Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisorynetwork securityfedoraFedora 38: FEDORA-2023-7342330743 Moderate: IceCat Regex Issues
- Release 115.3.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7342330743 2023-10-18 01:45:22.977713 -------------------------------------------------------------------------------- Name : icecat Product : Fedora 38 Version : 115.3.1 Release : 7.rh2.fc38 URL : Summary : GNU version of Firefox browser Description : GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: * LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. * HTTPS Everywhere HTTPS Everywhere is an extension that encrypts your communications with many major websites, making your browsing more secure. * A set of companion extensions for LibreJS by Nathan Nichols are pre-installed, and provide workarounds to use some services at USPS, RSF.org, SumOfUs.org, pay.gov, McDonalds, goteo.org and Google Docs without using nonfree JavaScript. * A series of configuration changes and tweaks were applied to ensure that IceCat does not initiate network connections that the user has not explicitly requested. This implies not downloading feeds, updates, blacklists or any other similar data needed during startup. -------------------------------------------------------------------------------- Update Information: - Release 115.3.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 2 2023 Antonio Trande - 2:115.3.1-7.rh2 - Add missing installed files * Sun Oct 1 2023 Antonio Trande - 2:115.3.1-6.rh2 - Exclude manpage temporarily * Sun Oct 1 2023 Antonio Trande - 2:115.3.1-5.rh2 - Upload new source archive rh2 * Sat Sep 30 2023 Antonio Trande - 2:115.3.1-4.rh1 - Fix icecatview.html file * Sat Sep 30 2023 Antonio Trande - 2:115.3.1-3.rh1 - Fix files for processing MOZBUILD * Fri Sep29 2023 Antonio Trande - 2:115.3.1-2.rh1 - Release 115.3.1 rh1| Fix clang path * Fri Sep 29 2023 Antonio Trande - 2:115.3.1-1.rh1 - Release 115.3.1 rh1| Epoch 2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2208177 - CVE-2023-26117 icecat: angularjs: Regular expression denial of service via the $resource service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208177 [ 2 ] Bug #2208185 - CVE-2023-26116 icecat: angularjs: Regular Expression Denial of Service via angular.copy() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208185 [ 3 ] Bug #2208195 - CVE-2023-26118 icecat: angularjs: Regular Expression Denial of Service via the element [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208195 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7342330743' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 18, 2023
Fedora
89
security advisoryfedoraupdateFedora 35: 2023-162e8f9a3d High: Rubygem-ActiveSupport Vulnerability Patch
Backport fix for possible DOS by regex assigned as CVE-2022-24836.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-132c6d7c2e 2022-04-21 20:57:05.212182 --------------------------------------------------------------------------------Name : rubygem-nokogiri Product : Fedora 34 Version : 1.11.7 Release : 2.fc34 URL : https://nokogiri.org Summary : An HTML, XML, SAX, and Reader parser Description : Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath. --------------------------------------------------------------------------------Update Information: Backport fix for possible DOS by regex assigned as CVE-2022-24836. --------------------------------------------------------------------------------ChangeLog: * Thu Apr 14 2022 Mamoru TASAKA - 1.11.7-2 - Backport CVE-2022-24836 from between 1.13.3 and 1.13.4 --------------------------------------------------------------------------------References: [ 1 ] Bug #2074348 - CVE-2022-24836 rubygem-nokogiri: nokogiri: ReDoS in HTML encoding detection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2074348 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-132c6d7c2e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 21, 2022
Fedora
172
security advisoryDoSubuntuUbuntu 18.04 LTS: USN-5200-1 Critical: Python DoS Issues
Python could be made to crash if it receives specially crafted input from a malicious server.. =========================================================================Ubuntu Security Notice USN-5200-1 December 17, 2021 python3.7, python3.8 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Python could be made to crash if it receives specially crafted input from a malicious server. Software Description: - python3.7: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language Details: It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2020-8492) It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2021-3733) It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (DoS) condition for a client. (CVE-2021-3737) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libpython3.7-stdlib 3.7.5-2ubuntu1~18.04.2 libpython3.8-stdlib 3.8.0-3ubuntu1~18.04.2 python3.7 3.7.5-2ubuntu1~18.04.2 python3.7-minimal 3.7.5-2ubuntu1~18.04.2 python3.8 3.8.0-3ubuntu1~18.04.2 python3.8-minimal 3.8.0-3ubuntu1~18.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5200-1 CVE-2020-8492, CVE-2021-3733, CVE-2021-3737 Package Information: https://launchpad.net/ubuntu/+source/python3.7/3.7.5-2ubuntu1~18.04.2 https://launchpad.net/ubuntu/+source/python3.8/3.8.0-3ubuntu1~18.04.2 . Security alert for Ubuntu 18.04 LTS focusing on vulnerabilities in Python that could compromise both integrity and overall system performance.. Python Security, Denial of Service, Ubuntu Vulnerabilities, Input Handling, Regex Issues. . Severity: Critical. LinuxSecurity.com Team
Dec 17, 2021
•Critical
Ubuntu
89
security advisorymoderatefedoraFedora 33: 2021-77191478ad Moderate: Python-Markdown2 Regex DoS
#### python-markdown2 2.4.0 - [pull #377] Fixed bug breaking strings elements in metadata lists - [pull #380] When rendering fenced code blocks, also add the `language-LANG` class - [pull #387] Regex DoS fixes. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-77191478ad 2021-05-10 01:07:48.522386 --------------------------------------------------------------------------------Name : python-markdown2 Product : Fedora 33 Version : 2.4.0 Release : 1.fc33 URL : https://github.com/trentm/python-markdown2/ Summary : A fast and complete Python implementation of Markdown Description : Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete Python implementation of the Markdown spec. For information about markdown itself, see https://daringfireball.net/projects/markdown/ --------------------------------------------------------------------------------Update Information: #### python-markdown2 2.4.0 - [pull #377] Fixed bug breaking strings elements in metadata lists - [pull #380] When rendering fenced code blocks, also add the `language-LANG` class - [pull #387] Regex DoS fixes --------------------------------------------------------------------------------ChangeLog: * Sat May 1 2021 Thomas Moschny - 2.4.0-1 - Update to 2.4.0. * Wed Jan 27 2021 Fedora Release Engineering - 2.3.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1934835 - CVE-2021-26813 python-markdown2: Regular expression denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934835 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-77191478ad' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 09, 2021
Fedora
89
security advisorysecurity issuebuffer overflowFedora 23 TRE Update: Security Advisory for Buffer Overflow Risk
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-0ff6c3d84b 2016-11-14 16:01:35.620260 -------------------------------------------------------------------------------- Name : tre Product : Fedora 23 Version : 0.8.0 Release : 18.20140228gitc2f5d13.fc23 URL : Summary : POSIX compatible regexp library with approximate matching Description : TRE is a lightweight, robust, and efficient POSIX compatible regexp matching library with some exciting features such as approximate matching. -------------------------------------------------------------------------------- Update Information: This update includes the following fixes: * fix for CVE-2016-8859 * fix for CVE-2015-3796 (see https://github.com/laurikari/tre/issues/37 and * fix for parallel installation of multilib packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387112 - CVE-2016-8859 tre: Regex integer overflow in buffer size computations https://bugzilla.redhat.com/show_bug.cgi?id=1387112 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade tre' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 14, 2016
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!