Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 1 hour 2 min ago

Debian LTS: DLA-2792-1: faad2 security update>

12 hours 22 min ago
Several issues have been found in faad2, a freeware Advanced Audio Decoder player. They are related to heap buffer overflows or null pointer dereferences, which both might allow an attacker to execute code by

Mageia 2021-0488: virtualbox security update>

Saturday 23rd of October 2021 03:49:37 PM
This update provides the upstream 6.1.28 maintenance release that fixes atleast the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.28 contains an easily exploitable vulnerability that allows high privileged attacker with

Mageia 2021-0487: ansible security update>

Saturday 23rd of October 2021 08:06:41 AM
Do not include params in exception when a call to set_options fails. Additionally, block the exception that is returned from being displayed to stdout. (CVE-2021-3620) References:

Mageia 2021-0486: flatpak security update>

Saturday 23rd of October 2021 08:06:40 AM
Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp

Mageia 2021-0485: tomcat security update>

Saturday 23rd of October 2021 08:06:39 AM
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. (CVE-2021-30640) Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66

Mageia 2021-0484: docker-containerd security update>

Saturday 23rd of October 2021 08:06:38 AM
A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky.

Fedora 33: libzapojit 2021-7f5a82ef57>

Friday 22nd of October 2021 11:25:57 PM
Security fix for CVE-2021-39360

Fedora 33: nodejs 2021-cbad295a90>

Friday 22nd of October 2021 11:25:54 PM
## 2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams This is a security release. ### Notable changes * **CVE-2021-22959**: HTTP Request Smuggling due to spaced in headers (Medium) * The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at

Fedora 33: vim 2021-84f4cf3244>

Friday 22nd of October 2021 11:25:44 PM
The newest upstream commit Security fix for CVE-2021-3778 Security fix for CVE-2021-3796 Security fix for CVE-2021-3875 Security fix for CVE-2021-3872

Fedora 34: libzapojit 2021-c3395a5df6>

Friday 22nd of October 2021 11:22:52 PM
Security fix for CVE-2021-39360

Fedora 34: nodejs 2021-9807b754d9>

Friday 22nd of October 2021 11:22:47 PM
## 2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams This is a security release. ### Notable changes * **CVE-2021-22959**: HTTP Request Smuggling due to spaced in headers (Medium) * The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at

Fedora 34: watchdog 2021-31748c40a6>

Friday 22nd of October 2021 11:22:20 PM
fix memory leak when verbose mode is on

Debian: DSA-4991-1: mailman security update>

Friday 22nd of October 2021 02:24:25 PM
Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page.

Ubuntu 5121-1: Mailman vulnerabilities>

Friday 22nd of October 2021 01:57:20 AM
Several security issues were fixed in Mailman.

Ubuntu 5116-2: Linux kernel vulnerabilities>

Thursday 21st of October 2021 09:06:25 PM
Several security issues were fixed in the Linux kernel.

Ubuntu 5120-1: Linux kernel (Azure) vulnerabilities>

Thursday 21st of October 2021 08:31:46 PM
Several security issues were fixed in the Linux kernel.

ArchLinux: 202110-6: nodejs-lts-erbium: multiple issues>

Thursday 21st of October 2021 04:57:51 PM
The package nodejs-lts-erbium before version 12.22.7-1 is vulnerable to multiple issues including arbitrary code execution, url request injection and certificate verification bypass.

ArchLinux: 202110-5: nodejs-lts-fermium: multiple issues>

Thursday 21st of October 2021 04:57:40 PM
The package nodejs-lts-fermium before version 14.18.1-1 is vulnerable to multiple issues including arbitrary code execution, url request injection and certificate verification bypass.

ArchLinux: 202110-4: nodejs: url request injection>

Thursday 21st of October 2021 04:57:29 PM
The package nodejs before version 16.11.1-1 is vulnerable to url request injection.

ArchLinux: 202110-3: virtualbox: multiple issues>

Thursday 21st of October 2021 04:57:18 PM
The package virtualbox before version 6.1.28-1 is vulnerable to multiple issues including sandbox escape, denial of service and information disclosure.

More in Tux Machines