Find the information you need for your favorite open source distribution .
Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a
The host name verification in Tomcat when using TLS with the WebSocket client was missing. It is now enabled by default. For Debian 8 "Jessie", this problem has been fixed in version
Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues.
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
It was discovered that there was a denial of service vulnerability in policykit-1, a framework for managing administrative policies and privileges.
The fix for arbitrary code execution documented in CVE-2017-17458 was incomplete in the previous upload. A more exhaustive change was implemented upstream and completely disables non-Mercurial subrepositories unless users changed the subrepos.allowed setting.
An integer overflow vulnerability was discovered in libidn, the GNU library for Internationalized Domain Names (IDNs), in its Punycode handling (a Unicode characters to ASCII encoding) allowing a remote attacker to cause a denial of
The security update of mailman announced as DLA-1442-1 introduced a regression due to an incomplete fix for CVE-2018-13796 that broke the admin and listinfo overview pages.
Security researchers identified two software analysis methods that, if used for malicious purposes, have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors’ processors and operating systems.
Busybox, utility programs for small and embedded systems, was affected by several security vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues.
CVE-2018-11319 The improper handling of search for configuration files might be exploited for arbitrary code execution via a malicious gcc plugin.
A vulnerability has been discovered in Sympa, a modern mailing list manager, that allows write access to files on the server filesystem. This flaw allows to create or modify any file writable by the Sympa user, located on the server filesystem, using the function of Sympa
The libarchive-zip-perl package is vulnerable to a directory traversal attack in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use
CVE-2018-12584 A flaw in function ConnectionBase::preparseNewBytes of resip/stack/ConnectionBase.cxx has been detected, that
Early versions of opencv have problems while reading data, which might result in either buffer overflows, out-of bounds errors or integer
CVE-2018-7033 Fix for issue in accounting_storage/mysql plugin by always escaping strings within the slurmdbd.
Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.
The dns-root-data update to 2017072601~deb8u2 broke dnsmasq's init script, making dnsmasq no longer start when dns-root-data was installed.
The linux-base package has been updated to support the package of Linux 4.9 that was recently added to Debian 8. This resolves a dependency that was not satisfiable by the jessie and jessie-security suites.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
