Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes (CVE-2019-16239).
Updated python-werkzeug packages fix security vulnerability: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id (CVE-2019-14806).
Updated putty package fixes security vulnerabilities: Two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking.
Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service
pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the
The updated packages fix a security vulnerability: Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. (CVE-2019-17064)
Updated hunspell packages fix security vulnerability: Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx (CVE-2019-16707).
The updated package fixes a security vulnerability: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. (CVE-2019-15237)
Updated pdfresurrect package fixes security vulnerabilities: A vulnerability was found in PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled (CVE-2019-14267).
The updated packages fix an issue: Wrong permissions on /etc/freshclam.conf prevent freshclam usage with authenticated proxy. (rhbz#1733112)
Updated filezilla packages fix bugs and a security vulnerability: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands.
Updated libidn2 packages fix security vulnerabilities: It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains (CVE-2019-12290).
The updated packages fix security vulnerabilities: An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.
This update is based on upstream 5.4.6 and fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. It also adds other bugfixes all over the kernel.
Updated php packages fix security vulnerabilities: DirectoryIterator class silently truncates after a null byte (CVE-2019-11045).
he updated packages fix security vulnerabilities and a packaging problem: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make
The updated package fixes a security vulnerability: A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. (CVE-2019-14857)
Updated libofx packages fix security vulnerability: There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump (CVE-2019-9656).
Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access (CVE-2019-15845).
The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
