Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisorycriticalFedoraFedora 2.4.22 FEDORA-2003-026 Critical: Kernel Crash Issue
The kernel shipped with Fedora Core 1 was vulnerable to a bug in theerror return on a concurrent fork() with threaded exit() which could beexploited by a user level program to crash the kernel. . ---------------------------------------------------------------------Fedora Security Update Notification FEDORA-2003-026 2003-12-02 ---------------------------------------------------------------------Name : kernel Version : 2.4.22 Release : 1.2129.nptl Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Red Hat Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ---------------------------------------------------------------------The kernel shipped with Fedora Core 1 was vulnerable to a bug in the error return on a concurrent fork() with threaded exit() which could be exploited by a user level program to crash the kernel. In addition to this bug fix, the changelog below details various other non security fixes that have been added. * Mon Dec 01 2003 Dave Jones - sys_tgkill wasn't enabled on IA32. * Sun Nov 30 2003 Dave Jones - Process scheduler fix. When doing sync wakeups we must not skip the notification of other cpus if the task is not on this runqueue. * Wed Nov 26 2003 Justin M. Forbes - Merge required ia32 syscalls for AMD64 - [f]truncate64 for 32bit code fix * Mon Nov 24 2003 Dave Jones - Fix power-off on shutdown with ACPI. - Add missing part of recent cmpci fix - Drop CONFIG_NR_CPUS patch which was problematic. - Fold futex-fix into main futex patch. - Fix TG3 tqueue initialisation. - Various NPTL fixes. * Fri Nov 14 2003 Dave Jones - Drop netfilter change which proved to be bad upstream. * Thu Nov 13 2003 Justin M. Forbes - Fix NForce3 DMA and ATA133 onAMD64 * Wed Nov 12 2003 Dave Jones - Fix syscall definitions on AMD64 * Tue Nov 11 2003 Dave Jones - Fix Intel 440GX Interrupt routing. - Fix waitqueue leak in cmpci driver. * Mon Nov 10 2003 Dave Jones - Kill noisy warnings in the DRM modules. - Merge munged upstream x86-64.org patch for various AMD64 fixes. * Mon Nov 03 2003 Dave Jones - Further cleanups related to AMD64 build. * Fri Oct 31 2003 Dave Jones - Make AMD64 build. ---------------------------------------------------------------------This update can be downloaded from: b2ca2e65c14ba3a32bbae6b11e368033 SRPMS/kernel-2.4.22-1.2129.nptl.src.rpm 30c673e9bd3470d2323fad69ba064a59 i386/kernel-source-2.4.22-1.2129.nptl.i386.rpm ea3ca9fce1003aa1c03396501fe8e8e4 i386/kernel-doc-2.4.22-1.2129.nptl.i386.rpm 90bbab66acb77dbfe6e2ae91fca5f4c8 i386/kernel-BOOT-2.4.22-1.2129.nptl.i386.rpm a9ebdfdfd8d19a72decf1b8d5549996b i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i386.rpm d088887cfc2894539051ec7708ef7c9e i386/kernel-2.4.22-1.2129.nptl.i586.rpm 43edf191d8dd0713964ee922e85179a4 i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i586.rpm ee7850054d3f2b3f72a7d262a398ad87 i386/kernel-2.4.22-1.2129.nptl.i686.rpm a023b71cda6252a168c69a05e894e988 i386/kernel-smp-2.4.22-1.2129.nptl.i686.rpm 7c23798f7d4d3852cf395a23169e99df i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i686.rpm a81da54e2c360f336e35135b5b3fedb9 i386/kernel-2.4.22-1.2129.nptl.athlon.rpm 230fedc801524652681a23cfd6aad8a4 i386/kernel-smp-2.4.22-1.2129.nptl.athlon.rpm 7f461087fa103bef89c14057413e0c1d i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.athlon.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- --fedora-announce-list mailing list
Jun 08, 2023
•Critical
Fedora
203
security advisorycrash exploitmemory safetyMageia 8: MGASA-2023-0111 Moderate: Multiple Firefox Memory Issues
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash (CVE-2023-25751). When accessing throttled streams, the count of available bytes needed to be . MGASA-2023-0111 - Updated firefox packages fix security vulnerability Publication date: 24 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0111.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-25751, CVE-2023-25752, CVE-2023-28162, CVE-2023-28164, CVE-2023-28176 Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash (CVE-2023-25751). When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable (CVE-2023-25752). While implementing on AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have lead to a potentially exploitable crash (CVE-2023-28162). Dragging a URL from a cross-origin iframe that was removed during the drag could have lead to user confusion and website spoofing attacks (CVE-2023-28164). Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2023-28176). References: - https://bugs.mageia.org/show_bug.cgi?id=31663 - https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/HcRrYgEdGIo - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html - https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/ - https://www.cve.org/CVERecord?id=CVE-2023-25751 - https://www.cve.org/CVERecord?id=CVE-2023-25752 -https://www.cve.org/CVERecord?id=CVE-2023-28162 - https://www.cve.org/CVERecord?id=CVE-2023-28164 - https://www.cve.org/CVERecord?id=CVE-2023-28176 SRPMS: - 8/core/firefox-102.9.0-1.mga8 - 8/core/firefox-l10n-102.9.0-1.mga8 - 8/core/nss-3.89.0-1.mga8 . Recent security patches for Firefox on Mageia 8 tackle various vulnerabilities, including stability concerns and memory management flaws.. Firefox Security Update, Mageia Advisory, Memory Exploit, Software Patch. . LinuxSecurity.com Team
Mar 24, 2023
Mageia
172
security advisoryarbitrary code executionmoderate severityUbuntu 22.04 LTS: USN-5476-1 Moderate: Liblouis Input Handling Issues
Several security issues were fixed in liblouis.. =========================================================================Ubuntu Security Notice USN-5476-1 June 13, 2022 liblouis vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in liblouis. Software Description: - liblouis: Braille translation library - utilities Details: Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-26981) It was discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-31783) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: liblouis-bin 3.20.0-2ubuntu0.1 liblouis20 3.20.0-2ubuntu0.1 Ubuntu 21.10: liblouis-bin 3.18.0-1ubuntu0.2 liblouis20 3.18.0-1ubuntu0.2 Ubuntu 20.04 LTS: liblouis-bin 3.12.0-3ubuntu0.1 liblouis20 3.12.0-3ubuntu0.1 Ubuntu 18.04 LTS: liblouis-bin 3.5.0-1ubuntu0.4 liblouis14 3.5.0-1ubuntu0.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5476-1 CVE-2022-26981, CVE-2022-31783 Package Information: https://launchpad.net/ubuntu/+source/liblouis/3.20.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/liblouis/3.18.0-1ubuntu0.2 https://launchpad.net/ubuntu/+source/liblouis/3.12.0-3ubuntu0.1 https://launchpad.net/ubuntu/+source/liblouis/3.5.0-1ubuntu0.4 . Immediate updates for Ubuntu's liblouissecurity flaws tackling crash and code execution vulnerabilities to improve safety.. Liblouis Vulnerabilities, Ubuntu Security Fix, System Update. . Severity: Important. LinuxSecurity.com Team
Jun 13, 2022
•Important
Ubuntu
200
security advisorysoftware updateremote code executionScientific Linux: SLSA-2015:1917-1 Important: libwmf Remote Code Execution
Important: libwmf security update. Date: Tue, 13 Oct 2015 09:07:30 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 7x x86_64 now available MIME-Version: 1.0 Message-ID: The following FASTBUGS have been uploaded to x86_64: tzdata-2015g-1.el7.noarch.rpm tzdata-java-2015g-1.el7.noarch.rpm Date: Tue, 20 Oct 2015 18:35:37 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: libwmf on SL6.x, SL7.x i386/x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Important: libwmf security update Advisory ID: SLSA-2015:1917-1 Issue Date: 2015-10-20 CVE Numbers: CVE-2015-0848 CVE-2015-4695 CVE-2015-4696 CVE-2015-4588 -- It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) After installing the update, all applications using libwmf must be restarted for the update to take effect. -- SL6 x86_64 libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-0.2.8.4-25.el6_7.x86_64.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm i386 libwmf-0.2.8.4-25.el6_7.i686.rpm libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm libwmf-lite-0.2.8.4-25.el6_7.i686.rpm libwmf-devel-0.2.8.4-25.el6_7.i686.rpm SL7 x86_64 libwmf-0.2.8.4-41.el7_1.i686.rpm libwmf-0.2.8.4-41.el7_1.x86_64.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm libwmf-lite-0.2.8.4-41.el7_1.i686.rpm libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm libwmf-devel-0.2.8.4-41.el7_1.i686.rpm libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm - Scientific Linux Development Team . An important libwmf security patch for Scientific Linux resolves several vulnerabilities that could lead to unintended code execution or application failures.. libwmf Security Update, Important Libwmf Fix, Scientific Linux Advisory. . Severity: Important. LinuxSecurity.com Team
Oct 20, 2015
•Important
Scientific Linux
172
security advisorycriticalUbuntuFedora 15: 2378-8 Critical Alert: Risk from libc Vulnerability
PyPAM could be made to crash or possibly run programs if it processed a specially crafted password.. =========================================================================Ubuntu Security Notice USN-1395-1 March 08, 2012 python-pam vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: PyPAM could be made to crash or possibly run programs if it processed a specially crafted password. Software Description: - python-pam: A Python interface to the PAM library Details: Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: python-pam 0.4.2-12.2ubuntu2.11.10.1 Ubuntu 11.04: python-pam 0.4.2-12.2ubuntu2.11.04.1 Ubuntu 10.10: python-pam 0.4.2-12.1ubuntu1.10.10.1 Ubuntu 10.04 LTS: python-pam 0.4.2-12.1ubuntu1.10.04.1 After a standard system update you need to restart applications that use PyPAM to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1395-1 CVE-2012-1502 Package Information: https://launchpad.net/ubuntu/+source/python-pam/0.4.2-12.2ubuntu2.11.10.1 https://launchpad.net/ubuntu/+source/python-pam/0.4.2-12.2ubuntu2.11.04.1 https://launchpad.net/ubuntu/+source/python-pam/0.4.2-12.1ubuntu1.10.10.1 https://launchpad.net/ubuntu/+source/python-pam/0.4.2-12.1ubuntu1.10.04.1 . A serious vulnerability in python-pam could lead to system crashes or unauthorized command executions. Detailed update guidelines are provided.. python-pam security, Ubuntu update, PAMexploit. . Severity: Critical. LinuxSecurity.com Team
Mar 08, 2012
•Critical
Ubuntu
89
security advisoryFedoraapplication updateFedora 9: 2009-3099 Critical: Firefox Memory Flaws & Exploits
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-3099 2009-03-28 00:57:36 --------------------------------------------------------------------------------Name : gtkmozembedmm Product : Fedora 9 Version : 1.4.2.cvs20060817 Release : 27.fc9 URL : Summary : C++ wrapper for GtkMozembed Description : This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software. --------------------------------------------------------------------------------Update Information: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or,potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series --------------------------------------------------------------------------------ChangeLog: * Fri Mar 27 2009 Christopher Aillon - 1.4.2.cvs20060817-27 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 1.4.2.cvs20060817-26 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 1.4.2.cvs20060817-25 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 1.4.2.cvs20060817-24 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 1.4.2.cvs20060817-23 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon - 1.4.2.cvs20060817-22 - Rebuild against newer gecko * Wed Sep 24 2008 Christopher Aillon - 1.4.2.cvs20060817-21 - Rebuild against newer gecko * Fri Jun 20 2008 Martin Stransky - 1.4.2.cvs20060817-20 - rebuild against new gecko-libs 1.9 (xulrunner) * Sat Apr 12 2008 Haïkel Guémar - 1.4.2.cvs20060817-19 - remove now useless sed one-liner. - fixed gtkmozembedmm-1.4.2.cvs20060817-xulrunner.patch - added gtkmozembedmm-1.4.2.cvs20060817-m4.patch * Mon Feb 18 2008 Fedora Release Engineering - 1.4.2.cvs20060817-18 - Autorebuild for GCC 4.3 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update gtkmozembedmm' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailinglist
Mar 28, 2009
•Critical
Fedora
99
security advisorybuffer overflowsoftware updateSlackware: SSA:2023-210-10 Moderate: Pcre Security Update Released
New pcre packages are available for Slackware 12.0, 12.1, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] pcre (SSA:2008-210-09) New pcre packages are available for Slackware 12.0, 12.1, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-2008-2371 Here are the details from the Slackware 12.1 ChangeLog: +--------------------------+ patches/packages/pcre-7.7-i486-1_slack12.1.tgz: Upgraded to pcre-7.7. Tavis Ormandy of the Google Security Team found a buffer overflow triggered when handling certain regular expressions. This could lead to a crash or possible execution of code as the user of the PCRE-linked application. For more information, see: https://www.cve.org/CVERecord?id=CVE-2008-2371 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pcre-7.7-i486-1_slack12.0.tgz Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pcre-7.7-i486-1_slack12.1.tgz Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 12.0 package: 30bf87a8e58d7dc8ece0df73ddbd1aec pcre-7.7-i486-1_slack12.0.tgz Slackware 12.1 package: a7d990fa0b1ff0c5eddc4592ee53bc72 pcre-7.7-i486-1_slack12.1.tgz Slackware -current package: feb0296bd7135808d4ed987204234f73 pcre-7.7-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg pcre-7.7-i486-1_slack12.1.tgz +-----+ . Latest pcre enhancements bolster Slackware's defenses by addressing a vulnerability, vital for overall system integrity.. Slackware Packages,Pcre Buffer Overflow,Security Fixes,Software Updates. . LinuxSecurity.com Team
Jul 29, 2008
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!