This update provides and update to mythtv 30, and updates the bundled ffmpeg to 3.2. It also fixes atleast the following issue: The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion
It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613,
This kernel update is based on the upstream 4.14.137 and fixes atleast the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information
This kernel update provides an update to the kernel 5.2 series, currently based on 5.2.7 adding support for newer hardware and other new features. It also fixes atleast the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of
Updated cyrus-imapd package fixes security vulnerability: It was discovered that cyrus-imapd had a buffer overflow in CalDAV request handling triggered by a long iCalendar property name (CVE-2019-11356).
Updated php packages fixes atleast the following security issues: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with
This kernel update is based on the upstream 5.1.20 and fixes atleast the following security issue: With Xen, virtual device backends and device models running in domain 0, or other backend driver domains, need to be able to map guest memory
OpenSSL versions 1.1.0 through 1.1.0j and 1.1.1 through 1.1.1b are susceptible to a vulnerability that could lead to disclosure of sensitive information or the addition or modification of data (CVE-2019-1543). Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability
VLC 3.0.7 has been released on June 6 including security fixes References: - https://bugs.mageia.org/show_bug.cgi?id=24940 - https://jbkempf.com/blog/post/2019/VLC-3.0.7-and-security/
Updated gvfs package fixes security vulnerabilities: * daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used (CVE-2019-12447). * daemon/gvfsbackendadmin.c has race conditions because the admin backend
Sandbox escape via installation of malicious language pack. (CVE-2019-9811) Script injection within domain through inner window reuse. (CVE-2019-11711) Cross-origin POST requests can be made with NPAPI plugins by following 308
Sandbox escape via installation of malicious language pack. (CVE-2019-9811) Script injection within domain through inner window reuse. (CVE-2019-11711) Cross-origin POST requests can be made with NPAPI plugins by following 308
Sandbox escape via installation of malicious language pack. (CVE-2019-9811) Script injection within domain through inner window reuse. (CVE-2019-11711) Cross-origin POST requests can be made with NPAPI plugins by following 308
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29 (CVE-2019-10155).
This is a security release to address various buffer overflow and overrun issues in the rdesktop protocol handling identified by Kaspersky Lab and National Cyber Security Centre. rdesktop will now detect any attempts to access invalid areas and refuse
This update provides ffmpeg version 4.1.4, which fixes several security vulnerabilities and other bugs which were corrected upstream References: - https://bugs.mageia.org/show_bug.cgi?id=25109
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices(AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. This update provides Amd SEV Firmware to 0.17 build 22 (CVE-2019-9836).
Irssi before 1.0.8 and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server (CVE-2019-13045). References: - https://bugs.mageia.org/show_bug.cgi?id=25025
Dosbox 0.74-3 is a security release: * Fixed that a very long line inside a bat file would overflow the parsing buffer. (CVE-2019-7165 by Alexandre Bartel) * Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when
An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
