Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
87
security advisorydebianimportant fixDebian 10: DSA-4810-1 Critical: Lxml Bypass Issue Resolved
Yaniv Nizry discovered that the clean module of lxml, Python bindings for libxml2 and libxslt could be bypassed. For the stable distribution (buster), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4810-1
Dec 13, 2020
•Critical
Debian
89
security advisoryfedorasoftware updateFedora 9 gnome-python2-extras FireFox 3.0.11 Security Fix
Update to new upstream Firefox version 3.0.11, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuild against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-6411 2009-06-15 22:07:28 -------------------------------------------------------------------------------- Name : gnome-python2-extras Product : Fedora 9 Version : 2.19.1 Release : 28.fc9 URL : https://gnome.pages.gitlab.gnome.org/pygobject/ Summary : The sources for additional. PyGNOME Python extension modules. Description : The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.0.11, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ Update also includes all packages depending on gecko-libs rebuild against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2009 Christopher Aillon - 2.19.1-28 - Rebuild against newer gecko * Mon Apr 27 2009 Christopher Aillon - 2.19.1-27 - Rebuild against newer gecko * Tue Apr 21 2009 Christopher Aillon - 2.19.1-26 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 2.19.1-25 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 2.19.1-24 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 2.19.1-23 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 2.19.1-22 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon -2.19.1-21 - Rebuild against newer gecko * Mon Oct 27 2008 Matthew Barnes - 2.19.1-20 - Provide Python bindings for libgdl on ppc64 (RH bug #468693). * Thu Oct 9 2008 Matthew Barnes - 2.19.1-19 - Remove gtkspell-static patch. Appears to not be needed anymore. * Wed Sep 24 2008 Christopher Aillon - 2.19.1-18 - Rebuild against newer gecko * Fri Jul 18 2008 Paul W. Frields - 2.19.1-17.fc9 - Rebuild against new xulrunner (1.9.0.1) and fix dependencies * Fri Jun 20 2008 Martin Stransky - 2.19.1-16.fc9 - Rebuild against new gecko-libs 1.9 (xulrunner) -------------------------------------------------------------------------------- References: [ 1 ] Bug #503568 - CVE-2009-1392 Firefox browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=503568 [ 2 ] Bug #503569 - CVE-2009-1832 Firefox double frame construction flaw https://bugzilla.redhat.com/show_bug.cgi?id=503569 [ 3 ] Bug #503570 - CVE-2009-1833 Firefox JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=503570 [ 4 ] Bug #503573 - CVE-2009-1834 Firefox URL spoofing with invalid unicode characters https://bugzilla.redhat.com/show_bug.cgi?id=503573 [ 5 ] Bug #503576 - CVE-2009-1835 Firefox Arbitrary domain cookie access by local file: resources https://bugzilla.redhat.com/show_bug.cgi?id=503576 [ 6 ] Bug #503578 - CVE-2009-1836 Firefox SSL tampering via non-200 responses to proxy CONNECT requests https://bugzilla.redhat.com/show_bug.cgi?id=503578 [ 7 ] Bug #503579 - CVE-2009-1837 Firefox Race condition while accessing the private data of a NPObject JS wrapper class object https://bugzilla.redhat.com/show_bug.cgi?id=503579 [ 8 ] Bug #503580 - CVE-2009-1838 Firefox arbitrary code execution flaw https://bugzilla.redhat.com/show_bug.cgi?id=503580 [ 9 ] Bug #503581 - CVE-2009-1839 Firefox information disclosure flaw https://bugzilla.redhat.com/show_bug.cgi?id=503581 [ 10 ] Bug #503582 - CVE-2009-1840 Firefox XUL scripts skip some securitychecks https://bugzilla.redhat.com/show_bug.cgi?id=503582 [ 11 ] Bug #503583 - CVE-2009-1841 Firefox JavaScript arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=503583 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gnome-python2-extras' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jun 15, 2009
•Critical
Fedora
89
security advisorysecurity issuefedoraFedora 9: FEDORA-2009-5678 Critical: gnome-python2-extras Security Update
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-3875 2009-04-22 19:42:15 -------------------------------------------------------------------------------- Name : gnome-python2-extras Product : Fedora 9 Version : 2.19.1 Release : 26.fc9 URL : https://gnome.pages.gitlab.gnome.org/pygobject/ Summary : The sources for additional. PyGNOME Python extension modules. Description : The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. -------------------------------------------------------------------------------- Update Information: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 21 2009 Christopher Aillon - 2.19.1-26 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 2.19.1-25 - Rebuild against newer gecko * Fri Mar 6 2009 Jan Horak - 2.19.1-24 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 2.19.1-23 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 2.19.1-22 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon - 2.19.1-21 - Rebuild against newer gecko * Mon Oct 27 2008 Matthew Barnes - 2.19.1-20 - Provide Python bindings for libgdl on ppc64 (RH bug #468693). * Thu Oct 9 2008 Matthew Barnes - 2.19.1-19 - Remove gtkspell-static patch. Appears to not be needed anymore. * Wed Sep 24 2008 Christopher Aillon - 2.19.1-18 - Rebuild against newer gecko * Fri Jul 18 2008 Paul W. Frields - 2.19.1-17.fc9 - Rebuild against new xulrunner (1.9.0.1) and fix dependencies * Fri Jun 20 2008 Martin Stransky - 2.19.1-16.fc9 - Rebuild against new gecko-libs 1.9(xulrunner) -------------------------------------------------------------------------------- References: [ 1 ] Bug #496252 - CVE-2009-1302 Firefox 3 Layout engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496252 [ 2 ] Bug #496253 - CVE-2009-1303 Firefox 2 and 3 Layout engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496253 [ 3 ] Bug #496255 - CVE-2009-1304 Firefox 3 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496255 [ 4 ] Bug #496256 - CVE-2009-1305 Firefox 2 and 3 JavaScript engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496256 [ 5 ] Bug #486704 - CVE-2009-0652 firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks) https://bugzilla.redhat.com/show_bug.cgi?id=486704 [ 6 ] Bug #496262 - CVE-2009-1306 Firefox jar: scheme ignores the content-disposition: header on the inner URI https://bugzilla.redhat.com/show_bug.cgi?id=496262 [ 7 ] Bug #496263 - CVE-2009-1307 Firefox Same-origin violations when Adobe Flash loaded via view-source: protocol https://bugzilla.redhat.com/show_bug.cgi?id=496263 [ 8 ] Bug #496266 - CVE-2009-1308 Firefox XSS hazard using third-party stylesheets and XBL bindings https://bugzilla.redhat.com/show_bug.cgi?id=496266 [ 9 ] Bug #496267 - CVE-2009-1309 Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString https://bugzilla.redhat.com/show_bug.cgi?id=496267 [ 10 ] Bug #496270 - CVE-2009-1310 Firefox Malicious search plugins can inject code into arbitrary sites https://bugzilla.redhat.com/show_bug.cgi?id=496270 [ 11 ] Bug #496271 - CVE-2009-1311 Firefox POST data sent to wrong site when saving web page with embedded frame https://bugzilla.redhat.com/show_bug.cgi?id=496271 [ 12 ] Bug #496274 - CVE-2009-1312 Firefox allows Refresh header to redirect to javascript: URIs https://bugzilla.redhat.com/show_bug.cgi?id=496274 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gnome-python2-extras' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Apr 23, 2009
•Critical
Fedora
89
security advisoryfedorabug fixFedora Core 2: FEDORA-2004-340 Moderate: OpenSSL Security Update
This update fixes many bugs, mostly in the LDAP backend and the Python bindings.. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-339 2004-10-13 --------------------------------------------------------------------- Product : Fedora Core 2 Name : libuser Version : 0.52.5 Release : 0.FC2.1 Summary : A user and group account administration library. Description : The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. --------------------------------------------------------------------- Update Information: This update fixes many bugs, mostly in the LDAP backend and the Python bindings. --------------------------------------------------------------------- * Tue Oct 12 2004 Miloslav Trmac - 0.52.5-0.FC2.1 - Build for Fedora Core 2 * Tue Oct 12 2004 Miloslav Trmac - 0.52.5-1 - Fix home directory renaming in ADMIN.modifyUser (#135280) - Further Python reference counting fixes * Sun Oct 10 2004 Miloslav Trmac - 0.52.4-1 - Fix memory leaks (#113730) - Build with updated translations * Wed Sep 29 2004 Miloslav Trmac - 0.52.3-1 - Fix compilation without libuser headers already installed (#134085) * Tue Sep 28 2004 Miloslav Trmac - 0.52.2-1 - Allow LDAP connection using ldaps, custom ports or without TLS (original patch from Pawel Salek). * Mon Sep 27 2004 Miloslav Trmac - 0.52.1-1 - Fix freecon() of uninitialized value in files/shadow module * Mon Sep 27 2004 Miloslav Trmac - 0.52-1 - Usable LDAP backend (#68052, #99435, #130404) - Miscellaneous bug fixes * Fri Sep 24 2004 Miloslav Trmac - 0.51.12-1 - Don't claim success and exception at the same time (#133479) - LDAP fixes, second round - Various other bugfixes * Thu Sep 23 2004 Miloslav Trmac - 0.51.11-1 - Allowdocumented optional arguments in Python ADMIN.{addUser,modifyUser,deleteUser} (#119812) - Add man pages for lchfn and lchsh - LDAP fixes, first round - Avoid file conflict on multilib systems - Call ldconfig correctly * Fri Sep 03 2004 Miloslav Trmac - 0.51.10-1 - Don't attempt to lookup using original entity name after entity modification (rename in particular) (#78376, #121252) - Fix copying of symlinks from /etc/skel (#87572, original patch from gLaNDix) - Make --enable-quota work, and fix the quota code to at least compile (#89114) - Fix several bugs (#120168, original patch from Steve Grubb) - Don't hardcode python version in spec file (#130952, from Robert Scheck) - Properly integrate the SELinux patch, it should actually be used now, even though it was "enabled" since 0.51.7-6 * Tue Aug 31 2004 Miloslav Trmac - 0.51.9-1 - Fix various typos - Document library interfaces - Build all shared libraries with -fPIC (#72536) * Wed Aug 25 2004 Miloslav Trmac - 0.51.8-1 - Update to build with latest autotools and gtk-doc - Update ALL_LINGUAS and POTFILES.in - Rebuild to depend on newer openldap --------------------------------------------------------------------- This update can be downloaded from: cb54affe8382dbc0c4214330a501e7ac SRPMS/libuser-0.52.5-0.FC2.1.src.rpm 14bac2e016f386d375576801d4dc7020 x86_64/libuser-0.52.5-0.FC2.1.x86_64.rpm d1b7dde748e4c75c65bf64e0a7d22ff2 x86_64/libuser-devel-0.52.5-0.FC2.1.x86_64.rpm401ae4af2f24ddaa5cc126e1833a5dcd x86_64/debug/libuser-debuginfo-0.52.5-0.FC2.1.x86_64.rpm b169e6a5f2457979ed1ba2a14597147c i386/libuser-0.52.5-0.FC2.1.i386.rpm 7246ceac99abb9ab5d0d134da35fc118 i386/libuser-devel-0.52.5-0.FC2.1.i386.rpm 8ba0c982f03a14339fc564318f998630 i386/debug/libuser-debuginfo-0.52.5-0.FC2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- fedora-announce-list mailing list
Oct 13, 2004
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!