Find the information you need for your favorite open source distribution .
Joran Herve discovered that the Okular document viewer was susceptible to directory traversal via malformed .okular files (annotated document archives), which could result in the creation of arbitrary files.
Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message.
Nick Roessler from the University of Pennsylvania has found a buffer overflow in texlive-bin, the executables for TexLive, the popular distribution of TeX document production system.
An Open Redirect vulnerability has been discovered in sympa. The "referer" parameter of the wwsympa.fcgi login action can result in Open redirection and potential Cross Site Scripting via data URIs.
Reportbug, a tool designed to make the reporting of bugs in Debian easier, was further enhanced to automatically detect bug reports for potential regressions caused by a security update. After user confirmation an additional email with a copy of the report will be
Multiple security vulnerabilities were discovered in GlusterFS, a clustered file system. Buffer overflows and path traversal issues may lead to information disclosure, denial-of-service or the execution of arbitrary code.
A vulnerability has been discovered in php5, a server-side, HTML-embedded scripting language. The Apache2 component allows XSS via the body of a "Transfer-Encoding: chunked" request because of a defect
CVE-2016-10728 If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it can lead to missed TCP/UDP detection
Security researchers identified speculative execution side-channel methods which have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors’ processors and operating systems.
zutils version prior to version 1.8-pre2 contains a buffer overflow vulnerability in zcat which happened with some input files when the '-v, --show-nonprinting' option was
Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being
The security update of OpenSSH announced as DLA 1500-1 introduced a bug in openssh-client: when X11 forwarding is enabled (via system-wide configuration in ssh_config or via -X command line switch), but no DISPLAY
Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the
It was discovered that there was a denial of service and a potential arbitrary code execution vulnerability in the kamailio SIP server. A specially-crafted SIP message with an invalid "Via" header could cause a
It was discovered that there was an out-of-bounds read vulnerability in libextractor, a library to extract meta-data from files of arbitrary type. For Debian 8 "Jessie", this issue has been fixed in libextractor version
Several vulnerabilities have been found in OpenSSH, a free implementation of the SSH protocol suite:
Several heap-based buffer over-reads were found in discount, an implementation of the Markdown markup language in C, that allowed remote attackers to cause a denial-of-service via specially crafted files.
It was discovered that there was a an integer overflow vulnerability in curl, a command line tool for transferring data over HTTP, etc. For more information, please see:
Several vulnerabilities were found in qemu, a fast processor emulator: CVE-2015-8666
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
