Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
202
security advisorycriticalheap overflowopenSUSE Backports SLE-15-SP7 Chromium Critical Security Update 2026-0175-1
An update that fixes 16 vulnerabilities is now available.. openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0175-1 Rating: critical References: #1265848 Cross-References: CVE-2026-9110 CVE-2026-9111 CVE-2026-9112 CVE-2026-9113 CVE-2026-9114 CVE-2026-9115 CVE-2026-9116 CVE-2026-9117 CVE-2026-9118 CVE-2026-9119 CVE-2026-9120 CVE-2026-9121 CVE-2026-9122 CVE-2026-9123 CVE-2026-9124 CVE-2026-9126 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 148.0.7778.178 (boo#1265848) * CVE-2026-9111: Use after free in WebRTC * CVE-2026-9110: Inappropriate implementation in UI * CVE-2026-9112: Use after free in GPU * CVE-2026-9113: Out of bounds read in GPU * CVE-2026-9114: Use after free in QUIC * CVE-2026-9115: Insufficient policy enforcement in Service Worker * CVE-2026-9116: Insufficient policy enforcement in ServiceWorker * CVE-2026-9117: Type Confusion in GFX * CVE-2026-9118: Use after free in XR * CVE-2026-9119: Heap buffer overflow in WebRTC * CVE-2026-9120: Use after free in WebRTC * CVE-2026-9126: Use after free in DOM * CVE-2026-9121: Out of bounds read in GPU * CVE-2026-9122: Out of bounds read in GPU * CVE-2026-9123: Heap buffer overflow in Chromecast * CVE-2026-9124: Insufficient validation of untrusted input in Input - add system-wide chromium.conf as in fedora package enable several features by default and disable ai features allow to override via setting CHROMIUM_USER_FLAGS Patch Instructions: To install this openSUSESecurity Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-175=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64): chromedriver-148.0.7778.178-bp157.2.160.1 chromium-148.0.7778.178-bp157.2.160.1 References: https://www.suse.com/security/cve/CVE-2026-9110.html https://www.suse.com/security/cve/CVE-2026-9111.html https://www.suse.com/security/cve/CVE-2026-9112.html https://www.suse.com/security/cve/CVE-2026-9113.html https://www.suse.com/security/cve/CVE-2026-9114.html https://www.suse.com/security/cve/CVE-2026-9115.html https://www.suse.com/security/cve/CVE-2026-9116.html https://www.suse.com/security/cve/CVE-2026-9117.html https://www.suse.com/security/cve/CVE-2026-9118.html https://www.suse.com/security/cve/CVE-2026-9119.html https://www.suse.com/security/cve/CVE-2026-9120.html https://www.suse.com/security/cve/CVE-2026-9121.html https://www.suse.com/security/cve/CVE-2026-9122.html https://www.suse.com/security/cve/CVE-2026-9123.html https://www.suse.com/security/cve/CVE-2026-9124.html https://www.suse.com/security/cve/CVE-2026-9126.html https://bugzilla.suse.com/1265848 . openSUSE update addresses 16 critical flaws in chromium ensuring enhanced security and stability for users.. OpenSUSE security update, chromium patch, service worker flaw, openSUSE backports, critical threat mitigation. . Severity: Critical. LinuxSecurity.com Team
May 22, 2026
•Critical
OpenSUSE
202
security advisoryimportantOpenSUSEopenSUSE: Chromium Important Serviceworker & Mojo Issues 2025:0344-1
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0344-1 Rating: important References: #1249388 Cross-References: CVE-2025-10200 CVE-2025-10201 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 140.0.7339.127 (boo#1249388) * CVE-2025-10200: Use after free in Serviceworker * CVE-2025-10201: Inappropriate implementation in Mojo Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-344=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-140.0.7339.127-bp156.2.167.1 chromium-140.0.7339.127-bp156.2.167.1 References: https://www.suse.com/security/cve/CVE-2025-10200.html https://www.suse.com/security/cve/CVE-2025-10201.html https://bugzilla.suse.com/1249388 . Fedora security patch addresses critical flaws in Firefox. Apply the suggested updates to protect your device.. openSUSE chromium update important security patch vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Sep 13, 2025
•Important
OpenSUSE
202
security advisorysecurity issueimportantopenSUSE: Chromium Important Service Worker Issues Fix 2025:0343-1
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0343-1 Rating: important References: #1249388 Cross-References: CVE-2025-10200 CVE-2025-10201 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 140.0.7339.127 (boo#1249388) * CVE-2025-10200: Use after free in Serviceworker * CVE-2025-10201: Inappropriate implementation in Mojo Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2025-343=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 x86_64): chromedriver-140.0.7339.127-bp157.2.49.1 chromium-140.0.7339.127-bp157.2.49.1 References: https://www.suse.com/security/cve/CVE-2025-10200.html https://www.suse.com/security/cve/CVE-2025-10201.html https://bugzilla.suse.com/1249388 . The latest openSUSE update resolves two critical vulnerabilities in chromium, targeting a use-after-free bug and an incorrect implementation issue.. openSUSE chromium update security patch serviceworker. . Severity: Important. LinuxSecurity.com Team
Sep 13, 2025
•Important
OpenSUSE
200
security advisoryMozillaFirefoxSciLinux SL7 SLSA-2022-8552-1 Critical: Firefox Security Issues
This update upgrades Firefox to version 102.5.0 ESR. * Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403) * Mozilla: Fullscreen notification bypass (CVE-2022-45404) * Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405) * Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406) * Mozilla: Fullscreen notification bypass via w [More...]. Synopsis: Important: firefox security update Advisory ID: SLSA-2022:8552-1 Issue Date: 2022-11-22 CVE Numbers: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 -- This update upgrades Firefox to version 102.5.0 ESR. Security Fix(es): * Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403) * Mozilla: Fullscreen notification bypass (CVE-2022-45404) * Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405) * Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406) * Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408) * Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409) * Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421) * Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410) * Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411) * Mozilla: Symlinks may resolve to partially uninitialized buffers(CVE-2022-45412) * Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416) * Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418) * Mozilla: Iframe contents could be renderedoutside the iframe (CVE-2022-45420) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 firefox-102.5.0-1.el7_9.x86_64.rpm firefox-debuginfo-102.5.0-1.el7_9.x86_64.rpm firefox-102.5.0-1.el7_9.i686.rpm firefox-debuginfo-102.5.0-1.el7_9.i686.rpm - Scientific Linux Development Team . This essential notification highlights significant vulnerabilities in the Chrome browser. Discover additional details regarding the remedies and risks associated.. firefox update, service worker threat, memory safety issues, javaScript security, mozilla vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Nov 22, 2022
•Critical
Scientific Linux
98
security advisoryRed HatupdateRed Hat: RHSA-2022:8548-01 Important: Firefox Security Update
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2022:8548-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8548 Issue date: 2022-11-21 CVE Names: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fix(es): * Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403) * Mozilla: Fullscreen notification bypass (CVE-2022-45404) * Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405) * Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406) * Mozilla: Fullscreen notification bypassvia windowName (CVE-2022-45408) * Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409) * Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421) * Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410) * Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411) * Mozilla: Symlinks may resolve to partially uninitialized buffers(CVE-2022-45412) * Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416) * Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418) * Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files 2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass 2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation 2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm 2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName 2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection 2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy 2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage 2143241 - CVE-2022-45418 Mozilla: Custommouse cursor could have been drawn over browser UI 2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe 2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.6): Source: firefox-102.5.0-1.el8_6.src.rpm aarch64: firefox-102.5.0-1.el8_6.aarch64.rpm firefox-debuginfo-102.5.0-1.el8_6.aarch64.rpm firefox-debugsource-102.5.0-1.el8_6.aarch64.rpm ppc64le: firefox-102.5.0-1.el8_6.ppc64le.rpm firefox-debuginfo-102.5.0-1.el8_6.ppc64le.rpm firefox-debugsource-102.5.0-1.el8_6.ppc64le.rpm s390x: firefox-102.5.0-1.el8_6.s390x.rpm firefox-debuginfo-102.5.0-1.el8_6.s390x.rpm firefox-debugsource-102.5.0-1.el8_6.s390x.rpm x86_64: firefox-102.5.0-1.el8_6.x86_64.rpm firefox-debuginfo-102.5.0-1.el8_6.x86_64.rpm firefox-debugsource-102.5.0-1.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-45403 https://access.redhat.com/security/cve/CVE-2022-45404 https://access.redhat.com/security/cve/CVE-2022-45405 https://access.redhat.com/security/cve/CVE-2022-45406 https://access.redhat.com/security/cve/CVE-2022-45408 https://access.redhat.com/security/cve/CVE-2022-45409 https://access.redhat.com/security/cve/CVE-2022-45410 https://access.redhat.com/security/cve/CVE-2022-45411 https://access.redhat.com/security/cve/CVE-2022-45412 https://access.redhat.com/security/cve/CVE-2022-45416 https://access.redhat.com/security/cve/CVE-2022-45418 https://access.redhat.com/security/cve/CVE-2022-45420 https://access.redhat.com/security/cve/CVE-2022-45421 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY3vJu9zjgjWX9erEAQjBxRAAkaDXX5NuhRJ+ORbiMwaveW/omJ1SrVUo PBCo1uXtHXPuvMLjgOoDJI/kx8oPwrBk975KW0evD54xncUCDrBx8Kk3+PvMkDS9 8rFLD0Nl5mdh3FYxmxd+lRqx9aGm59FQpFND8R4RA5O9oUdTvHGdEurrKlLgQXwh ib0jieM0uKAaU4aleFB2eEv05B3o2iUqyU98IX6nUzV5VoIOe3bH66sb+f8OBZ2k hqXgPtFQcBu+QoSzps5+zydPa/wq3VTwl7Bd8g6FE52qg1YWHsyHwHAwWNtIuB02 Xg4hGzxfQNto7uQYTkmMAIq87vFS4aLtkWLjOmrHsKcXwbYJh2UAV2tVNW5UDVpX MabfulFoe44IgjfafjtV2WiBL8rgKc05rU/pHw9+i0koUdmGqy+8/A04qIBD6013 +5lEBzH5Vrjxx+0Hn4LtL9ofC7Yx4Q5u/lIjCuod5O6a+kc7qsaCD8PMkOV0+LFu 03LmLt5NJD5Ubb5eFa45rMLcVPTkTgLh85uD2grVpkgb5UpJU21+CDlw1r21GCIv Ye9b/dYqYDAyWPSLOyQGXUH5RpabukbhoE7MzwfGnWv5vd+R6bYGHA68eC8lbRaS o3uLigsxkAZeDWLQ9OHG+xNfzp9b9FaAMjHBzBib/mVTnAWg8ljlnp1HN4mfBSrr v/QQtqt8H6s=vSZq -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 21, 2022
•Important
Red Hat
98
security advisoryRed HatupdateRed Hat Enterprise Linux 8.4: RHSA-2022-8549-01 Important: Firefox Update
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2022:8549-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8549 Issue date: 2022-11-21 CVE Names: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fix(es): * Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403) * Mozilla: Fullscreen notification bypass (CVE-2022-45404) * Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405) * Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406) * Mozilla: Fullscreen notification bypassvia windowName (CVE-2022-45408) * Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409) * Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421) * Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410) * Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411) * Mozilla: Symlinks may resolve to partially uninitialized buffers(CVE-2022-45412) * Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416) * Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418) * Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files 2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass 2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation 2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm 2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName 2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection 2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy 2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage 2143241 - CVE-2022-45418 Mozilla: Custommouse cursor could have been drawn over browser UI 2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe 2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.4): Source: firefox-102.5.0-1.el8_4.src.rpm aarch64: firefox-102.5.0-1.el8_4.aarch64.rpm firefox-debuginfo-102.5.0-1.el8_4.aarch64.rpm firefox-debugsource-102.5.0-1.el8_4.aarch64.rpm ppc64le: firefox-102.5.0-1.el8_4.ppc64le.rpm firefox-debuginfo-102.5.0-1.el8_4.ppc64le.rpm firefox-debugsource-102.5.0-1.el8_4.ppc64le.rpm s390x: firefox-102.5.0-1.el8_4.s390x.rpm firefox-debuginfo-102.5.0-1.el8_4.s390x.rpm firefox-debugsource-102.5.0-1.el8_4.s390x.rpm x86_64: firefox-102.5.0-1.el8_4.x86_64.rpm firefox-debuginfo-102.5.0-1.el8_4.x86_64.rpm firefox-debugsource-102.5.0-1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-45403 https://access.redhat.com/security/cve/CVE-2022-45404 https://access.redhat.com/security/cve/CVE-2022-45405 https://access.redhat.com/security/cve/CVE-2022-45406 https://access.redhat.com/security/cve/CVE-2022-45408 https://access.redhat.com/security/cve/CVE-2022-45409 https://access.redhat.com/security/cve/CVE-2022-45410 https://access.redhat.com/security/cve/CVE-2022-45411 https://access.redhat.com/security/cve/CVE-2022-45412 https://access.redhat.com/security/cve/CVE-2022-45416 https://access.redhat.com/security/cve/CVE-2022-45418 https://access.redhat.com/security/cve/CVE-2022-45420 https://access.redhat.com/security/cve/CVE-2022-45421 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY3vJuNzjgjWX9erEAQik5RAAnD31J/lymXcgWBWXKIj7SpMY4DzB6i7J bLve2az5vHlV/Mlwbg2a6quxe7DsR5aQZjE00R2XfPpFDDhT/QV8n6Za71x681Aq XPdcYU+kivCnmWzqE35yk5nS5R29BfjD5xMD7xcjClAAlUx45CVLEgY5qHPIq72D popvld9PhCfZd8Yix7Tg6J39YPd/gAFOVHyRt2SDZ9DHyIlLGCBCTtNAAwwATBP9 5kA4g+eME3K80p4J3/GhapEpQY9aTcZN6OdNl4qE+ELAFeatWvOh7Z+N86ucZXbD UTK+yiLKamCQfmowOHq1zTGS+DMMPWCxXKp+aAl6HnH9S1+loQzPozhe5M6MjaU/ MWXnHnX9sOlbb8NnfmUH5mqppItuNL/jV7xHpL/AkRzcm7Ro5+Ag+dTrmtDvApg+ PDXwxi2DHiS1rCozh4zc7EyWNrbFX/IS/pLj4d1B+xbUCDAXBaNrRaEp5Vwo0gwL fmduNPtZrEai96gwU0ab6LY4bFYhBkkLekGTlltzP+oT4oE6SlUlBAveeGseyPVN 0udVU11o8mIFGZaxuT8moXZHyZpWZ3jjlwU8SUWgv+sX36nlPCestEaasZyPomwt Wl02rHBvNVwUwdFWnREY5iu9rL+e8yjhILiD5U3zND5FLDkdpYxRgdap3px/oVEF 7uvYjD0g7/w=/RTV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 21, 2022
•Important
Red Hat
98
security advisoryRed Hat Enterprise Linuxmemory safetyRedHat: RHSA-2022-8554-01 Critical: Chrome Security Patch
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2022:8553-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8553 Issue date: 2022-11-21 CVE Names: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fix(es): * Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403) * Mozilla: Fullscreen notification bypass (CVE-2022-45404) * Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405) * Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406) * Mozilla: Fullscreen notificationbypass via windowName (CVE-2022-45408) * Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409) * Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421) * Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410) * Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411) * Mozilla: Symlinks may resolve to partially uninitialized buffers(CVE-2022-45412) * Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416) * Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418) * Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files 2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass 2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation 2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm 2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName 2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection 2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy 2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage 2143241 - CVE-2022-45418 Mozilla:Custom mouse cursor could have been drawn over browser UI 2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe 2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.1): Source: firefox-102.5.0-1.el8_1.src.rpm ppc64le: firefox-102.5.0-1.el8_1.ppc64le.rpm firefox-debuginfo-102.5.0-1.el8_1.ppc64le.rpm firefox-debugsource-102.5.0-1.el8_1.ppc64le.rpm x86_64: firefox-102.5.0-1.el8_1.x86_64.rpm firefox-debuginfo-102.5.0-1.el8_1.x86_64.rpm firefox-debugsource-102.5.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-45403 https://access.redhat.com/security/cve/CVE-2022-45404 https://access.redhat.com/security/cve/CVE-2022-45405 https://access.redhat.com/security/cve/CVE-2022-45406 https://access.redhat.com/security/cve/CVE-2022-45408 https://access.redhat.com/security/cve/CVE-2022-45409 https://access.redhat.com/security/cve/CVE-2022-45410 https://access.redhat.com/security/cve/CVE-2022-45411 https://access.redhat.com/security/cve/CVE-2022-45412 https://access.redhat.com/security/cve/CVE-2022-45416 https://access.redhat.com/security/cve/CVE-2022-45418 https://access.redhat.com/security/cve/CVE-2022-45420 https://access.redhat.com/security/cve/CVE-2022-45421 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY3vJrtzjgjWX9erEAQgm4w/7BiWsAX8FsWUc7kDNOtAdiNs3tmgmrJKS bIiM/nuALBnphSokhKgTx3Mmk5FqSGpzVihv6AlZKXrgI5Xpf6UA4xfohTm+vTRs VbX6fO6puLontD4jY2Bj2XM6rxONbVqbjqo+RT1hEVAaaj9VQdY7GQbG55Dqv3/w OlTARORqICSyVVYPpacFRbtM2KkuWOhG3iVqDnTJuZbg29fcTtQu9bStMQGcxad/ vxYSqoAXyDARKlHozyc1w6mT9sw/7mh4kZyWWrKwuyB6QXUeMt8gBxA1B82mT/i5 kZkzU8EwjH3mTBgnqhgLHf6yLMUVE72jcxRCqvtRNoye9X6DKKFWzpnDlNwdvbTk nmgYF7FLAvNEncqpo/uUIgF2yOE/de5isaZS5oj7hwOLBDXaC47Di/DnrEIOXqw6 5roe4Tue3mKbUtwHO/ofzQ0jM7uBA8B24ItmVJz3HlxDSF33Iz5n6YPl3omqzqTS OluSiyH2CjYrhy9yJV6id9rKP1cDlET+D6mbBArhNiAESKn3/jqFxLE1S65Joiae azsUxWowNkAS1okjK/LnTCjUkPJcJ5r4KLJjXgBxaJpzaqJ3IUbBIyIU2NqyGX9P 9BCFfZ08N1BXMOSgXeS7hJiVrZgrEhB9FovkB4Dx2Os7IXB+5GgVctPaVDCW/2YJ pGMGZbNrc3I=YIHI -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 21, 2022
•Important
Red Hat
98
security advisoryupdatered hatRed Hat Enterprise Linux 7: RHSA-2022-8555-01 Important Thunderbird Update
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2022:8555-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8555 Issue date: 2022-11-21 CVE Names: CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fix(es): * Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403) * Mozilla: Fullscreen notification bypass (CVE-2022-45404) * Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405) * Mozilla: Use-after-free of aJavaScript Realm (CVE-2022-45406) * Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408) * Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409) * Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421) * Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410) * Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411) * Mozilla: Symlinks may resolve to partially uninitialized buffers(CVE-2022-45412) * Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416) * Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418) * Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files 2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass 2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation 2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm 2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName 2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection 2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy 2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers2143240 - CVE-2022-45416Mozilla: Keystroke Side-Channel Leakage 2143241 - CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI 2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe 2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-102.5.0-2.el7_9.src.rpm x86_64: thunderbird-102.5.0-2.el7_9.x86_64.rpm thunderbird-debuginfo-102.5.0-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-102.5.0-2.el7_9.src.rpm ppc64le: thunderbird-102.5.0-2.el7_9.ppc64le.rpm thunderbird-debuginfo-102.5.0-2.el7_9.ppc64le.rpm x86_64: thunderbird-102.5.0-2.el7_9.x86_64.rpm thunderbird-debuginfo-102.5.0-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-102.5.0-2.el7_9.src.rpm x86_64: thunderbird-102.5.0-2.el7_9.x86_64.rpm thunderbird-debuginfo-102.5.0-2.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-45403 https://access.redhat.com/security/cve/CVE-2022-45404 https://access.redhat.com/security/cve/CVE-2022-45405 https://access.redhat.com/security/cve/CVE-2022-45406 https://access.redhat.com/security/cve/CVE-2022-45408 https://access.redhat.com/security/cve/CVE-2022-45409 https://access.redhat.com/security/cve/CVE-2022-45410 https://access.redhat.com/security/cve/CVE-2022-45411 https://access.redhat.com/security/cve/CVE-2022-45412 https://access.redhat.com/security/cve/CVE-2022-45416 https://access.redhat.com/security/cve/CVE-2022-45418 https://access.redhat.com/security/cve/CVE-2022-45420 https://access.redhat.com/security/cve/CVE-2022-45421 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3vJqNzjgjWX9erEAQjmcQ//f7RmJ4Pe2f8kcRgqSB3amNLxzAL2a2UK rYNBdCvcOCzk6sjYuwfyM3QU/WYleUvNPlt4jqed96tmHq0OKQPLmAvQGA1Ix2B6 6hvB2aG6+R19HesJ01MCTQStD3HbqgCOxe/ZVqIllwTlw9ff7dUfBLnJOQhGnCGK eQ1+yiXyL+rRysqKNgTArUS69hKZQNUe5/nYo4sbQh+MBIBlGFrSl2xa2LZaEcLw BFD4PytHErCh+tInYQLbTc42Mq5A7IGXPize4Q/Qv7gC1pxck0D6piGNlFQ8rpyk DRNZd0iLqpPfqXyzLkXtc0KF/QBZMVysgMP7Bh5spXJrzd+lkeunFBoEh0PVQ5fD w5GpyRoMemiSSNNCoXf8VAicOI6f4OqyW6zWcAH3EvEYOEOeJo2wR+VCMkbLlMvh MazzmeexokeJ+PFEDidhZOo93pH78UsXnV2zlV3YTdJrVDeD3HMJm1FIF1RJ47zS 5AAXhPYxswjK4W3NYLEOqHxwxECpZ10k3lOQg8cpyiv9KUfW+S/obeuw+iUxY4gZ pX/HhuW5XCJ3q/jiCOW4yPrAcmByGl5Emb7/PBwooYK6+I8+XYxo0bGvxVZrRszd e/L/awWzF4MjKT3YG0wjUv3EYGjyIHDrj1NayDqFbMMGJ1jvhdLivUT3dP2YKBy3 NGYpWbLWE8A=xawt -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 21, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!