Updated okular packages fix security vulnerability: Okular can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries (CVE-2020-9359).
Updated webkit2 packages fix security vulnerability: WebKitGTK through 2.26.4 contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution (CVE-2020-10018).
Updated sleuthkit packages fix security vulnerability: In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c (CVE-2020-10232).
The updated packages fix a security vulnerabilities: Out of bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503) Use-after-free when removing data about origins. (CVE-2020-6805)
Updated firefox packages fix security vulnerabilities: The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds
This update is based on upstream 5.5.9 and fixes atleast the following security vulnerabilities: In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to
Updated ppp packages fix security vulnerability: Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name
The updated packages fix security vulnerabilities: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly
The updated packages fix security vulnerabilities: AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
Updated libseccomp packages fix security vulnerability: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for
Updated glibc packages fix security vulnerabilities: Trigonometric functions on x86 targets suffered from stack corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. [BZ 25487] (CVE-2020-10029).
The updated packages fix a security vulnerability: When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to
The updated package fixes a security vulnerability: In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bounds write via a crafted PDF document. (CVE-2020-9549)
This update provides gcc 8.4.0 stable release, containing important fixes for regressions and serious bugs in GCC 8.3 with more than 209 bugs fixed since the previous release. It also fixes atleast the following security issue:
http-parser has been updated to fix a security issue. HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed (VE-2019-15605).
Updated mbedtls packages fix security vulnerabilities: If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported. Found by Alejandro
The updated package fixes a security vulnerability: A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. (CVE-2019-20479)
Updated pure-ftpd packages fix security vulnerabilities: An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called,
The updated packages fix several issues including security vulnerabilities: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. (CVE-2019-19221)
Updated dojo package fixes security vulnerability: dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them (CVE-2019-10785).
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
