Find the information you need for your favorite open source distribution .
Multiple vulnerabilities were discovered in Django, a popular Python-based web development framework: * CVE-2020-24583: Fix incorrect permissions on intermediate-level
A file traversal vulnerability was discovered in src:ruby-sinatra, a popular web server often used with Ruby on Rails. We now validate that any expanded paths match the allowed `public_dir` when serving static files.
In src:expat, an XML parsing C library, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Several security vulnerabilities have been discovered in Wordpress, a popular content management framework. Possible SQL injection and cross-site scripting (XSS) flaws may allow a remote attacker to execute arbitrary code or facilitate the injection of client-side scripts.
This update includes the changes in tzdata 2022e for the Perl bindings. For the list of changes, see DLA-3161-1. For Debian 10 buster, this problem has been fixed in version
This update includes the changes in tzdata 2022e. Notable changes are: - - Syria and Jordan are abandoning the DST regime and are changing to
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2021-43980
The last Java security update introduced a change that broke libbluray's interactive BD-J support. This update adds compatibility with those Java changes.
It was found that wkhtmltopdf, a command line utility to render HTML files into PDF, allowed local filesystem access by default. This update disables local filesystem access, but it can be enabled if necessary with the --enable-local-file-access or the --allow options.
Several vulnerabilities were discovered in BlueZ, the Linux Bluetooth protocol stack. An attacker could cause a denial-of-service (DoS) or leak information.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. In Debian the vulnerable code is in the bcel source package.
It was found that the Node XML DOM library was vulnerable to prototype pollution. For Debian 10 buster, this problem has been fixed in version
An integer overflow flaw was discovered in the CRL parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code.
This update fixes a wide range of vulnerabilities. A significant portion affects character set conversion. CVE-2016-10228
Multiple vulnerabilities were discovered in squid, a Web Proxy cache CVE-2022-41317
A command injection vulnerability was found in Rexical, a lexical scanner generator for the Ruby programming language. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user
Multiple vulnerabilities were discovered in Nokogiri, an HTML/XML/SAX/Reader parser for the Ruby programming language, leading to command injection, XML external entity injection (XXE), and denial-of-service (DoS).
Several security vulnerabilities were discovered in mediawiki, a website engine for collaborative work. CVE-2022-41765
It was discovered that there was a potential arbitrary file read vulnerability in twig, a PHP templating library. It was caused by insufficient validation of template names in 'source' and 'include' statements.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
