Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
87
security advisorysoftware updateevolutionDebian Bullseye: DSA-5396-2 Critical Update For Evolution Software
The webkit2gtk update released as 5396-1 introduced a compatibility problem that caused Evolution to display e-mail incorrectly. Evolution has been updated to solve this issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5396-2
May 04, 2023
•Critical
Debian
172
security advisorysecurity updateubuntuUbuntu 18.04 LTS USN-4307-1 Critical TLS Support Update
TLSv1.3 support has been enabled in Apache HTTP Server in Ubuntu 18.04 LTS.. =========================================================================Ubuntu Security Notice USN-4307-1 March 18, 2020 apache2 update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: TLSv1.3 support has been enabled in Apache HTTP Server in Ubuntu 18.04 LTS. Software Description: - apache2: Apache HTTP server Details: As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: apache2-bin 2.4.29-1ubuntu4.13 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4307-1 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1845263 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.13 . Support for TLSv1.3 has been implemented in the Apache HTTP Server for Ubuntu 20.04 LTS following security advisory USN-4508-1.. apache HTTP, tls support, ubuntu update, apache security, server advisory. . Severity: Critical. LinuxSecurity.com Team
Mar 18, 2020
•Critical
Ubuntu
172
security advisorydenial of servicesoftware updateUbuntu 18.10 USN-3918-3: Firefox Regression Fix for Compatibility Issues
USN-3918-1 caused a regression in Firefox.. =========================================================================Ubuntu Security Notice USN-3918-3 March 28, 2019 firefox regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: USN-3918-1 caused a regression in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle (MITM)attacks. (CVE-2019-9803) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: firefox 66.0.2+build1-0ubuntu0.18.10.1 Ubuntu 18.04 LTS: firefox 66.0.2+build1-0ubuntu0.18.04.1 Ubuntu 16.04 LTS: firefox 66.0.2+build1-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: firefox 66.0.2+build1-0ubuntu0.14.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3918-1 https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1822185 Package Information: https://launchpad.net/ubuntu/+source/firefox/66.0.2+build1-0ubuntu0.18.10.1 https://launchpad.net/ubuntu/+source/firefox/66.0.2+build1-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/firefox/66.0.2+build1-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/firefox/66.0.2+build1-0ubuntu0.14.04.1 . Ubuntu Security Alert USN-3919-4 resolves a Firefox issue impacting various Ubuntu editions.. Firefox Update, Ubuntu Security, Web Compatibility. . Severity: Critical. LinuxSecurity.com Team
Mar 28, 2019
•Critical
Ubuntu
89
security advisoryFedorabug fixFedora 27 glibc Update Security Advisory - Moderate Severity
This update fixes minor security bugs (CVE-2017-17426, CVE-2017-15804), contains single-threaded optimizations for `malloc`, and increases compatibility with IBM POWER 9 hardware.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-fb5e227432 2017-12-19 18:22:41.465710 --------------------------------------------------------------------------------Name : glibc Product : Fedora 27 Version : 2.26 Release : 20.fc27 URL : Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. --------------------------------------------------------------------------------Update Information: This update fixes minor security bugs (CVE-2017-17426, CVE-2017-15804), contains single-threaded optimizations for `malloc`, and increases compatibility with IBM POWER 9 hardware. --------------------------------------------------------------------------------References: [ 1 ] Bug #1505298 - CVE-2017-15804 glibc: Buffer overflow during unescaping of user names with the ~ operator https://bugzilla.redhat.com/show_bug.cgi?id=1505298 [ 2 ] Bug #1524530 - CVE-2017-17426 glibc: Integer overflow with enabled tcache https://bugzilla.redhat.com/show_bug.cgi?id=1524530 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade glibc' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 19, 2017
Fedora
89
security advisorysoftware updateFedoraFedora 25 – Security Update: Firefox 57 Compatibility Issues
Updated to the latest version - Firefox 57 Please note that this update is incompatible with many recent Firefox add-ons, please see Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum-leap/ ---- Update to Firefox 57 a.k.a. Quantum This update may break your installed extension, please see this Fedora Magazine article for details:. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-9a6569beb6 2017-11-17 22:27:37.318730 --------------------------------------------------------------------------------Name : firefox Product : Fedora 25 Version : 57.0 Release : 2.fc25 URL : https://www.firefox.com/en-US/?redirect_source=mozilla-org Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. --------------------------------------------------------------------------------Update Information: Updated to the latest version - Firefox 57 Please note that this update is incompatible with many recent Firefox add-ons, please see Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum-leap/ ---- Update to Firefox 57 a.k.a. Quantum This update may break your installed extension, please see this Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum-leap/ --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade firefox' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 17, 2017
•Important
Fedora
89
security advisorysecurity updatefedoraFedora 27 Firefox 57 Quantum Moderate: Security Update and Compatibility
Update to Firefox 57 a.k.a. Quantum This update may break your installed extension, please see this Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum-leap/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-aca8228007 2017-11-15 15:47:48.468441 --------------------------------------------------------------------------------Name : firefox Product : Fedora 27 Version : 57.0 Release : 1.fc27 URL : https://www.firefox.com/en-US/?redirect_source=mozilla-org Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. --------------------------------------------------------------------------------Update Information: Update to Firefox 57 a.k.a. Quantum This update may break your installed extension, please see this Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum-leap/ --------------------------------------------------------------------------------ChangeLog: --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade firefox' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 15, 2017
Fedora
89
security advisoryfedorabuffer overflowFedora 26 libvncserver Security Advisory: Buffer Overflow Threats
Update to latest stable release, include fixes for gnutls and gtk-vnc compatibility.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-6125002d79 2017-06-03 17:37:29.839514 --------------------------------------------------------------------------------Name : libvncserver Product : Fedora 26 Version : 0.9.11 Release : 2.fc26 URL : http://libvnc.github.io/ Summary : Library to make writing a VNC server easy Description : LibVNCServer makes writing a VNC server (or more correctly, a program exporting a frame-buffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression schemata. --------------------------------------------------------------------------------Update Information: Update to latest stable release, include fixes for gnutls and gtk-vnc compatibility. --------------------------------------------------------------------------------References: [ 1 ] Bug #1410168 - CVE-2016-9942 libvncserver: Heap-based buffer overflow in ultra.c https://bugzilla.redhat.com/show_bug.cgi?id=1410168 [ 2 ] Bug #1410166 - CVE-2016-9941 libvncserver: Heap-based buffer overflow in rfbproto.c https://bugzilla.redhat.com/show_bug.cgi?id=1410166 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libvncserver' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jun 03, 2017
•Critical
Fedora
87
security advisorysoftware updateDebianDebian: DSA-2141-4 Moderate: Fix for Lighttpd OpenSSL Vulnerability
The openssl update in DSA-2141-1 caused a regression in lighttpd. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries. This update fixes this problem. . - ------------------------------------------------------------------------ Debian Security Advisory DSA-2141-4
Jan 12, 2011
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!