Linux Security

LinuxSecurity.com: A vulnerability has been found and corrected in wget: GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files [More...]

LinuxSecurity.com: An integer overflow vulnerability in wxGTK might enable remoteattackers to cause the execution of arbitrary code.

LinuxSecurity.com: Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]

LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in mozilla-thunderbird: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x [More...]

LinuxSecurity.com: It was discovered that Wget would use filenames provided by the server whenfollowing 3xx redirects. If a user or automated system were tricked intodownloading a file from a malicious site, a remote attacker could createthe file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrarycode. [More...]

LinuxSecurity.com: A vulnerability has been found and corrected in openssl: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent [More...]

LinuxSecurity.com: This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel. Following security issues were fixed: CVE-2010-2521: A crafted NFS write request might have caused a buffer overwrite, [More...]

LinuxSecurity.com: A vulnerability has been found and corrected in perl-libwww-perl: lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a [More...]

LinuxSecurity.com: Several implementation errors in the dissector of the Wireshark network traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal Decompressor Virtual Machine may lead to the execution of arbitrary code. [More...]

LinuxSecurity.com: A vulnerability has been found and corrected in libgdiplus: Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; [More...]

LinuxSecurity.com: It was discovered that libwww-perl incorrectly filtered filenames suggestedby Content-Disposition headers. If a user were tricked into downloading afile from a malicious site, a remote attacker could overwrite hidden filesin the user's directory. [More...]

LinuxSecurity.com: George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code. [More...]

LinuxSecurity.com: A vulnerability has been found and corrected in libHX: Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that [More...]

LinuxSecurity.com: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

LinuxSecurity.com: Updated kernel packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]

LinuxSecurity.com: Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]

LinuxSecurity.com: A vulnerability has been found and corrected in phpmyadmin: It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages (CVE-2010-3056). [More...]

LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in phpmyadmin: The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the [More...]

LinuxSecurity.com: Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code. [More...]

LinuxSecurity.com: Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site Scripting, open redirection, SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code [More...]