Find the information you need for your favorite open source distribution .
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed.
It was found that a malformed font could result in denial of service or the execution of arbitrary code. For Debian 7 "Wheezy", these problems have been fixed in version
It was discovered that there was a remote application crash vulnerability in libxstream-java, a Java library to serialize objects to XML and back again. This was due to mishandled attempts to create an instance of the primitive type 'void' during unmarshalling.
Several heap-based buffer overflows, integer overflows and NULL pointer dereferences have been discovered in libpodofo, a library for manipulating PDF files, that allow remote attackers to cause a denial of service (application crash) or other unspecified impact via a
Multiple vulnerabilities were found in libsndfile, a popular library for reading/writing audio files. CVE-2017-7585
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is
An information disclosure vulnerability was found in kedpm, a password manager compatible with the figaro password manager file format. The history file can reveal the master password if it is provided on the commandline. The name of entries created or read in the password
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is
Two security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2017-5647
It was discovered that partclone, an utility to backup partitions, was prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. This could allow remote attackers to cause a 'Denial of Service attack' in the context
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.
With this vulnerability arbitrary files can be overwritten on nodes running jobs provided that the user can run a job that is able to trigger a failure of a Prolog script.
CVE-2016-9591 Use-after-free on heap in jas_matrix_destroy The vulnerability exists in code responsible for re-encoding the
WeeChat before allows a remote crash by sending a filename via DCC to the IRC plugin. For Debian 7 "Wheezy", these problems have been fixed in version
It was found that an out of bounds write caused by a heap-based buffer overflow could be triggered in freetype via a crafted font. This update also reverts the fix for CVE-2016-10328, as it was
Several vulnerabilities were found in rtmpdump and the librtmp library. CVE-2015-8270
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.55, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible
A bug in X509 DN string comparisons could result in out of bound reads. This could result in information leakage, denial of service, or potentially incorrect certificate validation results.
It was found that Apache ActiveMQ exposed a remote shutdown command in the ActiveMQConnection class. An attacker could use this flaw to achieve denial of service on a client.
Multiple security issues have been found in the tiff3 image library that may allow remote attackers to cause a denial of service (application crash), to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted image.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
