#debian

The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. "It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software," it said in an alert last week. "Only a small subset of users, specifically

Debian Linux Security Advisory 5502-1 - Multiple security vulnerabilities have been found in xrdp, a remote desktop protocol server. Buffer overflows and out-of-bound writes may cause a denial of service or other unspecified impact.

Debian Linux Security Advisory 5501-1 - Mickael Karatekin discovered that the GNOME session locking didn't restrict a keyboard shortcut used for taking screenshots in GNOME Screenshot which could result in information disclosure.

Debian Linux Security Advisory 5500-1 - A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code.

Categories: News Tags: Free Download Manager Tags: Linux Tags: Debian Tags: crond Tags: reverse shell After three years of delivering malware to selected visitors, Free Download Manager was alerted to the fact that its website had been compromised. (Read more...) The post Compromised Free Download Manager website was delivering malware for years appeared first on Malwarebytes Labs.

An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.

Debian Linux Security Advisory 5497-2 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

Debian Linux Security Advisory 5498-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.

By Deeba Ahmed A free download manager site redirected some of its visitors to a malicious Debian package repository that installed a Linux Password Stealer malware as part of an extensive, longstanding supply chain attack. This is a post from HackRead.com Read the original post: Free Download Manager Site Pushed Linux Password Stealer