Updated signing-party package fixes security vulnerability: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID (CVE-2019-11627).
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server
Version 3.0.7 fixes the following security vulnerability: CMS dissector crash (CVE-2019-19553). This update also brings the Mageia package from version 3.0.4 to 3.0.7.
Update to security-release 1.8.5, adresses: * OPENAFS-SA-2019-001: Skip server OUT args on error * OPENAFS-SA-2019-002: Zero all server RPC args * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref
Potential remote code execution during URN processing (CVE-2019-12526). Multiple improper validations in URI processing (CVE-2019-12523, CVE-2019-18676).
Heap based overflow in jas_icctxtdesc_input (CVE-2018-19540). Heap based overread in jas_image_depalettize (CVE-2018-19541). References:
MGASA-2019-0380 - Updated clementine packages fix security vulnerability Publication date: 13 Dec 2019 URL: https://advisories.mageia.org/MGASA-2019-0380.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-14332 NULL ptr dereference (crash) in the moodbar pipeline (CVE-2019-14332). References: - https://bugs.mageia.org/show_bug.cgi?id=25753 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14332 SRPMS: - 7/core/clementine-1.3.1-10.git20191016.1.mga7
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed (CVE-2019-13640).
kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction (CVE-2019-14744). References: - https://bugs.mageia.org/show_bug.cgi?id=25403
Updated thunderbird packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. (CVE-2019-13722)
Updated firefox packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. (CVE-2019-13722)
Updated lz4 packages fix security vulnerability: Heap-based buffer overflow in LZ4_write32 (CVE-2019-17543). References:
Updated nss packages fix security vulnerability: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745).
The updated packages fix a security vulnerability: Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in
The updated packages fix a security vulnerability: ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)
Updated sysstat package fixes security vulnerability: Memory corruption due to an integer overflow (CVE-2019-16167). References:
Updated python-psutil packages fix security vulnerability: Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute
Updated libvpx packages fix security vulnerabilities: It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly
Updated libvncserver packages fix security vulnerability: LibVNC contained a memory leak in VNC server code, which allowed an attacker to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to
Updated tnef package fixes security vulnerability: In tnef, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
