Linux Security

LinuxSecurity.com: Updated ImageMagick packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]

LinuxSecurity.com: An updated qspice-client package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]

LinuxSecurity.com: A vulnerability has been found and corrected in vte: The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which [More...]

LinuxSecurity.com: Jeremy James discovered that in zope-ldapuserfolder, a Zope extension used to authenticate against an LDAP server, the authentication code does not verify the password provided for the emergency user. Malicious users that manage to get the emergency user login can use this flaw to [More...]

LinuxSecurity.com: A vulnerability has been fixed in Apache, which can be exploited by malicious people to cause DoS.

LinuxSecurity.com: A security issue has been fixed in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service).

LinuxSecurity.com: A vulnerability has been found and corrected in gv: GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file (CVE-2010-2056). [More...]

LinuxSecurity.com: Updated openoffice.org packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having [More...]

LinuxSecurity.com: A vulnerability has been found and corrected in squirrelmail: functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making [More...]

LinuxSecurity.com: Alasdair Kergon discovered that the cluster logical volume manager daemon (clvmd) in lvm2, The Linux Logical Volume Manager, does not verify client credentials upon a socket connection, which allows local users to cause a [More...]

LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in freetype2: The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application [More...]

LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in freetype2: The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application [More...]

LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in mysql: MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# [More...]

LinuxSecurity.com: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. [More...]

LinuxSecurity.com: CVE-2009-4895 Kyle Bader reported an issue in the tty subsystem that allows local users to create a denial of service (NULL pointer dereference). [More...]

LinuxSecurity.com: Updated qspice packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

LinuxSecurity.com: Updated kvm packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

LinuxSecurity.com: Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memorymanager did not properly handle when applications grow stacks into adjacentmemory regions. A local attacker could exploit this to gain control ofcertain applications, potentially leading to privilege escalation, asdemonstrated in attacks against the X server. (CVE-2010-2240) [More...]

LinuxSecurity.com: Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]

LinuxSecurity.com: This SUSE Linux Enterprise 10 SP3 kernel was updated to fix various bugs and one security issue. CVE-2010-1087: The nfs_wait_on_request function in fs/nfs/pagelist.c in the Linux kernel allows attackers to cause a denial of service (Oops) [More...]