Find the information you need for your favorite open source distribution .
A flaw was discovered in Netty, a Java NIO client/server socket framework. The HTTP/2 protocol implementation allowed a denial of service (server resource consumption) because request cancellation can reset many streams quickly. This problem is also known as Rapid Reset Attack.
A buffer overflow vulnerability has been found in lwip, a small independent implementation of the TCP/IPv4/IPv6 protocol suite, which allows an attacker to access information via a crafted ICMPv6 package. This vulnerability has been assigned CVE-2020-22283.
Debian Bug : 1001062 1021659 Multiple vulnerabilties have been found in freelrdp2, a free implementation of the Remote Desktop Protocol (RDP). The vulnerabilties potentially allows
A buffer overflow was found in the RAR code used by libclamunrar, which could result in arbitrary code execution when processing malicious RAR archives.
It was discovered that there was a potential cross-site scripting (XSS) in ruby-sanitize, a whitelist-based HTML sanitizer. Using carefully crafted input, an attacker may have be able to sneak
Several vulnerabilities have been discovered in the PostgreSQL database system. CVE-2023-5868
The audiofile library allows the processing of audio data to and from audio files of many common formats (currently AIFF, AIFF-C, WAVE, NeXT/Sun, BICS, and raw data).
It was discovered that python-urllib3, a user-friendly HTTP client library for Python, did not remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body, like POST,
It was discovered that there was a race condition in Tang, a network-based cryptographic binding server. This flaw resulted in a small time window whereby newly-generated private keys were readable by other processes on the same machine.
The recent update of jetty9, released as DLA 3641-1, caused a regression in PuppetDB, a major component of Puppet that helps you manage and automate the configuration of servers. More specifically another package, trapperkeeper- webserver-jetty9-clojure, still used the deprecated SslContextFactory class
Two vulnerabilities were fixed in Apache Traffic Server, a reverse and forward proxy server. CVE-2023-41752
It was discovered there was a potential remote code execution vulnerability in phppgadmin, a web-based administration tool for the PostgreSQL database server. This issue concerned the deserialisation of untrusted data which may have led to remote code execution because
It was discovered that there was an arbitrary file overwrite vulnerability in pmix, a library used in parallel/cluster computing. Attackers could have obtained ownership of arbitrary files via a
A vulnerability has been identified in h2o, a high-performance web server with support for HTTP/2. A security vulnerability CVE-2023-44487 was discovered that could potentially
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. CVE-2023-41259
Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header
This is a non-security update, enabling distro-info to continue to build with the distro-info-data update in DLA-3639-1, which broke some test-suite assumptions.
This is a routine update of the distro-info-data database for Debian LTS users. It includes Ubuntu 24.10, and makes some minor updates to older EoL
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
