Find the information you need for your favorite open source distribution .
The imapfilter tool, a utility for scripting IMAP operations in lua, lacked server name / certificate peer hostname validation support.
A security vulnerability was discovered in libxslt, a XSLT 1.0 processing library written in C. In xsltCopyText in transform.c, a pointer variable is not reset under
An issue has been found in proftp-dfsg, a versatile, virtual-hosting FTP daemon.
Several issues have been found in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker.
An issue has been found in libarchive, a multi-format archive and compression library.
Emil Lerner, beched and d90pwn found a buffer underflow in php5-fpm, a Fast Process Manager for the PHP language, which can lead to remote code execution.
An issue has been found in file, a tool to determine file types by using magic numbers.
libpcap (Packet CAPture), a low-level network monitoring library, does not properly validate the PHB header length before allocating memory. This update added sanity checks for PHB header length.
The 'send_email' function in graphite-web/webapp/graphite/composer/views.py in Graphite is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource.
Fredric discovered a couple of buffer overflows in MilkyTracker, of which, a brief description is given below.
Multiple vulnerabilities have been found in imagemagick, an image processing toolkit. CVE-2019-11470
It was discovered that Aspell, the GNU spell checker, incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information.
In the nfs-utils package, providing support files for Network File System (NFS) including the rpc.statd daemon, the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files
The fix for CVE-2019-10871 broke xpdf. This change has been reverted until a better fix can be developed.
Two buffer allocation issues were identified in poppler. CVE-2019-9959
Several cross-site scripting (XSS) vulnerabilities were discovered in Wordpress, a popular content management framework. An attacker can use these flaws to send malicious scripts to an unsuspecting user.
In sudo, a program that provides limited super user privileges to specific users, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can
The update of libsdl2 released as DLA 1714-1 led to several regressions, as reported by Avital Ostromich. These regressions are caused by libsdl1.2 patches for CVE-2019-7637, CVE-2019-7635, CVE-2019-7638 and CVE-2019-7636 being applied to libsdl2 without adaptations.
The update of libsdl1.2 released as DLA 1713-1 led to a regression, caused by an incomplete fix for CVE-2019-7637. This issue was known upstream and resulted, among others, in windows versions from libsdl1.2 failing to set video mode.
It was discovered that multitouch devices were not being disabled by the "xtrlock" screen locking utility. xtrlock did not block multitouch events so an attacker could still
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
