Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 3 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderatesoftware update

Fedora 35: FEDORA-2022-bcb096166f Moderate: Chromium Use After Free

Update to 102.0.5005.115. Fixes: CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641 CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-bcb096166f 2022-07-01 01:16:02.429589 --------------------------------------------------------------------------------Name : chromium Product : Fedora 35 Version : 102.0.5005.115 Release : 1.fc35 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Update to 102.0.5005.115. Fixes: CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641 CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866 CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871 CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876 --------------------------------------------------------------------------------ChangeLog: * Fri Jun 10 2022 Tom Callaway - 102.0.5005.115-1 - update to 102.0.5005.115 * Fri Jun 3 2022 Tom Callaway - 102.0.5005.61-1 - update to 102.0.5005.61 * Wed Apr 27 2022 Tom Callaway - 101.0.4951.41-1 - update to 101.0.4951.41 --------------------------------------------------------------------------------References: [ 1 ] Bug #2084016 - CVE-2022-1633 chromium-browser: Use after free in Sharesheet https://bugzilla.redhat.com/show_bug.cgi?id=2084016 [ 2 ] Bug #2084017 - CVE-2022-1634 chromium-browser: Use after free in Browser UI https://bugzilla.redhat.com/show_bug.cgi?id=2084017 [ 3 ] Bug #2084018 - CVE-2022-1635 chromium-browser: Use after free in Permission Prompts https://bugzilla.redhat.com/show_bug.cgi?id=2084018 [ 4 ] Bug #2084019 - CVE-2022-1636 chromium-browser: Use after free in Performance APIs https://bugzilla.redhat.com/show_bug.cgi?id=2084019 [ 5 ] Bug #2084020 - CVE-2022-1637 chromium-browser: Inappropriate implementation in Web Contents https://bugzilla.redhat.com/show_bug.cgi?id=2084020 [ 6 ] Bug #2084021 - CVE-2022-1638 chromium-browser: Heap buffer overflow in V8 Internationalization https://bugzilla.redhat.com/show_bug.cgi?id=2084021 [ 7 ] Bug #2084022 - CVE-2022-1639 chromium-browser: Use after free in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2084022 [ 8 ] Bug #2084023 - CVE-2022-1640 chromium-browser: Use after free in Sharing https://bugzilla.redhat.com/show_bug.cgi?id=2084023 [ 9 ] Bug #2084024 - CVE-2022-1641 chromium-browser: Use after free in Web UI Diagnostics https://bugzilla.redhat.com/show_bug.cgi?id=2084024 [ 10 ] Bug #2090284 - CVE-2022-1853 chromium-browser: Use after free in Indexed DB https://bugzilla.redhat.com/show_bug.cgi?id=2090284 [ 11 ] Bug #2090285 - CVE-2022-1854 chromium-browser: Use after free in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2090285 [ 12 ] Bug #2090286 - CVE-2022-1855 chromium-browser: Use after free in Messaging https://bugzilla.redhat.com/show_bug.cgi?id=2090286 [ 13 ] Bug #2090287 - CVE-2022-1856 chromium-browser: Use after free in User Education https://bugzilla.redhat.com/show_bug.cgi?id=2090287 [ 14 ] Bug #2090288 - CVE-2022-1857 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=2090288 [ 15 ] Bug #2090289- CVE-2022-1858 chromium-browser: Out of bounds read in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=2090289 [ 16 ] Bug #2090290 - CVE-2022-1859 chromium-browser: Use after free in Performance Manager https://bugzilla.redhat.com/show_bug.cgi?id=2090290 [ 17 ] Bug #2090291 - CVE-2022-1860 chromium-browser: Use after free in UI Foundations https://bugzilla.redhat.com/show_bug.cgi?id=2090291 [ 18 ] Bug #2090292 - CVE-2022-1861 chromium-browser: Use after free in Sharing https://bugzilla.redhat.com/show_bug.cgi?id=2090292 [ 19 ] Bug #2090293 - CVE-2022-1862 chromium-browser: Inappropriate implementation in Extensions https://bugzilla.redhat.com/show_bug.cgi?id=2090293 [ 20 ] Bug #2090294 - CVE-2022-1863 chromium-browser: Use after free in Tab Groups https://bugzilla.redhat.com/show_bug.cgi?id=2090294 [ 21 ] Bug #2090295 - CVE-2022-1864 chromium-browser: Use after free in WebApp Installs https://bugzilla.redhat.com/show_bug.cgi?id=2090295 [ 22 ] Bug #2090296 - CVE-2022-1865 chromium-browser: Use after free in Bookmarks https://bugzilla.redhat.com/show_bug.cgi?id=2090296 [ 23 ] Bug #2090297 - CVE-2022-1866 chromium-browser: Use after free in Tablet Mode https://bugzilla.redhat.com/show_bug.cgi?id=2090297 [ 24 ] Bug #2090298 - CVE-2022-1867 chromium-browser: Insufficient validation of untrusted input in Data Transfer https://bugzilla.redhat.com/show_bug.cgi?id=2090298 [ 25 ] Bug #2090299 - CVE-2022-1868 chromium-browser: Inappropriate implementation in Extensions API https://bugzilla.redhat.com/show_bug.cgi?id=2090299 [ 26 ] Bug #2090300 - CVE-2022-1869 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2090300 [ 27 ] Bug #2090303 - CVE-2022-1870 chromium-browser: Use after free in App Service https://bugzilla.redhat.com/show_bug.cgi?id=2090303 [ 28 ] Bug #2090304 - CVE-2022-1871 chromium-browser: Insufficient policyenforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=2090304 [ 29 ] Bug #2090305 - CVE-2022-1872 chromium-browser: Insufficient policy enforcement in Extensions API https://bugzilla.redhat.com/show_bug.cgi?id=2090305 [ 30 ] Bug #2090306 - CVE-2022-1873 chromium-browser: Insufficient policy enforcement in COOP https://bugzilla.redhat.com/show_bug.cgi?id=2090306 [ 31 ] Bug #2090307 - CVE-2022-1874 chromium-browser: Insufficient policy enforcement in Safe Browsing https://bugzilla.redhat.com/show_bug.cgi?id=2090307 [ 32 ] Bug #2090308 - CVE-2022-1875 chromium-browser: Inappropriate implementation in PDF https://bugzilla.redhat.com/show_bug.cgi?id=2090308 [ 33 ] Bug #2090309 - CVE-2022-1876 chromium-browser: Heap buffer overflow in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=2090309 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-bcb096166f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Therecent Firefox release for Ubuntu 22.04 addresses numerous critical vulnerabilities, greatly improving the application's safety.. Fedora Update, Chromium Security, Software Fix. . LinuxSecurity.com Team

Calendar 2 Jun 30, 2022 Fedora
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticalDebian

Debian DSA-3513-1: Critical Chromium Browser Flaw Fixes

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1643 . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3513-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Michael Gilbert March 10, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1643 cloudfuzzer discovered a type confusion issue in Blink/Webkit. CVE-2016-1644 Atte Kettunen discovered a use-after-free issue in Blink/Webkit. CVE-2016-1645 An out-of-bounds write issue was discovered in the pdfium library. For the stable distribution (jessie), these problems have been fixed in version 49.0.2623.87-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 49.0.2623.87-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Urgent patch for chromium-browser rectifying vulnerabilities in Debian DSA-3514-1. Implement without delay to ensure protection.. Chromium Browser, Debian Security, Security Update, Software Flaws. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 10, 2016 Critical Debian
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiansecurity fix

Debian: DSA-3351-1 Moderate: Chromium Cross-Origin Bypass Fixed

Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1291 . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3351-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Michael Gilbert September 03, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294 CVE-2015-1295 CVE-2015-1296 CVE-2015-1297 CVE-2015-1298 CVE-2015-1299 CVE-2015-1300 CVE-2015-1301 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1291 A cross-origin bypass issue was discovered in DOM. CVE-2015-1292 Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker. CVE-2015-1293 Mariusz Mlynski discovered a cross-origin bypass issue in DOM. CVE-2015-1294 cloudfuzzer discovered a use-after-free issue in the Skia graphics library. CVE-2015-1295 A use-after-free issue was discovered in the printing component. CVE-2015-1296 zcorpan discovered a character spoofing issue. CVE-2015-1297 Alexander Kashev discovered a permission scoping error. CVE-2015-1298 Rob Wu discovered an error validating the URL of extensions. CVE-2015-1299 taro.suzuki.dev discovered a use-after-free issue in the Blink/WebKit library. CVE-2015-1300 cgvwzq discovered an information disclosure issue in the Blink/WebKit library. CVE-2015-1301 The chrome 45 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.5.103.29. For the stable distribution (jessie), these problems have been fixed in version 45.0.2454.85-1~deb8u1. For the testing distribution (stretch), these problems will be fixed once the gcc-5 transitioncompletes. For the unstable distribution (sid), these problems have been fixed in version 45.0.2454.85-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Keep updated regarding the latest Debian security patch that tackles serious vulnerabilities and problems associated with the chromium-browser.. Debian Security, Chromium Browser Update, Cross-Origin Bypass, Browser Flaws, Security Fixes. . LinuxSecurity.com Team

Calendar 2 Sep 03, 2015 Debian
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorycritical threatbrowser flaw

Scientific Linux SL4/SL5: Critical Firefox Update for Multiple Flaws

Critical: firefox security update. Date: Wed, 17 Aug 2011 11:29:05 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Critical: firefox on SL4.x, SL5.x, SL6.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." MIME-Version: 1.0 Synopsis: Critical: firefox security update Issue Date: 2011-08-16 CVE Numbers: CVE-2011-2982 CVE-2011-0084 CVE-2011-2981 CVE-2011-2378 CVE-2011-2984 CVE-2011-2983 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if theuser dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. SL4: i386 firefox-3.6.20-2.el4.i386.rpm x86_64 firefox-3.6.20-2.el4.i386.rpm firefox-3.6.20-2.el4.x86_64.rpm SL5: i386 firefox-3.6.20-2.el5.i386.rpm xulrunner-1.9.2.20-2.el5.i386.rpm xulrunner-devel-1.9.2.20-2.el5.i386.rpm x86_64 firefox-3.6.20-2.el5.i386.rpm firefox-3.6.20-2.el5.x86_64.rpm xulrunner-1.9.2.20-2.el5.i386.rpm xulrunner-1.9.2.20-2.el5.x86_64.rpm xulrunner-devel-1.9.2.20-2.el5.i386.rpm xulrunner-devel-1.9.2.20-2.el5.x86_64.rpm SL6: i386 firefox-3.6.20-2.el6_1.i686.rpm xulrunner-1.9.2.20-2.el6_1.i686.rpm xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm x86_64 firefox-3.6.20-2.el6_1.i686.rpm firefox-3.6.20-2.el6_1.x86_64.rpm xulrunner-1.9.2.20-2.el6_1.i686.rpm xulrunner-1.9.2.20-2.el6_1.x86_64.rpm xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm xulrunner-devel-1.9.2.20-2.el6_1.x86_64.rpm - Scientific Linux Development Team . Important Firefox security patch for Scientific Linux resolving several vulnerabilities. Update necessary for safety.. firefox security update, Scientific Linux advisory, critical browser flaw. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 17, 2011 Critical Scientific Linux
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryarbitrary code executionRed Hat Enterprise Linux

Red Hat Enterprise Linux Critical: RHSA-2010:0345-01 Firefox Security Fix

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2010:0332-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0332.html Issue date: 2010-03-30 CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 ==================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in Firefox that could allowan applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0178) A privilege escalation flaw was found in Firefox when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0179) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0174) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.19. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.19, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 578147 - CVE-2010-0174 Mozilla crashes with evidence of memory corruption 578149 - CVE-2010-0175 Mozilla remote code execution with use-after-free in nsTreeSelection 578150 - CVE-2010-0176 Mozilla Dangling pointer vulnerability in nsTreeContentView 578152 - CVE-2010-0177 Mozilla Dangling pointer vulnerability in nsPluginArray 578154 - CVE-2010-0178 Firefox Chrome privilege escalation via forced URL drag and drop 578155 - CVE-2010-0179 Firefox Arbitrary code execution with Firebug XMLHttpRequestSpy 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: firefox-3.0.19-1.el4.i386.rpm firefox-debuginfo-3.0.19-1.el4.i386.rpm ia64: firefox-3.0.19-1.el4.ia64.rpm firefox-debuginfo-3.0.19-1.el4.ia64.rpm ppc: firefox-3.0.19-1.el4.ppc.rpm firefox-debuginfo-3.0.19-1.el4.ppc.rpm s390: firefox-3.0.19-1.el4.s390.rpm firefox-debuginfo-3.0.19-1.el4.s390.rpm s390x: firefox-3.0.19-1.el4.s390x.rpm firefox-debuginfo-3.0.19-1.el4.s390x.rpm x86_64: firefox-3.0.19-1.el4.x86_64.rpm firefox-debuginfo-3.0.19-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: firefox-3.0.19-1.el4.i386.rpm firefox-debuginfo-3.0.19-1.el4.i386.rpm x86_64: firefox-3.0.19-1.el4.x86_64.rpm firefox-debuginfo-3.0.19-1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: firefox-3.0.19-1.el4.i386.rpm firefox-debuginfo-3.0.19-1.el4.i386.rpm ia64: firefox-3.0.19-1.el4.ia64.rpm firefox-debuginfo-3.0.19-1.el4.ia64.rpm x86_64: firefox-3.0.19-1.el4.x86_64.rpm firefox-debuginfo-3.0.19-1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: firefox-3.0.19-1.el4.i386.rpm firefox-debuginfo-3.0.19-1.el4.i386.rpm ia64: firefox-3.0.19-1.el4.ia64.rpm firefox-debuginfo-3.0.19-1.el4.ia64.rpm x86_64: firefox-3.0.19-1.el4.x86_64.rpm firefox-debuginfo-3.0.19-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: firefox-3.0.19-1.el5_5.i386.rpm firefox-debuginfo-3.0.19-1.el5_5.i386.rpm xulrunner-1.9.0.19-1.el5_5.i386.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm x86_64: firefox-3.0.19-1.el5_5.i386.rpm firefox-3.0.19-1.el5_5.x86_64.rpm firefox-debuginfo-3.0.19-1.el5_5.i386.rpm firefox-debuginfo-3.0.19-1.el5_5.x86_64.rpm xulrunner-1.9.0.19-1.el5_5.i386.rpm xulrunner-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.x86_64.rpm RHEL Desktop Workstation (v. 5client): Source: i386: xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.i386.rpm x86_64: xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-devel-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: firefox-3.0.19-1.el5_5.i386.rpm firefox-debuginfo-3.0.19-1.el5_5.i386.rpm xulrunner-1.9.0.19-1.el5_5.i386.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.i386.rpm ia64: firefox-3.0.19-1.el5_5.ia64.rpm firefox-debuginfo-3.0.19-1.el5_5.ia64.rpm xulrunner-1.9.0.19-1.el5_5.ia64.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.ia64.rpm xulrunner-devel-1.9.0.19-1.el5_5.ia64.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.ia64.rpm ppc: firefox-3.0.19-1.el5_5.ppc.rpm firefox-debuginfo-3.0.19-1.el5_5.ppc.rpm xulrunner-1.9.0.19-1.el5_5.ppc.rpm xulrunner-1.9.0.19-1.el5_5.ppc64.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.ppc.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.ppc64.rpm xulrunner-devel-1.9.0.19-1.el5_5.ppc.rpm xulrunner-devel-1.9.0.19-1.el5_5.ppc64.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.ppc.rpm s390x: firefox-3.0.19-1.el5_5.s390.rpm firefox-3.0.19-1.el5_5.s390x.rpm firefox-debuginfo-3.0.19-1.el5_5.s390.rpm firefox-debuginfo-3.0.19-1.el5_5.s390x.rpm xulrunner-1.9.0.19-1.el5_5.s390.rpm xulrunner-1.9.0.19-1.el5_5.s390x.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.s390.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.s390x.rpm xulrunner-devel-1.9.0.19-1.el5_5.s390.rpm xulrunner-devel-1.9.0.19-1.el5_5.s390x.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.s390x.rpm x86_64: firefox-3.0.19-1.el5_5.i386.rpm firefox-3.0.19-1.el5_5.x86_64.rpm firefox-debuginfo-3.0.19-1.el5_5.i386.rpm firefox-debuginfo-3.0.19-1.el5_5.x86_64.rpm xulrunner-1.9.0.19-1.el5_5.i386.rpm xulrunner-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-devel-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2010-0174 https://access.redhat.com/security/cve/CVE-2010-0175 https://access.redhat.com/security/cve/CVE-2010-0176 https://access.redhat.com/security/cve/CVE-2010-0177 https://access.redhat.com/security/cve/CVE-2010-0178 https://access.redhat.com/security/cve/CVE-2010-0179 https://access.redhat.com/security/updates/classification#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. . An important Firefox patch for CentOS resolving multiple serious vulnerabilities, notably the potential for unauthorized code execution.. firefox update, red hat enterprise security, browser flaw, security fixes, critical advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 30, 2010 Critical Red Hat
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryremote code executionUbuntu

Ubuntu USN-895-1 Moderate: Firefox DoS and Remote Code Execution

Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159) [More...]. ==========================================================Ubuntu Security Notice USN-895-1 February 17, 2010 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2009-1571, CVE-2009-3988, CVE-2010-0159, CVE-2010-0160, CVE-2010-0162 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: firefox-3.0 3.0.18+build1+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.18+build1+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: abrowser 3.0.18+build1+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.18+build1+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.18+build1+nobinonly-0ubuntu0.8.10.1 Ubuntu 9.04: abrowser 3.0.18+build1+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.18+build1+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.18+build1+nobinonly-0ubuntu0.9.04.1 After a standard system upgrade you need to restart Firefox and any applications that use xulrunner to effect the necessary changes. Details follow: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159) Orlando Barrera II discovered a flaw in the Web Workers implementationof Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0160) Alin Rad Pop discovered that Firefox's HTML parser would incorrectly free memory under certain circumstances. If the browser could be made to access these freed memory objects, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1571) Hidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2009-3988) Georgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0162) Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 106195 f12fd18051a424ac5e7b8fa2959e9465 Size/MD5: 2782 62dece31d3b5c6fdd7f666b160b5b233 Size/MD5: 11195453 43f41d60599673f797cbac967deac00a Size/MD5: 79798 59ce1a67e8147d66b4e5be5772875434 Size/MD5: 2833 a0a383c9bb050127951bc92994b1842d Size/MD5: 42044694 54ced22ec7c148b6189d0e0905537950 Architecture independent packages: Size/MD5: 66526 55fbe8271376b2c5c24851e362976eaa Size/MD5: 66532 4a7278e54cbe023f951e77a76bf4c878 Size/MD5: 66496 b399ab43052e39041ae1daf14ea14d6e Size/MD5: 66480 ade782aa7df5190dbeaa4fa070802f16 Size/MD5: 66636 1cc94120a7855f913c2d27fab34a8abe Size/MD5: 66540 e88722e35eb1429210553a2c17e71b49 Size/MD5: 66494 640f1cae67cc1dce239a25bfea430b82 Size/MD5: 8982 4d5fac6048ff3092c43780823b1465c4 Size/MD5: 8966187f3337611396db8282e6cb7d2c68eb Size/MD5: 66512 ed2f5e0ddc11a07dc3fb99498e65ce9f Size/MD5: 66484 3daaa9cab0ffb6dba8cdae04f384b720 Size/MD5: 66472 729d392003156d639d91ae24608cca41 Size/MD5: 8954 01b3e6fcc86eb22afca9680301e654c1 Size/MD5: 66502 0fa1fa663a0d9d80025ae1c93006ee20 Size/MD5: 8942 93280b2af0116eaf2776975d800f1049 Size/MD5: 66464 f09a922ee13ad87c2491169535714059 Size/MD5: 126124 b0936daacae14158ed54cb1b402a5046 Size/MD5: 236144 1f55a91b7df6376d52bb66a9dd907740 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 9036 022b505854d2ca2bc038a75e39cc97a0 Size/MD5: 29584 2c23bd7eb5b1b49c24d739060be18aff Size/MD5: 1092652 84976da716c4ffc3119bac210fec0b5e Size/MD5: 4657292 86115d257d31103c409ca94a35b11936 Size/MD5: 48662 21af4403b8fd5280e11169ad2b5bf145 Size/MD5: 9092618 50638ad08fdeedd4319ea5b2c6641a3b i386 architecture (x86 compatible Intel/AMD): Size/MD5: 9028 25d7e1cb9632cb36b6a7dc62340396cd Size/MD5: 25734 de898d27b1935f095073d06d7b298964 Size/MD5: 1071878 87db24f649c1f484590a7c6106b82a32 Size/MD5: 4632478 13290f8c534384a536bfb570b6b48cc9 Size/MD5: 38512 c97aa1226d0b5195c4735295e78a436d Size/MD5: 7816198 35cc097a6efb7e6b18c2200ae1400c27 lpia architecture (Low Power Intel Architecture): Size/MD5: 9034 eb41f410c6f8c4336abaad385e742e97 Size/MD5: 25354 069a9b4f7949d26c42b83fdc8773a89d Size/MD5: 1068486 bc8f471b20ed49feea9b307539596a5f Size/MD5: 4628510 6f63e5502534ea45ca7d48302f508eb4 Size/MD5: 37610 d25f62cf7b8863ad0e437b28f8f9c321 Size/MD5: 7703254 fc29de22f54a5c0b23e075c4c475ce89 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 9034 011cf18080af697c80a1bccb0f48c372 Size/MD5: 27510 8135f9b4073b4119353844f3d0f7b4e1 Size/MD5: 1085830 95610a0624f911d8dc5ef70959e059a1 Size/MD5: 4624620 4b54b29ff86d93e52070ebd790a43b5b Size/MD5: 43684 9f7ac1cf272038a05b6cbabd0e681e47 Size/MD5: 8666380 33e07816fcfc5867f596cf35dd1c73f2 Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 123228 4334378493ec7d09ae54e4a8a4722335 Size/MD5: 2837 ae707c690fa6b4df440a3c70209ac8f4 Size/MD5: 11195453 43f41d60599673f797cbac967deac00a Size/MD5: 251273 3d4f7d018d5b1c25a0d2877f09f63648 Size/MD5: 2851 fc2421751d44580536c2666ee66d3904 Size/MD5: 42044694 54ced22ec7c148b6189d0e0905537950 Architecture independent packages: Size/MD5: 69382 244e13fd127d272dcaca9b3051ea9dd2 Size/MD5: 69276 35ad39771486680bbc6a38bfbf973871 Size/MD5: 69288 67299d054a33c9360c314c63a52457de Size/MD5: 69248 069c90357b890d4ec8818fe9e23bb5ff Size/MD5: 69238 ecfcc9eb99c093dd04efe26e7249aa47 Size/MD5: 69374 f2cf14a3dd57f3abd31a624589cc37e9 Size/MD5: 69298 b595247327829a236b9843d726edc130 Size/MD5: 69248 332c54fc4cb69629b7f6efa7e98f1925 Size/MD5: 8978 003191d32d6dd2f2a2b213f5babb66f2 Size/MD5: 8968 83211932aff06f9c3c50a29d76d96834 Size/MD5: 69272 2e05ac71775c538317a809acb52d878b Size/MD5: 69240 ae0e73c62755a719af1abf824b08e07e Size/MD5: 69228 51fa6cec869e3dd6484cbef6c261d954 Size/MD5: 8956 facfcada2d8a85a2d37e137f15c37883 Size/MD5: 69262 1e4e74dc8373d48ab51d483465642b8f Size/MD5: 8942 47980961738b7f1719e5f7cf5bdd8459 Size/MD5: 69224 be4cb23320949fba3c7120f0ac1f4327 Size/MD5: 128076 ff82ae2c41df10cc84e39561d30cdbd0 Size/MD5: 237848 650532faa9820e23c80cc41767ec6fe8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 203980 49122ba6aa96a7160766a5228211bc2d Size/MD5: 202406 2a23fde94e033e50ce637a223ac8fe0d Size/MD5: 69338 30d4e661a10a17d6c911379afafc7f57 Size/MD5: 88768 d07aaa5911561d5a2bb484ba145dc694 Size/MD5: 905674 59300b025eac5f4605bb3e53e298e6b0 Size/MD5: 4575126 f733c8502e5748cc8a59be181d00b939 Size/MD5: 47112 c8ec01bfc00d60a631c1a642bedec0fc Size/MD5: 8736318 27df63a18482b3b4ba95618206dddc58 Size/MD5: 22990 d05e1d6263bd1c142242b742f52fc6ef i386 architecture (x86 compatible Intel/AMD): Size/MD5: 203982 a1198ba1e4d07dbf12de747b03141ca3 Size/MD5: 202412 92c138508dddc75eee872263a43913e7 Size/MD5: 69338 64950b4d086e20f2956d09c1eaa30ff3 Size/MD5: 84828 80649a992a4492c974fe1eb06afd8a86 Size/MD5: 887982 94fff00e72b17f8eaa48300321d1e13d Size/MD5: 4552242 e1584257ece03d06cde5f8080c849ec0 Size/MD5: 39384 820dc199210d4db2118c4dacdad3078a Size/MD5: 7566228 11ae577e43eaf04f388beb55769623be Size/MD5: 22990 5be425372239053e7a353de64c1f9fbf lpia architecture (Low Power Intel Architecture): Size/MD5: 203978 1943cd378a2ac48ee16dc84e57800a0a Size/MD5: 202404 f054bce66456c1035418b8c0e606e34c Size/MD5: 69340 8b12dc5ae9c17ca6db198587ffce9152 Size/MD5: 84228 5112cc321ad210e9f522f990613d904f Size/MD5: 885256 c5e390012893755d54697ad807b2e9cd Size/MD5: 4548214 7d0a4bcc81de370dd1085109d890e7d1 Size/MD5: 38416 0aeb2b5de50e9f2801cb9b7217a7b23a Size/MD5: 7461330 30211a063af0cf7faaf101ce068bd95e Size/MD5: 22990 45e15880644cda5e445e9db247307a9f powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 203990 e3271adf4626f458d206174a163008ea Size/MD5: 202416 e913db7851f43d80868389cbe170e58c Size/MD5: 69342 a2eff29266489471e7ca91b5d14c04e0 Size/MD5: 86200 3cbd6e33796e150b5918ea7976d6716b Size/MD5: 899446 0966a128af34986ee3f12c08c36f48d2 Size/MD5: 4542014 e921eecf51b037fe3705f796bc0763c9 Size/MD5: 42414 26a623e782f74f20078e401e60a78042 Size/MD5: 8303640 9c3772421c7799769b381015c922ac97 Size/MD5: 22992 7c33afe980725586f4378d1de41adbb6 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 203982 ffa4639e52aac4a33912a329e843f50a Size/MD5: 202406 4a535569d5bb3eebe51874f15e4e5479 Size/MD5: 69342 d23ec01cc9cbf47f9deb4f565f2e95f8 Size/MD5: 83892 1e988446e3e1e6a83e9c165a48f6e444 Size/MD5: 887654 f23d1c5cbe245b3a0c760c5c67c96eb1 Size/MD5: 4529108 716774efcf3b66a0eeb81ec77e458b25 Size/MD5: 37874 13eb351e204da124250c617251beec63 Size/MD5: 8124422 1072ca874b133688475980fa71a89243 Size/MD5: 22990 b430166f1e5b5c247693df817341a71e Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 123436 2c8c2c66ea018a71cb5124fa0dec5a2d Size/MD5: 2837 b746b4b3600f847523a6fce43c432d49 Size/MD5: 11195453 43f41d60599673f797cbac967deac00a Size/MD5: 252174 082f0e69469104ec472c87bfebfb58da Size/MD5: 2851 537f7edffd6fbc7ef06b9ac7733c4cd6 Size/MD5: 42044694 54ced22ec7c148b6189d0e0905537950 Architecture independent packages: Size/MD5: 69584 e644bb7f8764d1829136745afcfee55f Size/MD5: 69486 53c8f65b9349ba4229e2c5d27797b2fd Size/MD5: 69494 5c4509ba6bd67dfdfe1029f1ba259e7b Size/MD5: 69456 780fa4af748bcec454e23f829e550cf5 Size/MD5: 69440 47480ee9efbbcd6c9412128bc20f985e Size/MD5: 69574 d2cc78df801d9e6643b5b5f513b9915e Size/MD5: 69500 6765698ab7f0a712ae427ca914c37d52 Size/MD5: 69454 330edc243d5780b4fcf61202c15236ec Size/MD5: 8980 362076e4e4a0108ef21b3c0569195277 Size/MD5: 8968 b0472e75888686fe71d650c2661801e8 Size/MD5: 69474 b51ea8cac2292f5163ddb9cbfb486600 Size/MD5: 69444 230dfe7bf6a12f8b38ddb9d16c9738d1 Size/MD5: 69440 cecb3da1a4b81b4766ef5b519c0a9a27 Size/MD5: 8954 e95b08e048a96f969d00c2572c3c1114 Size/MD5: 69462 1ed6bf791415a22a7a02d162dc156633 Size/MD5: 8944 37cb4269bb0bb99738aed6d74df69d3c Size/MD5: 69434 7f5ad169d4f26cc2f3b3e0dc096a7a27 Size/MD5: 128420 f03d4eb8baae987dd24c76d33e364331 Size/MD5: 238338 7d2baa1850e184731c842fa5ffc2ec1d amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 204112 9fbc954bbf627850fe579148f8090d09 Size/MD5: 202626 4648b741bd0b452db72b502a3e42572f Size/MD5: 69540 fc8b8b86ce670f1f626b1c84443ad12b Size/MD5: 88976 913797bb980066745ca8500309030381 Size/MD5: 905664 7ac55a46682a695df4e60daa379f9ee9 Size/MD5: 4575284 322e314629811c880b4141c93e6c3f96 Size/MD5: 47114 ed08cbef07d88198b1c7a6420de51067 Size/MD5: 8737198 24f2527caee8e7545f30509bb9b9b4f6 Size/MD5: 23264 c09c3cf9c3c3627dd659e9c803ccda21 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 204128 a61d50badc2a721da8d1cf896ad1abdf Size/MD5: 202620 d1b27319e4b0fc34d2f3ea138150857b Size/MD5: 69544 18e5f7492bd85c3bf07b7d243704d54a Size/MD5: 85034 fdeb306c6415783bffe419c30614eff1 Size/MD5: 887980 98143e3c97b49ff4f05d7e7b7a56f91d Size/MD5: 4551736 8ce6c861332cb56159eae49d081b88f4 Size/MD5: 39386 9dfaaf894f9219bf75a90c11b28b2cbe Size/MD5: 7567146 45b3db5dec9b9cb414fb2822aff8b363 Size/MD5: 23262 93ffa3ea5b2715f7a7a303f6567e689c lpia architecture (Low Power Intel Architecture): Size/MD5: 204118 fe3cf2fccd1ac23bcbc2a841eb846923 Size/MD5: 202622c3d237a16a38f51b254ccbcc542f2199 Size/MD5: 69536 31bbac84270f1036d0a6d30924be3446 Size/MD5: 84448 f9288dcbbecd435428d01426bea1e512 Size/MD5: 885208 562d22b8ada53e72055880e7589af22f Size/MD5: 4548178 cc28186604b829b14334c7c24fa2fa69 Size/MD5: 38396 b616b56d4692e0dabbb8013c7aae03c9 Size/MD5: 7462994 134df581304a69776495c2e5aa75200b Size/MD5: 23262 135ee428f3e1c6f274d4d22e00845879 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 204126 208fbc7f2b318cb7f57bccae77d787a5 Size/MD5: 202624 fcf979e00ac2aa342c922dc5dc7052df Size/MD5: 69546 5083373220f6c2b7a58f013c66edadcc Size/MD5: 86432 678c65fd231c5f900ea3c88bd20263b6 Size/MD5: 899428 3e3e76e1367ea5dfeb56042c17618b2f Size/MD5: 4541516 ecff6d9bc7bf1510a54bb1c8eadcfcac Size/MD5: 42416 4afaeaaaee38dbf750d54f70778a7910 Size/MD5: 8304272 0f5e8fcee9beb1af77fa352bb16752ea Size/MD5: 23266 487a1afdfb857ce66d6e01af44fc388a sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 204128 1a967a8bf3c5d2dd934f11465b8d863a Size/MD5: 202630 e33815ef886a0372bdaa7800481b8f0c Size/MD5: 69544 9990016627024e64dd305c384341ddb5 Size/MD5: 84046 f0bd5d177718aa7584584d9df93cb44d Size/MD5: 887504 65684ab7fd8b1007629a83d81f278661 Size/MD5: 4528850 cb4f53c2bbdf1b00d7c0ba498ea5504f Size/MD5: 37810 8bec992d8c2c1295ef93384c9e00c270 Size/MD5: 8125360 e35c9a9d5f4ffe1da78090236e9d775e Size/MD5: 23264 378d8a94f3e1842c9356cd31b0149c9e . Vulnerabilities detected in Chrome and Chromium may lead to remote exploitation or service disruptions—upgrade your software immediately!. Firefox Security Issues, Ubuntu Patches, Remote Code Threats, DoS Attacks, Browser Security Updates. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 17, 2010 Important Ubuntu
Banner 2 1028x280 1708121730 1 1771599631
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraupdate information

Fedora: 2009-3099 Moderate: Firefox Memory Flaw Remote Execution Risk

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-3099 2009-03-28 00:57:36 --------------------------------------------------------------------------------Name : mozvoikko Product : Fedora 9 Version : 0.9.5 Release : 8.fc9 URL : https://voikko.puimula.org/ Summary : Finnish Voikko spell-checker extension for Mozilla programs Description : This is mozvoikko, an extension for Mozilla programs for using the Finnish spell-checker Voikko. --------------------------------------------------------------------------------Update Information: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update mozvoikko' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Severe vulnerability in Chrome affects other browsers like Firefox, posing risks of remote code execution. Use yum for prompt updates to secure systems.. Mozilla Firefox, Memory Risk, Remote Execution. . LinuxSecurity.com Team

Calendar 2 Mar 28, 2009 Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycriticalsoftware update

Fedora: 3100 Critical Memory Flaws In Firefox Exploiting Remote Access

A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-3100 2009-03-28 00:57:36 --------------------------------------------------------------------------------Name : pcmanx-gtk2 Product : Fedora 10 Version : 0.3.8 Release : 7.fc10 URL : Summary : Telnet client designed for BBS browsing Description : An easy-to-use telnet client mainly targets BBS users. PCMan X is a newly developed GPL'd version of PCMan, a full-featured famous BBS client formerly designed for MS Windows only. It aimed to be an easy-to-use yet full-featured telnet client facilitating BBS browsing with the ability to process double-byte characters. --------------------------------------------------------------------------------Update Information: A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) --------------------------------------------------------------------------------ChangeLog: * Fri Mar 27 2009 Christopher Aillon - 0.3.8-7 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 0.3.8-6 - Rebuild againstnewer gecko * Wed Feb 4 2009 Christopher Aillon - 0.3.8-5 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 0.3.8-4 - Rebuild against newer gecko --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update pcmanx-gtk2' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Patch for Fedora 10 addresses vulnerabilities in Chrome, improving defenses against potential remote intrusions.. Fedora 10 Update, Firefox Bug Fix, Remote Code Execution. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 28, 2009 Critical Fedora
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here