Find the information you need for your favorite open source distribution .
It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.
Alberto Garcia, Francisco Oca and Suleman Ali of Offensive Research discovered that the Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of
Wei Lei and Liu Yang of Nanyang Technological University discovered a stack-based buffer overflow in PHP5 when parsing a malformed HTTP response which can be exploited to cause a denial-of-service.
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability that can result in data corruption and deadlocks. This attack is exploitable via network connectivity to the memcached service.
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.
Jasper Mattsson found a remote code execution vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
This update includes the changes in tzdata 2018d. Notable changes are: - Palestine started Daylight Saving Time (DST) on March 24, rather than on March 31st.
This update includes the changes in tzdata 2018d for the Perl bindings. For the list of changes, see DLA-1323-1. For Debian 7 "Wheezy", these problems have been fixed in version
Various security issues were discovered in Graphicsmagick, a collection of image processing tools. CVE-2017-18219
Jesse Schwartzentruber discovered a use-after-free vulnerability in Firefox, which could be exploited to trigger an application crash or arbitrary code execution.
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues:
Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code.
It was discovered that there was an issue in the irssi IRC client where certain nick names could result in out-of-bounds access when printing theme strings.
It was discovered that there was a heap corruption vulnerability in the net-snmp framework which exchanges server management information in a network.
Wojciech Regu?a discovered that Freeplane, a program for working with mind maps, was affected by a XML External Entity (XXE) vulnerability in its mindmap loader that could compromise a user's machine by opening a specially crafted mind map file.
Daniel P. Berrange and Peter Krempa of Red Hat discovered a flaw in libvirt, a virtualization API. A lack of restriction for the amount of data read by QEMU Monitor socket can lead to a denial of service by exhaustion of memory resources.
Cure53 discovered that in SimpleSAMLphp, in rare circumstances an invalid signature on the SAML 2.0 HTTP Redirect binding could be considered valid.
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues:
Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened.
It was discovered that there was a server-side request forgery exploit in adminer, a web-based database administration tool. Adminer allowed unauthenticated connections to be initiated to arbitrary
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
