Find the information you need for your favorite open source distribution .
This update includes the changes in tzdata 2018e. Notable changes are: - North Korea switches back to +09 on 2018-05-05.
It was found that the Quassel IRC client was vulnerable to a remote code execution vulnerability due to insufficient checks in the deserializer code.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Serious vulnerabilities were found in the libvorbis library, commonly used to encode and decode audio in OGG containers. 2017-14633
CVE-2018-7033 An issue that could be used for SQL Injection attacks against SlurmDBD has been fixed.
Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues.
A remote code execution vulnerability has been found within multiple subsystems of Drupal. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised.
CVE-2017-17833 An issue has been found in openslp that is related to heap memory
GCC 4.9 has been packaged as gcc-4.9-backport for Debian 7. This package will be needed by future updates to linux, and possibly other packages, to implement the "retpoline" mitigation for CVE-2017-5715 (Spectre variant 2).
It was discovered that psensor, a server for monitoring hardware sensors remotely, was prone to a directory traversal vulnerability because the create_response function in server/server.c lacks a check for whether a file is under the webserver directory.
It was discovered that there was an XML external entity expansion (XXE) vulnerability in lucene-solr, a search engine library for Java. It could be exploited to read arbitrary local files from the Solr server
Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues:
Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues:
It was discovered that there was an issue in the gunicorn HTTP server for Python applicatons where CRLF sequences could result in an attacker tricking the server into returning arbitrary headers.
Fuzzing by the OSS-Fuzz project found two memory safety issues in LibreOffice, which could result in an application crash or possibly other unspecified impact.
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities that could result in infinite loops in different dissectors. Other issues are related to crash in dissectors that are
Two vulnerabilities were found in OpenCV, the "Open Computer Vision Library". CVE-2018-5268
An unsafe object deserialization vulnerability was found in jruby, a 100% pure-Java implementation of Ruby. An attacker can use this flaw to run arbitrary code when gem owner is run on a specially crafted YAML file.
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
