In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks (CVE-2023-32205). An out-of-bounds read could have led to a crash in the RLBox Expat driver
Buffer Overflow vulnerability leading to denial of service via a crafted JXR file. (CVE-2021-33367) References: - https://bugs.mageia.org/show_bug.cgi?id=31888
Angle brackets () were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input. (CVE-2023-24539)
Multiple memory safety issues (bsc#1209718). References: - https://bugs.mageia.org/show_bug.cgi?id=31884 - https://lists.suse.com/pipermail/sle-security-updates/2023-April/014560.html
client.c in gdhcp in ConnMan could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. (CVE-2023-28488) References:
This kernel update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. (CVE-2023-24580) Bypass of validation when using one form field to upload multiple files.
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. (CVE-2022-30595) Improper Handling of Highly Compressed GIF Data (Data Amplification). (CVE-2022-45198)
By feeding specially crafted input to 'git apply --reject', a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch. (CVE-2023-25652).
Parcellite clipboard manager might cause your copied secrets to be stored in the plain-text form in the system logs. References: - https://bugs.mageia.org/show_bug.cgi?id=31818
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. (CVE-2023-1906)
This update provides the upstream 7.0.8 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 7.0.8. A difficult to exploit vulnerability allows low privileged attacker with logon to the
Integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. (CVE-2020-12762) References: - https://bugs.mageia.org/show_bug.cgi?id=31812
Fixes crash on some invalid DBus calls. (CVE-2023-1981) References: - https://bugs.mageia.org/show_bug.cgi?id=31811 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/VCTAFULPERZVYFFVHM7IEYXYRNHQDJAU/
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the
Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access. (CVE-2023-28856) References: - https://bugs.mageia.org/show_bug.cgi?id=31809
Cross site scripting vulnerability in Javascript escaping. (CVE-2023-28447) Additional bug fixes included. See referenced release notes for details.
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. (CVE-2023-1801) References:
A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. (CVE-2023-28450) References:
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. (CVE-2023-28617) References:
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
