Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content
The central voice for Linux and Open Source security news.
Updated: 2 weeks 2 days ago

Fedora 29: krb5 Security Update

Tuesday 8th of January 2019 02:43:00 AM
LinuxSecurity.com: Improve memset hygiene in one location.

SUSE: 2019:0024-1 important: libgit2

Tuesday 8th of January 2019 12:08:00 AM
LinuxSecurity.com: An update that solves one vulnerability and has one errata is now available.

Debian LTS: DLA-1630-1: libav security update

Monday 7th of January 2019 11:34:00 PM
LinuxSecurity.com: Several security vulnerabilities were corrected in the libav multimedia library which may lead to a denial-of-service, information disclosure or the execution of arbitrary code if a malformed file is processed.

SUSE: 2019:0023-1 moderate: gpg2

Monday 7th of January 2019 09:10:00 PM
LinuxSecurity.com: An update that fixes one vulnerability is now available.

RedHat: RHSA-2019-0031:01 Low: Red Hat Enterprise Linux 6.6 Telco Update

Monday 7th of January 2019 12:34:00 PM
LinuxSecurity.com: This is the final notification for the retirement of Red Hat Enterprise Linux 6.6 Telco Update Service (TUS). This notification applies only to those customers subscribed to the Telco Update Service (TUS) channel for Red Hat Enterprise Linux 6.6.

Debian LTS: DLA-1629-1: python-django security update

Sunday 6th of January 2019 08:27:00 PM
LinuxSecurity.com: It was discovered that there was a content-spoofing vulnerability in the default 404 pages in the Django web development framework. For more information, please see:

Mageia 2019-0017: dcraw security update

Sunday 6th of January 2019 05:42:00 PM
LinuxSecurity.com: A NULL pointer dereference flaw was found in the way dcraw processed images. An attacker could potentially use this flaw to crash dcraw by tricking it into processing crafted images (CVE-2018-5801). References:

Mageia 2019-0018: libao security update

Sunday 6th of January 2019 05:42:00 PM
LinuxSecurity.com: A flaw was found in libao. The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 can cause a denial of service(memory corruption) via a crafted mp3 file (CVE-2017-11548). References:

Mageia 2019-0016: aubio security update

Sunday 6th of January 2019 05:42:00 PM
LinuxSecurity.com: NULL pointer dereference in the function aubio_source_avcodec_readframe which may lead to DoS when playing a crafted audio file (CVE-2017-17554). A crash in aubio_pitch_set_unit (CVE-2018-14522).

CentOS: CESA-2019-0022: Important CentOS 7 keepalived

Sunday 6th of January 2019 12:09:00 PM
LinuxSecurity.com: Upstream details at : https://access.redhat.com/errata/RHSA-2019:0022

Fedora 29: tcpreplay Security Update

Sunday 6th of January 2019 02:22:00 AM
LinuxSecurity.com: This release (4.3.1) contains bug fixes only: - Fix checkspell detected typos (#531) - Heap overflow packet2tree and get_l2len (#530) This is Tcpreplay suite 4.3.0 This release contains several bug fixes and enhancements: - Fix maxOS TOS checksum failure (#524) - TCP sequence edits seeding (#514) - Fix issues identifed by Codacy (#493) - CVE-2018-18408 use-after-free in post_args (#489) -

Fedora 28: tcpreplay Security Update

Sunday 6th of January 2019 01:52:00 AM
LinuxSecurity.com: This release (4.3.1) contains bug fixes only: - Fix checkspell detected typos (#531) - Heap overflow packet2tree and get_l2len (#530) This is Tcpreplay suite 4.3.0 This release contains several bug fixes and enhancements: - Fix maxOS TOS checksum failure (#524) - TCP sequence edits seeding (#514) - Fix issues identifed by Codacy (#493) - CVE-2018-18408 use-after-free in post_args (#489) -

Mageia 2019-0015: wget security update

Saturday 5th of January 2019 10:50:00 PM
LinuxSecurity.com: Since version 1.19 Wget stores the URL and in certain cases the 'Referer' URL within extended attributes (xattrs) of the file system - by default. This includes username + password and other credentials or private data *if* those have been used within the URLs. Anyone with read access to

Mageia 2019-0013: libextractor security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: Several vulnerabilities were discovered in libextractor which may lead to denial of service or memory disclosure if a malformed OLE file is processed (CVE-2018-20430, CVE-2018-20431). References:

Mageia 2019-0014: libpgf security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32 (CVE-2015-6673). References: - https://bugs.mageia.org/show_bug.cgi?id=24101

Mageia 2019-0010: php-phpmailer security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: Potential object injection vulnerability (CVE-2018-19296). References: - https://bugs.mageia.org/show_bug.cgi?id=24055 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DAZQPUD7WZXMJ2KIQY5P2I2UI545YPYO/

Mageia 2019-0012: freerdp security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8784, CVE-2018-8785).

Mageia 2019-0009: pdns-recursor security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: A vulnerability was in found in PowerDNS Recursor. The issue is a memory leak occurring while parsing some malformed records, due to the fact that some memory is allocated parsing a record and is not always properly released if the record is not valid. It allows a malicious auth server to cause a denial of service by sending specially crafted records

Mageia 2019-0008: pdns security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: A vulnerability was in found in PowerDNS Authoritative Server. The issue is a memory leak occurring while parsing some malformed records, due to the fact that some memory is allocated parsing a record and is not always properly released if the record is not valid. It allows an authorized user to cause a denial of service by inserting specially

Mageia 2019-0007: units security update

Saturday 5th of January 2019 07:31:00 PM
LinuxSecurity.com: A flaw was found in units. units_cur doesn't sanitize downloaded data. This allows a maliciously intended server to execute arbitrary code remotely on the client (rhbz#1598913). References: