- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200805-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Mozilla products: Multiple vulnerabilities
      Date: May 20, 2008
      Bugs: #208128, #214816, #218065
        ID: 200805-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted execution of arbitrary code.

Background
=========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications like Firefox and
Thunderbird.

Affected packages
================
    -------------------------------------------------------------------
     Package                  /  Vulnerable  /              Unaffected
    -------------------------------------------------------------------
  1  mozilla-firefox             < 2.0.0.14                >= 2.0.0.14
  2  mozilla-firefox-bin         < 2.0.0.14                >= 2.0.0.14
  3  mozilla-thunderbird         < 2.0.0.14                >= 2.0.0.14
  4  mozilla-thunderbird-bin     < 2.0.0.14                >= 2.0.0.14
  5  seamonkey                   < 1.1.9-r1                >= 1.1.9-r1
  6  seamonkey-bin                 < 1.1.9                    >= 1.1.9
  7  xulrunner                   < 1.8.1.14                >= 1.8.1.14
    -------------------------------------------------------------------
     7 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
==========
The following vulnerabilities were reported in all mentioned Mozilla
products:

* Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and
  Paul Nickerson reported browser crashes related to JavaScript
  methods, possibly triggering memory corruption (CVE-2008-0412).

* Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,
  Philip Taylor, and tgirmann reported crashes in the JavaScript
  engine, possibly triggering memory corruption (CVE-2008-0413).

* David Bloom discovered a vulnerability in the way images are
  treated by the browser when a user leaves a page, possibly triggering
  memory corruption (CVE-2008-0419).

* moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series
  of privilege escalation vulnerabilities related to JavaScript
  (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).

* Mozilla developers identified browser crashes caused by the layout
  and JavaScript engines, possibly triggering memory corruption
  (CVE-2008-1236, CVE-2008-1237).

* moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape
  from its sandboxed context and run with chrome privileges, and inject
  script content into another site, violating the browser's same origin
  policy (CVE-2008-0415).

* Gerry Eisenhaur discovered a directory traversal vulnerability when
  using "flat" addons (CVE-2008-0418).

* Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported
  multiple character handling flaws related to the backspace character,
  the "0x80" character, involving zero-length non-ASCII sequences in
  multiple character sets, that could facilitate Cross-Site Scripting
  attacks (CVE-2008-0416).

The following vulnerability was reported in Thunderbird and SeaMonkey:

* regenrecht (via iDefense) reported a heap-based buffer overflow
  when rendering an email message with an external MIME body
  (CVE-2008-0304).

The following vulnerabilities were reported in Firefox, SeaMonkey and
XULRunner:

* The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9
  introduced a new crash vulnerability (CVE-2008-1380).

* hong and Gregory Fleischer each reported a variant on earlier
  reported bugs regarding focus shifting in file input controls
  (CVE-2008-0414).

* Gynvael Coldwind (Vexillium) discovered that BMP images could be
  used to reveal uninitialized memory, and that this data could be
  extracted using a "canvas" feature (CVE-2008-0420).

* Chris Thomas reported that background tabs could create a
  borderless XUL pop-up in front of pages in other tabs
  (CVE-2008-1241).

* oo.rio.oo discovered that a plain text file with a
  "Content-Disposition: attachment" prevents Firefox from rendering
  future plain text files within the browser (CVE-2008-0592).

* Martin Straka reported that the ".href" property of stylesheet DOM
  nodes is modified to the final URI of a 302 redirect, bypassing the
  same origin policy (CVE-2008-0593).

* Gregory Fleischer discovered that under certain circumstances,
  leading characters from the hostname part of the "Referer:" HTTP
  header are removed (CVE-2008-1238).

* Peter Brodersen and Alexander Klink reported that the browser
  automatically selected and sent a client certificate when SSL Client
  Authentication is requested by a server (CVE-2007-4879).

* Gregory Fleischer reported that web content fetched via the "jar:"
  protocol was not subject to network access restrictions
  (CVE-2008-1240).

The following vulnerabilities were reported in Firefox:

* Justin Dolske discovered a CRLF injection vulnerability when
  storing passwords (CVE-2008-0417).

* Michal Zalewski discovered that Firefox does not properly manage a
  delay timer used in confirmation dialogs (CVE-2008-0591).

* Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
  warning dialog is not displayed if the entire contents of a web page
  are in a DIV tag that uses absolute positioning (CVE-2008-0594).

Impact
=====
A remote attacker could entice a user to view a specially crafted web
page or email that will trigger one of the vulnerabilities, possibly
leading to the execution of arbitrary code or a Denial of Service. It
is also possible for an attacker to trick a user to upload arbitrary
files when submitting a form, to corrupt saved passwords for other
sites, to steal login credentials, or to conduct Cross-Site Scripting
and Cross-Site Request Forgery attacks.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask -1 -v ">=www-client/mozilla-firefox-2.0.0.14"

All Mozilla Firefox binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask -1 -v ">=www-client/mozilla-firefox-bin-2.0.0.14"

All Mozilla Thunderbird users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask -1 -v ">=mail-client/mozilla-thunderbird-2.0.0.14"

All Mozilla Thunderbird binary users should upgrade to the latest
version:

    # emerge --sync
    # emerge -a -1 -v ">=mail-client/mozilla-thunderbird-bin-2.0.0.14"

All SeaMonkey users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask -1 -v ">=www-client/seamonkey-1.1.9-r1"

All SeaMonkey binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask -1 -v ">=www-client/seamonkey-bin-1.1.9"

All XULRunner users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.14"

NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in
the SeaMonkey binary ebuild, as no precompiled packages have been
released. Until an update is available, we recommend all SeaMonkey
users to disable JavaScript, use Firefox for JavaScript-enabled
browsing, or switch to the SeaMonkey source ebuild.

References
=========
  [ 1 ] CVE-2007-4879
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879
  [ 2 ] CVE-2008-0304
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304
  [ 3 ] CVE-2008-0412
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412
  [ 4 ] CVE-2008-0413
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413
  [ 5 ] CVE-2008-0414
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0414
  [ 6 ] CVE-2008-0415
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415
  [ 7 ] CVE-2008-0416
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416
  [ 8 ] CVE-2008-0417
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417
  [ 9 ] CVE-2008-0418
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418
  [ 10 ] CVE-2008-0419
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419
  [ 11 ] CVE-2008-0420
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0420
  [ 12 ] CVE-2008-0591
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591
  [ 13 ] CVE-2008-0592
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592
  [ 14 ] CVE-2008-0593
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593
  [ 15 ] CVE-2008-0594
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0594
  [ 16 ] CVE-2008-1233
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233
  [ 17 ] CVE-2008-1234
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234
  [ 18 ] CVE-2008-1235
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235
  [ 19 ] CVE-2008-1236
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236
  [ 20 ] CVE-2008-1237
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237
  [ 21 ] CVE-2008-1238
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238
  [ 22 ] CVE-2008-1240
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240
  [ 23 ] CVE-2008-1241
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241
  [ 24 ] CVE-2008-1380
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  https://security.gentoo.org/glsa/200805-18

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org/.

License
======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-200805-18: Mozilla products: Multiple vulnerabilities

Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code

Summary

Gentoo Linux Security Advisory GLSA 200805-18 https://security.gentoo.org/ Severity: Normal Title: Mozilla products: Multiple vulnerabilities Date: May 20, 2008 Bugs: #208128, #214816, #218065 ID: 200805-18

Synopsis ======= Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code.
Background ========= Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mozilla-firefox < 2.0.0.14 >= 2.0.0.14 2 mozilla-firefox-bin < 2.0.0.14 >= 2.0.0.14 3 mozilla-thunderbird < 2.0.0.14 >= 2.0.0.14 4 mozilla-thunderbird-bin < 2.0.0.14 >= 2.0.0.14 5 seamonkey < 1.1.9-r1 >= 1.1.9-r1 6 seamonkey-bin < 1.1.9 >= 1.1.9 7 xulrunner < 1.8.1.14 >= 1.8.1.14 ------------------------------------------------------------------- 7 affected packages on all of their supported architectures. -------------------------------------------------------------------
========== The following vulnerabilities were reported in all mentioned Mozilla products:
* Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412).
* Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413).
* David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419).
* moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).
* Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237).
* moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415).
* Gerry Eisenhaur discovered a directory traversal vulnerability when using "flat" addons (CVE-2008-0418).
* Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the "0x80" character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416).
The following vulnerability was reported in Thunderbird and SeaMonkey:
* regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304).
The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner:
* The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380).
* hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414).
* Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a "canvas" feature (CVE-2008-0420).
* Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241).
* oo.rio.oo discovered that a plain text file with a "Content-Disposition: attachment" prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592).
* Martin Straka reported that the ".href" property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593).
* Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the "Referer:" HTTP header are removed (CVE-2008-1238).
* Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879).
* Gregory Fleischer reported that web content fetched via the "jar:" protocol was not subject to network access restrictions (CVE-2008-1240).
The following vulnerabilities were reported in Firefox:
* Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417).
* Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591).
* Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594).
Impact ===== A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks.
Workaround ========= There is no known workaround at this time.
Resolution ========= All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask -1 -v ">=www-client/mozilla-firefox-2.0.0.14"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync # emerge --ask -1 -v ">=www-client/mozilla-firefox-bin-2.0.0.14"
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask -1 -v ">=mail-client/mozilla-thunderbird-2.0.0.14"
All Mozilla Thunderbird binary users should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=mail-client/mozilla-thunderbird-bin-2.0.0.14"
All SeaMonkey users should upgrade to the latest version:
# emerge --sync # emerge --ask -1 -v ">=www-client/seamonkey-1.1.9-r1"
All SeaMonkey binary users should upgrade to the latest version:
# emerge --sync # emerge --ask -1 -v ">=www-client/seamonkey-bin-1.1.9"
All XULRunner users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.14"
NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the SeaMonkey binary ebuild, as no precompiled packages have been released. Until an update is available, we recommend all SeaMonkey users to disable JavaScript, use Firefox for JavaScript-enabled browsing, or switch to the SeaMonkey source ebuild.
References ========= [ 1 ] CVE-2007-4879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879 [ 2 ] CVE-2008-0304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304 [ 3 ] CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 [ 4 ] CVE-2008-0413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 [ 5 ] CVE-2008-0414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0414 [ 6 ] CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 [ 7 ] CVE-2008-0416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416 [ 8 ] CVE-2008-0417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417 [ 9 ] CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 [ 10 ] CVE-2008-0419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419 [ 11 ] CVE-2008-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0420 [ 12 ] CVE-2008-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591 [ 13 ] CVE-2008-0592 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592 [ 14 ] CVE-2008-0593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593 [ 15 ] CVE-2008-0594 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0594 [ 16 ] CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 [ 17 ] CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 [ 18 ] CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 [ 19 ] CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 [ 20 ] CVE-2008-1237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237 [ 21 ] CVE-2008-1238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238 [ 22 ] CVE-2008-1240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240 [ 23 ] CVE-2008-1241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241 [ 24 ] CVE-2008-1380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/200805-18
Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org/.
License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5/

Resolution

References

Availability

Concerns

Severity

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved