Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
197
security advisorydebianapplication updateDebian LTS: DLA-4099-1: flatpak Security Advisory Updates
Access to files outside sandbox has been fixed in Flatpak, an application deployment framework for desktop apps. As a prerequisite for the fix, the bubblewrap package has also . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4099-1
Mar 31, 2025
•Critical
Debian LTS
89
security advisoryfedorasoftware updateFedora 40 Advisory: Firefox 125.0 Update with Sandboxing Feature
New upstream release (125.0) New upstream release (124.0.2). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c6a1d4e0ec 2024-04-19 21:20:20.799642 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 40 Version : 125.0 Release : 1.fc40 URL : https://www.firefox.com/en-US/?redirect_source=mozilla-org Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: New upstream release (125.0) New upstream release (124.0.2) -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 9 2024 Martin Stransky - 125.0-1 - Updated to 125.0 * Thu Apr 4 2024 Martin Stransky - 124.0.2-2 - Updated to 124.0.2 * Thu Mar 28 2024 Jan Horak - 124.0.1-4 - Enable rlbox sandboxing -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c6a1d4e0ec' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 19, 2024
•Critical
Fedora
87
security advisoryupdatecriticalDebian: DSA-5107-1 Critical: php-twig Sandboxing Code Execution Risk
Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5107-1
Mar 24, 2022
•Critical
Debian
87
security advisorykernel updatebug fixDebian DSA-4539-2: OpenSSH Sandboxing Fix for Older Kernels
A change introduced in openssl 1.1.1d (which got released as DSA 4539-1) requires sandboxing features which are not available in Linux kernels before 3.19, resulting in OpenSSH rejecting connection attempts if running on an old kernel. This does not affect Linux kernels shipped in . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4539-2
Oct 07, 2019
•Important
Debian
89
security advisorymoderateupdateFedora 24: 2016-631737a49a Moderate: Tracker Sandboxing Improvement
This update adds security sandboxing to tracker-extract.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-631737a49a 2016-12-29 04:39:04.476415 -------------------------------------------------------------------------------- Name : tracker Product : Fedora 24 Version : 1.8.2 Release : 1.fc24 URL : Summary : Desktop-neutral search tool and indexer Description : Tracker is a powerful desktop-neutral first class object database, tag/metadata database, search tool and indexer. It consists of a common object database that allows entities to have an almost infinite number of properties, metadata (both embedded/harvested as well as user definable), a comprehensive database of keywords/tags and links to other entities. It provides additional features for file based objects including context linking and audit trails for a file object. It has the ability to index, store, harvest metadata. retrieve and search all types of files and other first class objects -------------------------------------------------------------------------------- Update Information: This update adds security sandboxing to tracker-extract. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade tracker' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 29, 2016
Fedora
200
security advisorycode executioncross-site scriptingSciLinux Advisory: SLSA-2013:1823-1 Critical: Thunderbird XSS Risk
Important: thunderbird security update. Date: Thu, 12 Dec 2013 09:38:38 -0600 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: thunderbird on SL5.x, i386/x86_64 MIME-Version: 1.0 Synopsis: Important: thunderbird security update Advisory ID: SLSA-2013:1823-1 Issue Date: 2013-12-11 CVE Numbers: CVE-2013-5609 CVE-2013-5612 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 CVE-2013-5613 -- Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Thunderbird rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross site-scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5614) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect. -- SL5 x86_64 thunderbird-24.2.0-2.el5_10.x86_64.rpm thunderbird-debuginfo-24.2.0-2.el5_10.x86_64.rpm i386 thunderbird-24.2.0-2.el5_10.i386.rpm thunderbird-debuginfo-24.2.0-2.el5_10.i386.rpm - Scientific Linux Development Team . Significant Thunderbird patch rectifies major vulnerabilities, facilitating code execution through improperly formatted data in CentOS.. Thunderbird Update,Scientific Linux Security, Malicious Code, Email Security. . Severity: Critical. LinuxSecurity.com Team
Dec 12, 2013
•Critical
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!