Find the information you need for your favorite open source distribution .
Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered that Squid didnot properly validate the HTTP version when processing requests. A remoteattacker could exploit this to cause a denial of service (assertion failure). [More...]
It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-3546) [More...]
Harald Koenig discovered that sudo did not correctly handle certainprivilege changes when handling groups. If a local attacker belongedto a group included in a "RunAs" list in the /etc/sudoers file, thatuser could gain root privileges. This was not an issue for the defaultsudoers file shipped with Ubuntu. [More...]
Marko Lindqvist discovered that the fglrx installer created an unsafeLD_LIBRARY_PATH on 64bit systems. If a user were tricked into downloadingspecially crafted libraries and running commands in the same directory,a remote attacker could execute arbitrary code with user privileges. [More...]
It was discovered that PHP did not properly enforce php_admin_value and php_admin_flag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. [More...]
It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. (CVE-2009-0360) [More...]
Kojima Hajime discovered that Firefox did not properly handle an escaped nullcharacter. An attacker may be able to exploit this flaw to bypass scriptsanitization. (CVE-2008-5510)
A flaw was discovered in the browser engine when restoring closed tabs. If auser were tricked into restoring a tab to a malicious website with form inputcontrols, an attacker could steal local files on the user's system.(CVE-2009-0355) [More...]
Several flaws were discovered in the browser engine. These problems could allowan attacker to crash the browser and possibly execute arbitrary code with userprivileges. (CVE-2009-0352, CVE-2009-0353)
Fernando Quintero discovered than MoinMoin did not properly sanitize itsinput when processing login requests, resulting in cross-site scripting (XSS)vulnerabilities. With cross-site scripting vulnerabilities, if a user weretricked into viewing server output during a crafted server request, a remoteattacker could exploit this to modify the contents, or steal confidential data, [More...]
Hugo Dias discovered that the ATM subsystem did not correctly managesocket counts. A local attacker could exploit this to cause a system hang,leading to a denial of service. (CVE-2008-5079)
Hugo Dias discovered that the ATM subsystem did not correctly manage socketcounts. A local attacker could exploit this to cause a system hang, leadingto a denial of service. (CVE-2008-5079)
It was discovered that Java did not correctly handle untrusted applets.If a user were tricked into running a malicious applet, a remote attackercould gain user privileges, or list directory contents. (CVE-2008-5347,CVE-2008-5350) [More...]
Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program. [More...]
It was discovered that xine-lib did not correctly handle certain malformed Ogg and Windows Media files. If a user or automated system were tricked into opening a specially crafted Ogg or Windows Media file, an attacker could cause xine-lib to crash, creating a denial of service. This issue only applied to [More...]
It was discovered that KTorrent did not properly restrict access when using the web interface plugin. A remote attacker could use a crafted http request and upload arbitrary torrent files to trigger the start of downloads and seeding. (CVE-2008-5905) [More...]
USN-700-1 fixed vulnerabilities in Perl. Due to problems with the Ubuntu 8.04 build, some Perl .ph files were missing from the resulting update. This update fixes the problem. We apologize for the inconvenience. [More...]
Dmitry V. Levin discovered a buffer overflow in tar. If a user or automatedsystem were tricked into opening a specially crafted tar file, an attackercould crash tar or possibly execute arbitrary code with the privileges of theuser invoking the program. [More...]
It was discovered that an installation script in the HPLIP package would change permissions on the hplip config files located in user's home directories. A local user could exploit this and change permissions on arbitrary files upon an HPLIP installation or upgrade, which could lead to root privileges. [More...]
It was discovered that CUPS didn't properly handle adding a large number of RSS subscriptions. A local user could exploit this and cause CUPS to crash, leading to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and 8.10. (CVE-2008-5183) [More...]
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
