Find the information you need for your favorite open source distribution .
If using the svnserve daemon, an unauthenticated client may be able execute arbitrary code as the daemon's user.
Many vulnerabilities, discovered in a recent audit of cvs, are fixed.
This upgrade is not specifically secuity; it fixes many kernel bugs and adds support for stack non-execution on some systems, which is important in guarding against buffer overflows.
A remotely-exploitable buffer overflow allows the execution of arbitrary code.
Patch fixes a SQL injection and cross-site scripting flaw.
Exploitation could lead to denial of service or arbitrary code execution.
netlink_listen & netlink_receive_dump should both check the source of the packets by looking at nl_pid and ensuring that it is 0 before performing any reconfiguration of network interfaces.
This patch fixes three DoS vulns and a buffer overflow.
Among other bugs, this fixes a failure to use encryption when required.
Fixes an exploitable memory leak and escapable error-log output.
An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands.
A crafted ISAKMP header can cause racoon to crash.
An attacker could send malicious requests to a Subversion server and perform arbitrary execution of code.
An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client, such as cadaver.
Stefan Esser discovered a flaw in cvs where malformed "Entry" linescould cause a heap overflow.
An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory.
An updated utempter package that fixes a potential symlink vulnerability is now available.
Upon receiving specially crafted ISAKMP packets, TCPDUMP would try to read beyondthe end of the packet capture buffer and subsequently crash.
An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory.
The client for CVS before 1.11.15 allows a remote malicious CVS server to create arbitrary files by using absolute pathnames during checkouts or updates.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
