Find the information you need for your favorite open source distribution .
ps2epsi uses an insecurely created file to execute ghostscript. Thiscould result in overwritten files for the user who is invoking ps2epsi.
znew and gzexe in the gzip package allows local users to overwritearbitrary files via a symlink attack on temporary files.
man v1.5l, and below, contain a format string vulnerability.the vulnerability occurs when man uses an optional catalog file, suppliedby the NLSPATH/LANG environmental variables.
psbanner in the LPRng package allows local users to overwrite arbitraryfiles via a symbolic link attack on the /tmp/before file.
Integer overflows have been fixed in several php functions.
Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory mode which allowed users to access files containing passwords.
Apache 2.0 versions 2.0.37 through 2.0.45 can be caused to crash in certain circumstances.
UW-imapd can also act as IMAP client, allowing user to connect to specified server. It is disabled for anonymous users, but allowed for everyone else.
heimdal suffers from the same vulnerability as mit-krb5 does, hence the identical advisory.
Steve Stubb has discovered that xinetd leaks 144 bytes for every connection it rejects.
Previous versions of lv read the file .lv in the current directory. Becuse this file could be created by other users and could contain malicious commands to execute upon viewing certain files this is considered a potential local root exploit.
Incorrect link fixed. A vulnerability in cdrecord that could lead to a root compromise was discovered. cdrecord is not installed suid by default in Gentoo.
A vulnerability in cdrecord that could lead to a root compromise was discovered. cdrecord is not installed suid by default in Gentoo.
There is a negative sign bug in the unreal tournement engine.
As part of the development of GnuPG 1.2.2, a bug was discovered in the key validation code.
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.
Updated shadow package that contains a workarkaround for OpenSSH user identification problem.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
