Memory corruption in WebGL API. (CVE-2024-6600) Race condition in permission assignment. (CVE-2024-6601) Memory corruption in NSS. (CVE-2024-6602) Memory corruption in thread creation. (CVE-2024-6603) Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and
TLS certificates are not properly verified when utilizing LibreOfficeKit. (CVE-2024-5261) References: - https://bugs.mageia.org/show_bug.cgi?id=33370
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed
Vanilla upstream kernel version 6.6.37 fix bugs and vulnerabilities. For information about the vulnerabilities see the links. References: - https://bugs.mageia.org/show_bug.cgi?id=33374
Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. (CVE-2024-37894) References:
This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to âsuperuserâ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile.
Upstream kernel version 6.6.37 fix bugs and vulnerabilities. The dwarves, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links.
This update ships the latest version of php 8.2. It brings fixed security issues and the usual bug fixes. Vulnerability: A code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. (CVE-2024-6239)
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. (CVE-2024-38439) Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. (CVE-2024-36387) Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. (CVE-2024-39844) References: - https://bugs.mageia.org/show_bug.cgi?id=33364
CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code References: - https://bugs.mageia.org/show_bug.cgi?id=33354
Control channel: refuse control channel messages with nonprintable characters in them. (CVE-2024-5594) References: - https://bugs.mageia.org/show_bug.cgi?id=33336
Use after free in Dawn. (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293) Use after free in Swiftshader. (CVE-2024-6291) References: - https://bugs.mageia.org/show_bug.cgi?id=33345
Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. (CVE-2024-37370) Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length
Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. (CVE-2024-36600) References:
Multiple vulnerabilities have benn fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images. CVE-2021-41687 Incorrect freeing of memory
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems. (CVE-2024-6387) References: - https://bugs.mageia.org/show_bug.cgi?id=33346
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
