Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
89
security advisoryfedoracriticalFedora 42 Firefox Critical Fix Blurry Popups Advisory 2026-a026a1b0c5
Fix blurry popups on some fraction scales (mzbz#2019668). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a026a1b0c5 2026-04-01 01:08:42.227737+00:00 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 42 Version : 149.0 Release : 4.fc42 URL : https://www.firefox.com/ Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: Fix blurry popups on some fraction scales (mzbz#2019668) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 25 2026 Martin Stransky - 149.0-4 - Add fix for mzbz#2019668 - blurry popups on fractional scales -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a026a1b0c5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 01, 2026
•Critical
Fedora
219
security advisorysecurity issueupdateRocky Linux 8 RLSA-2024:4036 Important: Mozilla Thunderbird Security Update
Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:4036", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.12.1.\n\nSecurity Fix(es):\n\n* thunderbird: Use-after-free in networking (CVE-2024-5702)\n\n* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)\n\n* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)\n\n* thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)\n\n* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)\n\n* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)\n\n* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2291394", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2291394", "description": ""}, {"ticket": "2291395", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2291395", "description": ""}, {"ticket": "2291396", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2291396", "description": ""}, {"ticket": "2291397", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2291397", "description": ""}, {"ticket": "2291399", "sourceBy": "RedHat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2291399", "description": ""}, {"ticket": "2291400", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2291400", "description": ""}, {"ticket": "2291401", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2291401", "description": ""}], "cves": [{"name": "CVE-2024-5688", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-5688", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-5690", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-5690", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-5691", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-5691", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-5693", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-5693", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-5696", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-5696", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-5700", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-5700", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-5702", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-5702", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-07-02T14:10:24.883859Z", "rpms": {"Rocky Linux 8": {"nvras": ["thunderbird-0:115.12.1-1.el8_10.aarch64.rpm", "thunderbird-0:115.12.1-1.el8_10.src.rpm", "thunderbird-0:115.12.1-1.el8_10.x86_64.rpm", "thunderbird-debuginfo-0:115.12.1-1.el8_10.aarch64.rpm","thunderbird-debuginfo-0:115.12.1-1.el8_10.x86_64.rpm", "thunderbird-debugsource-0:115.12.1-1.el8_10.aarch64.rpm", "thunderbird-debugsource-0:115.12.1-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Crucial enhancement for Thunderbird within Rocky Linux 8 tackles various security vulnerabilities and improves overall system defense.. Thunderbird Fixes, Rocky Linux Security, Software Updates, Mozilla Thunderbird, Cybersecurity Alerts. . Severity: Important. LinuxSecurity.com Team
Jul 02, 2024
•Important
Rocky Linux
203
security advisorymoderatekernel updateMageia 7 & 8: MGASA-2021-0258 Moderate: Kernel Security Exploits Fixed
This kernel-linus update is based on upstream 5.10.43 and fixes atleast the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received . MGASA-2021-0258 - Updated kernel-linus packages fix security vulnerabilities Publication date: 13 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0258.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-3564, CVE-2021-3573, CVE-2021-3587, CVE-2021-28691 This kernel-linus update is based on upstream 5.10.43 and fixes atleast the following security issues: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data (CVE-2020-24586). The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (CVE-2020-24587). The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (CVE-2020-24588). An issue was discovered in the kernel. An Access Point(AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients (CVE-2020-26139). An issue was discovered in the kernel ath10k driver. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol (CVE-2020-26141). An issue was discovered in the kernel ath10k driver. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration (CVE-2020-26145). An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/ or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (CVE-2020-26147). A double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system (CVE-2021-3564). A use after free vulnerability has been found in the hci_sock_bound_ioctl() function of the Linux kernel. It can allow attackers to corrupt kernel heaps (kmalloc-8k to be specific) and adopt further exploitations (CVE-2021-3573). There is a null pointer dereference in llcp_sock_getname in net/nfc/ llcp_sock.c of the Linux kernel. An unprivileged user can trigger this bug and cause denial of service (CVE-2021-3587). There is a guesttriggered use-after-free in Linux xen-netback. A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer. A malicious or buggy frontend driver can trigger a dom0 crash. Privilege escalation and information leaks cannot be ruled out. (CVE-2021-28691 / XSA-374). For other upstream fixes, see the referenced changelogs. References: - https://bugs.mageia.org/show_bug.cgi?id=29107 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.42 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.43 - https://xenbits.xen.org/xsa/advisory-374.html - https://www.cve.org/CVERecord?id=CVE-2020-24586 - https://www.cve.org/CVERecord?id=CVE-2020-24587 - https://www.cve.org/CVERecord?id=CVE-2020-24588 - https://www.cve.org/CVERecord?id=CVE-2020-26139 - https://www.cve.org/CVERecord?id=CVE-2020-26141 - https://www.cve.org/CVERecord?id=CVE-2020-26145 - https://www.cve.org/CVERecord?id=CVE-2020-26147 - https://www.cve.org/CVERecord?id=CVE-2021-3564 - https://www.cve.org/CVERecord?id=CVE-2021-3573 - https://www.cve.org/CVERecord?id=CVE-2021-3587 - https://www.cve.org/CVERecord?id=CVE-2021-28691 SRPMS: - 7/core/kernel-linus-5.10.43-1.mga7 - 8/core/kernel-linus-5.10.43-1.mga8 . System-update-latest tackles critical vulnerabilities to bolster Fedora defense for end-users and networks.. Kernel Update, Mageia Security, Network Exploits. . LinuxSecurity.com Team
Jun 13, 2021
Mageia
98
security advisoryRed HatupdateRed Hat Enterprise Linux 7: RHSA-2019-0681 Critical Update for Thunderbird
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2019:0681-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0681 Issue date: 2019-03-28 CVE Names: CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors enteredthrough on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1690673 - CVE-2018-18506 Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied 1690674 - CVE-2019-9788 Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 1690675 - CVE-2019-9790 Mozilla: Use-after-free when removing in-use DOM elements 1690676 - CVE-2019-9791 Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey 1690677 - CVE-2019-9792 Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script 1690678 - CVE-2019-9793 Mozilla: Improper bounds checks when Spectre mitigations are disabled 1690680 - CVE-2019-9795 Mozilla: Type-confusion in IonMonkey JIT compiler 1690681 - CVE-2019-9796 Mozilla: Use-after-free with SMIL animation controller 1692181 - CVE-2019-9810 Mozilla: IonMonkey MArraySlice has incorrect alias information 1692182 - CVE-2019-9813 Mozilla: Ionmonkey type confusion with __proto__ mutations 6.Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-60.6.1-1.el7_6.src.rpm x86_64: thunderbird-60.6.1-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.6.1-1.el7_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-60.6.1-1.el7_6.src.rpm ppc64le: thunderbird-60.6.1-1.el7_6.ppc64le.rpm thunderbird-debuginfo-60.6.1-1.el7_6.ppc64le.rpm x86_64: thunderbird-60.6.1-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.6.1-1.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: thunderbird-60.6.1-1.el7_6.src.rpm aarch64: thunderbird-60.6.1-1.el7_6.aarch64.rpm thunderbird-debuginfo-60.6.1-1.el7_6.aarch64.rpm ppc64le: thunderbird-60.6.1-1.el7_6.ppc64le.rpm thunderbird-debuginfo-60.6.1-1.el7_6.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-60.6.1-1.el7_6.src.rpm x86_64: thunderbird-60.6.1-1.el7_6.x86_64.rpm thunderbird-debuginfo-60.6.1-1.el7_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-18506 https://access.redhat.com/security/cve/CVE-2019-9788 https://access.redhat.com/security/cve/CVE-2019-9790 https://access.redhat.com/security/cve/CVE-2019-9791 https://access.redhat.com/security/cve/CVE-2019-9792 https://access.redhat.com/security/cve/CVE-2019-9793 https://access.redhat.com/security/cve/CVE-2019-9795 https://access.redhat.com/security/cve/CVE-2019-9796 https://access.redhat.com/security/cve/CVE-2019-9810 https://access.redhat.com/security/cve/CVE-2019-9813 https://access.redhat.com/security/updates/classification#important https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 RedHat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXJzfItzjgjWX9erEAQigOBAAmi4opjBsXp0f1xTHQcjRWlvuZdB/3/8e wxFCIGCOapTC1xEpwn0baXFZNyQZYRXdHNG38RwNQ14DSwmkvVmXapAO/WHEdjL+ 93Am1pN0ghtd+X/G4K0mzn6u3Ak54MypoNhWZcwe4MVKaEo+M84bv726rtxuypXU r+3ONA5gBfMtD9pepAhUCHJcOetdr6qfc59RKUSwLfw237m0r0sK7hFjy4ESzteP qA1OoDvpWokOWaWjxjhLcO2p7iqKSc3850Nq5t1zmoM3bSwDblJmRce77irgK0vX cBvUmG3wqMALpTMNJUYkgyBzAeBsqCgYKj1GkQAW39GmzUJ506yC6q38AO9dUHee tNmyl9hYfWgK/sbcBKayfGpeATfE71X3QRCIOdzuLiaHgeiTwWwO0+5r8HzreuhJ 3Oo5Sp4X1gA5Pm9q2gkF/+0oBQMG+016Q/HaojOCVN0hhdvqzuWKSo2jk+9WeWXP T8hQjbsvPckwdhoouQDLTmzNa23B9A2NwQy6R75tnc/uUEKGP4NnzYfHq/ych6hE 42h3zbirZ37H6c6IGerojHsyuTR8D6hNRoziKMrFqCl19KmBXPxfn1hZNkFDTSV1 zqnU0H5qM327695f3wLMoamfJEf5pa/ssACEnH7tJ6ZCkAClty+AzoWP1laxTcKy 7vWCF1SpRBA=yRxD -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 28, 2019
•Important
Red Hat
98
security advisorycriticalsecurity fixRedHat: RHSA-2017-3401-01 Critical: Chromium Security Issue
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: chromium-browser security update Advisory ID: RHSA-2017:3401-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:3401 Issue date: 2017-12-07 CVE Names: CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 ==================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 63.0.3239.84. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing maliciouscontent could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-15407, CVE-2017-15408, CVE-2017-15409, CVE-2017-15410, CVE-2017-15411, CVE-2017-15412, CVE-2017-15413, CVE-2017-15415, CVE-2017-15416, CVE-2017-15417, CVE-2017-15418, CVE-2017-15419, CVE-2017-15420, CVE-2017-15422, CVE-2017-15423, CVE-2017-15424, CVE-2017-15425, CVE-2017-15426, CVE-2017-15427) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1523123 - CVE-2017-15407 chromium-browser: out of bounds write in quic 1523124 - CVE-2017-15408 chromium-browser: heap buffer overflow in pdfium 1523125 - CVE-2017-15409 chromium-browser: out of bounds write in skia 1523126 - CVE-2017-15410 chromium-browser: use after free in pdfium 1523127 - CVE-2017-15411 chromium-browser: use after free in pdfium 1523128 - CVE-2017-15412 chromium-browser: use after free in libxml 1523129 - CVE-2017-15413 chromium-browser: type confusion in webassembly 1523130 - CVE-2017-15415 chromium-browser: pointer information disclosure in ipc call 1523131 - CVE-2017-15416 chromium-browser: out of bounds read in blink 1523132 - CVE-2017-15417 chromium-browser: cross origin information disclosure in skia 1523133 - CVE-2017-15418 chromium-browser: use of uninitialized value in skia 1523134 - CVE-2017-15419 chromium-browser: cross origin leak of redirect url in blink 1523135 - CVE-2017-15420 chromium-browser: url spoofing in omnibox 1523136 - CVE-2017-15422 chromium-browser: integer overflow in icu 1523137 - CVE-2017-15423 chromium-browser: issue with spake implementation in boringssl 1523138 - CVE-2017-15424 chromium-browser: url spoof in omnibox 1523139 - CVE-2017-15425 chromium-browser: url spoof in omnibox 1523140 - CVE-2017-15426 chromium-browser: url spoof inomnibox 1523141 - CVE-2017-15427 chromium-browser: insufficient blocking of javascript in omnibox 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-63.0.3239.84-1.el6_9.i686.rpm chromium-browser-debuginfo-63.0.3239.84-1.el6_9.i686.rpm x86_64: chromium-browser-63.0.3239.84-1.el6_9.x86_64.rpm chromium-browser-debuginfo-63.0.3239.84-1.el6_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-63.0.3239.84-1.el6_9.i686.rpm chromium-browser-debuginfo-63.0.3239.84-1.el6_9.i686.rpm x86_64: chromium-browser-63.0.3239.84-1.el6_9.x86_64.rpm chromium-browser-debuginfo-63.0.3239.84-1.el6_9.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-63.0.3239.84-1.el6_9.i686.rpm chromium-browser-debuginfo-63.0.3239.84-1.el6_9.i686.rpm x86_64: chromium-browser-63.0.3239.84-1.el6_9.x86_64.rpm chromium-browser-debuginfo-63.0.3239.84-1.el6_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2017-15407 https://access.redhat.com/security/cve/CVE-2017-15408 https://access.redhat.com/security/cve/CVE-2017-15409 https://access.redhat.com/security/cve/CVE-2017-15410 https://access.redhat.com/security/cve/CVE-2017-15411 https://access.redhat.com/security/cve/CVE-2017-15412 https://access.redhat.com/security/cve/CVE-2017-15413 https://access.redhat.com/security/cve/CVE-2017-15415 https://access.redhat.com/security/cve/CVE-2017-15416 https://access.redhat.com/security/cve/CVE-2017-15417 https://access.redhat.com/security/cve/CVE-2017-15418 https://access.redhat.com/security/cve/CVE-2017-15419 https://access.redhat.com/security/cve/CVE-2017-15420 https://access.redhat.com/security/cve/CVE-2017-15422 https://access.redhat.com/security/cve/CVE-2017-15423 https://access.redhat.com/security/cve/CVE-2017-15424 https://access.redhat.com/security/cve/CVE-2017-15425 https://access.redhat.com/security/cve/CVE-2017-15426 https://access.redhat.com/security/cve/CVE-2017-15427 https://access.redhat.com/security/updates/classification/#critical https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaKZalXlSAg2UNWIIRAlftAJ4meYHOyCpvQPHQG+QFVtHwtgXAYQCfcRHe PS477Vgg/IGbatcaanniDpM=RwhO -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 07, 2017
•Critical
Red Hat
98
security advisoryred hatsecurity fixRed Hat: RHSA-2017:0499-01 Important Security Update for Chromium
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2017:0499-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:0499.html Issue date: 2017-03-14 CVE Names: CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040 CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 ==================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 57.0.2987.98. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, executearbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5039, CVE-2017-5033, CVE-2017-5038, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1431030 - CVE-2017-5030 chromium-browser: memory corruption in v8 1431031 - CVE-2017-5031 chromium-browser: use after free in angle 1431032 - CVE-2017-5032 chromium-browser: out of bounds write in pdfium 1431033 - CVE-2017-5029 chromium-browser: integer overflow in libxslt 1431034 - CVE-2017-5034 chromium-browser: use after free in pdfium 1431036 - CVE-2017-5035 chromium-browser: incorrect security ui in omnibox 1431037 - CVE-2017-5036 chromium-browser: use after free in pdfium 1431038 - CVE-2017-5037 chromium-browser: multiple out of bounds writes in chunkdemuxer 1431039 - CVE-2017-5039 chromium-browser: use after free in pdfium 1431040 - CVE-2017-5040 chromium-browser: information disclosure in v8 1431041 - CVE-2017-5041 chromium-browser: address spoofing in omnibox 1431042 - CVE-2017-5033 chromium-browser: bypass of content security policy in blink 1431043 - CVE-2017-5042 chromium-browser: incorrect handling of cookies in cast 1431044 - CVE-2017-5038 chromium-browser: use after free in guestview 1431045 - CVE-2017-5043 chromium-browser: use after free in guestview 1431046 - CVE-2017-5044 chromium-browser: heap overflow in skia 1431047 - CVE-2017-5045 chromium-browser: information disclosure in xss auditor 1431048 - CVE-2017-5046 chromium-browser: information disclosure in blink 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v.6): i386: chromium-browser-57.0.2987.98-1.el6.i686.rpm chromium-browser-debuginfo-57.0.2987.98-1.el6.i686.rpm x86_64: chromium-browser-57.0.2987.98-1.el6.x86_64.rpm chromium-browser-debuginfo-57.0.2987.98-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-57.0.2987.98-1.el6.i686.rpm chromium-browser-debuginfo-57.0.2987.98-1.el6.i686.rpm x86_64: chromium-browser-57.0.2987.98-1.el6.x86_64.rpm chromium-browser-debuginfo-57.0.2987.98-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-57.0.2987.98-1.el6.i686.rpm chromium-browser-debuginfo-57.0.2987.98-1.el6.i686.rpm x86_64: chromium-browser-57.0.2987.98-1.el6.x86_64.rpm chromium-browser-debuginfo-57.0.2987.98-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2017-5029 https://access.redhat.com/security/cve/CVE-2017-5030 https://access.redhat.com/security/cve/CVE-2017-5031 https://access.redhat.com/security/cve/CVE-2017-5032 https://access.redhat.com/security/cve/CVE-2017-5033 https://access.redhat.com/security/cve/CVE-2017-5034 https://access.redhat.com/security/cve/CVE-2017-5035 https://access.redhat.com/security/cve/CVE-2017-5036 https://access.redhat.com/security/cve/CVE-2017-5037 https://access.redhat.com/security/cve/CVE-2017-5038 https://access.redhat.com/security/cve/CVE-2017-5039 https://access.redhat.com/security/cve/CVE-2017-5040 https://access.redhat.com/security/cve/CVE-2017-5041 https://access.redhat.com/security/cve/CVE-2017-5042 https://access.redhat.com/security/cve/CVE-2017-5043 https://access.redhat.com/security/cve/CVE-2017-5044 https://access.redhat.com/security/cve/CVE-2017-5045 https://access.redhat.com/security/cve/CVE-2017-5046 https://access.redhat.com/security/updates/classification/#important https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYx4xUXlSAg2UNWIIRAoY/AJ4wLDzxxWt36h8cXHuH+po71VaBEwCeOFOj PYNzUREm9y2ZxdWb+S9oQvE=a7NV -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 14, 2017
•Important
Red Hat
100
security advisorysoftware patchimportantSUSE: 2016:3068-1 Crucial Java Update Addresses Six Critical Issues
An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available.. SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3068-1 Rating: important References: #1009280 #992537 Cross-References: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: - Version update to 7.0-9.60 (bsc#1009280, bsc#992537) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_7_0-ibm-12879=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_7_0-ibm-12879=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_7_0-ibm-12879=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_7_0-ibm-12879=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-12879=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-12879=1 To bring yoursystem up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 - SUSE Manager Proxy 2.1 (x86_64): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 - SUSE Manager 2.1 (s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 - SUSE Manager 2.1 (x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr9.60-58.2 java-1_7_0-ibm-alsa-1.7.0_sr9.60-58.2 java-1_7_0-ibm-devel-1.7.0_sr9.60-58.2 java-1_7_0-ibm-jdbc-1.7.0_sr9.60-58.2 java-1_7_0-ibm-plugin-1.7.0_sr9.60-58.2 References: https://www.suse.com/security/cve/CVE-2016-5542.html https://www.suse.com/security/cve/CVE-2016-5554.html https://www.suse.com/security/cve/CVE-2016-5556.html https://www.suse.com/security/cve/CVE-2016-5568.html https://www.suse.com/security/cve/CVE-2016-5573.html https://www.suse.com/security/cve/CVE-2016-5597.html https://bugzilla.suse.com/1009280 https://bugzilla.suse.com/992537 . SUSE Security Patch introduces essential resolutions for python-3_8_0 vulnerabilities, safeguarding system reliability and safety.. SUSE Security Update, Java Fix, System Update, Software Patch. . Severity: Important. LinuxSecurity.com Team
Dec 09, 2016
•Important
SuSE
98
security advisoryupdatecriticalRed Hat 7.0 RHSA-2016-0695-01 Critical Firefox Code Execution Risk
An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2016:0695-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:0695.html Issue date: 2016-04-26 CVE Names: CVE-2016-2805 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) -i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Phil Ringalda, CESG (the Information Security Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell Jesup as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1330266 - CVE-2016-2805 Mozilla: Miscellaneous memory safety hazards (rv:38.8) (MFSA 2016-39) 1330270 - CVE-2016-2806 Mozilla: Miscellaneous memory safety hazards (rv:46.0 / rv:45.1) (MFSA 2016-39) 1330271 - CVE-2016-2807 Mozilla: Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) (MFSA 2016-39) 1330280 - CVE-2016-2814 Mozilla: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44) 1330286 - CVE-2016-2808 Mozilla: Write to invalid HashMap entry through JavaScript.watch() (MFSA 2016-47) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5client): Source: firefox-45.1.0-1.el5_11.src.rpm i386: firefox-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm x86_64: firefox-45.1.0-1.el5_11.i386.rpm firefox-45.1.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-45.1.0-1.el5_11.src.rpm i386: firefox-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm ppc: firefox-45.1.0-1.el5_11.ppc64.rpm firefox-debuginfo-45.1.0-1.el5_11.ppc64.rpm s390x: firefox-45.1.0-1.el5_11.s390.rpm firefox-45.1.0-1.el5_11.s390x.rpm firefox-debuginfo-45.1.0-1.el5_11.s390.rpm firefox-debuginfo-45.1.0-1.el5_11.s390x.rpm x86_64: firefox-45.1.0-1.el5_11.i386.rpm firefox-45.1.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.1.0-1.el5_11.i386.rpm firefox-debuginfo-45.1.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm i386: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm x86_64: firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm i386: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm ppc64: firefox-45.1.0-1.el6_7.ppc64.rpm firefox-debuginfo-45.1.0-1.el6_7.ppc64.rpm s390x: firefox-45.1.0-1.el6_7.s390x.rpm firefox-debuginfo-45.1.0-1.el6_7.s390x.rpm x86_64: firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): ppc64: firefox-45.1.0-1.el6_7.ppc.rpm firefox-debuginfo-45.1.0-1.el6_7.ppc.rpm s390x: firefox-45.1.0-1.el6_7.s390.rpm firefox-debuginfo-45.1.0-1.el6_7.s390.rpm x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-45.1.0-1.el6_7.src.rpm i386: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm x86_64: firefox-45.1.0-1.el6_7.x86_64.rpm firefox-debuginfo-45.1.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-45.1.0-1.el6_7.i686.rpm firefox-debuginfo-45.1.0-1.el6_7.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-45.1.0-1.el7_2.src.rpm x86_64: firefox-45.1.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.1.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-45.1.0-1.el7_2.i686.rpm firefox-debuginfo-45.1.0-1.el7_2.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-45.1.0-1.el7_2.src.rpm ppc64: firefox-45.1.0-1.el7_2.ppc64.rpm firefox-debuginfo-45.1.0-1.el7_2.ppc64.rpm ppc64le: firefox-45.1.0-1.el7_2.ppc64le.rpm firefox-debuginfo-45.1.0-1.el7_2.ppc64le.rpm s390x: firefox-45.1.0-1.el7_2.s390x.rpm firefox-debuginfo-45.1.0-1.el7_2.s390x.rpm x86_64: firefox-45.1.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.1.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-45.1.0-1.el7_2.ppc.rpm firefox-debuginfo-45.1.0-1.el7_2.ppc.rpm s390x: firefox-45.1.0-1.el7_2.s390.rpm firefox-debuginfo-45.1.0-1.el7_2.s390.rpm x86_64: firefox-45.1.0-1.el7_2.i686.rpm firefox-debuginfo-45.1.0-1.el7_2.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-45.1.0-1.el7_2.src.rpm x86_64: firefox-45.1.0-1.el7_2.x86_64.rpm firefox-debuginfo-45.1.0-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-45.1.0-1.el7_2.i686.rpm firefox-debuginfo-45.1.0-1.el7_2.i686.rpm These packages are GPG signed by Red Hat for security. Our keyand details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2805 https://access.redhat.com/security/cve/CVE-2016-2806 https://access.redhat.com/security/cve/CVE-2016-2807 https://access.redhat.com/security/cve/CVE-2016-2808 https://access.redhat.com/security/cve/CVE-2016-2814 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.1 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXH8/EXlSAg2UNWIIRAj5ZAJ93d7Su/OfHkvkL014ZpCUSQSEB0wCfdAuD LPsv5fO9FBEQweSvgB3gbg8=6q/V -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 26, 2016
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!