A security vulnerability has been reported in libzmq/zeromq. a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary
Updated python-numpy packages fix security vulnerability: An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call
It was discovered that Expat did not properly handle internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed (CVE-2019-15903).
Chromium-browser 78.0.3904.87 fixes security issues: Multiple flaws were found in the way Chromium 77.0.3865.120 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose
Updated freetds packages fix security vulnerability: Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly
Updated python and python3 packages fix security vulnerabilities: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied (CVE-2019-16056).
Updated unbound packages fix security vulnerability: Versions before 1.9.4 allow accesses to uninitialized memory, which would permit remote attackers to trigger a crash (CVE-2019-16866).
The updated packages fix security issues: Use-after-free when creating index updates in IndexedDB. (CVE-2019-11757)
The updated packages fix several bugs and some security issues: Use-after-free when creating index updates in IndexedDB. (CVE-2019-11757)
Updated proftpd package fixes security vulnerabilities: It was discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands (CVE-2019-12815).
Updated libxslt package fixes security vulnerabilities: * In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains
Updated libsoup package fixes security vulnerability: It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to
Updated aspell packages fix security vulnerability: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character (CVE-2019-17544).
Updated golang packages fix security vulnerability: Daniel Mandragona discovered that invalid DSA public keys can cause a panic in dsa.Verify(), resulting in denial of service (CVE-2019-17596).
Updated ansible package fixes security vulnerabilities: ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them
Updated file packages fix security vulnerability: A buffer overflow was found in file which may result in denial of service or potentially the execution of arbitrary code if a malformed CDF (Composite Document File) file is processed (CVE-2019-18218).
Updated php and pcre2 packages fix security vulnerabilities: - FPM (#78599) env_path_info underflow in fpm_main.c can lead to RCE. (CVE-2019-11043) - MBString (#78633) Heap buffer overflow (read) in mb_eregi.
This kernel update is based on the upstream 5.3.7 and fixes several issues: * various security issues in the usb subsystem * rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)
The updated packages fix a security vulnerability: The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. (CVE-2019-11023)
Chromium-browser 77.0.3865.120 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.90: one in the IndexedDB component (CVE-2019-13693), one in the WebRTC component (CVE-2019-13694), one in the audio component (CVE-2019-13695), and one in
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
