Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 185 articles for you...
203

Mageia 9: 2025-0195 critical: firefox & nss memory issues

CVE-2025-5283: A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly . MGASA-2025-0195 - Updated nss & firefox packages fix security vulnerabilities Publication date: 25 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0195.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-5262, CVE-2025-5263, CVE-2025-5264, CVE-2025-5266, CVE-2025-5267, CVE-2025-5268, CVE-2025-5269 CVE-2025-5283: A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. CVE-2025-5264: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. CVE-2025-5266: Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. CVE-2025-5267: A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. CVE-2025-5268: Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2025-5269: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. We can'tship this update to armv7hl architecture, we are investigating the issue and will try to update firefox for armv7hl as soon as posible. References: - https://bugs.mageia.org/show_bug.cgi?id=34337 - https://www.firefox.com/en-US/firefox/128.11.0/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/ - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_112.html - https://www.cve.org/CVERecord?id=CVE-2025-5262 - https://www.cve.org/CVERecord?id=CVE-2025-5263 - https://www.cve.org/CVERecord?id=CVE-2025-5264 - https://www.cve.org/CVERecord?id=CVE-2025-5266 - https://www.cve.org/CVERecord?id=CVE-2025-5267 - https://www.cve.org/CVERecord?id=CVE-2025-5268 - https://www.cve.org/CVERecord?id=CVE-2025-5269 SRPMS: - 9/core/firefox-128.11.0-1.1.mga9 - 9/core/firefox-l10n-128.11.0-1.mga9 - 9/core/nss-3.112.0-1.mga9 . Recent updates for nss and firefox within Mageia 9 tackle significant memory leaks and cross-origin vulnerabilities.. Mageia security,nss update,firefox vulnerabilities,cross-origin leaks. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 25, 2025 Critical Mageia
203

Mageia 9: MGASA-2025-0165 critical: rootcerts, firefox out-of-bounds access

Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References: - https://bugs.mageia.org/show_bug.cgi?id=34287 . MGASA-2025-0165 - Updated rootcerts, nss & firefox packages fix security vulnerabilities Publication date: 27 May 2025 URL: https://advisories.mageia.org/MGASA-2025-0165.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-4918, CVE-2025-4919 Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References: - https://bugs.mageia.org/show_bug.cgi?id=34287 - https://www.firefox.com/en-US/firefox/128.10.1/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/ - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_111.html - https://www.cve.org/CVERecord?id=CVE-2025-4918 - https://www.cve.org/CVERecord?id=CVE-2025-4919 SRPMS: - 9/core/rootcerts-20250424.00-1.mga9 - 9/core/nss-3.111.0-1.mga9 - 9/core/firefox-128.10.1-2.mga9 - 9/core/firefox-l10n-128.10.1-1.mga9 . MGASA-2025-0166: Revised openssl, curl & vim packages address vulnerabilities for Mageia 9.. Security vulnerabilities, Mageia 9 updates, Out-of-bounds access, Firefox packages, NSS patches. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 27, 2025 Critical Mageia
203

Mageia 2025-0092: firefox & nss Security Advisory Updates

CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to . MGASA-2025-0092 - Updated firefox & nss packages fix security vulnerabilities Publication date: 12 Mar 2025 URL: https://advisories.mageia.org/MGASA-2025-0092.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-43097, CVE-2025-1931, CVE-2025-1932, CVE-2025-1933, CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937, CVE-2025-1938 CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC during RegExp bailout processing CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 References: - https://bugs.mageia.org/show_bug.cgi?id=34064 - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_109.html - https://www.firefox.com/en-US/firefox/128.8.0/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/ - https://www.cve.org/CVERecord?id=CVE-2024-43097 - https://www.cve.org/CVERecord?id=CVE-2025-1931 - https://www.cve.org/CVERecord?id=CVE-2025-1932 - https://www.cve.org/CVERecord?id=CVE-2025-1933 - https://www.cve.org/CVERecord?id=CVE-2025-1934 -https://www.cve.org/CVERecord?id=CVE-2025-1935 - https://www.cve.org/CVERecord?id=CVE-2025-1936 - https://www.cve.org/CVERecord?id=CVE-2025-1937 - https://www.cve.org/CVERecord?id=CVE-2025-1938 SRPMS: - 9/core/firefox-128.8.0-1.mga9 - 9/core/firefox-l10n-128.8.0-1.mga9 - 9/core/nss-3.109.0-1.mga9 . Mageia updates fix critical firefox and nss vulnerabilities to safeguard against potential exploits and improve browser security.. cve-2024-43097, overflow, growing, skregion's, runarray, cve-2025-1930, audioipc, streamdata. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 12, 2025 Important Mageia
203

Mageia 9: MGASA-2025-0045 moderate: Fixes for firefox and nss issues

Use-after-free in XSLT. (CVE-2025-1009) Use-after-free in Custom Highlight. (CVE-2025-1010) A bug in WebAssembly code generation could result in a crash. (CVE-2025-1011) Use-after-free during concurrent delazification. (CVE-2025-1012) . MGASA-2025-0045 - Updated rootcerts, nss & firefox packages fix security vulnerabilities Publication date: 09 Feb 2025 URL: https://advisories.mageia.org/MGASA-2025-0045.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-1009, CVE-2025-1010, CVE-2025-1011, CVE-2025-1012, CVE-2024-11704, CVE-2025-1013, CVE-2025-1014, CVE-2025-1016, CVE-2025-1017 Use-after-free in XSLT. (CVE-2025-1009) Use-after-free in Custom Highlight. (CVE-2025-1010) A bug in WebAssembly code generation could result in a crash. (CVE-2025-1011) Use-after-free during concurrent delazification. (CVE-2025-1012) Potential double-free vulnerability in PKCS#7 decryption handling. (CVE-2024-11704) Potential opening of private browsing tabs in normal browsing windows. (CVE-2025-1013) Certificate length was not properly checked. (CVE-2025-1014) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7. (CVE-2025-1016) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. (CVE-2025-1017) References: - https://bugs.mageia.org/show_bug.cgi?id=33983 - https://www.firefox.com/en-US/firefox/128.7.0/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/ - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_108.html#mozilla-projects-nss-nss-3-108-release-notes - https://www.cve.org/CVERecord?id=CVE-2025-1009 - https://www.cve.org/CVERecord?id=CVE-2025-1010 - https://www.cve.org/CVERecord?id=CVE-2025-1011 - https://www.cve.org/CVERecord?id=CVE-2025-1012 - https://www.cve.org/CVERecord?id=CVE-2024-11704 - https://www.cve.org/CVERecord?id=CVE-2025-1013 -https://www.cve.org/CVERecord?id=CVE-2025-1014 - https://www.cve.org/CVERecord?id=CVE-2025-1016 - https://www.cve.org/CVERecord?id=CVE-2025-1017 SRPMS: - 9/core/rootcerts-20250130.00-1.mga9 - 9/core/nss-3.108.0-1.mga9 - 9/core/firefox-128.7.0-1.mga9 - 9/core/firefox-l10n-128.7.0-1.mga9 . Mageia 2025-0046 resolves various vulnerabilities in libssl, gnutls, and chromium software to improve overall performance.. firefox updates, mageia security, rootcerts vulnerabilities, nss patches. . LinuxSecurity.com Team

Calendar%202 Feb 09, 2025 Mageia
89

Fedora 40: FEDORA-2024-ea7b2e66a1 moderate update for nss package

Update NSS to 3.106.0 Update to Firefox 133.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ea7b2e66a1 2024-11-28 02:44:05.515475+00:00 -------------------------------------------------------------------------------- Name : nss Product : Fedora 40 Version : 3.106.0 Release : 1.fc40 URL : Summary : Network Security Services Description : Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. -------------------------------------------------------------------------------- Update Information: Update NSS to 3.106.0 Update to Firefox 133.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 19 2024 Bojan Smojver - 3.106.0-1 - Update NSS to 3.106.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ea7b2e66a1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Upgrade NSS to version 3.106.0 and Firefox to version 133.0, following the provided advisory from Fedora regarding security patches and fixes.. Fedora 40,NSS update,Firefox security. . LinuxSecurity.com Team

Calendar%202 Nov 28, 2024 Fedora
87

Debian 12: DSA-5807-1 Critical: NSS Denial of Service Flaws

Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitary code. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5807-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff November 10, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss CVE ID : CVE-2024-0743 CVE-2024-6602 CVE-2024-6609 Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitary code. For the stable distribution (bookworm), these problems have been fixed in version 2:3.87.1-1+deb12u1. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nss Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Recent vulnerabilities identified in the NSS cryptographic library; important advisory DSA-5807-1 suggests immediate updates for Debian platforms.. NSS Update, Debans Security, Critical Advisory, Code Execution. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 10, 2024 Critical Debian
203

Mageia 9: MGASA-2024-0349 critical: Various browser security flaws

Permission leak via embed or object elements. (CVE-2024-10458) Use-after-free in layout with accessibility. (CVE-2024-10459) Confusing display of origin for external protocol handler prompt. (CVE-2024-10460) XSS due to Content-Disposition being ignored in . MGASA-2024-0349 - Updated nspr, nss, firefox & rust packages fix security vulnerabilities Publication date: 09 Nov 2024 URL: https://advisories.mageia.org/MGASA-2024-0349.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466, CVE-2024-10467 Permission leak via embed or object elements. (CVE-2024-10458) Use-after-free in layout with accessibility. (CVE-2024-10459) Confusing display of origin for external protocol handler prompt. (CVE-2024-10460) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response. (CVE-2024-10461) Origin of permission prompt could be spoofed by long URL. (CVE-2024-10462) Cross origin video frame leak. (CVE-2024-10463) History interface could have been used to cause a Denial of Service condition in the browser. (CVE-2024-10464) Clipboard "paste" button persisted across tabs. (CVE-2024-10465) DOM push subscription message could hang Firefox. (CVE-2024-10466) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. (CVE-2024-10467) References: - https://bugs.mageia.org/show_bug.cgi?id=33713 - https://www.firefox.com/en-US/firefox/128.4.0/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/ - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_106.html#mozilla-projects-nss-nss-3-106-release-notes - https://www.cve.org/CVERecord?id=CVE-2024-10458 - https://www.cve.org/CVERecord?id=CVE-2024-10459 - https://www.cve.org/CVERecord?id=CVE-2024-10460 - https://www.cve.org/CVERecord?id=CVE-2024-10461 -https://www.cve.org/CVERecord?id=CVE-2024-10462 - https://www.cve.org/CVERecord?id=CVE-2024-10463 - https://www.cve.org/CVERecord?id=CVE-2024-10464 - https://www.cve.org/CVERecord?id=CVE-2024-10465 - https://www.cve.org/CVERecord?id=CVE-2024-10466 - https://www.cve.org/CVERecord?id=CVE-2024-10467 SRPMS: - 9/core/nspr-4.36-1.mga9 - 9/core/nss-3.106.0-1.mga9 - 9/core/firefox-128.4.0-1.mga9 - 9/core/firefox-l10n-128.4.0-1.mga9 - 9/core/rust-1.76.0-3.mga9 . Recent updates address a range of security vulnerabilities in Mageia, such as cross-site scripting (XSS) and denial-of-service (DoS) threats.. Mageia security updates, nspr patch, nss advisory, firefox vulnerabilities, rust enhancements. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 09, 2024 Critical Mageia
197

Debian 11: DLA-3937-1 critical: nss memory issues and TLS handshake exploit

nss - Network Security Service libraries This is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It can support SSLv2 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3937-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Arturo Borrero Gonzalez October 27, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : nss Version : 2:3.61-1+deb11u4 CVE ID : CVE-2024-0743 CVE-2024-6602 CVE-2024-6609 nss - Network Security Service libraries This is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It can support SSLv2 and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and other security standards. Among other utilities, this package includes: * certutil: manages certificate and key databases (cert7.db and key3.db) * modutil: manages the database of PKCS11 modules (secmod.db) * pk12util: imports/exports keys and certificates between the cert/key databases and files in PKCS12 format. * shlibsign: creates .chk files for use in FIPS mode. * signtool: creates digitally-signed jar archives containing files and/or code. * ssltap: proxy requests for an SSL server and display the contents of the messages exchanged between the client and server. CVE-2024-0743 An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. CVE-2024-6602 A mismatch between allocator and deallocator could have lead to memory corruption. CVE-2024-6609 When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. For Debian 11 bullseye, these problems have been fixed in version 2:3.61-1+deb11u4. We recommend that you upgrade your nss packages. For thedetailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nss Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS has rolled out an update for nss libraries that fixes critical security vulnerabilities, including memory corruption and TLS issues, enhancing security and stability. nss libraries, Debian LTS, network security, software update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 28, 2024 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200