Find the information you need for your favorite open source distribution .
Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service and a bypass of restrictions in the "Replace Text" extension.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30858
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30858
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.
Two vulnerabilities were discovered in the Nextcloud desktop client, which could result in information disclosure. For the oldstable distribution (buster), these problems have been fixed
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (buster), this problem has been fixed
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly validate access for the "%pipe%", "%handle%" and "%printer%" io devices, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation.
Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when unsubscribing.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Ori Hollander reported that missing header name length checks in the htx_add_header() and htx_add_trailer() functions in HAProxy, a fast and reliable load balancing reverse proxy, could result in request smuggling attacks or response splitting attacks.
Etienne Stalmans discovered that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not validate filenames for traversal outside of the destination directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem
Multiple security issues were discovered in the GPAC multimedia framework which could result in denial of service or the execution of arbitrary code. The oldstable distribution (buster) is not affected.
It was discovered that a buffer overflow in rekeying in libssh could result in denial of service or potentially the execution of arbitrary code.
The update for ledgersmb released as DSA 4862-1 introduced a regression in the display of some search results. Updated ledgersmb packages are now available to correct this issue.
Michael Catanzaro reported a problem in Grilo, a framework for discovering and browsing media. TLS certificate verification is not enabled on the SoupSessionAsync objects created by Grilo, leaving users vulnerable to network MITM attacks.
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2021-3711
Several vulnerabilities were discovered in LedgerSMB, a financial accounting and ERP program, which could result in cross-site scripting or clickjacking.
Henry de Valence reported a flaw in the signature verification code in Tor, a connection-based low-latency anonymous communication system. A remote attacker can take advantage of this flaw to cause an assertion failure, resulting in denial of service.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
