Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application
Updated libjpeg packages fix security vulnerability: libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file (CVE-2020-13790).
Updated scapy packages fix security vulnerabilities: A vulnerability was found in scapy 2.4.0 and earlier is affected by: Denial of Services. The impact is: busy loop forever. The component is:
Updated mbedtls packages fix security vulnerability Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) to fully recover an ECDSA private key.
The updated packages fix a security vulnerability: Use after free that leads to arbitrary code execution in the context of the current user. (CVE-2020-9633) References:
Updated axel package fixes security vulnerability: An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification (CVE-2020-13614). The axel package has been updated to version 2.17.8, fixing this issue and other bugs.
The updated packages fix a security vulnerability: An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private
The latest maintenance release of roundcubemail fixes some xss issues: - Fix XSS issue in template object 'username' - Fix cross-site scripting (XSS) via malicious XML attachment and improves the fix for CVE-2020-12641
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely (CVE-2020-10754).
Updated bind packages fix security vulnerabilities: It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume
This update increase Libreoffice to version 6.4.4.2 It fixes Security issues and add kf5 support. If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers
Updated xawtv packages fix security vulnerability: The v4l-conf program in xawtv allows users to determine the existence of file names in directories they do not have access to, and allows a user to have the system open files they do not have access to, though it does
nghttp2 has been updated to version 1.41.0 to fix CVE-2020-11080. The overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a
This update from 5.28.2 to 5.28.3 fixes bugs several bugs the RPM package manager. - Update to 5.23.3 (See https://metacpan.org/release/XSAWYERX/perl-5.28.3/view/pod/perldelta.pod for release notes)
Updated the coturn package in order to fix some security vulnerabilities: http_server.c: An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted
Advisory text to describe the update. Wrap lines at ~75 chars. Updated libarchive packages fix security vulnerability: archive_read_support_format_lha.c in libarchive before 3.4.1 does not
Updated ruby-rack packages fix security vulnerabilities: There's a possible information leak / session hijack vulnerability in Rack(RubyGem rack). Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually
Updated openconnect packages fix security vulnerabilities: OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks (CVE-2020-12105).
Advisory text to describe the update. Wrap lines at ~75 chars. Updated libvirt packages fix security vulnerability:
Advisory text to describe the update. Wrap lines at ~75 chars. Updated python-typed-ast package fixes security vulnerabilities: typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
