Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
89
security advisoryfedoraimportantFedora 41: FEDORA-2025-c53905e83d important: libkrun CVE-2025-4574
This release includes improvements and fixes, and updates crossbeam-channel dependency to address CVE-2025-4574. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c53905e83d 2025-06-14 01:51:14.531329+00:00 -------------------------------------------------------------------------------- Name : libkrun Product : Fedora 41 Version : 1.13.0 Release : 1.fc41 URL : https://github.com/containers/libkrun Summary : Dynamic library providing Virtualization-based process isolation capabilities Description : Dynamic library providing Virtualization-based process isolation capabilities. -------------------------------------------------------------------------------- Update Information: This release includes improvements and fixes, and updates crossbeam-channel dependency to address CVE-2025-4574 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2025 Sergio Lopez - 1.13.0-1 - Update to version 1.13.0 * Tue May 20 2025 Sergio Lopez - 1.12.2-1 - Update to version 1.12.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c53905e83d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 14, 2025
•Important
Fedora
89
security advisoryfedoracriticalFedora 42: Important libkrun update addressing CVE-2025-4574 issue
This release includes improvements and fixes, and updates crossbeam-channel dependency to address CVE-2025-4574. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4fc3431dab 2025-06-14 01:09:53.632877+00:00 -------------------------------------------------------------------------------- Name : libkrun Product : Fedora 42 Version : 1.13.0 Release : 1.fc42 URL : https://github.com/containers/libkrun Summary : Dynamic library providing Virtualization-based process isolation capabilities Description : Dynamic library providing Virtualization-based process isolation capabilities. -------------------------------------------------------------------------------- Update Information: This release includes improvements and fixes, and updates crossbeam-channel dependency to address CVE-2025-4574 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2025 Sergio Lopez - 1.13.0-1 - Update to version 1.13.0 * Tue May 20 2025 Sergio Lopez - 1.12.2-1 - Update to version 1.12.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4fc3431dab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 14, 2025
•Important
Fedora
203
security advisorythunderbirdmemory safetyMageia 9: MGASA-2025-0151: Critical Thunderbird Updates
Process isolation bypass using "javascript:" URI links in cross-origin frames. (CVE-2025-4083) Unsafe attribute access during XPath parsing. (CVE-2025-4087) Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. (CVE-2025-4091) . MGASA-2025-0151 - Updated thunderbird packages fix security vulnerabilities Publication date: 08 May 2025 URL: https://advisories.mageia.org/MGASA-2025-0151.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-4083, CVE-2025-4087, CVE-2025-4091, CVE-2025-4093 Process isolation bypass using "javascript:" URI links in cross-origin frames. (CVE-2025-4083) Unsafe attribute access during XPath parsing. (CVE-2025-4087) Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. (CVE-2025-4091) Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10. (CVE-2025-4093) References: - https://bugs.mageia.org/show_bug.cgi?id=34233 - https://www.thunderbird.net/en-US/thunderbird/128.10.0esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/ - https://www.cve.org/CVERecord?id=CVE-2025-4083 - https://www.cve.org/CVERecord?id=CVE-2025-4087 - https://www.cve.org/CVERecord?id=CVE-2025-4091 - https://www.cve.org/CVERecord?id=CVE-2025-4093 SRPMS: - 9/core/thunderbird-128.10.0-1.mga9 - 9/core/thunderbird-l10n-128.10.0-1.mga9 . Mageia has released a critical security notice regarding vulnerabilities that affect process isolation, attribute handling, and memory safety in Thunderbird application. Mageia Security, Thunderbird Update, Process Isolation, Memory Safety Issues, XPath Vulnerability. . Severity: Critical. LinuxSecurity.com Team
May 08, 2025
•Critical
Mageia
203
security advisorymemory corruptionjavascriptMageia 9: 2025-0150 critical: firefox javascript sandbox escape
A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox where XPath parsing could . MGASA-2025-0150 - Updated firefox packages fix security vulnerabilities Publication date: 08 May 2025 URL: https://advisories.mageia.org/MGASA-2025-0150.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-4083, CVE-2025-4087, CVE-2025-4091, CVE-2025-4093 A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption, CVE-2025-4087. Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code, CVE-2025-4091. Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code, CVE-2025-4093. References: - https://bugs.mageia.org/show_bug.cgi?id=34232 - https://www.firefox.com/en-US/firefox/128.10.0/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/ - https://www.cve.org/CVERecord?id=CVE-2025-4083 - https://www.cve.org/CVERecord?id=CVE-2025-4087 - https://www.cve.org/CVERecord?id=CVE-2025-4091 - https://www.cve.org/CVERecord?id=CVE-2025-4093 SRPMS: -9/core/firefox-128.10.0-1.mga9 - 9/core/firefox-l10n-128.10.0-1.mga9 . A flaw in Firefox permits a sandbox escape through Javascript URIs, necessitating a prompt security patch and upgrade for Mageia.. Firefox vulnerabilities, Mageia security advisory, javascript process isolation, memory safety issues, security updates. . Severity: Critical. LinuxSecurity.com Team
May 08, 2025
•Critical
Mageia
89
security advisoryFedoracritical updateFedora 38: FEDORA-2024-f2305d485f Critical Update for libkrun
Update rust-vmm components and their consumers to address CVE-2023-50711. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-f2305d485f 2024-02-14 01:11:43.154092 -------------------------------------------------------------------------------- Name : libkrun Product : Fedora 38 Version : 1.7.2 Release : 4.fc38 URL : https://github.com/containers/libkrun Summary : Dynamic library providing Virtualization-based process isolation capabilities Description : Dynamic library providing Virtualization-based process isolation capabilities. -------------------------------------------------------------------------------- Update Information: Update rust-vmm components and their consumers to address CVE-2023-50711 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 25 2024 Fedora Release Engineering - 1.7.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 1.7.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jan 11 2024 Sergio Lopez - 1.7.2-2 - Update versions of rust-vmm dependencies -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-f2305d485f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 14, 2024
•Critical
Fedora
89
security advisorysecurity issueFedoraFedora 39: FEDORA-2024-04877592b7 Critical: libkrun Security Issue
Update rust-vmm components and their consumers to address CVE-2023-50711. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-04877592b7 2024-02-10 01:24:59.648730 -------------------------------------------------------------------------------- Name : libkrun Product : Fedora 39 Version : 1.7.2 Release : 4.fc39 URL : https://github.com/containers/libkrun Summary : Dynamic library providing Virtualization-based process isolation capabilities Description : Dynamic library providing Virtualization-based process isolation capabilities. -------------------------------------------------------------------------------- Update Information: Update rust-vmm components and their consumers to address CVE-2023-50711 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 25 2024 Fedora Release Engineering - 1.7.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 1.7.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jan 11 2024 Sergio Lopez - 1.7.2-2 - Update versions of rust-vmm dependencies -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-04877592b7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 10, 2024
•Critical
Fedora
89
security advisorycriticalFedoraFedora 38: 2023-c19aaa2283 Critical Memory Threat for libkrun
Rebuild dependent packages for vm-memory v0.12.2 to address CVE-2023-41051 / RUSTSEC-2023-0056. - - bin/cvename.cgi?name=CVE-2023-41051 - https://rustsec.org/advisories/RUSTSEC-2023-0056.html. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-c19aaa2283 2023-09-28 01:34:46.976714 -------------------------------------------------------------------------------- Name : libkrun Product : Fedora 38 Version : 1.5.0 Release : 6.fc38 URL : https://github.com/containers/libkrun Summary : Dynamic library providing Virtualization-based process isolation capabilities Description : Dynamic library providing Virtualization-based process isolation capabilities. -------------------------------------------------------------------------------- Update Information: Rebuild dependent packages for vm-memory v0.12.2 to address CVE-2023-41051 / RUSTSEC-2023-0056. - - bin/cvename.cgi?name=CVE-2023-41051 - https://rustsec.org/advisories/RUSTSEC-2023-0056.html -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 19 2023 Fabio Valentini - 1.5.0-6 - Rebuild for vm-memory v0.12.2 / CVE-2023-41051. * Thu Jul 20 2023 Fedora Release Engineering - 1.5.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2236894 - CVE-2023-41051 rust-vm-memory: vm-memory: out-of-bounds access in memory functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2236894 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-c19aaa2283' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages aresigned with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 28, 2023
•Critical
Fedora
89
security advisoryFedoraprocess isolationFedora 37: FEDORA-2023-37ae269843 Moderate: Libkrun Process Isolation
Recent updates for the `tokio`, `h2`, and `openssl` crates addressed some (potential or confirmed) security or soundness issues: - `tokio`: [RUSTSEC-2023-0005](https://rustsec.org/advisories/RUSTSEC-2023-0005.html) - `h2`: [RUSTSEC-2023-0034](https://rustsec.org/advisories/RUSTSEC-2023-0034.html) / [CVE-2023-26964](https://nvd.nist.gov/vuln/detail/CVE-2023-26964) - `openssl`:. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-37ae269843 2023-05-18 00:49:56.087782 --------------------------------------------------------------------------------Name : libkrun Product : Fedora 37 Version : 1.5.0 Release : 2.fc37 URL : https://github.com/containers/libkrun Summary : Dynamic library providing Virtualization-based process isolation capabilities Description : Dynamic library providing Virtualization-based process isolation capabilities. --------------------------------------------------------------------------------Update Information: Recent updates for the `tokio`, `h2`, and `openssl` crates addressed some (potential or confirmed) security or soundness issues: - `tokio`: [RUSTSEC-2023-0005](https://rustsec.org/advisories/RUSTSEC-2023-0005.html) -`h2`: [RUSTSEC-2023-0034](https://rustsec.org/advisories/RUSTSEC-2023-0034.html) / [CVE-2023-26964](https://nvd.nist.gov/vuln/detail/CVE-2023-26964) - `openssl`: [RUSTSEC-2023-0022](https://rustsec.org/advisories/RUSTSEC-2023-0022.html), [RUSTSEC-2023-0023](https://rustsec.org/advisories/RUSTSEC-2023-0023.html), [RUSTSEC-2023-0024](https://rustsec.org/advisories/RUSTSEC-2023-0024.html) This update contains rebuilds of all affected applications against the latest versions of these crates, which have addressed all linked issues. --------------------------------------------------------------------------------ChangeLog: * Wed May 3 2023 Fabio Valentini - 1.5.0-2 - Rebuild for openssl crate > = v0.10.48(RUSTSEC-2023-{0022,0023,0024}) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-37ae269843' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 18, 2023
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!