Multiple flaws were found in the way Chromium 73.0.3683.103 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2019-5805, CVE-2019-5806, CVE-2019-5807, CVE-2019-5808, CVE-2019-5809, CVE-2019-5810,
Updated wireshark packages fix security vulnerability: The Gryphon dissector could go into an infinite loop. For other fixes in this update, see the referenced releasenotes.
Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8644).
Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations (CVE-2019-13057).
Updated mediawiki packages fix security vulnerabilities: Potential XSS in jQuery (CVE-2019-11358). An account can be logged out without using a token (CSRF) (CVE-2019-12466).
Updated kconfig packages fix security vulnerability: Dominik Penner discovered that KConfig supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets
This update provides nodejs v6.17.1 fixing atleast the following security issues: The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given
The updated packages fix security vulnerabilities: The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap,
Updated thunderbird packages fix security vulnerabilities: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message (CVE-2019-11739).
Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service (CVE-2018-20843).
Updated flash-player-plugin package fixes security vulnerabilities: Same origin method execution that leads to arbitrary code execution in the context of the current user. (CVE-2019-8069)
This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. (CVE-2019-11709)
The updated packages fix security vulnerabilities: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator. (CVE-2019-14811)
Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link rel="dns-prefetch" code References:
Updated docker packages fix security vulnerability: Jasiel Spelman discovered that a double free existed in the docker-credential-helpers bundled in Docker. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. (CVE-2019-9812) Stored passwords in 'Saved Logins' can be copied without master password
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. (CVE-2019-9812) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2019-12525).
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service (CVE-2019-12525).
Updated tcpflow package fixes security vulnerability: A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
