Linux & Open Source News

On February 10th, 2024, the Debian Project unveiled Debian 12.5, the fourth ISO update to the ongoing Debian GNU/Linux 12 “Bookworm” series. This release, which came 2 months after Debian...

Recently, several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking of sensitive data to log files, denial of service, or bypass...

Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube webmail vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2023-43770, this issue is a persistent cross-site...

A race condition vulnerability usually occurs in concurrent or multi-threaded programs where multiple processes or threads access shared resources without proper synchronization. Unpredictable outcomes like data corruption, system crashes, or...

Multiple vulnerabilities were discovered in FreeImage, an open-source support library for graphic image formats. These vulnerabilities, when left unaddressed, could potentially lead to denial of service attacks. On 16th January...

Squid is a powerful tool for caching proxy for the web, but like any software, it is not immune to vulnerabilities. Several security vulnerabilities have been discovered that could potentially...

Several vulnerabilities were discovered in libde265, an Open H.265 video codec implementation. These vulnerabilities could result in denial of service and potentially the execution of arbitrary code if a specially...

A set of critical security vulnerabilities has been found in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification. Named PixieFail...

Google-owned Mandiant has uncovered a new malware exploiting vulnerabilities in Ivanti Connect Secure VPN and Policy Secure devices. These malwares have been utilized by several threat groups, including the China-nexus...

A new variant of the sophisticated botnet “FritzFrog” has emerged, leveraging the Log4Shell vulnerability for propagation. Despite more than two years passing since the Log4j flaw was discovered, attackers continue...

GitLab has recently released important patches to fix a critical security vulnerability affecting both its Community Edition (CE) and Enterprise Edition (EE). The flaw, identified as CVE-2024-0402, carries a CVSS...