A flaw was found in Nagios Core version 4.4.1 and earlier. The qh_help function is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket (CVE-2018-13441).
Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document (CVE-2018-16858). The libreoffice package has been updated to version 6.1.5.2, fixing this
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. (CVE-2017-12194)
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. (CVE-2019-3813)
This kernel-linus update is based on the upstream 4.14.100 and fixes atleast the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors (STIBP) support. Note that STIBP also
This kernel update is based on the upstream 4.14.100 and fixes atleast the following security issues: A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is
It was found that specially crafted XIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags could be used for a denial of service (CVE-2018-20030). References: - https://bugs.mageia.org/show_bug.cgi?id=24373
In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data (CVE-2018-6381).
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length
Null dereferences in main() of gifclrmp. Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. CVE-2018-11490) Segmentation fault in PrintCodeBlock. Segmentation fault of giftool reading a crafted file.
It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code (CVE-2018-5882). References:
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897) XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef
A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash (CVE-2018-18356). An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash
A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. (CVE-2018-18356) An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.
MGASA-2019-0090 - Updated flash-player-plugin packages fix security vulnerability Publication date: 17 Feb 2019 URL: https://advisories.mageia.org/MGASA-2019-0090.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-7090 Information disclosure in the context of the current user. (CVE-2019-7090) References: - https://bugs.mageia.org/show_bug.cgi?id=24363 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7090 SRPMS: - 6/nonfree/flash-player-plugin-32.0.0.142-1.mga6.nonfree
LXC allows attackers to overwrite the host LXC binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, to which the attacker previously had write access. This occurs because of file-descriptor
dom4j version prior to version 2.1.1 contains an XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appears to be exploitable via an attacker specifying attributes or elements in the XML document (CVE-2018-1000632).
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through
The mad_decoder_run function in decoder.c in libmad 0.15.1b allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file (CVE-2017-11552). The mad_decoder_run() function in decoder.c in Underbit libmad through
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
