heimdal package has several potential buffer overflows and other bugs. Remote attackers can probably gain remote root access on systems without fixes.
This problem is triggered by scanning the PostScriptfile and can be exploited by an attacker sending a malformedPostScript or PDF file. The attacker is able to cause arbitrary codeto be run with the privileges of the victim.
An attacker may be able to use specially craftedlog messages inserted via UDP which overflows the buffer.
A remote attacker could send a speciallycrafted TCP packet that overflows a buffer, leaving heartbeat toexecute arbitrary code as root.
When a new product is added to an installation og Buzilla with 47 groups or more and "usebuggroups" is enabled, the new group will be assigned a groupset bit using Perl math that is not exact beyond 2^48.
There are several buffer overflows and a broken boundary check within fetchmail. If fetchmail is running in multidrop mode these flaws can be used by remote attackers to crash it or to execute arbitrary code under the user id of the user running fetchmail. Depending on the configuration this even allows a remote rootcompromise.
The PHP interface displays information unchecked which was gathered from crawled external web servers. This could lead into a cross site scripting attack if somebody has control over the server responses of a remote web server which is crawled by ht://Check.
It has been discovered that tkmail creates temporary files insecurely.Exploiting this an attacker with local access can easily create andoverwrite files as another user.
A security vulnerability has been found in all Tomcat 4.x releases. This problem allows an attacker to use a specially crafted URL to return the unprocessed source code of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraints, without the need for being properly authenticated.
Wolfram Gloger discovered that the bugfix from DSA 149-1 unintentiallyreplaced potential integer overflows in connection with malloc() withmore likely divisions by zero.
It is possible for scripts to pass arbitrary text to sendmail as commandline extension when sending a mail through PHP even when safe_mode is turned on. Passing 5th argument should be disabled if PHP is configured in safe_mode.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
