Find the information you need for your favorite open source distribution .
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original
Several vulnerabilities have been found in the ClamAV antivirus toolkit, that could result in denial of service or other unspecified impact. For Debian 9 stretch, these problems have been fixed in version
Multiple security issues have been found in Thunderbird, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Sebastian Krause discovered that manipulated inline images can force PyPDF2, a pure Python PDF library, into an infinite loop, if a maliciously crafted PDF file is processed.
debian-security-support, the Debian security support coverage checker, has been updated in stretch-security to mark the end of life of the following packages:
Several integer overflows have been discovered in TurboJPEG, a JPEG image library, which can lead to a denial of service (application crash) if someone attempts to compress or decompress gigapixel images with the TurboJPEG API.
Multiple security issues were discovered in pjproject, is a free and open source multimedia communication library CVE-2022-24763
It was discovered that CVE-2014-10401 was fixed incompletely in the Perl5 Database Interface (DBI). An attacker could trigger information disclosure through a different vector.
Nathan Davison discovered that HAProxy, a load balancing reverse proxy, did not correctly reject requests or responses featuring a transfer-encoding header missing the "chunked" value which could facilitate a HTTP request smuggling attack. Furthermore several flaws were discovered in DNS related functions that
Smarty3 is a template engine for PHP. It was found that template authors could inject PHP code by choosing a malicious {block} name or {include} file name. For Debian 9 stretch, this problem has been fixed in version
A flaw was found in the check_chunk_name() function of pngcheck, a tool to verify the integrity of PNG, JNG and MNG files. This flaw allows an attacker who can pass a malicious file to be processed by pngcheck to cause a temporary denial of service.
An issue was found in zipios++, a small C++ library for reading zip files. Due to wrong handling of malformed zip files, an infinite loop could be entered, which results in a denial of service.
Joshua Mason discovered that a logic error in the validation of the secret key used in the "local" authorisation mode of the CUPS printing system may result in privilege escalation.
An issue has been found in package atftp, an advanced TFTP client/server. Due to missing bound checks, data could be read behind a buffer so that
It was discovered that the previous upload to neutron to Debian 9 "Stretch" (ie. version 2:9.1.1-3+deb9u2) was incomplete and did not actually apply the fix for CVE-2021-40085.
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
Several security vulnerabilities have been discovered in puma, a web server for Ruby/Rack applications. These flaws may lead to information leakage due to not always closing response bodies, allowing untrusted input in a response header (HTTP Response Splitting) and thus potentially facilitating several other
Max Justicz reported a directory traversal vulnerability in Dpkg::Source::Archive in dpkg, the Debian package management system. This affects extracting untrusted source packages in the v2 and v3 source package formats that include a debian.tar.
Jacek Konieczny discovered a SQL injection vulnerability in the back-sql backend to slapd in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, allowing an attacker to alter the database during an LDAP search operations when a specially crafted search filter
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
