Find the information you need for your favorite open source distribution .
It was discovered that Flask, a lightweight WSGI web application framework, will under certain conditions cache a response containing data intended for one client and subsequently may send the response to other clients.
It was discovered that UnRAR, an unarchiver for rar files, allows extraction of files outside of the destination folder via symlink chains. For Debian 10 buster, this problem has been fixed in version
The RAR archiver allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the userâs system and execute arbitrary code.
open-vm-tools is a package that provides Open VMware Tools for virtual machines hosted on VMware. It was discovered that Open VM Tools incorrectly handled certain
Two vunerabilities were discovered in openssl, a Secure Sockets Layer toolkit: CVE-2023-3446, CVE-2023-3817
datatables.js is a jQuery plug-in that makes nice tables from different data sources. It was discovered that if an array is passed to the HTML escape entities
Two vulnerabilities have been fixed in poppler, a PDF rendering library. CVE-2020-36023
Another regression was identified in Netatalk, the Apple Filing Protocol service, introduced with the patch for CVE-2022-23123. It is impacting a subset of users that have certain metadata in their shared files. The issue leads to an unavoidable crash and renders netatalk useless with their shared
SoX is a command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files during the conversion.
LibreOffice an office productivity suite was affected by multiple vulnerabilities. CVE-2022-3874
CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative
Ubuntu security team noted after extensive testing that DLA-3495-1 was incomplete as one PoC for CVE-2022-2400 (particularly the chroot escape) was still working on the patched version of the package.
Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative access to data which was previously stored in vector registers.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, spoofing or sandbox bypass.
Multiple security vulnerabilities were discovered in HDF5, a Hierarchical Data Format and a library for scientific data. Memory leaks, out-of-bound reads and division by zero errors may lead to a denial of service when processing a malformed HDF file.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version
A security vulnerability has been discovered in libhtmlcleaner-java, a Java HTML parser library. An attacker was able to cause a denial of service (StackOverflowError) if the parser runs on user supplied input with deeply nested HTML elements. This update introduces a new nesting depth limit
A buffer overflow in devn_pcx_write_rle() has been fixed in Ghostsciprt, an interpreter for the PostScript language and PDF files. For Debian 10 buster, this problem has been fixed in version
Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images. Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
