Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 949 articles for you...
203

Mageia 9: 2025-0201 critical: Firefox multiple security issues

CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6425: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing . MGASA-2025-0201 - Updated rootcerts, nss & firefox packages fix security vulnerabilities Publication date: 02 Jul 2025 URL: https://advisories.mageia.org/MGASA-2025-0201.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-6424, CVE-2025-6425, CVE-2025-6429, CVE-2025-6430 CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6425: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. CVE-2025-6429: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. CVE-2025-6430: When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag, potentially making a website vulnerable to a cross-site scripting attack. We can't yet ship this update to the armv7hl architecture; we are investigating the issue and will try to update firefox for armv7hl as soon as possible. References: - https://bugs.mageia.org/show_bug.cgi?id=34393 - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_113.html - https://www.firefox.com/en-US/firefox/128.12.0/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/ - https://www.cve.org/CVERecord?id=CVE-2025-6424 - https://www.cve.org/CVERecord?id=CVE-2025-6425 - https://www.cve.org/CVERecord?id=CVE-2025-6429 -https://www.cve.org/CVERecord?id=CVE-2025-6430 SRPMS: - 9/core/firefox-128.12.0-1.1.mga9 - 9/core/firefox-l10n-128.12.0-1.1.mga9 - 9/core/rootcerts-20250613.00-1.mga9 - 9/core/nss-3.113.0-1.mga9 . The latest Mageia 9 updates for Firefox address significant vulnerabilities, including critical patches for various security flaws such as cross-origin scripting.. Firefox Updates, Mageia Security, Exploit Mitigations, Browser Vulnerabilities, NSS Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 02, 2025 Critical Mageia
203

Mageia 9: Advisory 2025-0200 critical: libarchive buffer overflow

Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c. (CVE-2025-5914) Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c. (CVE-2025-5915) Integer overflow while reading warc files at . MGASA-2025-0200 - Updated libarchive packages fix security vulnerabilities Publication date: 02 Jul 2025 URL: https://advisories.mageia.org/MGASA-2025-0200.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917 Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c. (CVE-2025-5914) Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c. (CVE-2025-5915) Integer overflow while reading warc files at archive_read_support_format_warc.c. (CVE-2025-5916) Off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c. (CVE-2025-5917) References: - https://bugs.mageia.org/show_bug.cgi?id=34402 - https://ubuntu.com/security/notices/USN-7601-1 - https://www.cve.org/CVERecord?id=CVE-2025-5914 - https://www.cve.org/CVERecord?id=CVE-2025-5915 - https://www.cve.org/CVERecord?id=CVE-2025-5916 - https://www.cve.org/CVERecord?id=CVE-2025-5917 SRPMS: - 9/core/libarchive-3.6.2-5.5.mga9 . The Mageia advisory 2025-0305 discusses urgent updates for libarchive due to significant security flaws.. Mageia, libarchive, security, buffer overflow, integer overflow. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 02, 2025 Critical Mageia
203

Mageia 9 MGASA-2025-0199 critical: x11-server security issues fixed

Out-of-bounds access in X Rendering extension (Animated cursors). (CVE-2025-49175) Integer overflow in Big Requests Extension. (CVE-2025-49176) Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode). (CVE-2025-49177) . MGASA-2025-0199 - Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities Publication date: 28 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0199.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-49175, CVE-2025-49176, CVE-2025-49177, CVE-2025-49178, CVE-2025-49179, CVE-2025-49180 Out-of-bounds access in X Rendering extension (Animated cursors). (CVE-2025-49175) Integer overflow in Big Requests Extension. (CVE-2025-49176) Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode). (CVE-2025-49177) Unprocessed client request via bytes to ignore. (CVE-2025-49178) Integer overflow in X Record extension. (CVE-2025-49179) Integer overflow in RandR extension (RRChangeProviderProperty). (CVE-2025-49180) References: - https://bugs.mageia.org/show_bug.cgi?id=34381 - https://www.openwall.com/lists/oss-security/2025/06/17/3 - https://www.openwall.com/lists/oss-security/2025/06/18/2 - https://www.cve.org/CVERecord?id=CVE-2025-49175 - https://www.cve.org/CVERecord?id=CVE-2025-49176 - https://www.cve.org/CVERecord?id=CVE-2025-49177 - https://www.cve.org/CVERecord?id=CVE-2025-49178 - https://www.cve.org/CVERecord?id=CVE-2025-49179 - https://www.cve.org/CVERecord?id=CVE-2025-49180 SRPMS: - 9/core/x11-server-21.1.8-7.8.mga9 - 9/core/x11-server-xwayland-22.1.9-1.8.mga9 - 9/core/tigervnc-1.13.1-2.8.mga9 . Several important patches tackle major vulnerabilities in x11-server and associated software for Mageia.. Mageia, x11-server, security updates, tigervnc, integer overflow. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 28, 2025 Critical Mageia
203

Mageia 9: MGASA-2025-0198 important: gdk-pixbuf memory disclosure

It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure. References: - https://bugs.mageia.org/show_bug.cgi?id=34388 . MGASA-2025-0198 - Updated gdk-pixbuf2.0 packages fix security vulnerability Publication date: 27 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0198.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-6199 It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure. References: - https://bugs.mageia.org/show_bug.cgi?id=34388 - https://lists.debian.org/debian-security-announce/2025/msg00110.html - https://www.cve.org/CVERecord?id=CVE-2025-6199 SRPMS: - 9/core/gdk-pixbuf2.0-2.42.10-2.2.mga9 . The GDK Pixbuf library has rolled out a critical security patch that targets memory exposure vulnerabilities on Mageia 9.. GDK Pixbuf Update, Mageia Security Advisory, Memory Disclosure Fix, gdk-pixbuf Vulnerability. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 27, 2025 Important Mageia
203

Mageia 9: MGASA-2025-0197 critical: thunderbird memory corruption

CVE-2025-5262: A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly . MGASA-2025-0197 - Updated thunderbird packages fix security vulnerabilities Publication date: 27 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0197.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-5262, CVE-2025-5263, CVE-2025-5264, CVE-2025-5266, CVE-2025-5267, CVE-2025-5268, CVE-2025-5269, CVE-2025-5986 CVE-2025-5262: A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. CVE-2025-5264: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. CVE-2025-5266: Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. CVE-2025-5267: A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. CVE-2025-5268: Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2025-5269: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrarycode. CVE-2025-5986: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. We can't ship this update to armv7hl architecture, we are investigating the issue and will try to update thunderbird for armv7hl as soon as posible. References: - https://bugs.mageia.org/show_bug.cgi?id=34338 - https://www.thunderbird.net/en-US/thunderbird/128.11.0esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/ - https://www.thunderbird.net/en-US/thunderbird/128.11.1esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2025-49/ - https://www.cve.org/CVERecord?id=CVE-2025-5262 - https://www.cve.org/CVERecord?id=CVE-2025-5263 - https://www.cve.org/CVERecord?id=CVE-2025-5264 - https://www.cve.org/CVERecord?id=CVE-2025-5266 - https://www.cve.org/CVERecord?id=CVE-2025-5267 - https://www.cve.org/CVERecord?id=CVE-2025-5268 - https://www.cve.org/CVERecord?id=CVE-2025-5269 - https://www.cve.org/CVERecord?id=CVE-2025-5986 SRPMS: - 9/core/thunderbird-128.11.1-1.1.mga9 - 9/core/thunderbird-l10n-128.11.1-1.mga9 . Numerous significant vulnerabilities in Firefox demand urgent action to avert possible code execution threats.. Thunderbird exploits, Mageia security patch, memory safety issues. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 27, 2025 Critical Mageia
203

Mageia 9: Critical Flaw 2025-0196 in chromium-browser Causes Security Risks

Integer overflow in V8. (CVE-2025-6191) Use after free in Profiler. (CVE-2025-6192) References: - https://bugs.mageia.org/show_bug.cgi?id=34386 . MGASA-2025-0196 - Updated chromium-browser-stable packages fix security vulnerabilities Publication date: 25 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0196.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-6191, CVE-2025-6192 Integer overflow in V8. (CVE-2025-6191) Use after free in Profiler. (CVE-2025-6192) References: - https://bugs.mageia.org/show_bug.cgi?id=34386 - https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html - https://www.cve.org/CVERecord?id=CVE-2025-6191 - https://www.cve.org/CVERecord?id=CVE-2025-6192 SRPMS: - 9/tainted/chromium-browser-stable-136.0.7103.113-3.mga9.tainted . Mageia 9 releases a chromium-browser upgrade addressing buffer overflow and memory management vulnerabilities, enhancing security and system stability.. Mageia security, chromium-browser update, integer overflow fix, mageia vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 25, 2025 Critical Mageia
203

Mageia 9: MGASA-2025-0194 important: yarnpkg denial of service

CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via . MGASA-2025-0194 - Updated yarnpkg packages fix security vulnerabilities Publication date: 25 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0194.html Type: security Affected Mageia releases: 9 CVE: CVE-2020-7677, CVE-2021-43138, CVE-2022-3517, CVE-2024-37890, CVE-2024-48949, CVE-2022-37599, CVE-2023-26136, CVE-2023-46234, CVE-2024-12905, CVE-2024-4067, CVE-2025-48387 CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file And other vulnerabilities in the yarn's bundled nodejs components are fixed too, see the references. References: - https://bugs.mageia.org/show_bug.cgi?id=33674 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/2UGLXZO6VIHGIITQTEUY5Q5YCAP2A4ZP/ - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/VEDIJM7VQF4Q2L2KKQ6KJ2WZNR7AXYQD/ - https://www.cve.org/CVERecord?id=CVE-2020-7677 - https://www.cve.org/CVERecord?id=CVE-2021-43138 - https://www.cve.org/CVERecord?id=CVE-2022-3517 - https://www.cve.org/CVERecord?id=CVE-2024-37890 - https://www.cve.org/CVERecord?id=CVE-2024-48949 - https://www.cve.org/CVERecord?id=CVE-2022-37599 - https://www.cve.org/CVERecord?id=CVE-2023-26136 - https://www.cve.org/CVERecord?id=CVE-2023-46234 - https://www.cve.org/CVERecord?id=CVE-2024-12905 - https://www.cve.org/CVERecord?id=CVE-2024-4067 - https://www.cve.org/CVERecord?id=CVE-2025-48387 SRPMS: - 9/core/yarnpkg-1.22.22-0.10.9.2.1.mga9 . Mageia has rolled out an update for yarnpkg to address several securityvulnerabilities, such as denial of service and issues related to signature verification.. yarnpkg updates, Mageia security, denial of service, signature verification. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 25, 2025 Important Mageia
203

Mageia 9: 2025-0193 critical: python-django log injection issue

Potential log injection via unescaped request path. (CVE-2025-48432) References: - https://bugs.mageia.org/show_bug.cgi?id=34348 - https://www.openwall.com/lists/oss-security/2025/06/04/5 . MGASA-2025-0193 - Updated python-django packages fix security vulnerability Publication date: 25 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0193.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-48432 Potential log injection via unescaped request path. (CVE-2025-48432) References: - https://bugs.mageia.org/show_bug.cgi?id=34348 - https://www.openwall.com/lists/oss-security/2025/06/04/5 - https://www.openwall.com/lists/oss-security/2025/06/10/2 - https://ubuntu.com/security/notices/USN-7555-1 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/LVFOPDCA45B4XTMYRHQUSJ7JCA56453W/ - https://www.cve.org/CVERecord?id=CVE-2025-48432 SRPMS: - 9/core/python-django-4.1.13-1.5.mga9 . The Arch Linux security announcement highlights a significant vulnerability in the nodejs packages, recommending immediate patching.. python-django update, log injection fix, Mageia security advisory, security patch, software vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 25, 2025 Critical Mageia
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200