The chromium-browser-stable package has been updated to the 117.0.5938.92 release, fixing bugs and 31 vulnerabilities, together with 117.0.5938.92, 117.0.5938.88, 117.0.5938.62, 116.0.5845.187 and 116.0.5845.179. Google is aware that an exploit for CVE-2023-5217 exists in the wild.
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. References:
The updated packages fix a security vulnerability: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. (CVE-2023-5156)
Heap buffer overflow in vp8 encoding in libvpx allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. References: - https://bugs.mageia.org/show_bug.cgi?id=32342
The updated packages fix a security vulnerability: Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. (CVE-2023-39615).
The updated packages fix a security vulnerability: giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. (CVE-2023-39742)
The updated packages fix a security vulnerability: Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. (CVE-2020-22219)
In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to
The updated wireshark packages fix security vulnerabilities: Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. (CVE-2023-40305) GNU indent 2.2.13 has a heap overread in lexi().
The updated packages fix security vulnerabilities: AES-SIV implementation ignores empty associated data entries. (CVE-2023-2975)
The updated packages fix security vulnerabilities and a file conflict : Improper connection handling during TLS handshake. (CVE-2023-21930) Incorrect enqueue of references in garbage collector. (CVE-2023-21954)
It was discovered that iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field (CVE-2023-38403). References:
getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) Stack read overflow with large TCP responses in no-aaaa mode (CVE-2023-4527)
Use After Free in GitHub repository vim/vim prior to 9.0.1840. (CVE-2023-4733) Use After Free in GitHub repository vim/vim prior to 9.0.1857. (CVE-2023-4750)
File before 5.43 has a stack-based buffer over-read in file_copystr in funcs.c. (CVE-2022-48554) References: - https://bugs.mageia.org/show_bug.cgi?id=32282
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. (CVE-2023-38560)
Use-after-free in workers. (CVE-2023-3600) File Extension Spoofing using the Text Direction Override Character. (CVE-2023-3417)
libtomath is vulnerable to an Integer Overflow vulnerability that could allow attackers to execute arbitrary code and cause a denial of service (DoS). (CVE-2023-36328) References:
This is a security release. As well, it fixes v8 headers detection (mga#28809) The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module._load (High)
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
