Find the information you need for your favorite open source distribution .
These packages fix a security problem with remote clients giving specialNetBIOS names to the server.
A vulnerability in iptables "RELATED" connection tracking has beendiscovered. Other general bugfixes present as well.
A locally exploitable format string bug has been fixed in the code thathandles batch SMTP.
When LPRng drops uid and gid, it fails to drop membership in itssupplemental groups.
Updated GnuPG packages are now available for Red Hat Linux 6.2, 7, and 7.1.These updates include fixes for the recently-discovered format stringvulnerability.
The ispell program uses mktemp() to open temporary files - this makes itvulnerable to symlink attacks.
Applications using the xinetdumask and not setting the permissions themselves (like swat from the sambapackage), will create world writable files.
The version of mktemp shipped with Red Hat Linux prior to version 7 does not support creating temporary directories.
A heap overrun exists in the man packages shipped with Red Hat Linux5.x, 6.x and 7.0.Since man is setgid man, users could gain gid man privileges.
These updates close a potential vulnerability present in thegssapi-aware ftpd included in the krb5-workstation package.
These updates address a potential vulnerability which could allow anattacker to compute a user's secret key.
The issue is related to ZClasses in that any user can visit a ZClass declaration and change the ZClass permission mappings for methodsand other objects defined within the ZClass, possibly allowing forunauthorized access within the Zope instance.
By exploiting these vulnerabilities,local users could overwrite any file in the system.
The minicom program allows any user with local shell access to obtaingroup uucp priveledges.
nedit creates temporary files in an insecure fashion. This version has been patched to use mkstemp().
Swap files could potentially be world-readable, meaning every user could read data in the swap file(s), possibly including passwords.
This can be abused by a local user to gain access to the X server and can result in a compromise of the account kdesu accesses.
Update to gftp version 2.0.8, which improvesfunctionality and fixes a format string vulnerability.
Previously-issued mgetty packages did not log messages correctly. Previous packages would encounter errors when attempting to spool outgoing fax jobs. Log files for vgetty and vm were also not rotated.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
