Find the information you need for your favorite open source distribution .
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".
Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
It was discovered that there was a local denial of service vulnerability in lxterminal, the terminal emulator for the LXDE desktop environment. This was caused by an insecure use of temporary files for a socket file.
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
Roundcube Webmail allows arbitrary password resets by authenticated users. The issue is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed.
It was found that a malformed font could result in denial of service or the execution of arbitrary code. For Debian 7 "Wheezy", these problems have been fixed in version
It was discovered that there was a remote application crash vulnerability in libxstream-java, a Java library to serialize objects to XML and back again. This was due to mishandled attempts to create an instance of the primitive type 'void' during unmarshalling.
Several heap-based buffer overflows, integer overflows and NULL pointer dereferences have been discovered in libpodofo, a library for manipulating PDF files, that allow remote attackers to cause a denial of service (application crash) or other unspecified impact via a
Multiple vulnerabilities were found in libsndfile, a popular library for reading/writing audio files. CVE-2017-7585
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is
An information disclosure vulnerability was found in kedpm, a password manager compatible with the figaro password manager file format. The history file can reveal the master password if it is provided on the commandline. The name of entries created or read in the password
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is
Two security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2017-5647
It was discovered that partclone, an utility to backup partitions, was prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. This could allow remote attackers to cause a 'Denial of Service attack' in the context
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.
With this vulnerability arbitrary files can be overwritten on nodes running jobs provided that the user can run a job that is able to trigger a failure of a Prolog script.
CVE-2016-9591 Use-after-free on heap in jas_matrix_destroy The vulnerability exists in code responsible for re-encoding the
WeeChat before allows a remote crash by sending a filename via DCC to the IRC plugin. For Debian 7 "Wheezy", these problems have been fixed in version
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
