Find the information you need for your favorite open source distribution .
The MD5 algorithm is known not to be collision resistant. This updateblacklists the proof of concept rogue certificate authority as discussedin https://www.win.tue.nl/hashclash/rogue-ca/.
It was discovered that Amarok did not correctly handle certain malformed tags in Audible Audio (.aa) files. If a user were tricked into opening a crafted Audible Audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. [More...]
It was discovered that FFmpeg did not correctly handle certain malformed Ogg Media (OGM) files. If a user were tricked into opening a crafted Ogg Media file, an attacker could cause the application using FFmpeg to crash, leading to a denial of service. (CVE-2008-4610) [More...]
Diego Petten discovered that the Base64 encoding functions in GLib did notproperly handle large strings. If a user or automated system were trickedinto processing a crafted Base64 string, an attacker could possibly executearbitrary code with the privileges of the user invoking the program. [More...]
It was discovered that the Base64 encoding functions in libsoup did not properly handle large strings. If a user were tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges. [More...]
It was discovered that the Base64 decoding functions in GStreamer Base Plugins did not properly handle large images in Vorbis file tags. If a user were tricked into opening a specially crafted Vorbis file, an attacker could possibly execute arbitrary code with user privileges. [More...]
It was discovered that GStreamer Good Plugins did not correctly handle malformed Composition Time To Sample (ctts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0386) [More...]
It was discovered that the Base64 encoding functions in evolution-data-server did not properly handle large strings. If a user were tricked into opening a specially crafted image file, or tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges. [More...]
It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into [More...]
Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would source .profile files from the current directory. Local users may be able to bypass security restrictions and gain root privileges by placing specially crafted .profile files where they might get sourced by other dash users. [More...]
It was discovered that libpng did not properly perform bounds checking incertain operations. An attacker could send a specially crafted PNG image andcause a denial of service in applications linked against libpng. This issueonly affected Ubuntu 8.04 LTS. (CVE-2007-5268, CVE-2007-5269) [More...]
Jesse Ruderman and Gary Kwong discovered flaws in the browser engine.If a user were tricked into viewing a malicious website, a remoteattacker could cause a denial of service or possibly execute arbitrarycode with the privileges of the user invoking the program.(CVE-2009-0772, CVE-2009-0774) [More...]
Jesse Ruderman and Gary Kwong discovered flaws in the browser engine.If a user were tricked into viewing a malicious website, a remoteattacker could cause a denial of service or possibly execute arbitrarycode with the privileges of the user invoking the program.(CVE-2009-0772, CVE-2009-0774) [More...]
Glenn Randers-Pehrson discovered that the embedded libpng in Firefoxdid not properly initialize pointers. If a user were tricked intoviewing a malicious website with a crafted PNG file, a remote attackercould cause a denial of service or possibly execute arbitrary codewith the privileges of the user invoking the program. (CVE-2009-0040) [More...]
Mike Wiacek discovered that the ARC2 implementation in Python Cryptodid not correctly check the key length. If a user or automated systemwere tricked into processing a malicious ARC2 stream, a remote attackercould execute arbitrary code or crash the application using Python Crypto,leading to a denial of service. [More...]
USN-726-1 fixed a vulnerability in curl. Due to an incomplete fix, a regression was introduced in Ubuntu 8.10 that caused certain types of URLs to fail. This update fixes the problem. We apologize for the inconvenience. [More...]
USN-727-1 fixed vulnerabilities in network-manager-applet. This advisory provides the corresponding updates for NetworkManager.
It was discovered that network-manager-applet did not properly enforce permissions when responding to dbus requests. A local user could perform dbus queries to view other users' network connection passwords and pre-shared keys. (CVE-2009-0365) [More...]
It was discovered that curl did not enforce any restrictions when following URL redirects. If a user or automated system were tricked into opening a URL to an untrusted server, an attacker could use redirects to gain access to abitrary files. This update changes curl behavior to prevent following "file" URLs after [More...]
It was discovered that Kmail did not adequately prevent execution of arbitrarycode when a user clicked on a URL to an executable within an HTML mail. If auser clicked on a malicious URL and chose to execute the file, a remoteattacker could execute arbitrary code with user privileges. This update changes [More...]
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
