Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go (CVE-2018-20699).
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. (CVE-2019-6128) References: - https://bugs.mageia.org/show_bug.cgi?id=24343
The vorbis library version 1.3.6 fix security vulnerabilities: - CVE-2017-11735 libvorbis: NULL pointer dereference in vorbis_block_clear function in lib/block.c - CVE-2017-11333 libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c
In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P (CVE-2018-20683).
CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow References: - https://bugs.mageia.org/show_bug.cgi?id=24186
- Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data. - Merge various fixes for PHP 7.3 compatibility and security. References:
A buffer overflow in pin_code_reply_dump function (CVE-2016-9800). A buffer overflow in set_ext_ctrl function (CVE-2016-9801). A buffer overflow in commands_dump function (CVE-2016-9804).
- Possible SQL injection in Designer feature - When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access.
Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data
Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. (CVE-2019-6116) References: - https://bugs.mageia.org/show_bug.cgi?id=24233
This release address a potential security issue in libmp4v2 for Mageia 6: CVE-2018-14054: libmp4v2: Double free in the MP4StringProperty class in mp4property.cpp References:
The parse() method in the Email::Address module through 1.912 for Perl can consume a large amount of resources on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f") (CVE-2018-12558).
The podofo package has been updated to fix several security issues. References: - https://bugs.mageia.org/show_bug.cgi?id=21511 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/2U7MKKI2OP43FRIS44DJXIJYDWTNAWQ6/
A flaw was found in libxml2 2.9.8. The xz_decomp function in xzlib.c, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (CVE-2018-9251, CVE-2018-14567).
Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service (CVE-2018-6767). It was discovered that WavPack incorrectly handled certain DSDIFF files.
An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua (CVE-2019-3806).
It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service (CVE-2018-20544). It was discovered that libcaca incorrectly handled certain images. An
A vulnerability in the HTML_QuickForm package has been found which potentially allows remote code execution. References: - https://bugs.mageia.org/show_bug.cgi?id=24185
libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate
rdesktop has been updated to fix multiple CVE's. Fix memory corruption in process_bitmap_data - CVE-2018-8794 Fix remote code execution in process_bitmap_data - CVE-2018-8795 Fix remote code execution in process_plane - CVE-2018-8797 Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
