Find the information you need for your favorite open source distribution .
A stack overflow in the MD5 function has been fixed in pdfcrack, a tool for recovering passwords and content from PDF files. For Debian 10 buster, this problem has been fixed in version 0.16-3+deb10u1.
Multiple vulnerabilities have been found in the version of yajl bundled with burp, a simple cross-platform network BackUp and Restore Program. yajl is a JSON parser and small validating JSON generator.
An incorrect Authentication Tag length usage was discovered in cjose, a C library implementing the Javascript Object Signing and Encryption (JOSE) standard, which could lead to integrity compromise.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
It was discovered that there was a protential LDAP injection vulnerability in Bouncy Castle, a cryptographic library for Java. During the certificate validation process, bouncycastle used the certificate's "Subject Name" into an LDAP search filter without any
Multiple vulnerabilities were found in tiff, a library and tools providing support for the Tag Image File Format (TIFF).
Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak register contents across concurrent processes, hyper threads and virtualized guests.
A security issue was discovered in Thunderbird, which could result in spoofing of filenames of email attachments. For Debian 10 buster, this problem has been fixed in version
It was discovered that the domain check in libmail-dkim-perl, a Perl module to cryptographically identify the sender of email, compares i and d tags case sensitive when t=s is set on the DKIM key which causes spurious fails of legitimate messages.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Arbitrary file write vulnerabilities were discovered in pandoc, an Haskell library and CLI tool for converting from one markup format to another. These vulnerabilities can be triggered by providing a specially crafted image element in the input when generating files using
A memory allocation issue was found in iperf3, the Internet Protocol bandwidth measuring tool, that may cause a denial of service when encountering a certain invalid length value in TCP packets.
Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a
Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a
Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a
Sam Wheating discovered that python-git, a Python library to interact with Git repositories, is vulnerable to shell injection due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command.
Multiple security issues were discovered in renderdoc a stand-alone graphics debugging tool, which potentially allows a remote attacker to execute arbitrary code.
It was discovered that there was a potential denial of service attack in Django, the popular Python-based web development framework. EmailValidator and URLValidator were subject to potential regular
It was discovered that there was a potential denial of service (DoS) in bind9, the popular Domain Name Server (DNS) server. Shoham Danino, Anat Bremler-Barr, Yehuda Afek and Yuval Shavitt
Open Redirect vulnerabilities were found in libapache2-mod-auth-openidc, OpenID Connect Relying Party implementation for Apache, which could lead to information disclosure via phishing attacks.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
