Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 12 articles for you...
202
security advisorybuffer overflowprivacy issueopenSUSE 15.5: 2025:01893-1 important: kernel buffer overflow
An update that solves three vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:01893-1 Release Date: 2025-06-11T12:04:17Z Rating: important References: * bsc#1238324 * bsc#1239077 * bsc#1239096 Cross-References: * CVE-2022-49080 * CVE-2024-57996 * CVE-2024-58013 CVSS scores: * CVE-2022-49080 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49080 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-57996 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-57996 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-58013 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-58013 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-58013 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_94 fixes several issues. The following security issues were fixed: * CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238324). * CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (bsc#1239096). * CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239077). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the commandlisted for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-1893=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-1893=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-2-150500.2.2 * kernel-livepatch-SLE15-SP5_Update_23-debugsource-2-150500.2.2 * kernel-livepatch-5_14_21-150500_55_94-default-2-150500.2.2 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-2-150500.2.2 * kernel-livepatch-SLE15-SP5_Update_23-debugsource-2-150500.2.2 * kernel-livepatch-5_14_21-150500_55_94-default-2-150500.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-49080.html * https://www.suse.com/security/cve/CVE-2024-57996.html * https://www.suse.com/security/cve/CVE-2024-58013.html * https://bugzilla.suse.com/show_bug.cgi?id=1238324 * https://bugzilla.suse.com/show_bug.cgi?id=1239077 * https://bugzilla.suse.com/show_bug.cgi?id=1239096 . The most recent update to the Linux Kernel addresses essential vulnerabilities in Fedora, greatly enhancing both performance and safety.. openSUSE updates, Linux Kernel patches, security fixes, important updates, system vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2025
•Important
OpenSUSE
89
security advisorynetwork securityFedoraFedora 33: 2021-52d6a75d28 Moderate: Tor Privacy Improvement
update to latest upstream release - fixes CVE-2021-38385. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-52d6a75d28 2021-08-25 20:03:26.599579 --------------------------------------------------------------------------------Name : tor Product : Fedora 33 Version : 0.4.5.10 Release : 1.fc33 URL : https://www.torproject.org Summary : Anonymizing overlay network for TCP Description : The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features. This package contains the Tor software that can act as either a server on the Tor network, or as a client to connect to the Tor network. --------------------------------------------------------------------------------Update Information: update to latest upstream release - fixes CVE-2021-38385 --------------------------------------------------------------------------------ChangeLog: --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-52d6a75d28' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Aug 25, 2021
•Important
Fedora
98
security advisoryred hatsecurity fixRed Hat Enterprise Linux 7: RHSA-2021-1350-01 Important Thunderbird Update
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2021:1350-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1350 Issue date: 2021-04-26 CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Security Fix(es): * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may have been grantedadditional privileges (CVE-2021-23999) * Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002) * Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945) * Mozilla: Port blocking could be bypassed (CVE-2021-29946) * Mozilla: Race condition when reading from disk while verifying signatures (CVE-2021-29948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1951364 - CVE-2021-23994 Mozilla: Out of bound write due to lazy initialization 1951365 - CVE-2021-23995 Mozilla: Use-after-free in Responsive Design Mode 1951366 - CVE-2021-23998 Mozilla: Secure Lock icon could have been spoofed 1951367 - CVE-2021-23961 Mozilla: More internal network hosts could have been probed by a malicious webpage 1951368 - CVE-2021-23999 Mozilla: Blob URLs may have been granted additional privileges 1951369 - CVE-2021-24002 Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL 1951370 - CVE-2021-29945 Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads 1951371 - CVE-2021-29946 Mozilla: Port blocking could be bypassed 1951381 - CVE-2021-29948 Mozilla: Race condition when reading from disk while verifying signatures 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-78.10.0-1.el7_9.src.rpm x86_64: thunderbird-78.10.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.10.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): Source: thunderbird-78.10.0-1.el7_9.src.rpm ppc64le: thunderbird-78.10.0-1.el7_9.ppc64le.rpm thunderbird-debuginfo-78.10.0-1.el7_9.ppc64le.rpm x86_64: thunderbird-78.10.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.10.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-78.10.0-1.el7_9.src.rpm x86_64: thunderbird-78.10.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.10.0-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23961 https://access.redhat.com/security/cve/CVE-2021-23994 https://access.redhat.com/security/cve/CVE-2021-23995 https://access.redhat.com/security/cve/CVE-2021-23998 https://access.redhat.com/security/cve/CVE-2021-23999 https://access.redhat.com/security/cve/CVE-2021-24002 https://access.redhat.com/security/cve/CVE-2021-29945 https://access.redhat.com/security/cve/CVE-2021-29946 https://access.redhat.com/security/cve/CVE-2021-29948 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYIZa7tzjgjWX9erEAQgxUA/+NkFcwhBSQrMLks80W3dULm3VdsLjR+JT id4qMhlVJ51F2hd+IHv2SAVukOnXyyj2JlYr0pd93fmHABsZWDxrz6CtUnmeQwM8 HyPke7obm4ACct/dGYs60YPGIH+mWuqG2ta4bSTacBQICl8wFp+3Tg3aucI5g6i/ vssCy0lK8sDI1FMbBQ6qF3VM5VIBSodC/pxqIuYMDRVrLw0XNKv2b/6JJrcS/oYH ZRqj3BA3XWoq9Tu5yIiX0mfrMWqOr/dg1RLbGOybyWyBCWhzUQc6/aY1urMzwvUb YqoJlXULCl4L9Mt1lwmLPESxLDAuSE6SGDhvkekCeXk7gMvzAs3iQk9ixT76yn9S UeZIy/K0FoerauQ8oY0tWg3SVzbzA+HUROXZRfCXHitTplH02cFFY9bvcRy2JszD BB5Z7U1DR401C2xkIrhyKpW1P6mq23PQifM3ENNUhp0cKG3WX/7SwOEZ2rxJaUO6 NL4Ah0IsaERi6NzrcIXWo3rgX7UfaVymxaoMCW7UAOPYu0OY7BsTDEetii7cILS2 47uFcx+zRVZ0PeINr0F8e89woqu+t15Cb5NljbZxPZxsLjnJLf8e6KUTPqwqF/ix 6i48nomJx9/52WufIArL570Q+xRCnOo5WXVFxi9Sv74IyWbWghVVtneFXGLb83kv mJG4iS62vm0=ibFx -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 26, 2021
•Important
Red Hat
197
security advisoryupdatedebianDebian 10: DLA-4001-1 Moderate: Privoxy Memory Leak Threats
Multiple vulnerabilites were discovered in privoxy, a privacy enhancing HTTP proxy, like memory leaks, dereference of a NULL-pointer, et al. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2548-1
Feb 06, 2021
Debian LTS
89
security advisoryFedoraDoSFedora 30 FreeIPA Security Advisory: DoS and Logging Issues
FreeIPA 4.8.3 is a security update release that includes fixes for two issues: * CVE-2019-10195: Don't log passwords embedded in commands in calls using batch A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-8e9093da55 2019-12-05 01:09:44.880022 --------------------------------------------------------------------------------Name : freeipa Product : Fedora 30 Version : 4.8.3 Release : 1.fc30 URL : https://www.freeipa.org/ Summary : The Identity, Policy and Audit system Description : IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). --------------------------------------------------------------------------------Update Information: FreeIPA 4.8.3 is a security update release that includes fixes for two issues: * CVE-2019-10195: Don't log passwords embedded in commands in calls using batch A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed. The issue was reported by Jamison Bennett from Cloudera * CVE-2019-14867: Make sure to have storage space for tag A flaw was found in the waythe internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server. The issue was reported by Todd Lipcon from Cloudera --------------------------------------------------------------------------------ChangeLog: * Tue Nov 26 2019 Alexander Bokovoy - 4.8.3-1 - New upstream release 4.8.3 - CVE-2019-14867: Denial of service in IPA server due to wrong use of ber_scanf() - CVE-2019-10195: Don't log passwords embedded in commands in calls using batch * Tue Nov 12 2019 Rob Crittenden - 4.8.2-1 - New upstream release 4.8.2 - Replace %{_libdir} macro in BuildRequires (#1746882) - Restore user-nsswitch.conf before calling authselect (#1746557) - ipa service-find does not list cifs service created by ipa-client-samba (#1731433) - Occasional 'whoami.data is undefined' error in FreeIPA web UI (#1699109) - ipa-kra-install fails due to fs.protected_regular=1 (#1698384) * Sun Oct 20 2019 Alexander Bokovoy - 4.8.1-4 - Don't create log files from helper scripts - Fixes: rhbz#1754189 * Tue Oct 8 2019 Christian Heimes - 4.8.1-3 - Fix compatibility issue with preexec_fn in Python 3.8 - Fixes: rhbz#1759290 * Tue Oct 1 2019 Alexander Bokovoy - 4.8.1-2 - Fix ipasam for compatibility with Samba 4.11 - Fixes: rhbz#1757089 * Wed Aug 14 2019 Alexander Bokovoy - 4.8.1-1 - New upstream release 4.8.1 - Fixes: rhbz#1732528 - Fixes: rhbz#1732524 * Wed Jul 3 2019 Alexander Bokovoy - 4.8.0-1 - New upstream release 4.8.0 - New subpackage: freeipa-client-samba * Sat May 11 2019 Alexander Bokovoy - 4.7.90.pre1-4 - Upgrade: handle situation when trusts were configured but not established yet * Wed May 1 2019 Adam Williamson - 4.7.90.pre1-3 - Backport PR #3104 to fix a font path error * Wed May 1 2019 Alexander Bokovoy -4.7.90.pre1-2 - Revert MINSSF defaults because realmd cannot join FreeIPA right now as it uses anonymous LDAP connection for the discovery and validation * Mon Apr 29 2019 Alexander Bokovoy - 4.7.90.pre1-1 - First release candidate for FreeIPA 4.8.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #1777147 - CVE-2019-10195 freeipa: IPA: batch API logging user passwords to /var/log/httpd/error_log [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1777147 [ 2 ] Bug #1777200 - CVE-2019-14867 freeipa: ipa: Denial of service in IPA server due to wrong use of ber_scanf() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1777200 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-8e9093da55' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 04, 2019
•Important
Fedora
89
security advisoryFedoramoderate threatFedora 28: Multiple Moodle Vulnerabilities Resolved with Moderate Impact
Multiple CVE fixes.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-ebb1e572c0 2018-08-08 15:32:12.724900 --------------------------------------------------------------------------------Name : moodle Product : Fedora 27 Version : 3.3.7 Release : 1.fc27 URL : https://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. --------------------------------------------------------------------------------Update Information: Multiple CVE fixes. --------------------------------------------------------------------------------ChangeLog: * Mon Jul 30 2018 Gwyn Ciesla - 3.3.7-1 - 3.3.7 * Tue Jan 23 2018 Gwyn Ciesla - 3.3.4-1 - 3.3.4. * Tue Nov 21 2017 Gwyn Ciesla - 3.3.3-1 - 3.3.3. --------------------------------------------------------------------------------References: [ 1 ] Bug #1599817 - CVE-2018-10891 moodle: Quiz question bank import preview could execute JavaScript [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1599817 [ 2 ] Bug #1599807 - CVE-2018-10890 moodle: Web service core_course_get_categories may return invisible categories [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1599807 [ 3 ] Bug #1599816 - CVE-2018-10891 moodle: Quiz question bank import preview could execute JavaScript [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1599816 [ 4 ] Bug #1599806 - CVE-2018-10890 moodle: Web service core_course_get_categories may return invisible categories [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1599806 [ 5 ] Bug #1599800 - CVE-2018-10889 moodle: Privacy data exports include log data [fedora-27] https://bugzilla.redhat.com/show_bug.cgi?id=1599800 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-ebb1e572c0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 08, 2018
Fedora
202
security advisorysoftware updateprivacy issueopenSUSE Leap 42.3: 2018:0259-1 Important: Chromium Security Fix
An update that fixes 24 vulnerabilities is now available.. openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0259-1 Rating: important References: #1073323 #1077571 #1077722 Cross-References: CVE-2017-15420 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update for chromium to 64.0.3282.119 fixes several issues. These security issues were fixed: - CVE-2018-6031: Use after free in PDFium (boo#1077571) - CVE-2018-6032: Same origin bypass in Shared Worker (boo#1077571) - CVE-2018-6033: Race when opening downloaded files (boo#1077571) - CVE-2018-6034: Integer overflow in Blink (boo#1077571) - CVE-2018-6035: Insufficient isolation of devtools from extensions (boo#1077571) - CVE-2018-6036: Integer underflow in WebAssembly (boo#1077571) - CVE-2018-6037: Insufficient user gesture requirements in autofill (boo#1077571) - CVE-2018-6038: Heap buffer overflow in WebGL (boo#1077571) - CVE-2018-6039: XSS in DevTools (boo#1077571) - CVE-2018-6040: Content security policy bypass (boo#1077571) - CVE-2018-6041: URL spoof in Navigation (boo#1077571) - CVE-2018-6042: URL spoof in OmniBox (boo#1077571) - CVE-2018-6043: Insufficient escaping with external URL handlers (boo#1077571) -CVE-2018-6045: Insufficient isolation of devtools from extensions (boo#1077571) - CVE-2018-6046: Insufficient isolation of devtools from extensions (boo#1077571) - CVE-2018-6047: Cross origin URL leak in WebGL (boo#1077571) - CVE-2018-6048: Referrer policy bypass in Blink (boo#1077571) - CVE-2017-15420: URL spoofing in Omnibox (boo#1077571) - CVE-2018-6049: UI spoof in Permissions (boo#1077571) - CVE-2018-6050: URL spoof in OmniBox (boo#1077571) - CVE-2018-6051: Referrer leak in XSS Auditor (boo#1077571) - CVE-2018-6052: Incomplete no-referrer policy implementation (boo#1077571) - CVE-2018-6053: Leak of page thumbnails in New Tab Page (boo#1077571) - CVE-2018-6054: Use after free in WebUI (boo#1077571) Re was updated to version 2018-01-01 (boo#1073323) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-103=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): libre2-0-20180101-9.1 libre2-0-debuginfo-20180101-9.1 re2-debugsource-20180101-9.1 re2-devel-20180101-9.1 - openSUSE Leap 42.3 (x86_64): chromedriver-64.0.3282.119-135.1 chromedriver-debuginfo-64.0.3282.119-135.1 chromium-64.0.3282.119-135.1 chromium-debuginfo-64.0.3282.119-135.1 chromium-debugsource-64.0.3282.119-135.1 libre2-0-32bit-20180101-9.1 libre2-0-debuginfo-32bit-20180101-9.1 References: https://www.suse.com/security/cve/CVE-2017-15420.html https://www.suse.com/security/cve/CVE-2018-6031.html https://www.suse.com/security/cve/CVE-2018-6032.html https://www.suse.com/security/cve/CVE-2018-6033.html https://www.suse.com/security/cve/CVE-2018-6034.html https://www.suse.com/security/cve/CVE-2018-6035.html https://www.suse.com/security/cve/CVE-2018-6036.html https://www.suse.com/security/cve/CVE-2018-6037.html https://www.suse.com/security/cve/CVE-2018-6038.html https://www.suse.com/security/cve/CVE-2018-6039.html https://www.suse.com/security/cve/CVE-2018-6040.html https://www.suse.com/security/cve/CVE-2018-6041.html https://www.suse.com/security/cve/CVE-2018-6042.html https://www.suse.com/security/cve/CVE-2018-6043.html https://www.suse.com/security/cve/CVE-2018-6045.html https://www.suse.com/security/cve/CVE-2018-6046.html https://www.suse.com/security/cve/CVE-2018-6047.html https://www.suse.com/security/cve/CVE-2018-6048.html https://www.suse.com/security/cve/CVE-2018-6049.html https://www.suse.com/security/cve/CVE-2018-6050.html https://www.suse.com/security/cve/CVE-2018-6051.html https://www.suse.com/security/cve/CVE-2018-6052.html https://www.suse.com/security/cve/CVE-2018-6053.html https://www.suse.com/security/cve/CVE-2018-6054.html https://bugzilla.suse.com/1073323 https://bugzilla.suse.com/1077571 https://bugzilla.suse.com/1077722 -- . Addresses 24 vulnerabilities in chromium with openSUSE upgrade to version 64.0.3282.119. Keep your system secure and up-to-date!. openSUSE security, chromium update, security patch, software security. . Severity: Important. LinuxSecurity.com Team
Jan 28, 2018
•Important
OpenSUSE
197
security advisorycriticaldebianDebian 7 Wheezy DLA-1202-1 Critical: Firefox Data Tracking Issue
It was discovered that the private browsing mode in Firefox was able to write persistent data to a database, which could lead to websites tracking users even when browsing in this mode. . Hash: SHA256 Package : firefox-esr Version : 52.5.2esr-1~deb7u1 CVE ID : CVE-2017-7843 It was discovered that the private browsing mode in Firefox was able to write persistent data to a database, which could lead to websites tracking users even when browsing in this mode. For Debian 7 "Wheezy", these problems have been fixed in version 52.5.2esr-1~deb7u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS patches Firefox security flaw: Update firefox-esr to block website tracking.. Firefox Security Update, Debian LTS Updates, Privacy Tracking Issue. . Severity: Critical. LinuxSecurity.com Team
Dec 10, 2017
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!