Chromium-browser 81.0.4044.122 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.92 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code,
This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes atleast the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image,
This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes atleast the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image,
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754)
Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server (CvE-2020-111008).
This update provides the upstream 6.0.20 adding support for kernel 5.6 series and fixes the following security vulnerabilities: Oracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure where
The updated package fixes a security vulnerability: A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service. (CVE-2019-18359)
Updated php packages fix security vulnerabilities: - OOB Read in urldecode() (CVE-2020-7067) - Integer Overflow in shmop_open() Noteable changes:
The webkit2 package has been updated to version 2.28.1, fixing security issues and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=26487
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. (CVE-2020-6816) Regular expression denial of service. (CVE-2020-6817)
With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol (CVE-2020-5260).
Chromium-browser 81.0.4044.92 fixes security issues: Multiple flaws were found in the way Chromium 80.0.3987.149 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code,
Updated golang packages fix security vulnerability: An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or
Updated wireshark packages fix security vulnerability: The BACapp dissector could crash (CVE-2020-11647). References:
Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when
The updated packages fix security vulnerabilities: Use-after-free while running the nsDocShell destructor. (CVE-2020-6819) Use-after-free when handling a ReadableStream. (CVE-2020-6820)
Updated krb5-appl packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated
Updated gnutls packages fix security vulnerability: A flaw was reported in the DTLS protocol implementation in GnuTLS. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol (CVE-2020-11501).
Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki
Updated apache packages fix security vulnerabilities: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
