Return to Feeds Overview

Feed Source: LinuxSecurity.com - Security Advisories

  • Debian LTS: DLA-1551-1: exiv2 security update
  • Sun, 21 Oct 2018 04:39:00 +0000

    LinuxSecurity.com: A vulnerability has been discovered in exiv2 (CVE-2018-16336), a C++ library and a command line utility to manage image metadata, resulting in remote denial of service (heap-based buffer over-read/overflow) via
  • Mageia 2018-0409: libtiff security update
  • Sat, 20 Oct 2018 15:56:00 +0000

    LinuxSecurity.com: Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file (CVE-2016-5319). In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function
  • Mageia 2018-0408: ghostscript security update
  • Fri, 19 Oct 2018 20:37:00 +0000

    LinuxSecurity.com: Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox. (CVE-2018-17961) Saved execution stacks can leak operator arrays. (CVE-2018-18073)
  • Mageia 2018-0406: clamav security update
  • Fri, 19 Oct 2018 20:01:00 +0000

    LinuxSecurity.com: The updated clamav packages fix a security vulnerability: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device (CVE-2018-15378).
  • Mageia 2018-0407: rust security update
  • Fri, 19 Oct 2018 20:01:00 +0000

    LinuxSecurity.com: Updated rust packages fix security vulnerability The Rust Programming Language Standard Library before version 1.29.1 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in the standard library that can result in buffer overflow. This attack
  • [updates-announce] MGASA-2018-0405: Updated glib2.0 packages fix security vulnerabilities
  • Fri, 19 Oct 2018 20:01:00 +0000

    LinuxSecurity.com: The updated glib2.0 packages fix security vulnerabilities: In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference (CVE-2018-16428).
  • [updates-announce] MGASA-2018-0404: Updated 389-ds-base packages fix security vulnerabilities
  • Fri, 19 Oct 2018 20:01:00 +0000

    LinuxSecurity.com: Updated 389-ds-base package fixes security vulnerabilities: a race condition on reference counter leads to DoS using persistent search (CVE-2018-10850)
  • Mageia 2018-0400: vlc security update
  • Fri, 19 Oct 2018 20:01:00 +0000

    LinuxSecurity.com: This update provides vlc 3.0.4 and fixes atleast the following security issue: A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media
  • Mageia 2018-0402: mgetty security update
  • Fri, 19 Oct 2018 20:01:00 +0000

    LinuxSecurity.com: Updated mgetty packages fix security vulnerabilities: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (CVE-2018-16741).
  • [updates-announce] MGASA-2018-0403: Updated php-smarty packages fix security vulnerability
  • Fri, 19 Oct 2018 20:01:00 +0000

    LinuxSecurity.com: Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files (CVE-2018-13982).
  • Mageia 2018-0401: tcpflow security update
  • Fri, 19 Oct 2018 20:01:00 +0000

    LinuxSecurity.com: pdated tcpflow package fixes security vulnerability: An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause
  • Mageia 2018-0399: calibre security update
  • Fri, 19 Oct 2018 20:01:00 +0000

    LinuxSecurity.com: Updated calibre package fixes security vulnerability: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that