Find the information you need for your favorite open source distribution .
It was discovered that there was a potential remote denial of service vulnerability in node-trim-newlines, a Javascript module to strip newlines from the start and/or end of a string.
It was discovered that there was an issue in Hawk, an HTTP authentication scheme. Hawk used a regular expression to parse `Host` HTTP headers which was subject to regular expression DoS attack. Each added character in the attacker's input increased the computation
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result in denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.
Multiple security issues have been found in Thunderbird, which could potentially result in the execution of arbitrary code or information disclosure.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
Multiple issues were found in libde265, an open source implementation of the h.265 video codec, which may result in denial of or have unspecified other impact.
In rare conditions, the previous git update released as DLA-3239-1 could generate a segmentation fault, which prevented its availability on armhf architecture. This update addresses this issue. For reference the original advisory text follows.
Multiple issues were found in Git, a distributed revision control system. An attacker may cause other local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
Multiple security issues were discovered in pngcheck, a tool to verify the integrity of PNG, JNG and MNG files, which could potentially result in the execution of arbitrary code.
Cache poisoning vulnerabilities were found in node-tar, a Node.js module used to read and write portable tar archives, which may result in arbitrary file creation or overwrite.
Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed.
Timothee Desurmont discovered an information leak vulnerability in node-eventsource, a W3C compliant EventSource client for Node.js: the module was not honoring the same-origin-policy and upon following a redirect would leak cookies to the the target URL.
It was found that those using java.sql.Statement or java.sql.PreparedStatement in hsqldb, a Java SQL database, to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The
Zhang Boyang reported that the grub2 update released as DLA 3190-1 did not correctly apply fixes for CVE-2022-2601 and CVE-2022-3775. Updated packages are now available to address this issue. For reference the original advisory text follows.
This update fixes a denial of service vulnerability in leptonlib. It can be made to crash with an arithmetic exception on specially crafted JPEG files. For Debian 10 buster, this problem has been fixed in version
Several security vulnerabilities were discovered in virglrenderer, a virtual GPU for KVM virtualization. CVE-2019-18388
dlt-daemon, a Diagnostic Log and Trace logging daemon, had the following vulnerabilities reported: CVE-2020-29394
jQuery-UI, the official jQuery user interface library, is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery were reported to have the following vulnerabilities.
In node-log4js, a port of log4js in Node.js, default file permissions for log files created by the file, fileSync, and dateFile appenders are world-readable. This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
