Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresse… Continue Reading — Fedora 30:...
Unix, Linux, DevOps , Cloud computing and BigData Knowledge-Base
January 2020 CPU security update. See http://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-January/010979.html https://openjdk.java.net/groups/vulnerability/advisories/2020-01-14 Continue Reading — Fedora 31: java-1.8.0-openjdk FEDORA-2020-202cb87e26>
A stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the pwfeedback option enabled. An unprivileged user Continue Reading — Debian LTS: DLA-2094-1: sudo security update>
The GNU libc 2.31 release is out. Significant changes include some initial C2X standard support, some DNS stub resolver changes, a new pthread_clockjoin_np() POSIX threads extension, a number of changes to time-related functions, and more. … Continue Reading — GNU C Library 2.31 released
Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. Continue Reading — Debian: DSA-4615-1: spamassassin security update>
Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the “pwfeedback” option enabled. An unprivileged user can take ad… Continue Reading — Debian: DSA-4614-1: sudo security update>
A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when process… Continue Reading — Debian: DSA-4613-1: libidn2 security update>
An issue was found in the IonMonkey JIT compiler of the Mozilla Firefox web browser which could lead to arbitrary code execution. For Debian 8 “Jessie”, this problem has been fixed in version Continue Reading — Debian LTS: DLA-2093-1: firefox-esr security update>
The longtime tech writer for the Yocto Project, Scott Rifenbark, has died after a battle with cancer. Project architect Richard Purdie announced the sad news on the yocto mailing list; he also reflected on Rifenbark and his impact: “I remember … Continue Reading — The...