Find the information you need for your favorite open source distribution .
There is a buffer overflow in the samba file server, the widely spread implementation of the SMB protocol.
Researchers have discovered certain weaknesses in OpenSSL's RSA decryption algorithm.
The nature of the flaw is a stack overflow in a function that is called frequently throughout the sendmail source code.
The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format bugs.
The local attacker can use ptrace and attach to a modprobe process that is spawned if the user triggers the loading of a kernel module using the kmod kernel module subsystem. The vulnerability allows the attacker to execute arbitrary commands as root.
The IMAP-code of mutt is vulnerable to a buffer overflow that can be exploited by a malicious IMAP-server to crash mutt or even execute arbitrary code with the privileges of the user running mutt.
A buffer overflow vulnerability in the ELF format parsing of the "file" command, one which can be used to execute arbitrary code with the privileges of the user running the command has been fixed.
Ethereal is vulnerable to a format string bug in it's SOCKS code and to a heap buffer overflow in it's NTLMSSP code.
The sample exploit requires a valid user account and password, and overflows a string in the pop_msg() function to give the user "mail" group privileges and a shell on the system. Since the Qvsnprintf function is used elsewhere in qpopper, additional exploits may be possible.
A buffer overflow and race condition vulnerabilities have been fixed. These vulnerabilities may lead to remote root compromise.
This bug can be exploited remotely by an attacker to stop the use of tcpdump for analyzing network traffic for signs of security breaches or alike. Another bug may lead to system compromise due to the handling of malformed NFS packets send by an attacker.
This buffer overflow can be exploited by a local user, if the printer system is set up correctly, to gain root privileges. lprold is installed as default package and has the setuid bit set.
Updated Sendmail packages are available to fix a vulnerability thatmay allow remote attackers to gain root privileges by sending acarefully crafted message.
A security weakness has been found, known as "Vaudenay timing attack on CBC"
Under some special circumstances a buffer overflow can be triggered in mod_php4's wordwrap() function.
Some SQL-injection vulnerabilities were found in IMP 2.x that allow an attacker to access the underlying database.
An attacker with CVS read access to compromise a CVS server. Additionally two features ('Update-prog' and 'Checkin-prog') were disabled to stop clients with write access to execute arbitrary code on the server.
The ISC (Internet Software Consortium) dhcp package is an implementation of the Dynamic Host Configuration Protocol (DHCP).
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
