Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Replication). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
A heap-based buffer over-read at wav.c in wav_write_header that could be used for a denial of service attack (CVE-2018-19758). References: - https://bugs.mageia.org/show_bug.cgi?id=24752
The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (CVE-2018-8975). References:
When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS (CVE-2018-8019).
Sandbox escape due to information disclosure via str.format (CVE-2016-10745). str.format_map allows sandbox escape (CVE-2019-10906). References:
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded (CVE-2019-11068).
MGASA-2019-0178 - Updated flash-player-plugin packages fix security vulnerability Publication date: 18 May 2019 URL: https://advisories.mageia.org/MGASA-2019-0178.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-7837 A use after free that leads to arbitrary code execution. (CVE-2019-7837) References: - https://bugs.mageia.org/show_bug.cgi?id=24822 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7837 SRPMS: - 6/nonfree/flash-player-plugin-32.0.0.192-1.mga6.nonfree
An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim (CVE-2019-11234).
This update provies Virtualbox 6.0.8 that fixes the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU.
This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigations new microcode is also needed, either by installing the
This update provides the Intel 20190514 microcode release that adds the microcode side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU.
This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigations new microcode is also needed, either by installing the
This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigations new microcode is also needed, either by installing the
This update provides the latest stable binutils, currently version 2.32 and fixes atleast the following security issues: ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects (CVE-2014-9939)
This kernel update is based on the upstream 4.14.116 and fixes atleast the following security issues: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound
Updated openssh packages fix security vulnerabilities: Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred (CVE-2019-6109).
Updated cronie packages fix security vulnerabilities: Cronie before 1.5.3 allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked (CVE-2019-9704).
Updated tcpreplay package fixes security vulnerabilities: An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary.
A vulnerability was found in the svgsalamander library. If the library is being used in a web application for processing user supplied SVG files then the app is vulnerable to SSRF (CVE-2017-5617). References:
Updated mxml packages fix security vulnerabilities: An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the ''
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
