Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
202
security advisoryimportantbrowser exploitopenSUSE: Chromium Important Update for Browser Issues CVE-2025-14372
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0470-1 Rating: important References: #1254776 Cross-References: CVE-2025-14372 CVE-2025-14373 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 143.0.7499.109 (boo#1254776): * CVE-2025-14372: Use after free in Password Manager * CVE-2025-14373: Inappropriate implementation in Toolbar * third issue with an exploit is known to exist in the wild Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2025-470=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64): chromedriver-143.0.7499.109-bp157.2.91.1 chromium-143.0.7499.109-bp157.2.91.1 References: https://www.suse.com/security/cve/CVE-2025-14372.html https://www.suse.com/security/cve/CVE-2025-14373.html https://bugzilla.suse.com/1254776 . Security update for openSUSE's chromium fixes critical vulnerabilities impacting browser functionality. Act now!. openSUSE Chromium Update, browser security patch, important security advisory. . Severity: Important. LinuxSecurity.com Team
Dec 16, 2025
•Important
OpenSUSE
89
security advisoryfedoramediumFedora 43: Chromium CVE-2025-14372 Password Manager Vulnerability Notice
Update to 143.0.7499.109 * High: Under coordination * Medium CVE-2025-14372: Use after free in Password Manager * Medium CVE-2025-14373: Inappropriate implementation in Toolbar. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-1077c09b50 2025-12-16 00:46:10.314091+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 43 Version : 143.0.7499.109 Release : 2.fc43 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 143.0.7499.109 * High: Under coordination * Medium CVE-2025-14372: Use after free in Password Manager * Medium CVE-2025-14373: Inappropriate implementation in Toolbar -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 11 2025 Than Ngo - 143.0.7499.109-2 - Enable gtk4 by default * Thu Dec 11 2025 Than Ngo - 143.0.7499.109-1 - Update to 143.0.7499.109 * High: Under coordination * Medium CVE-2025-14372: Use after free in Password Manager * Medium CVE-2025-14373: Inappropriate implementation in Toolbar - Workaround problem of auto dark mode inverting images and making them unreadable * Tue Dec 9 2025 LuK1337 - 143.0.7499.40-2 - Backport Wayland Omnibox bug fix from upstream -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-1077c09b50' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the FedoraProject GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 16, 2025
•Medium
Fedora
89
security advisoryfedoramediumChromium Medium Problems in Password Manager and Toolbar for Fedora 42
Update to 143.0.7499.109 * High: Under coordination * Medium CVE-2025-14372: Use after free in Password Manager * Medium CVE-2025-14373: Inappropriate implementation in Toolbar. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a315866a59 2025-12-15 01:09:59.310429+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 143.0.7499.109 Release : 2.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 143.0.7499.109 * High: Under coordination * Medium CVE-2025-14372: Use after free in Password Manager * Medium CVE-2025-14373: Inappropriate implementation in Toolbar -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 11 2025 Than Ngo - 143.0.7499.109-2 - Enable gtk4 by default * Thu Dec 11 2025 Than Ngo - 143.0.7499.109-1 - Update to 143.0.7499.109 * High: Under coordination * Medium CVE-2025-14372: Use after free in Password Manager * Medium CVE-2025-14373: Inappropriate implementation in Toolbar - Workaround problem of auto dark mode inverting images and making them unreadable * Tue Dec 9 2025 LuK1337 - 143.0.7499.40-2 - Backport Wayland Omnibox bug fix from upstream -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a315866a59' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the FedoraProject GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 15, 2025
•Medium
Fedora
202
security advisoryimportantOpenSUSEopenSUSE: Chromium Important Security Update for Issues 2025-20161-1
An update that solves 2 vulnerabilities and has one bug fix can now be installed.. openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20161-1 Rating: important References: * bsc#1254776 Cross-References: * CVE-2025-14372 * CVE-2025-14373 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 2 vulnerabilities and has one bug fix can now be installed. Description: This update for chromium fixes the following issues: - Chromium 143.0.7499.109 (boo#1254776): * CVE-2025-14372: Use after free in Password Manager * CVE-2025-14373: Inappropriate implementation in Toolbar * third issue with an exploit is known to exist in the wild Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-55=1 Package List: - openSUSE Leap 16.0: chromedriver-143.0.7499.40-bp160.1.1 chromium-143.0.7499.40-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2025-14372.html * https://www.suse.com/security/cve/CVE-2025-14373.html . Update available for openSUSE to fix important issues in Chromium, addressing security vulnerabilities and bug fixes.. openSUSE security, chromium update, important vulnerabilities, password manager issue, toolbar fix. . Severity: Important. LinuxSecurity.com Team
Dec 14, 2025
•Important
OpenSUSE
89
security advisoryfedorasoftware updateFedora 42: KeepassXC Update 2025-976ccd79ae - QT5 Enhancements
Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-976ccd79ae 2025-11-06 02:22:59.541317+00:00 -------------------------------------------------------------------------------- Name : keepassxc Product : Fedora 42 Version : 2.7.10 Release : 4.fc42 URL : https://keepassxc.org/ Summary : Cross-platform password manager Description : KeePassXC is a community fork of KeePassX KeePassXC is an application for people with extremely high demands on secure personal data management. KeePassXC saves many different information e.g. user names, passwords, urls, attachemts and comments in one single database. For a better management user-defined titles and icons can be specified for each single entry. Furthermore the entries are sorted in groups, which are customizable as well. The integrated search function allows to search in a single group or the complete database. KeePassXC offers a little utility for secure password generation. The password generator is very customizable, fast and easy to use. Especially someone who generates passwords frequently will appreciate this feature. The complete database is always encrypted either with AES (alias Rijndael) or Twofish encryption algorithm using a 256 bit key. Therefore the saved information can be considered as quite safe. -------------------------------------------------------------------------------- Update Information: Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 4 2025 Jan Grulich - 2.7.10-4 - Rebuild (qt5) * Thu Jul 24 2025 Fedora Release Engineering - 2.7.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the"dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-976ccd79ae' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 06, 2025
•Important
Fedora
89
security advisorymoderateFedoraFedora 28: FEDORA-2018-a5e45fc9f7 moderate: epiphany denial of service
- Fix CVE-2018-11396/CVE-2018-12016 (#795740) - Allow Ctrl+T in app mode again due to unintended consequences (#796204) - Don't remember passwords when the setting is disabled (#796219) - Fix password manager crash on chase.com (GitLab #11). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-a5e45fc9f7 2018-06-15 15:48:22.929890 --------------------------------------------------------------------------------Name : epiphany Product : Fedora 28 Version : 3.28.3.1 Release : 1.fc28 URL : https://wiki.gnome.org/Apps/Web Summary : Web browser for GNOME Description : Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application. --------------------------------------------------------------------------------Update Information: - Fix CVE-2018-11396/CVE-2018-12016 (#795740) - Allow Ctrl+T in app mode again due to unintended consequences (#796204) - Don't remember passwords when the setting is disabled (#796219) - Fix password manager crash on chase.com (GitLab #11) --------------------------------------------------------------------------------ChangeLog: * Fri Jun 8 2018 Michael Catanzaro - 1:3.28.3.1-1 - Update to 3.28.3.1 * Thu Jun 7 2018 Michael Catanzaro - 1:3.28.3-1 - Update to 3.28.3 * Tue May 22 2018 Kalev Lember - 1:3.28.2.1-1 - Update to 3.28.2.1 * Mon Apr 30 2018 Pete Walter - 1:3.28.1.1-2 - Rebuild for ICU 61.1 * Thu Apr 19 2018 Kalev Lember - 1:3.28.1.1-1 - Update to 3.28.1.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1581802 - CVE-2018-11396 epiphany: denial of service in ephy-session.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1581802 --------------------------------------------------------------------------------Thisupdate can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-a5e45fc9f7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 15, 2018
Fedora
91
security advisoryinformation leakgentooGentoo: 202303-01 Critical: XYZ Password Manager Security Breach
An insecure file usage has been reported in Ked Password Manager possibly allowing confidential information to be disclosed.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201708-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ked Password Manager: Information leak Date: August 21, 2017 Bugs: #616690 ID: 201708-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= An insecure file usage has been reported in Ked Password Manager possibly allowing confidential information to be disclosed. Background ========= Helps to manage large numbers of passwords and related information and simplifies the tasks of searching and entering password data. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/kedpm < 0.4.0-r2 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description ========== A history file in ~/.kedpm/history is written in clear text. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in clear text. Impact ===== An attacker could obtain confidentialinformation. Workaround ========= There is no known workaround at this time. Resolution ========= Gentoo Security recommends that users unmerge Ked Password Manager: # emerge --unmerge "app-admin/kedpm" References ========= [ 1 ] CVE-2017-8296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8296 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201708-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 21, 2017
•Critical
Gentoo
197
security advisorysoftware updatedebianDebian LTS: DLA-925-1 Moderate: Kedpm Data Leakage - Command Line Risk
An information disclosure vulnerability was found in kedpm, a password manager compatible with the figaro password manager file format. The history file can reveal the master password if it is provided on the commandline. The name of entries created or read in the password . Package : kedpm Version : 0.5.0-4+deb7u1 CVE ID : CVE-2017-8296 Debian Bug : 860817 An information disclosure vulnerability was found in kedpm, a password manager compatible with the figaro password manager file format. The history file can reveal the master password if it is provided on the commandline. The name of entries created or read in the password manager are also exposed in the history file. For Debian 7 "Wheezy", the master password disclosure issue has been fixed in version 0.5.0-4+deb7u1. The entries issues has not been fixed as it requires a rearchitecture of the software. We recommend that you upgrade your kedpm packages. Note that kedpm has been removed from the upcoming Debian release ("stretch") and you should migrate to another password manager as kedpm was abandoned. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance kedpm to remediate the information leakage problem. Review the specifics related to Debian issue 860817 and the vulnerabilities listed under CVE-2017-8296.. Debian LTS, Kedpm, Information Disclosure, Password Manager, Software Update. . LinuxSecurity.com Team
Apr 29, 2017
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!