This update provides the upstream 6.0.14 and fixes the following security issues: An easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to
The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl (Networking, 8218573). (CVE-2019-2945)
Updated mediawiki packages fix security vulnerability: In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup (CVE-2019-16738).
Updated libsndfile package fixes security vulnerability: It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code
Updated bind packages fix security vulnerabilities Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) Race condition when discarding malformed packets can cause bind to
The updated packages fix a security vulnerability: Potential bypass of Runas user restrictions. (CVE-2019-14287) References:
Updated libpcap and tcpdump packages fix security vulnerabilities: The libpcap packages have been updated to versions 1.9.1 and tcpdump to 4.9.3, respectively, fixing several buffer overread and overflow issues.
Updated e2fsprogs packages fix security vulnerability: Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary
This kernel update is based on the upstream 5.3.6 and fixes several issues. * a potential kernel crash by using suppress-prefix rule in ipv6 * 3rdparty rtl8723/rtl8821ce drivers have been fixed to work with kernel 5.3 series
Updated nmap packages fix security vulnerability: Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service (CVE-2018-15173).
The updated xpdf packages fix security vulnerabilities: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. (CVE-2019-10018)
Updated thunderbird packages fix security vulnerability: Spoofing a message author via a crafted S/MIME message (CVE-2019-11755) It also fixes various other bugs, as listed in the releasenotes.
The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image:: set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images (CVE-2019-11471). Also, imagemagick has been updated to 7.0.8.62 to fix various bugs.
Chromium-browser 77.0.3865.90 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.75: one in the UI component (CVE-2019-13685), two in the media component (CVE-2019-13688, CVE-2019-13687), and one in the offline pages component (CVE-2019-13686).
This kernel update is based on the upstream 5.2.16 and fixes atleast the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of service(system crash) or possibly
This kernel update is based on the upstream 4.14.145 and fixes atleast the following security issues: There is heap-based buffer overflow in the marvell wifi chip driver that allows local users to cause a denial of service(system crash) or possibly
Updated samba packages fix security vulnerabilities: A combination of parameters and permissions in smb.conf can allow user to escape from the share path definition (CVE-2019-10197).
The updated thunderbird packages fix security issues: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message. (CVE-2019-11739)
It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discovers the UNIX socket used by another user connected on a graphical environment, could use this flaw to intercept all keystrokes of the victim user or modify
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
