As a part of the OpenSSF’s mission to sustainably secure the development, maintenance and consumption of open source software, the OpenSSF earlier this year started to sponsor the operation of a critical piece of the community’s infrastructure for communication. The oss-security and (linux)-distros mailing lists, which are operated by Openwall, have been a key part of the community’s ability to collaborate on and communicate security issues which affect the open source community.| openssf.org
Kea is the next generation DHCP server suite offered by the Internet Systems Consortium (ISC). During a routine review we found a local root exploit and a number of further local vulnerabilities in its REST API, affecting Kea packages found in many Linux and BSD distributions.| SUSE Security Team Blog
Screen is the traditional terminal multiplexer software used on Linux and Unix systems. We found a local root exploit in Screen 5.0.0 affecting Arch Linux and NetBSD, as well as a couple of other issues that partly also affect older Screen versions, which are still found in the majority of distributions.| SUSE Security Team Blog
Below is a tool for recording and displaying system data like hardware utilization and cgroup information. In Below versions up to and including version v0.8.1 a world writable log directory is created, which can lead to a local root exploit and other security issues.| SUSE Security Team Blog
This PAM module allows to use smart cards as an authentication factor on Linux. In its 0.6.12 release the use of PAM_IGNORE return values introduced a regression that can lead to complete authentication bypass in some scenarios.| SUSE Security Team Blog
Table of Contents| oss-security.openwall.org
The Sudo Project takes security seriously. If you believe you have found a security vulnerability in Sudo, you can report it to us as described below. Reporting Security Issues Do not report security vulnerabilities through public GitHub issues or Bugzilla. Instead, report them via email to Todd.Miller@sudo.ws. You may encrypt your message with PGP if you would like. The current PGP key has the fingerprint 59D1 E9CC BA2B 3767 04FD D35B A9F4 C021 CEA4 70FB and may be downloaded from the sudo.| Sudo