Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 45 articles for you...
87

Debian: DSA-3580-2 Critical: Iceweasel Buffer Overflow Risk

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3559-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff April 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 38.8.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.8.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 45.1.0esr-1 of the firefox-esr source package and version 46.0-1 of the firefox source package. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance Iceweasel to resolve memory vulnerabilities causing code execution and service interruptions in Debian.. Iceweasel Security Update, Debian Advisory, Buffer Overflow Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 27, 2016 Critical Debian
87

Debian: DSA-3523-1 Critical: Iceweasel Font Issue Resolved

This update disables the Graphite font shaping library in Iceweasel, Debian's version of the Mozilla Firefox web browser. For the oldstable distribution (wheezy), this problem has been fixed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3523-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : not available This update disables the Graphite font shaping library in Iceweasel, Debian's version of the Mozilla Firefox web browser. For the oldstable distribution (wheezy), this problem has been fixed in version 38.7.1esr-1~deb7u1. For the stable distribution (jessie), this problem has been fixed in version 38.7.1esr-1~deb8u1. For the unstable distribution (sid), this problem has been fixed in version 45.0.1esr-1 of the firefox-esr source package. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent patch for Iceweasel has removed support for the Graphite font shaping library to bolster security measures across Debian platforms.. Debian Security Advisory, Iceweasel Update, Browser Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 20, 2016 Critical Debian
87

Debian 8 DSA-3477-1 Critical: Iceweasel Input Sanitization Issue

Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3477-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2016-1523 Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code. For the oldstable distribution (wheezy), this problem has been fixed in version 38.6.1esr-1~deb7u1. For the stable distribution (jessie), this problem has been fixed in version 38.6.1esr-1~deb8u1. For the unstable distribution (sid), this problem has been fixed in version 44.0-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Ensure your system is secure with the recent Ubuntu update USN-5001-1, which fixes a vulnerability in firefox's data validation process.. Debian Security, Iceweasel Update, Code Execution Risk. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 14, 2016 Critical Debian
87

Debian: DSA-3457-1 Critical: Iceweasel Buffer Overflow and TLS Attack

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and a buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3457-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-7575 CVE-2016-1930 CVE-2016-1935 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and a buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2. For the oldstable distribution (wheezy), these problems have been fixed in version 38.6.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.6.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 44.0-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Numerous vulnerabilities in Firefox may permit unauthorized code execution. Urgent update advised across all platforms.. Iceweasel Buffer Overflow, Debian Security Update, Memory Safety Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 27, 2016 Critical Debian
87

Debian 8 DSA-3365-1: Iceweasel Moderate Execution Risk Advisory

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3365-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff September 23, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-4500 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 38.3.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.3.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 38.3.0esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Several vulnerabilities in Iceweasel could result in code execution and data exposure. It is advisable to upgrade to ensure security.. IceweaselUpdate, Debian Security Fix, Browser Security Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 23, 2015 Important Debian
87

Debian: DSA-3345-1 Critical: Iceweasel Use-After-Free Attack

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems: . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3345-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso August 29, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-4497 CVE-2015-4498 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4497 Jean-Max Reymond and Ucha Gobejishvili discovered a use-after-free vulnerability which occurs when resizing of a canvas element is triggered in concert with style changes. A web page containing malicious content can cause Iceweasel to crash, or potentially, execute arbitrary code with the privileges of the user running Iceweasel. CVE-2015-4498 Bas Venis reported a flaw in the handling of add-ons installation. A remote attacker can take advantage of this flaw to bypass the add-on installation prompt and trick a user into installing an add-on from a malicious source. For the oldstable distribution (wheezy), these problems have been fixed in version 38.2.1esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.2.1esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 38.2.1esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list:This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent update for Iceweasel rectifies several vulnerabilities for Debian aficionados, promising a more secure surfing experience.. Iceweasel Security, Debian Advisory, Browser Issues, Critical Update, Software Safety. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 29, 2015 Critical Debian
87

Debian 38.x: DSA-3333-1 Critical Iceweasel Execution Flaw

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3333-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 12, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-4473 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4484 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4492 CVE-2015-4493 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of service. Debian follows the extended support releases (ESR) of Firefox. Support for the 31.x series has ended, so starting with this update we're now following the 38.x releases. For the oldstable distribution (wheezy), these problems have been fixed in version 38.2.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.2.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 38.2.0esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Important iceweasel patch release forDebian addressing memory leaks and code execution vulnerabilities. Installation advised for enhanced reliability.. Iceweasel Update, Debian Security, Mozilla Firefox Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 12, 2015 Critical Debian
87

Debian: DSA-3300-1 Critical: Iceweasel Execution Code Risk

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3300-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2015-2743 CVE-2015-4000 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2728 CVE-2015-2731 CVE-2015-2724 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the "LogJam" vulnerability. For the oldstable distribution (wheezy), this problem has been fixed in version 31.8.0esr-1~deb7u1. For the stable distribution (jessie), this problem has been fixed in version 31.8.0esr-1~deb8u1. For the unstable distribution (sid), this problem has been fixed in version 38.1.0esr-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Several vulnerabilities identified in Iceweasel may result in denial of service or unauthorized code execution. Important patches released.. IceweaselSecurity Update, Mozilla Firefox Risk, Debian Safety Notice. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 04, 2015 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200