Find the information you need for your favorite open source distribution .
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, which could result in denial of service or the execution of arbitrary code when opening a malformed image.
Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169
Kevin Chung discovered that lxml, a Python binding for the libxml2 and libxslt libraries, did not properly sanitize its input. This would allow a malicious user to mount a cross-site scripting attack.
Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.
Ben Caller discovered that Pygments, a syntax highlighting package written in Python 3, used regular expressions which could result in denial of service.
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-27918
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For the stable distribution (buster), these problems have been fixed in
A NULL pointer dereference was found in the signature_algorithms processing in OpenSSL, a Secure Sockets Layer toolkit, which could result in denial of service.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing attacks.
Jianjun Chen discovered that the Squid proxy caching server was susceptible to HTTP request smuggling. For the stable distribution (buster), this problem has been fixed in
Toni Huttunen discovered that the Shibboleth service provider's template engine used to render error pages could be abused for phishing attacks. For additional information please refer to the upstream advisory at
Two vulnerabilities were discovered in Tor, a connection-based low-latency anonymous communication system, which could lead to excessive CPU usage or cause a directory authority to crash.
It was discovered that Pygments, a syntax highlighting package written in Python, could be forced into an infinite loop, resulting in denial of service.
Two vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.
Anton Lydike discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed via a malicious .desktop file.
Several vulnerabilities have been discovered in the GRUB2 bootloader. CVE-2020-14372
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For the stable distribution (buster), these problems have been fixed in
Multiple security issues were discovered in Docker, a Linux container runtime, which could result in denial of service, an information leak or privilege escalation.
Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a async HTTP client/server framework, is prone to an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website.
Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. For the stable distribution (buster), these problems have been fixed in
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
