Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
89
security advisorymoderateFedoraFedora 39: 2024-dada06a500 Moderate: pypy Security Fix for CVE-2023-5752
Security fix for CVE-2023-5752 (in the bundled pip).. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-dada06a500 2024-05-10 01:04:28.477496 -------------------------------------------------------------------------------- Name : pypy Product : Fedora 39 Version : 7.3.15 Release : 3.fc39 URL : https://pypy.org/ Summary : Python implementation with a Just-In-Time compiler Description : PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types (strings, dictionaries, etc) This build of PyPy has JIT-compilation enabled. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-5752 (in the bundled pip). -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 30 2024 Charalampos Stratakis - 7.3.15-3 - Security fix for CVE-2023-5752 for the bundled pip wheel - Resolves: rhbz#2250771 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250765 - CVE-2023-5752 pip: Mercurial configuration injectable in repo revision when installing via pip https://bugzilla.redhat.com/show_bug.cgi?id=2250765 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-dada06a500' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 10, 2024
Fedora
98
security advisoryupdatered hatRedHat: RHSA-2021-3757-01 Important: Firefox Memory Issues Update
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2021:3757-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3757 Issue date: 2021-10-11 CVE Names: CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497) * Mozilla: Use-after-free of nsLanguageAtomService object(CVE-2021-38498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1990342 - CVE-2021-32810 rust-crossbeam-deque: race condition may lead to double free 2011097 - CVE-2021-38496 Mozilla: Use-after-free in MessageTask 2011098 - CVE-2021-38497 Mozilla: Validation message could have been overlaid on another origin 2011099 - CVE-2021-38498 Mozilla: Use-after-free of nsLanguageAtomService object 2011100 - CVE-2021-38500 Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 2011101 - CVE-2021-38501 Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: firefox-91.2.0-4.el8_1.src.rpm aarch64: firefox-91.2.0-4.el8_1.aarch64.rpm firefox-debuginfo-91.2.0-4.el8_1.aarch64.rpm firefox-debugsource-91.2.0-4.el8_1.aarch64.rpm ppc64le: firefox-91.2.0-4.el8_1.ppc64le.rpm firefox-debuginfo-91.2.0-4.el8_1.ppc64le.rpm firefox-debugsource-91.2.0-4.el8_1.ppc64le.rpm s390x: firefox-91.2.0-4.el8_1.s390x.rpm firefox-debuginfo-91.2.0-4.el8_1.s390x.rpm firefox-debugsource-91.2.0-4.el8_1.s390x.rpm x86_64: firefox-91.2.0-4.el8_1.x86_64.rpm firefox-debuginfo-91.2.0-4.el8_1.x86_64.rpm firefox-debugsource-91.2.0-4.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2021-32810 https://access.redhat.com/security/cve/CVE-2021-38496 https://access.redhat.com/security/cve/CVE-2021-38497 https://access.redhat.com/security/cve/CVE-2021-38498 https://access.redhat.com/security/cve/CVE-2021-38500 https://access.redhat.com/security/cve/CVE-2021-38501 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWPyD9zjgjWX9erEAQjVzw/+JHCbdUptcdp/x0tl10umNCeCo9mtK7r8 ETgG3qpsr1fqolXMDdxbi2FRlPh7/Q15SMEpls96Uk2wP1X+immMSRZzxq8838qE kw/VXcUEEVeN7WADeRqvVwvON7+juNeaAwQuCp/NWC318pCCtc6UmACetQS9cqoS t/uSftckIInSyk2uptK3DpF5gtod33EFBJ1G7Un1fUdUHZ6zP2o4wl0dOBq+DyiO w7KOHRn/Ager2Y6Hd4poBM8mhlJr7mQdPaGxYPId8DN1LIoTOrF4LGxCaAJa89CQ ZkOfYToRuyEhgDj1rFD1G8+upc2VZHhKXVz9vhNNxeKU7JJic2ix0y8clj2NUY2d TvE6s+SQkbXvupeep1g+SkdypHMezbO8U9OJhkfLtM4XGO1JtDtWajTIzIa8I5Kk 6nYxXOlIA9IOgX3LHM1uMYqhH29/65RZRnpAFDNALJxXvTvBsAc9XImLYoHpouxN cvePEYMVqZ/lZae2/FtgVuF+pFC08FygdpNZUGeLEEWIuQzwH3ZE0JxzrTitM9Ry USFnDBwL1+3QhfM/6C0KzQXuvxhKHMA1x6+sG54LWDOVASYsnTnHpVh6tMV2jaEo V9TJDkEVBZjZ9dl3lEkpJjC8hJf8ZissNNG9jkN/ItqFLRXiS/pdY/urgAHnlT8I xOsa4VJAWRA=P0jF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 11, 2021
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!