Updated sympa packages fix security vulnerability: Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in
Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service (CVE-2018-14055, CVE-2018-14056). Two vulnerabilities were discovered in the ZNC IRC bouncer which could
Updated dovecot packages fix security vulnerability: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes.
Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for
It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection (CVE-2019-11236). References:
It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts (CVE-2018-20060). It was discovered that urllib3 incorrectly stripped certain characters
Updated zstd packages fix security vulnerability: It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code (CVE-2019-11922).
Updated libgcrypt packages fix security vulnerability: ECDSA timing side-channel attack vulnerability (CVE-2019-13627). References:
Updated irssi packages fix security vulnerability: Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP (CVE-2019-15717).
Updated SDL12 packages fix security vulnerability: SDL (Simple DirectMedia Layer) through 1.2.15 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c (CVE-2019-13616).
Updated php packages fix security vulnerabilities: A use-after-free in onig_new_deluxe() in regext.c in the bundled Oniguruma allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted
Updated giflib packages fix security vulnerability: In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (CVE-2019-15133).
Updated golang packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses.
It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the target’s filesystem (CVE-2019-3902). References:
Updated sigil package fixes security vulnerability: Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem (CVE-2019-14452).
Updated libmspack packages fix security vulnerability: It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information (CVE-2019-1010305).
Multiple security issues were found in the rdesktop RDP client, which could result in denial of service and the execution of arbitrary code. References: - https://bugs.mageia.org/show_bug.cgi?id=25274
Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks (CVE-2019-11454).
Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. (CVE-2019-9631)
Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. (CVE-2019-9631)
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
