Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 61 articles for you...
202
security advisoryremote exploitheap corruptionopenSUSE Leap 16.0 Chromium Important Heap Corruption Issues 2026-20183-1
An update that solves 2 vulnerabilities and has one bug fix can now be installed.. openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20183-1 Rating: important References: * bsc#1257650 Cross-References: * CVE-2026-1861 * CVE-2026-1862 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 2 vulnerabilities and has one bug fix can now be installed. Description: This update for chromium fixes the following issues: Changes in chromium: - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-112=1 Package List: - openSUSE Leap 16.0: chromedriver-144.0.7559.132-bp160.1.1 chromium-144.0.7559.132-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-1861.html * https://www.suse.com/security/cve/CVE-2026-1862.html . This advisory details an important update for openSUSE users addressing two critical issues in Chromium.. openSUSE update Chromium security remote exploit. . Severity: Important. LinuxSecurity.com Team
Feb 08, 2026
•Important
OpenSUSE
89
security advisorysoftware updateFedoraFedora 40: ICECAT 2025-bca38111fc critical: Use-After-Free issue
Rebuild with pregenerated cbindgen. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-bca38111fc 2025-04-30 01:59:13.913534+00:00 -------------------------------------------------------------------------------- Name : icecat Product : Fedora 40 Version : 115.22.0 Release : 2.rh1.fc40 URL : Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * JShelter: Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. -------------------------------------------------------------------------------- Update Information: Rebuild with pregenerated cbindgen -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2025 Antonio Trande - 2:115.22.0-2.rh1 - Upload regenerated built-in cbindgen * Fri Apr 4 2025 AntonioTrande - 2:115.22.0-1.rh1 - Release 115.22.0 * Tue Mar 4 2025 Antonio Trande - 2:115.21.0-1.rh1 - Release 115.21.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357926 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357926 [ 2 ] Bug #2357938 - CVE-2025-3416 icecat: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357938 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-bca38111fc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 30, 2025
•Critical
Fedora
89
security advisoryhigh severityFedoraFedora 40: FEDORA-2025-52ea512fe5 high: chromium type confusion fix
Update to 131.0.6778.264 * High CVE-2025-0291: Type Confusion in V8. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-52ea512fe5 2025-01-10 01:47:41.316821+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 40 Version : 131.0.6778.264 Release : 1.fc40 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 131.0.6778.264 * High CVE-2025-0291: Type Confusion in V8 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 8 2025 Than Ngo - 131.0.6778.264-1 - Update to 131.0.6778.264 * High CVE-2025-0291: Type Confusion in V8 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-52ea512fe5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 10, 2025
Fedora
89
security advisorynetwork securityupdateFedora 40: FEDORA-2024-7f67755963 moderate: icecat JavaScript issues
Fix CVE-2024-11693 CVE-2024-11697 CVE-2024-11692. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-7f67755963 2024-12-19 03:59:44.539063+00:00 -------------------------------------------------------------------------------- Name : icecat Product : Fedora 40 Version : 115.18.0 Release : 2.rh2.fc40 URL : Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * JShelter: Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-11693 CVE-2024-11697 CVE-2024-11692 -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 8 2024 Antonio Trande - 2:115.18.0-2.rh2 - Fix CVE-2024-11693 CVE-2024-11697CVE-2024-11692 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7f67755963' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 19, 2024
Fedora
89
security advisorysoftware updateFedoraFedora 39: FEDORA-2024-c4b84c1215 moderate: firefox browser update
New upstream build (132.0). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c4b84c1215 2024-11-07 02:06:10.501448 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 39 Version : 132.0 Release : 2.fc39 URL : https://www.firefox.com/en-US/?redirect_source=mozilla-org Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: New upstream build (132.0) -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 25 2024 Martin Stransky - 132.0-2 - Enabled PGO * Wed Oct 23 2024 Martin Stransky - 132.0-1 - Updated to 132.0 * Mon Oct 21 2024 Martin Stransky - 131.0.3-3 - Backported hi-res mouse scrolling and hold touchpad gesture support for Fedora 41 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c4b84c1215' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 07, 2024
Fedora
89
security advisoryfedoraupdateFedora 39: 2024-f2e57b108e Critical: Chromium Memory Issues
update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-f2e57b108e 2024-08-02 03:49:02.362826 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 39 Version : 127.0.6533.72 Release : 1.fc39 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 24 2024 Than Ngo - 127.0.6533.72-1 - update to127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe * Sat Jul 20 2024 Than Ngo - 126.0.6478.182-2 - fix condition for is_cfi/use_thin_lto on aarch64/ppc64le - update powerpc patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #2299576 - 127.0.6533.72 released, fixing many CVEs https://bugzilla.redhat.com/show_bug.cgi?id=2299576 [ 2 ] Bug #2299689 - Adopt the ppc64le patches from OpenPOWER patchset https://bugzilla.redhat.com/show_bug.cgi?id=2299689 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-f2e57b108e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Aug 02, 2024
•Critical
Fedora
89
security advisoryhigh severityFedoraFedora 40 FEDORA-2024-5acee8c47f High Type Confusion in Chromium
update to 126.0.6478.55 High CVE-2024-5830: Type Confusion in V8 High CVE-2024-5831: Use after free in Dawn High CVE-2024-5832: Use after free in Dawn High CVE-2024-5833: Type Confusion in V8. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-5acee8c47f 2024-06-14 01:44:09.032211 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 40 Version : 126.0.6478.55 Release : 1.fc40 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: update to 126.0.6478.55 High CVE-2024-5830: Type Confusion in V8 High CVE-2024-5831: Use after free in Dawn High CVE-2024-5832: Use after free in Dawn High CVE-2024-5833: Type Confusion in V8 High CVE-2024-5834: Inappropriate implementation in Dawn High CVE-2024-5835: Heap buffer overflow in Tab Groups High CVE-2024-5836: Inappropriate Implementation in DevTools High CVE-2024-5837: Type Confusion in V8 High CVE-2024-5838: Type Confusion in V8 Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator Medium CVE-2024-5840: Policy Bypass in CORS Medium CVE-2024-5841: Use after free in V8 Medium CVE-2024-5842: Use after free in Browser UI Medium CVE-2024-5843: Inappropriate implementation in Downloads Medium CVE-2024-5844: Heap buffer overflow in Tab Strip Medium CVE-2024-5845: Use after free in Audio Medium CVE-2024-5846: Use after free in PDFium Medium CVE-2024-5847: Use after free in PDFium -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 12 2024 Than Ngo - 126.0.6478.55-1 - update to 126.0.6478.55 * High CVE-2024-5830: Type Confusion in V8 * High CVE-2024-5831: Useafter free in Dawn * High CVE-2024-5832: Use after free in Dawn * High CVE-2024-5833: Type Confusion in V8 * High CVE-2024-5834: Inappropriate implementation in Dawn * High CVE-2024-5835: Heap buffer overflow in Tab Groups * High CVE-2024-5836: Inappropriate Implementation in DevTools * High CVE-2024-5837: Type Confusion in V8 * High CVE-2024-5838: Type Confusion in V8 * Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator * Medium CVE-2024-5840: Policy Bypass in CORS * Medium CVE-2024-5841: Use after free in V8 * Medium CVE-2024-5842: Use after free in Browser UI * Medium CVE-2024-5843: Inappropriate implementation in Downloads * Medium CVE-2024-5844: Heap buffer overflow in Tab Strip * Medium CVE-2024-5845: Use after free in Audio * Medium CVE-2024-5846: Use after free in PDFium * Medium CVE-2024-5847: Use after free in PDFium -------------------------------------------------------------------------------- References: [ 1 ] Bug #2291363 - 126.0.6478.54 is available, fixing 21 CVEs https://bugzilla.redhat.com/show_bug.cgi?id=2291363 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-5acee8c47f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 14, 2024
Fedora
89
security advisoryhigh severityFedoraFedora 39: 2024-5483bc2adb High Severity: Chromium Use After Free
update to 124.0.6367.118 * High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-5483bc2adb 2024-05-04 01:32:09.337312 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 39 Version : 124.0.6367.118 Release : 1.fc39 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: update to 124.0.6367.118 * High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn -------------------------------------------------------------------------------- ChangeLog: * Wed May 1 2024 Than Ngo - 124.0.6367.118-1 - update to 124.0.6367.118 * High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn - use system highway -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-5483bc2adb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 04, 2024
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!