Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
89
security advisoryfedoraimportantFedora 43: Critical Update for rust-protobuf-codegen Uncontrolled Recursion
Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-9e77f6ddcb 2025-10-14 22:21:43.157840+00:00 -------------------------------------------------------------------------------- Name : rust-protobuf-codegen Product : Fedora 43 Version : 3.7.2 Release : 1.fc43 URL : https://crates.io/crates/protobuf-codegen Summary : Code generator for rust-protobuf Description : Code generator for rust-protobuf. Includes a library to invoke programmatically (e. g. from `build.rs`) and `protoc-gen-rs` binary. -------------------------------------------------------------------------------- Update Information: Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2. Initial packaging of the protobuf-parse and protobuf-support crates. This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in the protobuf crate). -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 21 2025 Fabio Valentini - 3.7.2-1 - Update to version 3.7.2; Fixes RHBZ#2080867 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2376751 [ 2 ] Bug #2401160 - F43FailsToInstall: rust-prometheus+protobuf-codegen-pure-devel https://bugzilla.redhat.com/show_bug.cgi?id=2401160 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9e77f6ddcb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 14, 2025
•Important
Fedora
89
security advisoryFedorause-after-freeFedora 40: FEDORA-2024-23292e9f6d critical: rust-pyo3 use-after-free
Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-23292e9f6d 2024-10-24 01:27:39.153261 -------------------------------------------------------------------------------- Name : rust-pyo3-macros-backend Product : Fedora 40 Version : 0.22.4 Release : 1.fc40 URL : https://crates.io/crates/pyo3-macros-backend Summary : Code generation for PyO3 package Description : Code generation for PyO3 package. -------------------------------------------------------------------------------- Update Information: Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Fabio Valentini - 0.22.4-1 - Update to version 0.22.4; Fixes RHBZ#2318284 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-23292e9f6d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 24, 2024
•Critical
Fedora
91
security advisoryGentoosecurity issueGentoo GLSA 202409-22: Normal Severity GCC Code Generation Flaw
A vulnerability has been discovered in GCC, which can lead to flawed code generation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GCC: Flawed Code Generation Date: September 24, 2024 Bugs: #719466 ID: 202409-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in GCC, which can lead to flawed code generation. Background ========== The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages (libstdc++,...). Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ sys-devel/gcc < 10.0 > = 10.0 Description =========== A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Impact ====== The POWER9 backend in GNU Compiler Collection (GCC) could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. Workaround ========== There is no known workaround at this time. Resolution ========== All GCC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-devel/gcc-10.0" And then select it with gcc-config: # gcc-config latest In this case, users should also rebuild all affected packages with emerge -e, e.g.: # emerge --usepkg=n --emptytree@world References ========== [ 1 ] CVE-2019-15847 https://nvd.nist.gov/vuln/detail/CVE-2019-15847 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202409-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 24, 2024
Gentoo
219
security advisorysoftware patchimportant fixRocky Linux 9: RLSA-2023:1407 Important: Thunderbird Security Fix
Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:1407", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.9.0.\n\nSecurity Fix(es):\n\n* Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751)\n\n* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176)\n\n* Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752)\n\n* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)\n\n* Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2178458", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2178458", "description": ""}, {"ticket": "2178460", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2178460", "description": ""}, {"ticket": "2178466", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2178466", "description": ""}, {"ticket": "2178470", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2178470", "description": ""}, {"ticket": "2178472", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2178472", "description": ""}], "cves": [{"name": "CVE-2023-25751", "sourceBy": "MITRE", "sourceLink":"https://www.cve.org/CVERecord?id=CVE-2023-25751", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2023-25752", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-25752", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2023-28162", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-28162", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2023-28164", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-28164", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2023-28176", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-28176", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2023-03-28T13:07:54.922242Z", "rpms": {"Rocky Linux 9": {"nvras": ["thunderbird-0:102.9.0-1.el9_1.aarch64.rpm", "thunderbird-0:102.9.0-1.el9_1.ppc64le.rpm", "thunderbird-0:102.9.0-1.el9_1.s390x.rpm", "thunderbird-0:102.9.0-1.el9_1.src.rpm", "thunderbird-0:102.9.0-1.el9_1.x86_64.rpm", "thunderbird-debuginfo-0:102.9.0-1.el9_1.aarch64.rpm", "thunderbird-debuginfo-0:102.9.0-1.el9_1.ppc64le.rpm", "thunderbird-debuginfo-0:102.9.0-1.el9_1.s390x.rpm", "thunderbird-debuginfo-0:102.9.0-1.el9_1.x86_64.rpm", "thunderbird-debugsource-0:102.9.0-1.el9_1.aarch64.rpm", "thunderbird-debugsource-0:102.9.0-1.el9_1.ppc64le.rpm", "thunderbird-debugsource-0:102.9.0-1.el9_1.s390x.rpm", "thunderbird-debugsource-0:102.9.0-1.el9_1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. The new version of Mozilla Thunderbird for Rocky Linux significantly boosts defense mechanisms against multiple vulnerabilities and incorporates essential security fixes.. Rocky Linux, Thunderbird Update, Important Fix, Security Patch, Mozilla Thunderbird. . Severity: Important. LinuxSecurity.com Team
Mar 28, 2023
•Important
Rocky Linux
219
security advisoryfirefoxmemory safetyRocky Linux 8 RLSA-2023:1336 Important Firefox Security Fix
Important: firefox security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:1336", "synopsis": "Important: firefox security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for firefox.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.9.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751)\n\n* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176)\n\n* Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752)\n\n* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)\n\n* Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2178458", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2178458", "description": ""}, {"ticket": "2178460", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2178460", "description": ""}, {"ticket": "2178466", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2178466", "description": ""}, {"ticket": "2178470", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2178470", "description": ""}, {"ticket": "2178472", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2178472", "description": ""}], "cves": [{"name": "CVE-2023-25751","sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-25751", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2023-25752", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-25752", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2023-28162", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-28162", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2023-28164", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-28164", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2023-28176", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-28176", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2023-03-28T13:07:10.220025Z", "rpms": {"Rocky Linux 8": {"nvras": ["firefox-0:102.9.0-3.el8_7.aarch64.rpm", "firefox-0:102.9.0-3.el8_7.src.rpm", "firefox-0:102.9.0-3.el8_7.x86_64.rpm", "firefox-debuginfo-0:102.9.0-3.el8_7.aarch64.rpm", "firefox-debuginfo-0:102.9.0-3.el8_7.x86_64.rpm", "firefox-debugsource-0:102.9.0-3.el8_7.aarch64.rpm", "firefox-debugsource-0:102.9.0-3.el8_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical Firefox update released for Rocky Linux addressing significant JIT and memory safety issues.. Rocky Linux Security - Firefox Fixes - Important Updates. . Severity: Important. LinuxSecurity.com Team
Mar 28, 2023
•Important
Rocky Linux
98
security advisoryred hat enterprise linuxmemory safetyRed Hat: RHSA-2023-1367-01 Important: Firefox Code Issues and Memory Safety
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2023:1367-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1367 Issue date: 2023-03-21 CVE Names: CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164 CVE-2023-28176 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fix(es): * Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751) * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176) * Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752) * Mozilla: Invalid downcast in Worklets (CVE-2023-28162) * Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation 2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams 2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets 2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation 2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.6): Source: firefox-102.9.0-3.el8_6.src.rpm aarch64: firefox-102.9.0-3.el8_6.aarch64.rpm firefox-debuginfo-102.9.0-3.el8_6.aarch64.rpm firefox-debugsource-102.9.0-3.el8_6.aarch64.rpm ppc64le: firefox-102.9.0-3.el8_6.ppc64le.rpm firefox-debuginfo-102.9.0-3.el8_6.ppc64le.rpm firefox-debugsource-102.9.0-3.el8_6.ppc64le.rpm s390x: firefox-102.9.0-3.el8_6.s390x.rpm firefox-debuginfo-102.9.0-3.el8_6.s390x.rpm firefox-debugsource-102.9.0-3.el8_6.s390x.rpm x86_64: firefox-102.9.0-3.el8_6.x86_64.rpm firefox-debuginfo-102.9.0-3.el8_6.x86_64.rpm firefox-debugsource-102.9.0-3.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-25751 https://access.redhat.com/security/cve/CVE-2023-25752 https://access.redhat.com/security/cve/CVE-2023-28162 https://access.redhat.com/security/cve/CVE-2023-28164 https://access.redhat.com/security/cve/CVE-2023-28176 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBxe+dzjgjWX9erEAQg6+w//e4W6RCA+d80cXa9iSRY7h/h6HkcfIypm y0xTEXOxgLD5ob1quXdik9AWJkO0dCyIxG1GYgvCRO/p2Wf4ImIfgrN/aBL3Wrim F+AS19ZxFpyzr3dEpwuJ+pzSKlsTBGAixegbBDjBRlt2pQtKj/a66flrVGjXGx8x PtXP0Q7HtFrucrcKjKWD6tF7wScIYmdKjRH0LRGTzooLp+5GeVhD6b7GDlLDN5gU xA77lN3DhAOwiezHb0rUxrP+A7pD6K7A61a5KNQHgIhsdu5u2ScCdh4ZUr1R/szf rahIXaxFx0adZuHKxZf7ADNZZ630lH5Pvrj6v9v3Y9wkB1ukcurdtGYU+mpYIikZ w5QBwVzInnMYgfiOcJKSotPBUtvdToKIRgIfYeCm81jtoWgMbQGcFSGZJ2ahE2ix xeAMb+hBZvqI/Y3j5jWfFGSj9e+3+nCS82mexBOkW2Hvm5m4siHyZlcw1T4dMNaA BrpahZ3G9KJMVePHhLbx/q3e8LOvSYqyyE0KrgfiYLQy2R6241Qm7tul9c8z04I6 1ChSO2/2C0xL+Ujq9BvcLP/h4JHUFiFUaNrLhJyBIohODL+EoKnjznkobyXAG6gv z7IaqxAy9htlq3vBdvtQKn1oOSZX2gERzUmDaYctnXZETBKGtvYGJhEyMV5QdFdX VewXOXbdMsU=LycA -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 23, 2023
•Important
Red Hat
98
security advisoryimportantRed Hat EnterpriseRed Hat Enterprise: RHSA-2023-1401 Important: Thunderbird Security Fix
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2023:1401-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1401 Issue date: 2023-03-22 CVE Names: CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164 CVE-2023-28176 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fix(es): * Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751) * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176) * Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752) * Mozilla: Invalid downcast in Worklets (CVE-2023-28162) * Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164) For moredetails about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation 2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams 2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets 2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation 2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-102.9.0-1.el7_9.src.rpm x86_64: thunderbird-102.9.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-102.9.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-102.9.0-1.el7_9.src.rpm ppc64le: thunderbird-102.9.0-1.el7_9.ppc64le.rpm thunderbird-debuginfo-102.9.0-1.el7_9.ppc64le.rpm x86_64: thunderbird-102.9.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-102.9.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-102.9.0-1.el7_9.src.rpm x86_64: thunderbird-102.9.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-102.9.0-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-25751 https://access.redhat.com/security/cve/CVE-2023-25752 https://access.redhat.com/security/cve/CVE-2023-28162 https://access.redhat.com/security/cve/CVE-2023-28164 https://access.redhat.com/security/cve/CVE-2023-28176 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBxe+dzjgjWX9erEAQiO/w/9GUHS3RiC2S44AbhtL3BeXPODq4WPhrMg ZgdlMlVu0AwkDMOO1+vNKjR79uNKKA/m9tC1YMa070OQT0sHsmGsLpEYaTJAQS7N e1OnKJI+SeJaAVPGDONhQ4sojYoc65CeCZrC47kkmCnuZipnINcVoyNs38Ygnnub Z5C2uBHaVJ5ccbIrslhWeNmX4Rn0khLaulMqC4CNr3SCCcPvAoP2OE6S4mHLmQdb azpIyTAdIzMj7OpItYklqjU/e0nkgvRaZ9tMlk8HLmiKersXxO43HP70qGbuqP2Y q0bvbS1pnZmk+M95UY04pzL14tMwVzMlfGKg5kIOODYnOLS/5sgWb+mIrqMTtpVf 4mz6Tb86LKIwFRTvYMo1RFz1qFpc3CmRWszmkTk135C1UZUmdkVVwKxmSwcirb+P 8t/yG2HgT6KxagNjx3ZITktJinkUcBEaCv5T1w/TD3ZPMp2fBsuS77qA+nlAg4SW b45qDczi1Cnb6wO1udpyPpqVhyzPmu1Z14UgEswlphhvh/d8p/PKbVuodaalw21f TBL8RWiKlwekuf5upWxqE4fEqtCKau01lvmYwlKpH+/ikbjKwwxhr0mHNQitf785 acQjgYfi1XyGC503t/FuPJBKJJyW7O/tUGQdno16gCS8ax+yV+ph/hB3B/UUR5+u equp0LbBdzc=L2WM -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 23, 2023
•Important
Red Hat
98
security advisorysecurity updateRed Hat Enterprise LinuxUbuntu Server 22.04 LTS USN-2023:0360-1 Chromium Critical Security Patch
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2023:1337-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1337 Issue date: 2023-03-20 CVE Names: CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164 CVE-2023-28176 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fix(es): * Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751) * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176) * Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752) * Mozilla: Invalid downcast in Worklets (CVE-2023-28162) * Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164) For more details about the security issue(s), including theimpact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation 2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams 2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets 2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation 2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: firefox-102.9.0-3.el9_1.src.rpm aarch64: firefox-102.9.0-3.el9_1.aarch64.rpm firefox-debuginfo-102.9.0-3.el9_1.aarch64.rpm firefox-debugsource-102.9.0-3.el9_1.aarch64.rpm firefox-x11-102.9.0-3.el9_1.aarch64.rpm ppc64le: firefox-102.9.0-3.el9_1.ppc64le.rpm firefox-debuginfo-102.9.0-3.el9_1.ppc64le.rpm firefox-debugsource-102.9.0-3.el9_1.ppc64le.rpm firefox-x11-102.9.0-3.el9_1.ppc64le.rpm s390x: firefox-102.9.0-3.el9_1.s390x.rpm firefox-debuginfo-102.9.0-3.el9_1.s390x.rpm firefox-debugsource-102.9.0-3.el9_1.s390x.rpm firefox-x11-102.9.0-3.el9_1.s390x.rpm x86_64: firefox-102.9.0-3.el9_1.x86_64.rpm firefox-debuginfo-102.9.0-3.el9_1.x86_64.rpm firefox-debugsource-102.9.0-3.el9_1.x86_64.rpm firefox-x11-102.9.0-3.el9_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-25751 https://access.redhat.com/security/cve/CVE-2023-25752 https://access.redhat.com/security/cve/CVE-2023-28162 https://access.redhat.com/security/cve/CVE-2023-28164 https://access.redhat.com/security/cve/CVE-2023-28176 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBh4dtzjgjWX9erEAQiCLA/9EQIrsyYlouTIW0DsRrnx+P4mS8u7qXCm 6blO6pgZSm2hzqqEw8+M8mGlq6oGrYdd9GhT2qOYr0V/y4qxHeI6mk+ebCrL3Jq1 YlTTfd/mLR38y2n+dEXIghNSCQ2pK4oeZ9XEbQ/U05Atrd/v1YP3YBQavF3tpbxb yH4EXqiQfWlyHpEpIrpsG39kKtV6kN+vgm2uA0bwMgfe+bq7yIJLVWlMRwhU+414 s8CpsXQksSgRQLJtrDdMZ/IIYgtfeb6VAful3XFCVDBmVQskuDVNhviJSoJg4tp9 AXXdgF/dMbXn7F73j/Rvn0GVXaurryXI6GeHNVrJ1lU0KhRyp8nZbSlTz+Px6le0 FJrEuks8//YWtR1rHTd7J2Ytef+oE0xj65WLF7sULwIgV4aDjykOUP09WQ4pmjUf QsWBPwfpYdTQCuT4qaA63ZXzOn1NJZs9IyUckaMxhZ8m0NI+m1a3O5zfE7xRiAN1 /dp/Rbt6LVwc3SFxQl8QZ1ebqeg5I5fZKgLKL7w6+MWu6bgif3zd7/HqumH+CJv6 cgMbG6ZpTOW/cXcXXJzQ18kKhlG5JZajTT3KobY5QSi//553bFD4LRfFuskRRBFK Ol2kQy/fzpeUfTCIolh6VJCjrZ07eiDXEIn4hETmUc/Lto3owz9vnYCaGZFKM1Rm VZtQOLxSsOk=GR6W -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 20, 2023
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!