Updated the optipng package to fix a security vulnerability (CVE-2023-43907) and other bugs. The GIF handler was vulnerable to a global buffer overflow. References:
Updated roundcubemail package fixes security vulnerabilities: Fix cross-site scripting (XSS) vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download (CVE-2023-47272)
This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP
It was discovered that python-django EmailValidator and URLValidator were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs (CVE-2023-36053).
This update fixes several security issues and also solves some other issues - manage change of launch option earlier in post process - Automatically convert -g option to --data-root in installed
This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer,
The updated packages fix security vulnerabilities: Segmentation fault in ciMethodBlocks. (CVE-2022-40433) Certificate path validation issue during client authentication.
Updated lilypond packages fix a security vulnerability: LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution
The updated packages fix security vulnerabilities: Memory disclosure in aggregate function calls. (CVE-2023-5868) Buffer overrun from integer overflow in array modification.
The chromium-browser-stable package has been updated to the 119.0.6045.159 release, fixing bugs and 15 vulnerabilities, together with 119.0.6045.123 and 119.0.6045.105; some of them are listed below: High CVE-2023-5480: Inappropriate implementation in Payments. Reported
The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. (CVE-2023-5367)
Haproxy has fixed security and other issues in last upstream version 2.8.3 of branch 2.8 Default user access are now commented out to prevent local action possible exploit and prevent further rpmnew on future updates.
The updated packages fix security vulnerabilities: Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from
This issue affects Clients only: Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. (CVE-2023-39350)
The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. (CVE-2023-5363) References:
The upstream patch to fix CVE-2023-43361 was added References: - https://bugs.mageia.org/show_bug.cgi?id=32479 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43361
The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. (CVE-2023-46846) Denial of Service in HTTP Digest Authentication. (CVE-2023-46847)
The updated packages fix a security vulnerability: Integer overflow in :history Ex-Command in Vim < 9.0.2068. References:
The updated packages fix a security vulnerability: Incorrect cipher key & IV length processing. (CVE-2023-5363) References:
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
