Find the information you need for your favorite open source distribution .
File descriptors for the signal pipe in xinetd are leaked into services started from xinetd. The descriptors could be used to talk to xinetd resulting in a denial of service.
l2tpd, a layer 2 tunneling client/server program, forgot to initialize the random generator, which made all generated random numbers 100% guessable.
A problem in Interchange can lead to an attacker being able to read any file to which the user of the Interchange daemon has sufficient permissions, when Interchange runs in "INET mode."
A set of problems have been discovered in Hylafax that could allow for a denial of service or possibly the execution of arbitrary code with root privileges.
A properly crafted URL is accessed with Internet Explorer (other browsers don't seem to be affected), the resulting webpage is rendered similar to the realone, but the javascript component is executed as well.
The upstream author of dietlibc, Felix von Leitner, discovered a potential division by zero chance in the fwrite and calloc integer overflow checks.
An integer overflow bug has been discovered in the RPC library used bydietlibc, which could be exploited to gain unauthorized root access to software linking to this code.
Under some circumstances, an invalid request may result in allocated memorybeing freed twice. This can potentially result in the execution of arbitrary code.
The web proxy didn'thandle input data with negative Content-Length settings properly whichcauses the processing child to crash.
An integer overflow bug in the RPC library used by Kerberos 5 could be exploited to gain unauthorized root access to a KDC host.
An integer overflow bug has been discovered in the RPC library used bythe OpenAFS database server.
In addition to the advisory DSA 140-1 the packages below fix anotherpotential buffer overflow. The PNG libraries implement a safetymargin which is also included in a newer upstream release.
Exploiting this format string vulnerability a local user cangain unauthorized root accesss.
Deliberately malformeddatastreams would crash applications which could potentially allow anattacker to execute malicious code. Programs such as Galeon,Konquerer and various others make use of these libraries.
Ifmunpack is run on an appropriately malformed email (or news article)then it will crash, and perhaps can be made to run arbitrary code.
A problem was found in gallery (a web-based photo album toolkit): itwas possible to pass in the GALLERY_BASEDIR variable remotely. Thismade it possible to execute commands under the uid of web-server.
This problem canbe exploited to gain root access to a machine running Apache which islinked against this library, if shell access to the user ``www-data''is already available (which could easily be triggered through PHP).
The OpenSSL development team has announced that a security audit by A.L. Digital Ltd and remotely exploitable buffer overflow conditions in the OpenSSL code. Additionaly, the ASN1 parser in OpenSSL has a potential DoS attack independently discovered by Adi Stav and James Yonan.
Recently, a problem has been found in the handling of .htaccess files,allowing arbitrary code execution as the web server user (regardless ofExecCGI / suexec settings), DoS attacks (killing off apache children), andallowing someone to take control of apache child processes - all troughspecially crafted .htaccess files.
This advisory is an update to DSA-134-3: this advisory containsupdated information that is relevant to all Debian installations ofOpenSSH (the ssh package). DSA-134-4 supersedes previous versions ofDSA-134.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
