Find the information you need for your favorite open source distribution .
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file.
libmtp, a library for communicating with MTP aware devices (like cellular phones and audio players), was found to be vulnerable to several integer overflow vulnerabilities, which allowed malicious devices to cause denial of service crashes and maybe remote code
Robert Święcki discovered that the value placeholder in [Proxy-]Authorization Digest headers were not initialized or reset before or between successive key=value assignments in Apache 2's mod_auth_digest module
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in Heimdal Kerberos. Also known as Orpheus' Lyre, this vulnerability could be used by an attacker to mount a service impersonation attack on the client if he's on the network
CVE-2017-10971 A user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness
CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative
It was discovered that there was vulnerability in the range filter of nginx, a web/proxy server. A specially crafted request might result in an integer overflow and incorrect processing of HTTP ranges, potentially resulting in a sensitive information leak.
A vulnerabilitie has been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.
Two vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.
It was discovered that Jetty8, a Java servlet engine and webserver, was vulnerable to a timing attack which might reveal cryptographic credentials such as passwords to a local user.
It was discovered that Jetty, a Java servlet engine and webserver, was vulnerable to a timing attack which might reveal cryptographic credentials such as passwords to a local user.
It was discovered that there was a cross-site scripting (XSS) vulnerability in phpldapadmin, a web-based interface for administering LDAP servers. For Debian 7 "Wheezy", this issue has been fixed in phpldapadmin version
It was discovered that there was a heap-based buffer over-read vulnerability in SQLite, a lightweight database engine. The getNodeSize function in ext/rtree/rtree.c mishandled undersized RTree blobs in a specially-crafted database,
It was discovered that there was a remote denial of service vulnerability in the mpg123 audio library/player. This was caused by a heap-based buffer over-read in the "convert_latin1" function.
It was discovered that there was a heap-based buffer overflow in radare2, a reverse-engineering framework. The grub_memmove function allowed attackers to cause a remote denial of service.
It was discovered that there was a key disclosure vulnerability in libgcrypt11 a library of cryptographic routines: It is well known that constant-time implementations of modular exponentiation
It was discovered that there was an arbitrary code execution vulnerability in libcamunrar, a library to add unrar support to the Clam anti-virus software. This was caused by an integer overflow resulting in a negative value of the
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
