Find the information you need for your favorite open source distribution .
A method to bypass ipchains masquerading exists and an update has been issued.
aaa_base is the basic package which comes with any SuSE Linux installation. Corrections to cron scripts and default directories have been made.
kreatecd is a KDE tool used to burn cd-roms. An exploitable buffer overflow was found in this tool.
Local users may gain access to group id 0 and hence may modify files owned and writable by the gid 0.
The package ircii is an irc client which is used to connect to irc servers and chat with other users. A buffer overflow in the dcc chat feature was found which is exploitable by remote users
A vulnerability in the SuSE Linux IMAP Server - which is unrelated to the SuSE Linux Distribution (which is unaffected) - was found which allows remote users to circumvented the imap authentication.
htsearch, a CGI program which is part of htdig, doesn't do proper checking on user input.
A bug in the authentication function of mysql allows anyone who knows a valid username to successfully authenticate as that users in no more than 32 tries.
SUSE advisory states ... " A malicous user could execute commands with the privileges of the user executing make. This security hole could lead to local root compromise if root passes Makefiles to make through stdin."
A security hole was discovered in the package lprold < 3.0.48.
A security hole was discovered in the package Pine < 4.21.
The syslogd server uses a Unix Domain stream socket (/dev/log) for receiving local log messages via syslog(3). Unix Domain stream sockets are non connection-less, that means, that one process is needed to serve one client.
The thttpd web server doesn't do proper bounds checking in the date parsing function tdate_parse().
Several vulnerabilities were found within bind4 and bind8.
The rpc.nfsd which is part of the nfs-server package was found to have two remote vulnerabilities.
The file access permissions aren't properly checked by the lpr and lpd program.
The package ypserv is the former "yellow pages", now called NIS information service, which is used for e.g. central network user account management. Several vulnerability exists: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and login shell values of other users.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
