Stay Vigilant with Timely Linux Security Advisories

Refine advisories

X Clear Filters

Critical (2)

Important (1)

Ubuntu (4930)

denial of service (18259)

moderate (19164)

python-pip (63)

security advisory (114756)

system update (1879)

GStreamer (100)

important (27647)

plugin issue (11)

MySQL (355)

Fedora (3)

Mageia (1)

Published Date Range

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

bottom 200

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Banner 2 1028x280 1708121730 1 1771599631

Explore Latest Linux Security advisories

We found -5 articles for you...

security advisoryFedorasecurity fixes

Fedora: 2020-8aca25b5c8 moderate: chromium major release update

Update to Chromium 86. A few big things here: 1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium: chrome://flags/#enable-. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-8aca25b5c8 2020-11-07 00:22:38.030889 --------------------------------------------------------------------------------Name : chromium Product : Fedora 31 Version : 86.0.4240.111 Release : 1.fc31 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Update to Chromium 86. A few big things here: 1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium: chrome://flags/#enable-accelerated-video-decode Be sure it is turned on. Note that not all GPUs are supported. 2. All the security fixes you expect with a major release: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 3. Without batsacting as pollinators, agave and cacao plants would struggle. That means that bats are responsible for tequila and chocolate. --------------------------------------------------------------------------------ChangeLog: * Wed Oct 21 2020 Tom Callaway - 86.0.4240.111-1 - update to 86.0.4240.111 * Tue Oct 20 2020 Tom Callaway - 86.0.4240.75-2 - use bundled zlib/minizip on el7 (thanks Red Hat. :P) * Wed Oct 14 2020 Tom Callaway - 86.0.4240.75-1 - update to 86.0.4240.75 * Mon Sep 28 2020 Tom Callaway - 85.0.4183.121-2 - rebuild for libevent --------------------------------------------------------------------------------References: [ 1 ] Bug #1885883 - CVE-2020-15967 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1885883 [ 2 ] Bug #1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885884 [ 3 ] Bug #1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1885885 [ 4 ] Bug #1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC https://bugzilla.redhat.com/show_bug.cgi?id=1885886 [ 5 ] Bug #1885887 - CVE-2020-15971 chromium-browser: Use after free in printing https://bugzilla.redhat.com/show_bug.cgi?id=1885887 [ 6 ] Bug #1885888 - CVE-2020-15972 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1885888 [ 7 ] Bug #1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=1885889 [ 8 ] Bug #1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager https://bugzilla.redhat.com/show_bug.cgi?id=1885890 [ 9 ] Bug #1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1885891 [ 10 ] Bug #1885892 - CVE-2020-15974 chromium-browser: Integeroverflow in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885892 [ 11 ] Bug #1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=1885893 [ 12 ] Bug #1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR https://bugzilla.redhat.com/show_bug.cgi?id=1885894 [ 13 ] Bug #1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking https://bugzilla.redhat.com/show_bug.cgi?id=1885896 [ 14 ] Bug #1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs https://bugzilla.redhat.com/show_bug.cgi?id=1885897 [ 15 ] Bug #1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1885899 [ 16 ] Bug #1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1885901 [ 17 ] Bug #1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents https://bugzilla.redhat.com/show_bug.cgi?id=1885902 [ 18 ] Bug #1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio https://bugzilla.redhat.com/show_bug.cgi?id=1885903 [ 19 ] Bug #1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache https://bugzilla.redhat.com/show_bug.cgi?id=1885904 [ 20 ] Bug #1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI https://bugzilla.redhat.com/show_bug.cgi?id=1885905 [ 21 ] Bug #1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1885906 [ 22 ] Bug #1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885907 [ 23 ] Bug #1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media https://bugzilla.redhat.com/show_bug.cgi?id=1885908 [ 24 ] Bug #1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1885909 [ 25 ] Bug #1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking https://bugzilla.redhat.com/show_bug.cgi?id=1885910 [ 26 ] Bug #1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads https://bugzilla.redhat.com/show_bug.cgi?id=1885911 [ 27 ] Bug #1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1885912 [ 28 ] Bug #1890266 - CVE-2020-16000 chromium-browser: Inappropriate implementation in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1890266 [ 29 ] Bug #1890267 - CVE-2020-16001 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1890267 [ 30 ] Bug #1890268 - CVE-2020-16002 chromium-browser: Use after free in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1890268 [ 31 ] Bug #1890269 - CVE-2020-16003 chromium-browser: Use after free in printing https://bugzilla.redhat.com/show_bug.cgi?id=1890269 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-8aca25b5c8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Debian Package Alert for Firefox 85 emphasizes enhanced user privacy features and significant performance upgrades.. Fedora Update, Chromium 86, Hardware Acceleration. . LinuxSecurity.com Team

Nov 06, 2020 Fedora

security advisoryupdateFedora

Fedora 32: FEDORA-2020-127d40f1ab Critical: Chromium 86 Update

Update to Chromium 86. A few big things here: 1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium: chrome://flags/#enable-. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-127d40f1ab 2020-11-06 01:21:08.225933 --------------------------------------------------------------------------------Name : chromium Product : Fedora 32 Version : 86.0.4240.111 Release : 1.fc32 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Update to Chromium 86. A few big things here: 1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium: chrome://flags/#enable-accelerated-video-decode Be sure it is turned on. Note that not all GPUs are supported. 2. All the security fixes you expect with a major release: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 3. Without batsacting as pollinators, agave and cacao plants would struggle. That means that bats are responsible for tequila and chocolate. --------------------------------------------------------------------------------ChangeLog: * Wed Oct 21 2020 Tom Callaway - 86.0.4240.111-1 - update to 86.0.4240.111 * Tue Oct 20 2020 Tom Callaway - 86.0.4240.75-2 - use bundled zlib/minizip on el7 (thanks Red Hat. :P) * Wed Oct 14 2020 Tom Callaway - 86.0.4240.75-1 - update to 86.0.4240.75 * Mon Sep 28 2020 Tom Callaway - 85.0.4183.121-2 - rebuild for libevent --------------------------------------------------------------------------------References: [ 1 ] Bug #1885883 - CVE-2020-15967 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1885883 [ 2 ] Bug #1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885884 [ 3 ] Bug #1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1885885 [ 4 ] Bug #1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC https://bugzilla.redhat.com/show_bug.cgi?id=1885886 [ 5 ] Bug #1885887 - CVE-2020-15971 chromium-browser: Use after free in printing https://bugzilla.redhat.com/show_bug.cgi?id=1885887 [ 6 ] Bug #1885888 - CVE-2020-15972 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1885888 [ 7 ] Bug #1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=1885889 [ 8 ] Bug #1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager https://bugzilla.redhat.com/show_bug.cgi?id=1885890 [ 9 ] Bug #1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1885891 [ 10 ] Bug #1885892 - CVE-2020-15974 chromium-browser: Integeroverflow in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885892 [ 11 ] Bug #1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=1885893 [ 12 ] Bug #1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR https://bugzilla.redhat.com/show_bug.cgi?id=1885894 [ 13 ] Bug #1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking https://bugzilla.redhat.com/show_bug.cgi?id=1885896 [ 14 ] Bug #1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs https://bugzilla.redhat.com/show_bug.cgi?id=1885897 [ 15 ] Bug #1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1885899 [ 16 ] Bug #1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1885901 [ 17 ] Bug #1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents https://bugzilla.redhat.com/show_bug.cgi?id=1885902 [ 18 ] Bug #1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio https://bugzilla.redhat.com/show_bug.cgi?id=1885903 [ 19 ] Bug #1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache https://bugzilla.redhat.com/show_bug.cgi?id=1885904 [ 20 ] Bug #1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI https://bugzilla.redhat.com/show_bug.cgi?id=1885905 [ 21 ] Bug #1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1885906 [ 22 ] Bug #1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885907 [ 23 ] Bug #1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media https://bugzilla.redhat.com/show_bug.cgi?id=1885908 [ 24 ] Bug #1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1885909 [ 25 ] Bug #1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking https://bugzilla.redhat.com/show_bug.cgi?id=1885910 [ 26 ] Bug #1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads https://bugzilla.redhat.com/show_bug.cgi?id=1885911 [ 27 ] Bug #1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1885912 [ 28 ] Bug #1890266 - CVE-2020-16000 chromium-browser: Inappropriate implementation in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1890266 [ 29 ] Bug #1890267 - CVE-2020-16001 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1890267 [ 30 ] Bug #1890268 - CVE-2020-16002 chromium-browser: Use after free in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1890268 [ 31 ] Bug #1890269 - CVE-2020-16003 chromium-browser: Use after free in printing https://bugzilla.redhat.com/show_bug.cgi?id=1890269 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-127d40f1ab' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The latest Fedora update for Firefox 84 brings enhanced video rendering capabilities and critical security enhancements necessary for safe browsing.. Fedora Update, Chromium Browser, VAAPI Support, Major Release. . Severity: Critical. LinuxSecurity.com Team

Nov 05, 2020 •Critical Fedora

security advisorysoftware updateFedora

Fedora 31: FEDORA-2020-07c5770aa1 Critical: Thunderbird Major Update

Rebase to latest upstream version.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-07c5770aa1 2020-10-20 19:02:39.491550 --------------------------------------------------------------------------------Name : thunderbird Product : Fedora 31 Version : 78.3.1 Release : 1.fc31 URL : https://wiki.mozilla.org/Thunderbird:Home_Page Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. --------------------------------------------------------------------------------Update Information: Rebase to latest upstream version. --------------------------------------------------------------------------------ChangeLog: * Wed Sep 30 2020 Jan Horak - 78.3.1-1 - Update to 78.3.1 build1 * Tue Sep 8 2020 Jan Horak - 68.12.0-1 - Update to 68.12.0 build1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1852658 - thunderbird-78.3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1852658 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-07c5770aa1' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ ListGuidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . To upgrade Thunderbird to the newest upstream version in Fedora 31, utilize the dnf upgrade command. For further instructions, refer to the official documentation.. thunderbird update, Fedora 31, Mozilla Thunderbird, mail client update, software management. . Severity: Critical. LinuxSecurity.com Team

Oct 20, 2020 •Critical Fedora

203

security advisoryfirefoxdata exfiltration

Mageia 7 Advisory MGASA-2020-0027: Firefox Injection Risk and Fix

When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration (CVE-2019-17016). . MGASA-2020-0027 - Updated firefox packages fix security vulnerability Publication date: 09 Jan 2020 URL: https://advisories.mageia.org/MGASA-2020-0027.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026 When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration (CVE-2019-17016). Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code (CVE-2019-17017). When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist (CVE-2019-17022). Mozilla developers reported memory safety bugs present in Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2019-17024). Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw (CVE-2019-17026). References: - https://bugs.mageia.org/show_bug.cgi?id=26027 -https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/ - https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ - - - https://www.firefox.com/en-US/firefox/68.4.0/releasenotes/?redirect_source=mozilla-org - https://www.firefox.com/en-US/firefox/68.4.1/releasenotes/?redirect_source=mozilla-org - https://www.cve.org/CVERecord?id=CVE-2019-17016 - https://www.cve.org/CVERecord?id=CVE-2019-17017 - https://www.cve.org/CVERecord?id=CVE-2019-17022 - https://www.cve.org/CVERecord?id=CVE-2019-17024 - https://www.cve.org/CVERecord?id=CVE-2019-17026 SRPMS: - 7/core/firefox-68.4.1-1.mga7 - 7/core/firefox-l10n-68.4.1-1.mga7 - 7/core/nss-3.49.0-1.mga7 . Revised Chromium bundles address severe vulnerabilities outlined in notice MGASA-2023-0091 for Mandriva platforms.. Firefox Security Update, Mageia Firefox Advisory, Data Exfiltration, Security Vulnerability Fix. . Severity: Important. LinuxSecurity.com Team

Jan 09, 2020 •Important Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

bottom 200

Stay Secure with the Latest Linux Advisories

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora: 2020-8aca25b5c8 moderate: chromium major release update

Fedora 32: FEDORA-2020-127d40f1ab Critical: Chromium 86 Update

Fedora 31: FEDORA-2020-07c5770aa1 Critical: Thunderbird Major Update

Mageia 7 Advisory MGASA-2020-0027: Firefox Injection Risk and Fix

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!