Find the information you need for your favorite open source distribution .
Under some circumstances, Samba 3.0.0 and 3.0.1 could overwrite the password field of a disabled account with uninitialized memory.
This version corrects a flaw in 0.9.2 (and all earlier versions of the server) which may allow an attacker to DoS the server.
This update fixes recent gaim security problems as discussed on both the gaim web site and was addressed by a recent Red Hat errata.
Updated XFree86 packages that fix a privilege escalation vulnerability arenow available.
A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database.
This package fixes CAN-2004-0078, where a specifc message could cause mutt to crash.
update CAN-2003-1023 fix to still make vfs symlinks relative, but with bounds checking
Multiple security vulnerabilities may allow attackers to make Ethereal crash using intentionally malformed packets.
If the victim uses tcpdump, attack could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user.
Vulnerabilities allow cvs to write to root filesystem and retain root privileges.
Updated screen packages are now available that fix a security vulnerability which may allow privilege escalation for local users.
A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database.
This update includes the latest stable release of Apache httpd 2.0,including a fix for the security issue CVE CAN-2003-0542, a bufferoverflow in the parsing of configuration files.
Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous which may allow a local attacker to gain root privileges.
Both vulnerabilities will make the Ethereal application crash. The Q.931 vulnerability also affects Tethereal. It is not known if either vulnerability can be used to make Ethereal or Tethereal run arbitrary code.
An attacker could create a carefully crafted directory on a websitesuch that, if a user connects to that directory using the lftp clientand subsequently issues a 'ls' or 'rels' command, the attacker couldexecute arbitrary code on the users machine.
Phong Nguyen identified a severe bug in the way GnuPG creates anduses ElGamal keys, when those keys are used both to sign and encryptdata. This vulnerability can be used to trivially recover theprivate key.
XBoard 4.2.6 and older contains a script which writes to a file in /tmp with a predictable filename. Malicious users could use this vulnerability to force XBoard users to overwrite any file writableby them.
A heap overflow bug exists in rsync versions prior to 2.5.7. Onmachines where the rsync server has been enabled, a remote attackercould use this flaw to execute arbitrary code as an unprivileged user.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
