Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 0 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedorasoftware update

Fedora 42 NSS Update 3.123.1 Security Fix for Firefox 151.0

Update NSS to 3.123.1 Update to Firefox 151.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7f6ee801e2 2026-05-23 16:00:29.000875+00:00 -------------------------------------------------------------------------------- Name : nss Product : Fedora 42 Version : 3.123.1 Release : 1.fc42 URL : http://www.mozilla.org/projects/security/pki/nss/ Summary : Network Security Services Description : Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. -------------------------------------------------------------------------------- Update Information: Update NSS to 3.123.1 Update to Firefox 151.0 -------------------------------------------------------------------------------- ChangeLog: * Thu May 7 2026 Frantisek Krenzelok - 3.123.1-1 - Update NSS to 3.123.1 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7f6ee801e2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update NSS to version 3.123.1 in Fedora 42 to enhance security for applications using Network Security Services.. NSS update Fedora Network Security Services Firefox 151.0. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 23, 2026 Important Fedora
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorycriticalmemory corruption

Red Hat Enterprise 7: RHSA-2021-4904-05 Critical: NSS Memory Issue

An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: nss security update Advisory ID: RHSA-2021:4904-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4904 Issue date: 2021-12-01 CVE Names: CVE-2021-43527 ==================================================================== 1. Summary: An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) (CVE-2021-43527) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2024370 - CVE-2021-43527 nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: nss-3.67.0-4.el7_9.src.rpm x86_64: nss-3.67.0-4.el7_9.i686.rpm nss-3.67.0-4.el7_9.x86_64.rpm nss-debuginfo-3.67.0-4.el7_9.i686.rpm nss-debuginfo-3.67.0-4.el7_9.x86_64.rpm nss-sysinit-3.67.0-4.el7_9.x86_64.rpm nss-tools-3.67.0-4.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-debuginfo-3.67.0-4.el7_9.i686.rpm nss-debuginfo-3.67.0-4.el7_9.x86_64.rpm nss-devel-3.67.0-4.el7_9.i686.rpm nss-devel-3.67.0-4.el7_9.x86_64.rpm nss-pkcs11-devel-3.67.0-4.el7_9.i686.rpm nss-pkcs11-devel-3.67.0-4.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-3.67.0-4.el7_9.src.rpm x86_64: nss-3.67.0-4.el7_9.i686.rpm nss-3.67.0-4.el7_9.x86_64.rpm nss-debuginfo-3.67.0-4.el7_9.i686.rpm nss-debuginfo-3.67.0-4.el7_9.x86_64.rpm nss-sysinit-3.67.0-4.el7_9.x86_64.rpm nss-tools-3.67.0-4.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-debuginfo-3.67.0-4.el7_9.i686.rpm nss-debuginfo-3.67.0-4.el7_9.x86_64.rpm nss-devel-3.67.0-4.el7_9.i686.rpm nss-devel-3.67.0-4.el7_9.x86_64.rpm nss-pkcs11-devel-3.67.0-4.el7_9.i686.rpm nss-pkcs11-devel-3.67.0-4.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: nss-3.67.0-4.el7_9.src.rpm ppc64: nss-3.67.0-4.el7_9.ppc.rpm nss-3.67.0-4.el7_9.ppc64.rpm nss-debuginfo-3.67.0-4.el7_9.ppc.rpm nss-debuginfo-3.67.0-4.el7_9.ppc64.rpm nss-devel-3.67.0-4.el7_9.ppc.rpm nss-devel-3.67.0-4.el7_9.ppc64.rpm nss-sysinit-3.67.0-4.el7_9.ppc64.rpm nss-tools-3.67.0-4.el7_9.ppc64.rpm ppc64le: nss-3.67.0-4.el7_9.ppc64le.rpm nss-debuginfo-3.67.0-4.el7_9.ppc64le.rpm nss-devel-3.67.0-4.el7_9.ppc64le.rpm nss-sysinit-3.67.0-4.el7_9.ppc64le.rpm nss-tools-3.67.0-4.el7_9.ppc64le.rpm s390x: nss-3.67.0-4.el7_9.s390.rpm nss-3.67.0-4.el7_9.s390x.rpm nss-debuginfo-3.67.0-4.el7_9.s390.rpm nss-debuginfo-3.67.0-4.el7_9.s390x.rpm nss-devel-3.67.0-4.el7_9.s390.rpm nss-devel-3.67.0-4.el7_9.s390x.rpm nss-sysinit-3.67.0-4.el7_9.s390x.rpm nss-tools-3.67.0-4.el7_9.s390x.rpm x86_64: nss-3.67.0-4.el7_9.i686.rpm nss-3.67.0-4.el7_9.x86_64.rpm nss-debuginfo-3.67.0-4.el7_9.i686.rpm nss-debuginfo-3.67.0-4.el7_9.x86_64.rpm nss-devel-3.67.0-4.el7_9.i686.rpm nss-devel-3.67.0-4.el7_9.x86_64.rpm nss-sysinit-3.67.0-4.el7_9.x86_64.rpm nss-tools-3.67.0-4.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: nss-debuginfo-3.67.0-4.el7_9.ppc.rpm nss-debuginfo-3.67.0-4.el7_9.ppc64.rpm nss-pkcs11-devel-3.67.0-4.el7_9.ppc.rpm nss-pkcs11-devel-3.67.0-4.el7_9.ppc64.rpm ppc64le: nss-debuginfo-3.67.0-4.el7_9.ppc64le.rpm nss-pkcs11-devel-3.67.0-4.el7_9.ppc64le.rpm s390x: nss-debuginfo-3.67.0-4.el7_9.s390.rpm nss-debuginfo-3.67.0-4.el7_9.s390x.rpm nss-pkcs11-devel-3.67.0-4.el7_9.s390.rpm nss-pkcs11-devel-3.67.0-4.el7_9.s390x.rpm x86_64: nss-debuginfo-3.67.0-4.el7_9.i686.rpm nss-debuginfo-3.67.0-4.el7_9.x86_64.rpm nss-pkcs11-devel-3.67.0-4.el7_9.i686.rpm nss-pkcs11-devel-3.67.0-4.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: nss-3.67.0-4.el7_9.src.rpm x86_64: nss-3.67.0-4.el7_9.i686.rpm nss-3.67.0-4.el7_9.x86_64.rpm nss-debuginfo-3.67.0-4.el7_9.i686.rpm nss-debuginfo-3.67.0-4.el7_9.x86_64.rpm nss-devel-3.67.0-4.el7_9.i686.rpm nss-devel-3.67.0-4.el7_9.x86_64.rpm nss-sysinit-3.67.0-4.el7_9.x86_64.rpm nss-tools-3.67.0-4.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: nss-debuginfo-3.67.0-4.el7_9.i686.rpm nss-debuginfo-3.67.0-4.el7_9.x86_64.rpm nss-pkcs11-devel-3.67.0-4.el7_9.i686.rpm nss-pkcs11-devel-3.67.0-4.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/vulnerabilities/RHSB-2021-008 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYafeD9zjgjWX9erEAQiTnA//ZzrQXg9M9e80z+sY2Fsxjeh9O3JBNqkD f/S8RQBrZNmUjd3utk6AU4l64xFmjLVdWIXPCy0gr8QDyFpN4j7A5uBX2geO4x6R EJE0/UK1obiy/gV+cGLwog5vz9rBMUmxSakDlYWeICWSkdw4nEBuwZwhsQgZfSHn 8GGyK8zry7VB+0QvFDENnvC/ZyxCQ/e/per3KDHIdzcRMSmvwwtUNGdXQojbOD2N RQvKe5WQxUl2x4QKzuA8cqsa4xwTQMlEMQ1AJvHyMcKqb/vWOebOPCMzn2Cyy9aN BbUl6abyTF1uT+OCqs9LUC2egg5K4rAlyW0W69ModytcOX/Z/HQJHr58cijFdL1/ q9d2q1uNkwcXXHq0yCpmGexSfGnlM05iwjCk7+k3pCfC4KHRTuC1d4m440jSL+q9 yGpqk5vQ3EaW/hRWvt8C5HzLphVvVZeXqGepVG3aUco71BN03u8NRLFgQ1BajC5B 5nQfPzpSZ1r5nGhOEiUB93AfXRUlp+67PnWGvT6xwFsbodnRNdGkbub5tSw8ZJz5 /Wd5aIkLnw7au6MWO7d02k/rehvMf7hQNz9t6KmaA3csX8o0bKNK/2gcqtcT/ZR7 v7iErz06RFusPHFVjNUySa3W2vH1BztOS7LRrwwrFBjSBu0jph6vrskq2QBwXrjl bfShDeJ/EL0=wzB5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . To bolster security amid recent NSS updates, organizations using Red Hat must follow essentialguidelines for library updates, code assessment, and more.. NSS Update, Red Hat Enterprise, Critical Security, Network Services, Memory Corruption. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 01, 2021 Critical Red Hat
Banner 1 1028x280 1708121660 1771599717
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedorasoftware update

Fedora 32: FEDORA-2020-9e2c5c8f1e Moderate: NSS Update for Firefox

- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.firefox.com/en-US/firefox/76.0/releasenotes/?redirect_source=mozilla-org. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-9e2c5c8f1e 2020-05-07 03:09:35.196486 --------------------------------------------------------------------------------Name : nss Product : Fedora 32 Version : 3.51.1 Release : 1.fc32 URL : https://firefox-source-docs.mozilla.org/security/nss/index.html Summary : Network Security Services Description : Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. --------------------------------------------------------------------------------Update Information: - New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.firefox.com/en-US/firefox/76.0/releasenotes/?redirect_source=mozilla-org --------------------------------------------------------------------------------ChangeLog: * Mon May 4 2020 Daiki Ueno - 3.51.1-1 - Update to NSS 3.51.1 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-9e2c5c8f1e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . CentOS Patch Alert for OpenSSL 1.1.1g to enhance compatibility with Chrome 88.0 featuring essential security upgrades.. FireFox Update, NSS Network Services, Fedora Security Patch. . LinuxSecurity.com Team

Calendar 2 May 06, 2020 Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycritical issueFedora

Fedora 30: FEDORA-2019-8934d55352 Critical: NSS Security Update

Updates the nspr and nss packages to upstream NSPR 4.23 and NSS 3.47 respectively. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes - . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-8934d55352 2019-11-03 00:10:34.338305 --------------------------------------------------------------------------------Name : nss Product : Fedora 30 Version : 3.47.0 Release : 2.fc30 URL : https://firefox-source-docs.mozilla.org/security/nss/index.html Summary : Network Security Services Description : Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. --------------------------------------------------------------------------------Update Information: Updates the nspr and nss packages to upstream NSPR 4.23 and NSS 3.47 respectively. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes ---------------------------------------------------------------------------------ChangeLog: * Wed Oct 23 2019 Daiki Ueno - 3.47.0-2 - Install cmac.h required by blapi.h (#1764513) * Tue Oct 22 2019 Daiki Ueno - 3.47.0-1 - Update to NSS 3.47 * Mon Oct 21 2019 Daiki Ueno - 3.46.1-1 - Update to NSS 3.46.1 * Wed Sep 4 2019 Daiki Ueno - 3.46.0-2 - Rebuild with NSPR 4.22 * Tue Sep 3 2019 Daiki Ueno - 3.46.0-1 - Update to NSS 3.46 * Tue Jul 2 2019 Daiki Ueno - 3.44.1-1 - Update to NSS 3.44.1 * Mon May 20 2019 Daiki Ueno - 3.44.0-2 - Skip TLS 1.3 tests under FIPS mode * Fri May 17 2019 Daiki Ueno - 3.44.0-1 - Update to NSS 3.44 * Mon May 6 2019 Daiki Ueno - 3.43.0-3 - Fix PKCS#11 module leak if C_GetSlotInfo()failed --------------------------------------------------------------------------------References: [ 1 ] Bug #1757995 - nss-3.47 is available https://bugzilla.redhat.com/show_bug.cgi?id=1757995 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-8934d55352' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . NSS and NSPR upgraded for Fedora 30, improving defense mechanisms for internet applications. Major corrections incorporated in this notice.. Fedora NSS Update, Network Security Services, NSPR 4.23, Security Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 02, 2019 Critical Fedora
Banner 1 1028x280 1708121660 1771599717
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysecurity issueFedora

Fedora 28: NSS-Util Critical Update for Security Issue NSS-3.39

Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-1a7a5c54c2 2018-09-14 23:11:42.963781 --------------------------------------------------------------------------------Name : nss-util Product : Fedora 28 Version : 3.39.0 Release : 1.0.fc28 URL : https://firefox-source-docs.mozilla.org/security/nss/index.html Summary : Network Security Services Utilities Library Description : Utilities for Network Security Services and the Softoken module --------------------------------------------------------------------------------Update Information: Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes --------------------------------------------------------------------------------ChangeLog: * Mon Sep 3 2018 Daiki Ueno - 3.39.0-2 - Update to NSS 3.39 - Use the upstream tarball versioning as it is (rhbz#1578106) * Mon Jul 2 2018 Daiki Ueno - 3.38.0-1.0 - Update to NSS 3.38 * Tue Jun 5 2018 Daiki Ueno - 3.37.3-1.0 - Update to NSS 3.37.3 * Mon May 28 2018 Daiki Ueno - 3.37.1-1.0 - Update to NSS 3.37.1 * Wed Apr 11 2018 Daiki Ueno - 3.36.1-1.0 - Update to NSS 3.36.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1624704 - CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1624704 [ 2 ] Bug #1620207 - Enable SSLKEYLOGFILE support https://bugzilla.redhat.com/show_bug.cgi?id=1620207 [ 3 ] Bug #1578106 - Package version is invalid, or no Source URL provided https://bugzilla.redhat.com/show_bug.cgi?id=1578106 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-1a7a5c54c2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Tackling essential vulnerabilities within nss-util to bolster defenses in Fedora 28. Remain informed and safeguarded!. Fedora Updates,NSS Utilities,Security Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 14, 2018 Critical Fedora
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorybug fixsecurity fix

SciLinux: Urgent NSS Crash Vulnerability Fixed in SLSA-2017-1365-3

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library. (CVE-2017-7502) Bug Fix(es): * The Network Security Services (NSS) code and Certificate Authority (CA) list have been updated to meet the recommendations as published with the latest Mozilla Firefox Extended Sup [More...]. Synopsis: Important: nss security and bug fix update Advisory ID: SLSA-2017:1365-3 Issue Date: 2017-05-30 CVE Numbers: CVE-2017-7502 -- Security Fix(es): * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library. (CVE-2017-7502) Bug Fix(es): * The Network Security Services (NSS) code and Certificate Authority (CA) list have been updated to meet the recommendations as published with the latest Mozilla Firefox Extended Support Release (ESR). The updated CA list improves compatibility with the certificates that are used in the Internet Public Key Infrastructure (PKI). To avoid certificate validation refusals, consider installing the updated CA list on June 12, 2017. -- SL7 x86_64 nss-3.28.4-1.2.el7_3.i686.rpm nss-3.28.4-1.2.el7_3.x86_64.rpm nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm nss-sysinit-3.28.4-1.2.el7_3.x86_64.rpm nss-tools-3.28.4-1.2.el7_3.x86_64.rpm nss-devel-3.28.4-1.2.el7_3.i686.rpm nss-devel-3.28.4-1.2.el7_3.x86_64.rpm nss-pkcs11-devel-3.28.4-1.2.el7_3.i686.rpm nss-pkcs11-devel-3.28.4-1.2.el7_3.x86_64.rpm - Scientific Linux Development Team . A significant security patch for SL7.x has been released by NSS to rectify a null pointer dereference issue that affects various server-based applications.. scientific linux,nss,network security services,security update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 30, 2017 Important Scientific Linux
Banner 1 1028x280 1708121660 1771599717
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryred hatcritical fix

Red Hat Enterprise Linux 5 RHSA-2017:1101-01 Critical: NSS Out-of-Bounds

An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: nss security update Advisory ID: RHSA-2017:1101-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1101 Issue date: 2017-04-20 CVE Names: CVE-2017-5461 ==================================================================== 1. Summary: An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 5 ELS) - i386, s390x, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1440080 - CVE-2017-5461 nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10) 6. Package List: Red Hat Enterprise Linux Server (v. 5 ELS): Source: nss-3.21.4-1.el5_11.src.rpm i386: nss-3.21.4-1.el5_11.i386.rpm nss-debuginfo-3.21.4-1.el5_11.i386.rpm nss-devel-3.21.4-1.el5_11.i386.rpm nss-pkcs11-devel-3.21.4-1.el5_11.i386.rpm nss-tools-3.21.4-1.el5_11.i386.rpm s390x: nss-3.21.4-1.el5_11.s390.rpm nss-3.21.4-1.el5_11.s390x.rpm nss-debuginfo-3.21.4-1.el5_11.s390.rpm nss-debuginfo-3.21.4-1.el5_11.s390x.rpm nss-devel-3.21.4-1.el5_11.s390.rpm nss-devel-3.21.4-1.el5_11.s390x.rpm nss-pkcs11-devel-3.21.4-1.el5_11.s390.rpm nss-pkcs11-devel-3.21.4-1.el5_11.s390x.rpm nss-tools-3.21.4-1.el5_11.s390x.rpm x86_64: nss-3.21.4-1.el5_11.i386.rpm nss-3.21.4-1.el5_11.x86_64.rpm nss-debuginfo-3.21.4-1.el5_11.i386.rpm nss-debuginfo-3.21.4-1.el5_11.x86_64.rpm nss-devel-3.21.4-1.el5_11.i386.rpm nss-devel-3.21.4-1.el5_11.x86_64.rpm nss-pkcs11-devel-3.21.4-1.el5_11.i386.rpm nss-pkcs11-devel-3.21.4-1.el5_11.x86_64.rpm nss-tools-3.21.4-1.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2017-5461 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY+EROXlSAg2UNWIIRAukwAKCgfiP+c7osdPxpNSV9Isb9HB8YDwCgslFN sfDz0wsEamLliu4s6FemUuY=4xjG -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Urgent advisory forRed Hat Enterprise Linux regarding NSS vulnerabilities stemming from an out-of-bounds write issue. Immediate application recommended.. Red Hat Updates, NSS Critical Fix, Enterprise Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 20, 2017 Critical Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updatebuffer overflow

Red Hat: RHSA-2016:0370-01 Critical: nss-util Buffer Overflow

Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: nss-util security update Advisory ID: RHSA-2016:0370-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:0370.html Issue date: 2016-03-09 CVE Names: CVE-2016-1950 ==================================================================== 1. Summary: Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packageprovides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: nss-util-3.19.1-5.el6_7.src.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm ppc64: nss-util-3.19.1-5.el6_7.ppc.rpm nss-util-3.19.1-5.el6_7.ppc64.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc64.rpm nss-util-devel-3.19.1-5.el6_7.ppc.rpm nss-util-devel-3.19.1-5.el6_7.ppc64.rpm s390x: nss-util-3.19.1-5.el6_7.s390.rpm nss-util-3.19.1-5.el6_7.s390x.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390x.rpm nss-util-devel-3.19.1-5.el6_7.s390.rpm nss-util-devel-3.19.1-5.el6_7.s390x.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v.7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm ppc64: nss-util-3.19.1-9.el7_2.ppc.rpm nss-util-3.19.1-9.el7_2.ppc64.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64.rpm nss-util-devel-3.19.1-9.el7_2.ppc.rpm nss-util-devel-3.19.1-9.el7_2.ppc64.rpm ppc64le: nss-util-3.19.1-9.el7_2.ppc64le.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64le.rpm nss-util-devel-3.19.1-9.el7_2.ppc64le.rpm s390x: nss-util-3.19.1-9.el7_2.s390.rpm nss-util-3.19.1-9.el7_2.s390x.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390x.rpm nss-util-devel-3.19.1-9.el7_2.s390.rpm nss-util-devel-3.19.1-9.el7_2.s390x.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-1950 https://access.redhat.com/security/updates/classification#critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW3580XlSAg2UNWIIRAovDAJwKx54WxiK95+n4U/9G+nDl0wRlYwCeM1lR iGa2ZA5NBkpEYzNEuWdBT74=dxl7 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu enhances libssl packages to resolve a serious vulnerability. Crucial update for LTS 18.04 and 20.04 users. Update immediately!. Red Hat NSS Update, Critical nss-util Patch, Buffer Overflow Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 09, 2016 Critical Red Hat
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here