Find the information you need for your favorite open source distribution .
It was discovered that there was a denial-of-service vulnerability in libpdfbox-java, a PDF library for Java. A malicious PDF file could have triggered an extremely long running
dnsruby is a feature-complete DNS(SEC) client for Ruby. It ships the DNS Root Key Signing Key (KSK), used as trust anchor to validate the authenticity of DNS records. This update includes the latest KSK
Ben Pfaff discovered that the convert_to_decimal function in the GNU Portability Library contains a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.
Parker Moore from Github Inc, discovered a vulnerability in include: setting in the config file of jekyll which allow arbitrary file reads. By simply including a symlink in the include array allowed the
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues:
Several vulnerabilities were discovered in tinc, a Virtual Private Network (VPN) daemon. The Common Vulnerabilities and Exposures project identifies the following problems:
joernchen of Phenoelit discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability via a specially crafted .gitmodules file in a project cloned with --recurse-submodules.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
dnsmasq, a DNS forwarder and DHCP server, ships the DNS Root Zone Key Signing Key (KSK), used as the DNSSEC trust anchor. ICANN will rollover the KSK in 11 October 2018, and DNS resolvers will need the new key
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to cause denial of service (application crash, excessive memory allocation, or other
It was discovered that the emergency logging system in 389-ds-base (the 389 Directory Server) is affected by a race condition caused by the invalidation of the concurrently used log file file descriptor without proper locking. This issue might be triggered by remote attackers to
CVE-2017-7653 As invalid UTF-8 strings are not correctly checked, an attacker could
CVE-2018-14404 Fix of a NULL pointer dereference which might result in a crash and thus in a denial of service.
Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the res_http_websocket.so module that allowed remote attackers to crash Asterisk via specially crafted HTTP requests to upgrade the connection to a websocket.
Fabien Arnoux discovered several security issues in email validation of otrs system.
Sze Yiu Chau and his team from Purdue University and The University of Iowa found several security issues in the gmp plugin for strongSwan, an IKE/IPsec suite.
Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution.
Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution.
Two vulnerabilities were discovered in polarssl, a lightweight crypto and SSL/TLS library (nowadays continued under the name mbedtls) which could result in plain text recovery via side-channel attacks.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
