A specially crafted URL in can potentially cause cgit to excessively use CPU and network resources, resulting in a Denial-of-Service. This update resolves that issue
Updated firefox packages fix a security vulnerability thats being exploited in the wild: sandbox escape using Prompt:Open. (CVE-2019-11708)
Updated thunderbird packages fix security vulnerabilities: Type confusion in Array.pop. (CVE-2019-11707) Sandbox escape using Prompt:Open. (CVE-2019-11708)
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017 (CVE-2018-19486).
This kernel-linus update is based on the upstream 4.14.127 and fixes atleast the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to
The updated firefox packages fix a security vulnerability that's being exploited in the wild: Type confusion in Array.pop. (CVE-2019-11707)
Updated phpmyadmin packages fix security vulnerabilities: A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. (CVE-2019-11768, PMASA-2019-3)
Updated flash-player-plugin package fixes a security vulnerability: A use after free that leads to arbitrary code execution. (CVE-2019-7845) References:
The updated thunderbird packages fix some bugs and security vulnerabilities: Heap buffer overflow in icalparser.c. (CVE-2019-11703) Heap buffer overflow in icalvalue.c. (CVE-2019-11704)
GraphicsMagick 1.3.32 is now released, fixing another 52 additional issues detected by oss-fuzz. Of special mention is a bug reported to us by "Battle Furry" via our security mail alias. This bug (was considered to be a "feature")
This kernel update is based on the upstream 4.14.127 and fixes atleast the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to
This kernel-tmb update is based on the upstream 4.14.127 and fixes atleast the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.28 are vulnerable. (CVE-2019-3839)
The updated packages fix security vulnerabilities: Fixed a heap-based buffer overflow in ReadMNGImage(). (CVE-2019-11007) Fixed a heap-based buffer overflow in WriteXWDImage(). (CVE-2019-11008,
Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement
Updated graphicsmagick packages fix security vulnerabilities In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or
Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext. (CVE-2018-18511)
Updated firefox packages fix security vulnerabilities. Cross-origin theft of images with ImageBitmapRenderingContext. (CVE-2018-18511)
This kernel update provides the upstream 4.14.121. It adds additional fixes to the the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities. It also fixes the following security issues:
Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" (bsc#1118897)
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
