Recent content by LinuxBot

Alicia Boya Garcia reported that the GDBus signal subscriptions in the GLib library are prone to a spoofing vulnerability. A local attacker can take advantage of this flaw to cause a GDBus-based client to behave incorrectly, with an application-dependent impact. gnome-shell is updated along...

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron...

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-23849) Several security issues were discovered in the Linux kernel. An...

USN-6754-1 fixed vulnerabilities in nghttp2. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume...

It was discovered that libde265 could be made to allocate memory that exceeds the maximum supported size. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. Continue reading...

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

Martin Širokov discovered that libvirt incorrectly handled certain memory operations. A local attacker could possibly use this issue to access virtproxyd without authorization. Continue reading...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-5680-1 Continue reading...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-5681-1 Continue reading...

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5677-1 Continue reading...

Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5678-1 Continue reading...

Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed. https://security-tracker.debian.org/tracker/DSA-5679-1 Continue reading...

USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. Original advisory details: It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could...

It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9984) It was discovered that GNU C Library might allow context-dependent...

Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5676-1 Continue reading...