Top 5 New Open Source Security Vulnerabilities in August 2019

Top 5 New Open Source Security Vulnerabilities in August 2019

As summer wanes away, some of us heave a sigh of relief while others take one last weekend at the beach before autumn settles in. One thing we all have in common is open source, and one thing all open source components have in common is security vulnerabilities. That’s why rain or shine, Labor Day or labor-intensive week, our Knowledge Team combed our open source vulnerabilities data to bring you the top 5 new open source security vulnerabilities in August. 

The WhiteSource database continuously aggregates known open source security vulnerabilities from a number of respected resources like the National Vulnerability Database (NVD), as well as other public, peer-reviewed security advisories, and issue trackers so that we can collect and deliver the most comprehensive data published about known open source security vulnerabilities. 

From Linux to Kubernetes, from Go to Bower, August’s top 5 includes some of the most popular open source projects in use, maintained by active, enthusiastic, and ever-expanding communities. Regardless of the programming language, framework or technology you use, you’re going to want to stay on top of August’s new known open source vulnerabilities.

#1 Linux kernel


Vulnerability Score: Critical — 9.8

Affected versions: prior to 5.0.9.

Given the size of the community and the volume of code, it’s no surprise that a lot of community resources are invested in discovering issues in this OG open source project and swiftly fixing them. It appears the community worked as hard as ever in August, publishing a whopping 32 new open source security vulnerabilities in the Linux kernel. 

This issue is one of two critical vulnerabilities from the impressive August haul. According to the ubuntu security notice, it was discovered that the Empia (Read more…)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: