Find the information you need for your favorite open source distribution .
Alvaro Munoz and Christian Schneider discovered that Jython, an implementation of the Python language seamlessly integrated with Java, would execute arbitrary code when deserializing objects.
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing.
It was discovered that there was an infinite loop vulnerability in expat, a XML parsing C library: https://libexpat.github.io/doc/cve-2017-9233/
It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI (database) mode is vulnerable.
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:
It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption.
It was discovered that there was a vulnerability in libsndfile, a library for reading/writing audio files. A specially-crafted AIFF ("Audio Interchange File Format") file could result in an out-of-bounds memory read.
tiff3 was affected by multiple memory leaks (CVE-2017-9403, CVE-2017-9404) that could result in denial of service. Furthermore, while the current version in Debian was already patched for _TIFFVGetField issues (CVE-2016-10095, CVE-2017-9147), we replaced our Debian-specific patches
tiff was affected by multiple memory leaks (CVE-2017-9403, CVE-2017-9404) that could result in denial of service. Furthermore, while the current version in Debian was already patched for _TIFFVGetField issues (CVE-2016-10095, CVE-2017-9147), we replaced our Debian-specific patches
It has been discovered that Tor, a connection-based low-latency anonymous communication system, contains a flaw in the hidden service code. A remote attacker can take advantage of this flaw to cause a hidden service to crash with an assertion failure (TROVE-2017-005).
Besides bringing the package up to date regarding translations this update marks several packages as no longer supported by wheezy-lts: autotrace, inspircd, ioquake3, kfreebsd-8, kfreebsd-9, matrixssl,
It was discovered that apng2gif was vulnerable to an integer overflow resulting in a heap-based buffer over-read/write. A remote attacker could use this flaw to cause a denial of service (application crash) via a crafted APNG file.
It was found that ming, a library to parse and generate SWF (Flash) files, is susceptible to an integer overflow that would lead into out of bound memory writes via a maliciously crafted file.
The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to an attacker-chosen
Several issues were discovered in FreeRADIUS, a high-performance and highly configurable RADIUS server. CVE-2014-2015
Hanno Bock discovered that there was a buffer over-read vulnerability in the yodl ("Your Own Document Language") document processor. For Debian 7 "Wheezy", this issue has been fixed in yodl version
Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues.
It was discovered that there was a double-free vulnerability in the "openldap" LDAP server. A user with access to search the directory could crash slapd by issuing
Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. CVE-2017-9022
It was discovered that there was a command injection vulnerability in picocom, a dumb-terminal emulation program. For Debian 7 "Wheezy", this issue has been fixed in picocom version
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
