Updated subversion packages fix security vulnerabilities: Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer (CVE-2018-11782).
Updated icedtea-web packages fix security vulnerabilities: It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in
The updated packages fix several bugs and some security issues: Side-channel attack risks in Elliptic Curve (EC) cryptography. (CVE-2019-2745)
Updated sqlite3 packages fix security vulnerabilities: It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information (CVE-2019-8457).
Updated sdl2 packages fix security vulnerabilities This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files.
The mpg123 package has been updated to version 1.25.12, fixing several issues which could cause it to crash or hang while parsing mp3 files. References: - https://bugs.mageia.org/show_bug.cgi?id=25350
Updated webmin package fixes security vulnerability: Webmin before 1.930 allows remote exploits if the option to change expired passwords is enabled (CVE-2019-15107).
Updated ghostscript packages fix security vulnerability: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript
Updated pango package fixes security vulnerability: It was discovered that pango was subject to a heap based buffer overflow vulnerability which could be used to get code execution (CVE-2019-1010238).
Updated ansible package fixes security vulnerability: A flaw was discovered in the way Ansible templating was implemented before version 2.7.12, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable
Updated vlc packages fixes security vulnerabilities: Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed (CVE-2019-13602, CVE-2019-13962,
AUpdated memcached packages fix security vulnerability: In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in
Updated wavpack packages fixes security vulnerabilities: Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service (CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319).
Updated wavpack packages fixes security vulnerabilities: It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service (CVE-2019-11498).
A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd (AP) and wpa_supplicant (infrastructure BSS station/mesh station). SAE (Simultaneous Authentication of Equals) is also known as WPA3-Personal. The discovered side channel attacks may be able to leak information about the used
This is a maintenance and security update fixing various memory leaks, overflows, out-of-memory, heap overwriting and other issues. References: - https://bugs.mageia.org/show_bug.cgi?id=25256
Updated wireshark packages fix security vulnerability: ASN.1 BER and related dissectors crash (CVE-2019-13619). References:
This update fixes 2 security issues. A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure (CVE-2019-10192).
Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function
Updated mariadb packages fix security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise mariadb server. Successful attacks of this vulnerability can result in unauthorized
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
