Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 10 articles for you...
203

Mageia 9: 2025-0150 critical: firefox javascript sandbox escape

A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox where XPath parsing could . MGASA-2025-0150 - Updated firefox packages fix security vulnerabilities Publication date: 08 May 2025 URL: https://advisories.mageia.org/MGASA-2025-0150.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-4083, CVE-2025-4087, CVE-2025-4091, CVE-2025-4093 A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption, CVE-2025-4087. Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code, CVE-2025-4091. Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code, CVE-2025-4093. References: - https://bugs.mageia.org/show_bug.cgi?id=34232 - https://www.firefox.com/en-US/firefox/128.10.0/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/ - https://www.cve.org/CVERecord?id=CVE-2025-4083 - https://www.cve.org/CVERecord?id=CVE-2025-4087 - https://www.cve.org/CVERecord?id=CVE-2025-4091 - https://www.cve.org/CVERecord?id=CVE-2025-4093 SRPMS: -9/core/firefox-128.10.0-1.mga9 - 9/core/firefox-l10n-128.10.0-1.mga9 . A flaw in Firefox permits a sandbox escape through Javascript URIs, necessitating a prompt security patch and upgrade for Mageia.. Firefox vulnerabilities, Mageia security advisory, javascript process isolation, memory safety issues, security updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 08, 2025 Critical Mageia
87

Debian: DSA-5542-1 Important: Nextcloud File Exposure Vulnerability

It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5531-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond October 23, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : roundcube CVE ID : CVE-2023-5631 Debian Bug : 1054079 It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code. For the oldstable distribution (bullseye), this problem has been fixed in version 1.4.15+dfsg.1-1~deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1.6.4+dfsg-1~deb12u1. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/roundcube Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu Security Notice USN-5432-1 highlights a vulnerability in phpMyAdmin that permitted unauthorized SQL commands to be executed.. roundcube security,debian advisory,javascript vulnerability,webmail security,roundcube update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 23, 2023 Important Debian
200

Scientific Linux SL7 SLSA-2022:7343-1 Important pcs Security Update

rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 pcs- [More...]. Synopsis: Important: pcs security update Advisory ID: SLSA-2022:7343-1 Issue Date: 2022-11-03 CVE Numbers: CVE-2019-11358 CVE-2022-30123 -- Security Fix(es): * rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 pcs-0.9.169-3.el7_9.3.x86_64.rpm pcs-debuginfo-0.9.169-3.el7_9.3.x86_64.rpm pcs-snmp-0.9.169-3.el7_9.3.x86_64.rpm - Scientific Linux Development Team . Crucial pcs security patch for Scientific Linux SL7.x focusing on severe vulnerabilities impacting rubygem and jquery.. pcs security advisory, Scientific Linux SLSA, rubygem fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 03, 2022 Important Scientific Linux
98

Red Hat Enterprise Linux 8.1 RHSA-2022:4767-01 Critical: Firefox Update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2022:4767-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4767 Issue date: 2022-05-27 CVE Names: CVE-2022-1529 CVE-2022-1802 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR. Security Fix(es): * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529) * Mozilla: Prototype pollution in Top-Level Await implementation (CVE-2022-1802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update,Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2089217 - CVE-2022-1802 Mozilla: Prototype pollution in Top-Level Await implementation 2089218 - CVE-2022-1529 Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.1): Source: firefox-91.9.1-1.el8_1.src.rpm ppc64le: firefox-91.9.1-1.el8_1.ppc64le.rpm firefox-debuginfo-91.9.1-1.el8_1.ppc64le.rpm firefox-debugsource-91.9.1-1.el8_1.ppc64le.rpm x86_64: firefox-91.9.1-1.el8_1.x86_64.rpm firefox-debuginfo-91.9.1-1.el8_1.x86_64.rpm firefox-debugsource-91.9.1-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1529 https://access.redhat.com/security/cve/CVE-2022-1802 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYpDdaNzjgjWX9erEAQhg8w/+MwTD0UuEiKfU+yTFzJVSPGUkCcaPEXY9 5fkdH5Qj/BtMJ3zY1UwEegYlQhcFYH1yo7YG/ctguAmEPU3ll8a3bxsGNQgPdHX8 f+FvTktNha7JBEcUlWuz9V/YOrdK9XbzC/jdjl85Fsf+q9yZiPBhdRTnnzJhltUW nMkp88bWf1iUaQBXmHMCBq/dDvTJe9zDn9kJz3PvwVGygOmRpXX8/wZrs/tLq74c K1lISiF48wH+9T05KlOTMqFXrxdHhUUrN/vaUqq2YPCuEKrs6s9gh9ZCYqtgKPoX dxKSGt75cjTtC+3ensrA/BKaipa53JvfowAEUTXzEodKQPfYGw11asIYfC4VRUyh 0WEn/h7ayda7GQ+wo14w7zJyDW6u5dG57cy3zMCV9cr1CQmHT6ptIMd5xKqpjmtn OxHdZAScqjFkBERwBWy7xOeyuJyUExN/t7XJbxGwQVhh+egOOlI8PhG16Mv6CyOp 80Lan0523gA/oLX4f8nxzzZ60UwFOCihToUPswRJxp1cv454BDohQWWAgZzG8yTN QhI8OCOsKBXAxObC5tl/cEQz/0xlBH+s4oHoJPUfvD0uwXY6cA0RpAk0caqcuWEc utFNUFdoo3Rrygjc7YZIVyjs08egso9vxHYi380x/P/XoCwR+oIov8rh++NiIzXk e/WdF09/scQ=BXVw -----END PGP SIGNATURE----- -- RHSA-announce mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. . Important revision for Firefox on Red Hat Enterprise Linux targets urgent security issues linked to object indexing.. Firefox Update, Red Hat Advisory, Security Fixes, JavaScript Issues, Linux Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 27, 2022 Critical Red Hat
203

Mageia 8: 2022-0207 Moderate Security Update for Firefox and Thunderbird

Prototype pollution in Top-Level Await implementation. (CVE-2022-1802) Untrusted input used in JavaScript object indexing, leading to prototype pollution. (CVE-2022-1529) . MGASA-2022-0207 - Updated firefox/thunderbird packages fix security vulnerability Publication date: 25 May 2022 URL: https://advisories.mageia.org/MGASA-2022-0207.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-1802, CVE-2022-1529 Prototype pollution in Top-Level Await implementation. (CVE-2022-1802) Untrusted input used in JavaScript object indexing, leading to prototype pollution. (CVE-2022-1529) References: - https://bugs.mageia.org/show_bug.cgi?id=30463 - https://www.firefox.com/en-US/firefox/91.9.1/releasenotes/?redirect_source=mozilla-org - https://www.thunderbird.net/en-US/thunderbird/91.9.1/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/ - https://www.cve.org/CVERecord?id=CVE-2022-1802 - https://www.cve.org/CVERecord?id=CVE-2022-1529 SRPMS: - 8/core/firefox-91.9.1-1.mga8 - 8/core/firefox-l10n-91.9.1-1.mga8 - 8/core/thunderbird-91.9.1-1.mga8 - 8/core/thunderbird-l10n-91.9.1-1.mga8 . The latest releases of Firefox and Thunderbird address critical security issues, focusing on mitigating risks associated with remote code execution and insecure authentication practices.. prototype Pollution, Javascript Security, Firefox Update, Thunderbird Update. . LinuxSecurity.com Team

Calendar%202 May 25, 2022 Mageia
172

Ubuntu 21.10 & 20.04 LTS USN-5394-1 Critical WebKitGTK Threats

Several security issues were fixed in WebKitGTK.. =========================================================================Ubuntu Security Notice USN-5394-1 April 28, 2022 webkit2gtk vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS Summary: Several security issues were fixed in WebKitGTK. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libjavascriptcoregtk-4.0-18 2.36.0-0ubuntu0.21.10.3 libwebkit2gtk-4.0-37 2.36.0-0ubuntu0.21.10.3 Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.36.0-0ubuntu0.20.04.3 libwebkit2gtk-4.0-37 2.36.0-0ubuntu0.20.04.3 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. References: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.0-0ubuntu0.21.10.3 https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.0-0ubuntu0.20.04.3 . Addressed vulnerabilities in WebKitGTK within Ubuntu patches mitigate risks of possible exploitation, enhancing vital security protocols.. WebKitGTK Security, Ubuntu Updates, App Security Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 28, 2022 Critical Ubuntu
203

Mageia 8: 2022-0059 Critical: Webkit2 JavaScript Code Execution

Processing a maliciously crafted mail message may lead to running arbitrary javascript. Description: A validation issue was addressed with improved input sanitization. (CVE-2022-22589) Processing maliciously crafted web content may lead to arbitrary code . MGASA-2022-0059 - Updated webkit2 packages fix security vulnerability Publication date: 12 Feb 2022 URL: https://advisories.mageia.org/MGASA-2022-0059.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-22589, CVE-2022-22590, CVE-2022-22592 Processing a maliciously crafted mail message may lead to running arbitrary javascript. Description: A validation issue was addressed with improved input sanitization. (CVE-2022-22589) Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management. (CVE-2022-22590) Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: A logic issue was addressed with improved state management. (CVE-2022-22592) References: - https://bugs.mageia.org/show_bug.cgi?id=30018 - https://webkitgtk.org/security/WSA-2022-0002.html - https://webkitgtk.org/2022/02/09/webkitgtk2.34.5-released.html - https://www.cve.org/CVERecord?id=CVE-2022-22589 - https://www.cve.org/CVERecord?id=CVE-2022-22590 - https://www.cve.org/CVERecord?id=CVE-2022-22592 SRPMS: - 8/core/webkit2-2.34.5-1.mga8 . Mageia 2022-0060 security bulletin tackles weaknesses in input assessment and resource management within webkit2 to avert potential exploits.. Mageia Security, Webkit2 Update, Code Execution Fix, Input Validation, Memory Management. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 12, 2022 Critical Mageia
197

Debian 9: DLA-2511-1 Critical: highlight.js Prototype Pollution

An issue has been found in highlight.js, a JavaScript library for syntax highlighting. If a website or application renders user provided data it might be affected by a Prototype Pollution. This might result in strange . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2511-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz December 30, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : highlight.js Version : 8.2+ds-5+deb9u1 CVE ID : CVE-2020-26237 An issue has been found in highlight.js, a JavaScript library for syntax highlighting. If a website or application renders user provided data it might be affected by a Prototype Pollution. This might result in strange behavior or crashes of applications that do not correctly handle unknown properties. For Debian 9 stretch, this problem has been fixed in version 8.2+ds-5+deb9u1. We recommend that you upgrade your highlight.js packages. For the detailed security status of highlight.js please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/highlight.js Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-4900-1 resolves a major vulnerability in curl, affecting systems using network protocols to transfer data.. highlight.js security, prototype pollution, debian lts. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 30, 2020 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200