Find the information you need for your favorite open source distribution .
It was discovered that poppler, a PDF rendering library, was affected by several denial-of-service (application crash), null pointer dereferences and heap-based buffer over-read bugs:
Multiple vulnerabilities have been discovered in Ming: CVE-2017-9988
It was discovered that there was a use-after-free vulnerability in the HTML parser of lynx-cur, a terminal-based web browser. This could have led to memory/information disclosure.
It was discovered that there was a denial of service vulnerability in the konversation IRC client related to parsing of color formatting codes. For Debian 7 "Wheezy", this issue has been fixed in konversation version
It was discovered that there was a heap-based buffer overflow in procmail, a tool used to sort incoming mail into various directories and filter out spam messages.
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.
The XML::LibXML perl module is affected by a "use-after-free" vulnerability which allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild() call.
Security vulnerabilities have been identified in graphicsmagick, a collection of image processing utilities and libraries.
The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and caused a regression. It was discovered that an additional database upgrade and further code changes would be necessary. At the moment these changes are deemed as too intrusive and thus the initial patch
A security vulnerability has been found in postgresql-common, Debian's PostgreSQL database cluster management tools. CVE-2017-8806
A remote denial of service vulnerability has been discovered in graphicsmagick, a collection of image processing tools and associated libraries.
The update for tomcat7 issued as DLA-1166-1 caused a regressions whereby every request, including for the root document (/), returned HTTP status 404. Updated packages are now available to address this problem. For reference, the original
A security vulnerability was discovered in OpenSSL, the Secure Sockets Layer toolkit. CVE-2017-3735
A vulnerability was found in ruby-yajl, an interface to Yajl, a JSON stream-based parser library. When a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This may result
A remote code execution vulnerability has been discovered in tomcat7. When HTTP PUT was enabled (e.g., via setting the readonly initialization
Two security issues were discovered in mupdf, a lightweight PDF viewer. CVE-2017-14687 MuPDF allows attackers to cause a denial of service or possibly have
It was discovered that there was an out-of-bounds read access in apr-util, a support/portability library used by many applications. A local user with write access to the database could have made a process
It was discovered that there was an out-of-bounds memory vulnerability in apr, a support/portability library for various applications. When the apr_exp_time*() or apr_os_exp_time*() functions were invoked
It was discovered that there was a "Cross Protocol Scripting" attack in the Redis key-value database. "POST" and "Host:" command strings (which are not valid in the Redis
WordPress, a web blogging tool, was affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
