Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
197
security advisorydebianmoderate severityDebian 10 DLA-3725-1 Moderate: Postfix SMTP Smuggling Issue
Postfix, a popular mail server, allowed SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3725-1
Jan 30, 2024
Debian LTS
172
security advisorydenial of servicecriticalUbuntu 23.10: 6563-1 Critical: Thunderbird DoS and Email Spoofs
Several security issues were fixed in Thunderbird.. ========================================================================== Ubuntu Security Notice USN-6563-1 January 02, 2024 thunderbird vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.(CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864) Marcus Brinkmann discovered that Thunderbird did not properly parse a PGP/MIME payload that contains digitally signed text. An attacker could potentially exploit this issue to spoof an email message. (CVE-2023-50762) Marcus Brinkmann discovered that Thunderbird did not properly compare the signature creation date with the message date and time when using digitally signed S/MIME email message. An attacker could potentially exploit this issue to spoof date and time of an email message. (CVE-2023-50761) DoHyun Lee discovered that Thunderbird did not properly manage memory when used on systems with the Mesa VM driver. An attacker could potentially exploit this issue to execute arbitrary code. (CVE-2023-6856) Andrew Osmond discovered that Thunderbird did not properly validate the textures produced by remote decoders. An attacker could potentially exploit this issue to escape the sandbox. (CVE-2023-6860) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu23.10: thunderbird 1:115.6.0+build2-0ubuntu0.23.10.1 Ubuntu 23.04: thunderbird 1:115.6.0+build2-0ubuntu0.23.04.1 Ubuntu 22.04 LTS: thunderbird 1:115.6.0+build2-0ubuntu0.22.04.1 Ubuntu 20.04 LTS: thunderbird 1:115.6.0+build2-0ubuntu0.20.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6563-1 CVE-2023-50761, CVE-2023-50762, CVE-2023-6856, CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864 Package Information: https://launchpad.net/ubuntu/+source/thunderbird/1:115.6.0+build2-0ubuntu0.23.10.1 https://launchpad.net/ubuntu/+source/thunderbird/1:115.6.0+build2-0ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/thunderbird/1:115.6.0+build2-0ubuntu0.22.04.1 . Multiple security issues were fixed in Thunderbird, addressing critical email spoofing and DoS threats on Ubuntu systems.. thunderbird update,email exploits,ubuntu security. . Severity: Critical. LinuxSecurity.com Team
Jan 02, 2024
•Critical
Ubuntu
203
security advisorysoftware updatethunderbirdMageia: 2022-0072 Critical: Thunderbird Out-Of-Bounds Write Exploit
Crafted email could trigger an out-of-bounds write. (CVE-2022-0566) References: - https://bugs.mageia.org/show_bug.cgi?id=30055 - https://www.thunderbird.net/en-US/thunderbird/91.6.1/releasenotes/ . MGASA-2022-0072 - Updated thunderbird packages fix security vulnerability Publication date: 18 Feb 2022 URL: https://advisories.mageia.org/MGASA-2022-0072.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-0566 Crafted email could trigger an out-of-bounds write. (CVE-2022-0566) References: - https://bugs.mageia.org/show_bug.cgi?id=30055 - https://www.thunderbird.net/en-US/thunderbird/91.6.1/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/ - https://www.cve.org/CVERecord?id=CVE-2022-0566 SRPMS: - 8/core/thunderbird-91.6.1-1.mga8 - 8/core/thunderbird-l10n-91.6.1-1.mga8 . Mageia 2022-0072 addresses a vulnerability in Thunderbird that could result in an out-of-bounds write condition due to a flaw in email handling. More information available.. Mageia Update, Thunderbird Security, Email Exploit, Out-of-Bounds, Security Fix. . Severity: Critical. LinuxSecurity.com Team
Feb 17, 2022
•Critical
Mageia
203
security advisorydenial of servicecriticalMageia 2021-0194 Critical Advisory: ClamAV Denial Of Service Risk
The updated packages fix a security vulnerability: A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition . MGASA-2021-0194 - Updated clamav packages fix security vulnerability Publication date: 18 Apr 2021 URL: https://advisories.mageia.org/MGASA-2021-0194.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-1405 The updated packages fix a security vulnerability: A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition (CVE-2021-1405). Advisory text to describe the update. Wrap lines at ~75 chars. References: - https://bugs.mageia.org/show_bug.cgi?id=28786 - https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html - https://www.cve.org/CVERecord?id=CVE-2021-1405 SRPMS: - 8/core/clamav-0.103.2-1.mga8 - 7/core/clamav-0.103.2-1.mga7 . A security update has been rolled out for ClamAV addressing a flaw that might enable denial of service through problems in email analysis.. ClamAV Update, Mageia Security, Remote Exploit, Email Vulnerability, Denial of Service. . Severity: Critical. LinuxSecurity.com Team
Apr 18, 2021
•Critical
Mageia
87
security advisorysecurity updateDebianDebian: DSA-4464-1 Critical: Thunderbird Arbitrary Code Execution
Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For the stable distribution (stretch), these problems have been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4464-1
Jun 15, 2019
•Critical
Debian
202
security advisorymoderateaccess controlopenSUSE 15.0: 2018:3005-1 Moderate OTRS Email Exploits
An update that fixes three vulnerabilities is now available.. openSUSE Security Update: Security update for otrs______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3005-1 Rating: moderate References: #1103800 #1109822 #1109823 Cross-References: CVE-2018-14593 CVE-2018-16586 CVE-2018-16587 Affected Products: openSUSE Leap 15.0 openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for otrs to version 4.0.32 fixes the following issues: These security issues were fixed: - CVE-2018-16586: An attacker could have sent a malicious email to an OTRS system. If a logged in user opens it, the email could have caused the browser to load external image or CSS resources (bsc#1109822). - CVE-2018-16587: An attacker could have sent a malicious email to an OTRS system. If a user with admin permissions opens it, it caused deletions of arbitrary files that the OTRS web server user has write access to (bsc#1109823). - CVE-2018-14593: An attacker who is logged into OTRS as an agent may have escalated their privileges by accessing a specially crafted URL (bsc#1103800). These non-security issues were fixed: - fixed permissions file @OTRS_ROOT@/var/tmp -> @OTRS_ROOT@/var/tmp/ - ACL for Action AgentTicketBulk were inconsistent. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1106=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2018-1106=1 Package List: - openSUSE Leap 15.0 (noarch): otrs-4.0.32-lp150.2.3.1 otrs-doc-4.0.32-lp150.2.3.1 otrs-itsm-4.0.32-lp150.2.3.1 - openSUSE Backports SLE-15 (noarch): otrs-4.0.32-bp150.3.3.1 otrs-doc-4.0.32-bp150.3.3.1 otrs-itsm-4.0.32-bp150.3.3.1 References: https://www.suse.com/security/cve/CVE-2018-14593.html https://www.suse.com/security/cve/CVE-2018-16586.html https://www.suse.com/security/cve/CVE-2018-16587.html https://bugzilla.suse.com/1103800 https://bugzilla.suse.com/1109822 https://bugzilla.suse.com/1109823 -- . A recent update for openSUSE resolves multiple vulnerabilities found in OTRS. Check the advisory for specifics on the issues, including patches and correction steps.. openSUSE Security Update, OTRS Fixes, Email Security, Access Control Issues, Vulnerability Fix. . LinuxSecurity.com Team
Oct 04, 2018
OpenSUSE
87
security advisoryremote code executiondebianDebian: DSA-3769-1 Urgent: libphp-swiftmailer Remote Code Execution
Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a mailing solution for PHP, did not correctly validate user input. This allowed a remote attacker to execute arbitrary code by passing specially formatted email addresses in specific email headers. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3769-1
Jan 22, 2017
•Critical
Debian
172
security advisorymoderatekdepimUbuntu 12.04 LTS: USN-1512-1 Moderate: KDE PIM JavaScript Exploit
KDE PIM could be made to execute JavaScript if it opened a specially crafted email.. =========================================================================Ubuntu Security Notice USN-1512-1 July 19, 2012 kdepim vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 Summary: KDE PIM could be made to execute JavaScript if it opened a specially crafted email. Software Description: - kdepim: Personal Information Management apps Details: It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: kdepim 4:4.8.4a-0ubuntu0.3 Ubuntu 11.10: kdepim 4:4.7.4+git111222-0ubuntu0.3 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1512-1 CVE-2012-3413 Package Information: https://launchpad.net/ubuntu/+source/kdepim/4:4.8.4a-0ubuntu0.3 https://launchpad.net/ubuntu/+source/kdepim/4:4.7.4+git111222-0ubuntu0.3 . New KDE PIM flaw in Ubuntu enables JavaScript execution through specially designed emails. Security update advised for user protection.. KDEPIM, JavaScript Exploit, Email Security, Ubuntu Updates. . Severity: Important. LinuxSecurity.com Team
Jul 19, 2012
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!