The central voice for Linux and Open Source security news.
Updated: 5 hours 3 min ago
LinuxSecurity.com: GNU Midnight Commander does not properly sanitize environment variables, possibly resulting in execution of arbitrary code or Denial of Service.
LinuxSecurity.com: New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. [More Info...]
LinuxSecurity.com: New mariadb and mysql packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
LinuxSecurity.com: New kernel packages are available for Slackware 14.1 (64-bit) to fix a security issue. [More Info...]
LinuxSecurity.com: Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate [More...]
LinuxSecurity.com: Robert Scheck discovered multiple vulnerabilities in Zarafa that could
allow a remote unauthenticated attacker to crash the zarafa-server
daemon, preventing access to any other legitimate Zarafa users
LinuxSecurity.com: Several security issues were fixed in Thunderbird.
LinuxSecurity.com: USN-2102-1 introduced a regression in Firefox.
LinuxSecurity.com: Updated gnutls packages fix security vulnerability:
Suman Jana reported a vulnerability that affects the certificate
verification functions of gnutls 3.1.x and gnutls 3.2.x. A version
1 intermediate certificate will be considered as a CA certificate
LinuxSecurity.com: Updated tomcat6 packages fix security vulnerabilities:
It was discovered that Tomcat incorrectly handled certain requests
submitted using chunked transfer encoding. A remote attacker could
use this flaw to cause the Tomcat server to stop responding, resulting
LinuxSecurity.com: A vulnerability was reported in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could
be exploited to cause a buffer overflow. This could be used to crash a
Python application that uses the socket.recvfrom_info() function or,
possibly, execute arbitrary code with the permissions of the user
LinuxSecurity.com: A vulnerability has been discovered and corrected in puppet:
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise
(PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to
overwrite arbitrary files via a symlink attack on unspecified files
LinuxSecurity.com: Updated libgadu packages fix security vulnerability:
A malicious server or man-in-the-middle could send a large value for
Content-Length and cause an integer overflow which could lead to a
buffer overflow in Gadu-Gadu HTTP parsing (CVE-2013-6487).
LinuxSecurity.com: Multiple vulnerabilities in Xpdf could result in execution of arbitrary code.
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in the Linux
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel
before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users
LinuxSecurity.com: Updated ffmpeg packages fix security vulnerabilities:
This updates provides ffmpeg version 0.5.13 and 0.10.11, which fixes
several unspecified security vulnerabilities and other bugs which
were corrected upstream.
LinuxSecurity.com: Updated varnish packages fix security vulnerabilities:
Varnish before 3.0.5 allows remote attackers to cause a denial of
service (child-process crash and temporary caching outage) via a GET
request with trailing whitespace characters and no URI (CVE-2013-4484).
LinuxSecurity.com: Updated libpng and libpng12 packages fix security vulnerability:
The png_do_expand_palette function in libpng before 1.6.8 allows remote
attackers to cause a denial of service (NULL pointer dereference and
application crash) via a PLTE chunk of zero bytes or a NULL palette,
LinuxSecurity.com: Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 [More...]
LinuxSecurity.com: It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project [More...]