Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
203
security advisorythunderbirdspoofingMageia 9: 2025-0168 high: thunderbird sender spoofing and leaks
Sender Spoofing via Malformed From Header in Thunderbird. (CVE-2025-3875) Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. (CVE-2025-3877) JavaScript Execution via Spoofed PDF Attachment and file:/// Link. . MGASA-2025-0168 - Updated thunderbird packages fix security vulnerabilities Publication date: 27 May 2025 URL: https://advisories.mageia.org/MGASA-2025-0168.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-3875, CVE-2025-3877, CVE-2025-3909, CVE-2025-3932, CVE-2025-4918, CVE-2025-4919 Sender Spoofing via Malformed From Header in Thunderbird. (CVE-2025-3875) Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. (CVE-2025-3877) JavaScript Execution via Spoofed PDF Attachment and file:/// Link. (CVE-2025-3909) Tracking Links in Attachments Bypassed Remote Content Blocking. (CVE-2025-3932) Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References: - https://bugs.mageia.org/show_bug.cgi?id=34288 - https://www.thunderbird.net/en-US/thunderbird/128.10.1esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/ - https://www.thunderbird.net/en-US/thunderbird/128.10.2esr/releasenotes/ - https://www.thunderbird.net/en-US/thunderbird/128.10.2esr/releasenotes/ - https://www.cve.org/CVERecord?id=CVE-2025-3875 - https://www.cve.org/CVERecord?id=CVE-2025-3877 - https://www.cve.org/CVERecord?id=CVE-2025-3909 - https://www.cve.org/CVERecord?id=CVE-2025-3932 - https://www.cve.org/CVERecord?id=CVE-2025-4918 - https://www.cve.org/CVERecord?id=CVE-2025-4919 SRPMS: - 9/core/thunderbird-128.10.2-1.mga9 - 9/core/thunderbird-l10n-128.10.2-1.mga9 . The latest Thunderbird updates resolve issues related to authentication and insecure file retrieval, enhancing user protection.. spoofing, file download risks, credential leak, mageia thunderbird. . LinuxSecurity.com Team
May 27, 2025
Mageia
89
security advisorycritical issueupdateFedora 40: FEDORA-2025-666aaa6a0d critical: libheif OOB read
Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. NOTE: heif-convert tool was renamed to heif-dec. How to test:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-666aaa6a0d 2025-02-15 02:22:06.812110+00:00 -------------------------------------------------------------------------------- Name : libheif Product : Fedora 40 Version : 1.19.5 Release : 3.fc40 URL : https://github.com/strukturag/libheif Summary : HEIF and AVIF file format decoder and encoder Description : libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF (AV1 Image File Format) file format decoder and encoder. -------------------------------------------------------------------------------- Update Information: Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. NOTE: heif-convert tool was renamed to heif-dec. How to test: Download and unzip sample images from mastodon issue #31570. Try opening them with e.g. loupe or gimp. They fail to open with libheif-1.17.6, but should open successfully with libheif-1.19.5. Fixes CVE-2024-41311 . -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 5 2025 Robert-André Mauchin - 1.19.5-3 - Rebuilt for aom 3.11.0 * Fri Jan 17 2025 Fedora Release Engineering - 1.19.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sun Nov 24 2024 Packit - 1.19.5-1 - Update to version 1.19.5 - Resolves: rhbz#2327307 * Sun Nov 17 2024 Dominik Mierzejewski - 1.19.3-3 - disable OpenJPH encoder support to work-around crashes * Sat Nov 16 2024 Sérgio Basto - 1.19.3-2 - Add support to multilib in devel sub-package - Resolves: rhbz#2279891 * Tue Nov 12 2024Dominik Mierzejewski - 1.19.3-1 - update to 1.19.3 (resolves rhbz#2295525) - drop obsolete patches - enable OpenH264, OpenJPH (64-bit only) and Brotli decoders - run tests unconditionally, they no longer require special build options - drop conditional hevc subpackage - use fewer wildcards in the file lists - stop building rav1e and svt AV1 encoders as plugins * Thu Jul 18 2024 Fedora Release Engineering - 1.17.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2319289 - CVE-2024-41311 libheif: OOB read and write via ImageOverlay::parse() [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2319289 [ 2 ] Bug #2332519 - Update libheif https://bugzilla.redhat.com/show_bug.cgi?id=2332519 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-666aaa6a0d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . The Fedora 40 update for libheif brings vital improvements to image support and resolves multiple reading issues, alongside important security updates for protection. libheif security, Fedora update, OOB read fix, software maintenance. . Severity: Critical. LinuxSecurity.com Team
Feb 15, 2025
•Critical
Fedora
100
security advisorymoderatebuffer overflowSUSE Linux 15-SP1: 2020:1294-1 Moderate: File Buffer Overflow
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1294-1 Rating: moderate References: #1154661 #1169512 Cross-References: CVE-2019-18218 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-1294=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1294=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-1294=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1294=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python2-magic-5.32-7.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): file-debugsource-5.32-7.8.1 file-devel-32bit-5.32-7.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-magic-5.32-7.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): file-5.32-7.8.1 file-debuginfo-5.32-7.8.1 file-debugsource-5.32-7.8.1 file-devel-5.32-7.8.1 libmagic1-5.32-7.8.1 libmagic1-debuginfo-5.32-7.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): file-magic-5.32-7.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libmagic1-32bit-5.32-7.8.1 libmagic1-32bit-debuginfo-5.32-7.8.1 References: https://www.suse.com/security/cve/CVE-2019-18218.html https://bugzilla.suse.com/1154661 https://bugzilla.suse.com/1169512 _______________________________________________ sle-security-updates mailing list
May 18, 2020
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!