Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
203
security advisoryheap overflowbuffer handlingMageia 2025-0096: opensc Security Advisory Updates
Heap buffer overflow in openpgp driver when generating key. (CVE-2024-8443) Usage of uninitialized values in libopensc and pkcs15init. (CVE-2024-45615) Uninitialized values after incorrect check or usage of apdu response . MGASA-2025-0096 - Updated opensc packages fix security vulnerabilities Publication date: 13 Mar 2025 URL: https://advisories.mageia.org/MGASA-2025-0096.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-8443, CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, CVE-2024-45620 Heap buffer overflow in openpgp driver when generating key. (CVE-2024-8443) Usage of uninitialized values in libopensc and pkcs15init. (CVE-2024-45615) Uninitialized values after incorrect check or usage of apdu response values in libopensc. (CVE-2024-45616) Uninitialized values after incorrect or missing checking return values of functions in libopensc. (CVE-2024-45617) Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (CVE-2024-45618) Incorrect handling length of buffers or files in libopensc. (CVE-2024-45619) Incorrect handling of the length of buffers or files in pkcs15init. (CVE-2024-45620) References: - https://bugs.mageia.org/show_bug.cgi?id=34087 - https://ubuntu.com/security/notices/USN-7346-1 - https://www.cve.org/CVERecord?id=CVE-2024-8443 - https://www.cve.org/CVERecord?id=CVE-2024-45615 - https://www.cve.org/CVERecord?id=CVE-2024-45616 - https://www.cve.org/CVERecord?id=CVE-2024-45617 - https://www.cve.org/CVERecord?id=CVE-2024-45618 - https://www.cve.org/CVERecord?id=CVE-2024-45619 - https://www.cve.org/CVERecord?id=CVE-2024-45620 SRPMS: - 9/core/opensc-0.25.0-1.1.mga9 . Critical updates for Mageia address buffer overflow and uninitialized values in opensc packages to protect systems.. buffer, overflow, openpgp, driver, generating, (cve-2024-8443), usage, uninitialized. . Severity: Important. LinuxSecurity.com Team
Mar 13, 2025
•Important
Mageia
203
security advisorysecurity issuecriticalMageia 9: MGASA-2024-0365 critical: thunderbird plaintext issue
Potential disclosure of plaintext in OpenPGP encrypted message. (CVE-2024-11159) References: - https://bugs.mageia.org/show_bug.cgi?id=33763 . MGASA-2024-0365 - Updated thunderbird packages fix security vulnerability Publication date: 20 Nov 2024 URL: https://advisories.mageia.org/MGASA-2024-0365.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-11159 Potential disclosure of plaintext in OpenPGP encrypted message. (CVE-2024-11159) References: - https://bugs.mageia.org/show_bug.cgi?id=33763 - https://www.thunderbird.net/en-US/thunderbird/128.4.2esr/releasenotes/ - https://www.thunderbird.net/en-US/thunderbird/128.4.3esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/ - https://www.cve.org/CVERecord?id=CVE-2024-11159 SRPMS: - 9/core/thunderbird-128.4.3-1.mga9 - 9/core/thunderbird-l10n-128.4.3-1.mga9 . Recent Thunderbird updates rectify issues related to the exposure of plaintext in OpenPGP communications, as detailed in advisory MGASA-2024-0365 pertinent to Mageia.. thunderbird security, mageia advisory, openpgp fix, plaintext disclosure, security updates. . Severity: Critical. LinuxSecurity.com Team
Nov 20, 2024
•Critical
Mageia
87
security advisorycriticalsoftware updateDebian Bookworm DSA-5814-1 critical: Thunderbird OpenPGP disclosure
A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages. For the stable distribution (bookworm), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5814-1
Nov 15, 2024
•Critical
Debian
89
security advisoryfedoracriticalFedora 37 FEDORA-2023-1d0d71b6aa Critical: OpenPGP Parsing Crash
- Update the sequoia-openpgp crate to version 1.16.0. - Update the nettle crate to version 7.3.0. - Update the nettle-sys crate to version 2.2.0. - Update the buffered-reader crate to version 1.2.0. Version 1.16.0 of the sequoia-openpgp crate fixes some issues in parsing code, which could lead to attempted out-of- bounds accesses that result in crashes due to bounds checks which are included. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-1d0d71b6aa 2023-05-27 01:25:15.781100 --------------------------------------------------------------------------------Name : rust-sequoia-wot Product : Fedora 37 Version : 0.5.0 Release : 2.fc37 URL : Summary : Implementation of OpenPGP's web of trust Description : An implementation of OpenPGP's web of trust. --------------------------------------------------------------------------------Update Information: - Update the sequoia-openpgp crate to version 1.16.0. - Update the nettle crate to version 7.3.0. - Update the nettle-sys crate to version 2.2.0. - Update the buffered-reader crate to version 1.2.0. Version 1.16.0 of the sequoia-openpgp crate fixes some issues in parsing code, which could lead to attempted out-of-bounds accesses that result in crashes due to bounds checks which are included by default in Rust code. This update contains rebuilds of all applications that are based on sequoia-openpgp to address this issue. ---- Update to version 1.5.0. This release improves compatibility with the version of librnp that's bundled in recent versions of thunderbird. --------------------------------------------------------------------------------ChangeLog: * Thu May 18 2023 Fabio Valentini - 0.5.0-2 - Rebuild for sequoia-openpgp v1.16 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-1d0d71b6aa' at thecommand line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 27, 2023
•Critical
Fedora
197
security advisorymoderatesoftware updateDebian 9: DLA-2679-1 Moderate: Thunderbird Code Execution Threats
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. In addition two security issues were addressed in the OpenPGP support. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2679-1
Jun 07, 2021
•Important
Debian LTS
87
security advisorydebianarbitrary code executionDebian: DSA-4927-1 Moderate: Thunderbird Arbitrary Code Execution
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. In adddition two security issues were addressed in the OpenPGP support. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4927-1
Jun 04, 2021
Debian
203
security advisorymoderateremote accessMageia: 2021-0189 Moderate: OpenSSH Remote Access Vulnerability
An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991). A crafted OpenPGP key with an invalid user ID could be used to confuse the user (MOZ-2021-23992). . MGASA-2021-0189 - Updated thunderbird packages fix security vulnerabilities Publication date: 15 Apr 2021 URL: https://advisories.mageia.org/MGASA-2021-0189.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-23991, CVE-2021-23993 An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991). A crafted OpenPGP key with an invalid user ID could be used to confuse the user (MOZ-2021-23992). Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993). References: - https://bugs.mageia.org/show_bug.cgi?id=28764 - https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/ - https://www.thunderbird.net/en-US/thunderbird/78.9.1/releasenotes/ - https://www.cve.org/CVERecord?id=CVE-2021-23991 - https://www.cve.org/CVERecord?id=CVE-2021-23993 SRPMS: - 7/core/thunderbird-78.9.1-1.mga7 - 7/core/thunderbird-l10n-78.9.1-1.mga7 - 8/core/thunderbird-78.9.1-1.mga8 - 8/core/thunderbird-l10n-78.9.1-1.mga8 . Latest Thunderbird releases address significant vulnerabilities affecting password safeguarding and secure communication protocols.. Thunderbird Security,Mageia Updates,OpenPGP Threats,Email Encryption Risks. . LinuxSecurity.com Team
Apr 15, 2021
Mageia
98
security advisorymoderateRed HatRed Hat 8.1: RHSA-2021-1190-01 Moderate: Thunderbird Update for OpenPGP
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2021:1190-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1190 Issue date: 2021-04-14 CVE Names: CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.1. Security Fix(es): * Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991) * Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992) * Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes describedin this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1948393 - CVE-2021-23991 Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key 1948394 - CVE-2021-23992 Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user 1948395 - CVE-2021-23993 Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: thunderbird-78.9.1-1.el8_1.src.rpm ppc64le: thunderbird-78.9.1-1.el8_1.ppc64le.rpm thunderbird-debuginfo-78.9.1-1.el8_1.ppc64le.rpm thunderbird-debugsource-78.9.1-1.el8_1.ppc64le.rpm x86_64: thunderbird-78.9.1-1.el8_1.x86_64.rpm thunderbird-debuginfo-78.9.1-1.el8_1.x86_64.rpm thunderbird-debugsource-78.9.1-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23991 https://access.redhat.com/security/cve/CVE-2021-23992 https://access.redhat.com/security/cve/CVE-2021-23993 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYHbOEtzjgjWX9erEAQgUHg/9FNFJ7/G0L4rIipSe08Mk8fZv6S2y2qi0 xKdm17CrrEHD7hDqvhOACV/KpC5EmpyTbKVMfFnqY/Ag4bjNPzfBdz9yDTo2aKVB ligzc9gdtqk4h6JRnlJxseNrpPMqsUnzaVnV51MrphJPpz6e612cC9GIa13Iui2w lSxuYpl4VGS4ZIXGz0XF2CUlZJ7nMhQ8ZkmnzVDHPnmp3ZzrVhh4w24jsVlVIq26 MDjQdr6gahj2lwzhb7X/jzLCXAmBikECZGWrJ5f0av3TulTbM8lwG5/F3DsJ9fts NK6otOzEGpuKNkHJS4TrXbLfhX542JsW+9R6eZ3pqfyW7s55VFgN2/KyaBTgOSPY ClC+fxhbROfkrHvVhKPEMx5lGV+7TyA7WAHwCGH0S3LloaJHp2PufUkTEHGrlDRn qWR4jbY8Tok8U6PD5jlOuaLvLzVg0GvYC1tWO+h9qoQJJ9B+pflF4cBideyOoSeY 4J7lZdEvgx2jIGJScfxlfpYrJaByRo7B+j9Zug3whBTsBC+Am6Y9sliev0UCsWoY qF6Z0SgFeRT5BdmR3dECF/y/dEwzCCUpQvhlIQO8ouCqRkBoOwfYy09xraXyEXHG CHBB9WYWqh0EJkBh+FmnOmVZT0u6zyqyi1nSK52uGaEnRSJu/CKSYIgIVCB+hZpq NaPi7OuXWKg=QeMo -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2021
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!