Find the information you need for your favorite open source distribution .
It was discovered that there was an integer overflow vulnerability in the "Little CMS 2" colour management library. A specially-crafted input file could lead to a heap-based buffer overflow.
The git-annex package was found to have multiple vulnerabilities when operating on untrusted data that could lead to arbitrary command execution and encrypted data exfiltration.
The daemon in GDM does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code
It was discovered that there was a string injection vulnerability in the "dojo" Javascript library. For Debian 8 "Jessie", this issue has been fixed in dojo version
Two security issues have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1336
Two vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One (CVE-2018-14851) results in a potential denial of service (out-of-bounds read and application crash)
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or,
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send
CVE-2018-14622 Fix for egmentation fault due to pointer becoming NULL.
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.36. Please see the MariaDB 10.0 Release Notes for further details:
CVE-2018-5740 The "deny-answer-aliases" feature in BIND has a flaw which can cause named to exit with an assertion failure.
CVE-2018-10871 By default nsslapd-unhashed-pw-switch was set to 'on'. So a copy of
It was discovered that there were a number of Cross Site Scripting (XSS) vulnerabilities in the squirrelmail webmail client. For Debian 8 "Jessie", these issues has been fixed in squirrelmail
Several issues were discovered in libx11, the client interface to the X Windows System. The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable to an off-by-one override on malicious server responses. A malicious server could also send a reply in which
Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read
Several vulnerabilities were discovered in Ruby 2.1. CVE-2016-2337
The Bootstrap framework was found to have cross-site scripting vulnerabilities in the "collapse" plugin. For Debian 8 "Jessie", this problem has been fixed in version
A vulnerability in dropbear, a lightweight SSH2 server and client, making it possible to guess valid usernames has been found: CVE-2018-15599:
CVE-2018-15501 A potential out-of-bounds read when processing a "ng" smart packet might lead to a Denial of Service.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
