Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
200
security advisorysecurity fiximportantSciLinux SL6: SLSA-2020-3558-1 Important Firefox Security Fix
Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669) SL6 x86_64 firefox-68.12.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.12.0-1.el6_10.x86_64.rpm firefox-68.12.0-1.el6_10.i686.rpm firefox-debuginfo-68.12.0-1.el6_10.i686.rpm i386 firefox-68.12.0-1.el6_10.i686.rpm firefox-d [More...]. Synopsis: Important: firefox security update Advisory ID: SLSA-2020:3558-1 Issue Date: 2020-08-26 CVE Numbers: None -- Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669) -- SL6 x86_64 firefox-68.12.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.12.0-1.el6_10.x86_64.rpm firefox-68.12.0-1.el6_10.i686.rpm firefox-debuginfo-68.12.0-1.el6_10.i686.rpm i386 firefox-68.12.0-1.el6_10.i686.rpm firefox-debuginfo-68.12.0-1.el6_10.i686.rpm - Scientific Linux Development Team . Crucial updates for Firefox address issues surrounding extension management and the exploitation of use-after-free vulnerabilities in SL6.x.. firefox security update, SL6 important, installation prompt, use-after-free fix. . Severity: Important. LinuxSecurity.com Team
Aug 26, 2020
•Important
Scientific Linux
200
security advisorycriticalMozillaSciLinux SL6: SLSA-2019-2807-1 Critical Thunderbird Security Advisory
This update upgrades Thunderbird to version 60.9.0. * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mo [More...]. Synopsis: Important: thunderbird security update Advisory ID: SLSA-2019:2807-1 Issue Date: 2019-09-19 CVE Numbers: CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11739 -- This update upgrades Thunderbird to version 60.9.0. Security Fix(es): * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) -- SL6 x86_64 thunderbird-60.9.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-60.9.0-1.el6_10.x86_64.rpm i386 thunderbird-60.9.0-1.el6_10.i686.rpm thunderbird-debuginfo-60.9.0-1.el6_10.i686.rpm - Scientific Linux Development Team . Falcon security patch SLSA-2020:4512-3 resolves severe vulnerabilities and enhances features for better protection.. Thunderbird Update, Security Fix, Mozilla Issues, S/MIME Protection. . Severity: Critical. LinuxSecurity.com Team
Sep 19, 2019
•Critical
Scientific Linux
200
security advisorymoderatejava updateScientific Linux 6: SLSA-2018:2241-1 Moderate: Java 1.8 Security Issue
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) SL6 x86_64 java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8 [More...]. Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: SLSA-2018:2241-1 Issue Date: 2018-07-23 CVE Numbers: CVE-2018-2952 -- Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) -- SL6 x86_64 java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.181-3.b13.el6_10.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.181-3.b13.el6_10.x86_64.rpm i386 java-1.8.0-openjdk-1.8.0.181-3.b13.el6_10.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.181-3.b13.el6_10.i686.rpm java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el6_10.i686.rpm java-1.8.0-openjdk-debug-1.8.0.181-3.b13.el6_10.i686.rpm java-1.8.0-openjdk-demo-1.8.0.181-3.b13.el6_10.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.181-3.b13.el6_10.i686.rpm java-1.8.0-openjdk-devel-1.8.0.181-3.b13.el6_10.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.181-3.b13.el6_10.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.181-3.b13.el6_10.i686.rpm java-1.8.0-openjdk-src-1.8.0.181-3.b13.el6_10.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.181-3.b13.el6_10.i686.rpm noarch java-1.8.0-openjdk-javadoc-1.8.0.181-3.b13.el6_10.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.181-3.b13.el6_10.noarch.rpm - Scientific Linux Development Team . Significant: python-3.6.8 security patch tackling inadequate input sanitization vulnerability on CentOS 7.. OpenJDK Update, SL6 Java Security, Java 1.8 Security Fix. . LinuxSecurity.com Team
Jul 23, 2018
Scientific Linux
200
security advisorydenial of servicebindSciLinux: SLSA-2018-0101-1 Important Bind Denial Of Service Advisory
A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145) SL6 x86_64 bind-debuginfo-9.8.2-0. [More...]. Synopsis: Important: bind security update Advisory ID: SLSA-2018:0101-1 Issue Date: 2018-01-22 CVE Numbers: CVE-2017-3145 -- Security Fix(es): * A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145) -- SL6 x86_64 bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-utils-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-devel-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-sdb-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm i386 bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-utils-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-sdb-9.8.2-0.62.rc1.el6_9.5.i686.rpm - Scientific Linux Development Team . Crucial patch released for SL6.x targeting a critical buffer overflow vulnerability that may result in service interruption.. bind security update, use-after-free flaw, denial of service, SL6 security, BIND cleanup fix. . Severity:Important. LinuxSecurity.com Team
Jan 22, 2018
•Important
Scientific Linux
200
security advisorymoderatebuffer overflowScientific Linux SL6: 2014-0743 Moderate: QEMU-KVM Memory Flaw Fix
Moderate: qemu-kvm security and bug fix update. Date: Wed, 11 Jun 2014 15:36:20 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: qemu-kvm on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: qemu-kvm security and bug fix update Advisory ID: SLSA-2014:0743-1 Issue Date: 2014-06-10 CVE Numbers: CVE-2014-2894 CVE-2013-4148 CVE-2013-4151 CVE-2013-6399 CVE-2013-4542 CVE-2013-4541 CVE-2013-4535 CVE-2013-4536 CVE-2014-0182 CVE-2014-3461 -- Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb driversof QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-2894) This update also fixes the following bugs: * Previously, under certain circumstances, libvirt failed to start guests which used a non-zero PCI domain and SR-IOV Virtual Functions (VFs), and returned the following error message: Can't assign device inside non-zero PCI segment as this KVM module doesn't support it. This update fixes this issue and guests using the aforementioned configuration no longer fail to start. * Due to an incorrect initialization of the cpus_sts bitmap, which holds the enablementstatus of a vCPU, libvirt could fail to start a guest with an unusual vCPU topology (for example, a guest with three cores and two sockets). With this update, the initialization of cpus_sts has been corrected, and libvirt no longer fails to start the aforementioned guests. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. -- SL6 x86_64 qemu-guest-agent-0.12.1.2-2.415.el6_5.10.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.10.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.10.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.10.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.10.x86_64.rpm i386 qemu-guest-agent-0.12.1.2-2.415.el6_5.10.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.10.i686.rpm - Scientific Linux Development Team . The recent update for qemu-kvm on Scientific Linux SL6.x addresses several moderate security vulnerabilities, significantly improving both stability and overall security measures.. qemu-kvm update, buffer overflow fix, scientific linux advisory. . LinuxSecurity.com Team
Jun 11, 2014
Scientific Linux
200
security advisorysecurity issueimportantScientific Linux: 2014-0626-1 Critical OpenSSL Update for SL5 and SL6
Important: openssl097a and openssl098e security update. Date: Thu, 5 Jun 2014 14:47:39 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: openssl097a and openssl098e on SL5.x, SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: openssl097a and openssl098e security update Advisory ID: SLSA-2014:0626-1 Issue Date: 2014-06-05 CVE Numbers: CVE-2014-0224 -- It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. -- SL5 x86_64 openssl097a-0.9.7a-12.el5_10.1.i386.rpm openssl097a-0.9.7a-12.el5_10.1.x86_64.rpm openssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm openssl097a-debuginfo-0.9.7a-12.el5_10.1.x86_64.rpm i386 openssl097a-0.9.7a-12.el5_10.1.i386.rpm openssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm SL6 x86_64 openssl098e-0.9.8e-18.el6_5.2.i686.rpm openssl098e-0.9.8e-18.el6_5.2.x86_64.rpm openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm openssl098e-debuginfo-0.9.8e-18.el6_5.2.x86_64.rpm i386 openssl098e-0.9.8e-18.el6_5.2.i686.rpm openssl098e-debuginfo-0.9.8e-18.el6_5.2.i686.rpm - Scientific Linux Development Team . Crucial OpenSSL patch for Scientific Linux released to rectify a significant encryption vulnerability. Safeguard your server's integrity by following this important announcement.. openssl update, security advisory, Scientific Linux,important issues. . Severity: Critical. LinuxSecurity.com Team
Jun 05, 2014
•Critical
Scientific Linux
200
security advisorylocal privilegebug fixScientific Linux: SLSA-2013:1701-2 Low: Sudo Local Privilege Escalation
Low: sudo security, bug fix and enhancement update. Date: Mon, 9 Dec 2013 16:03:45 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Low: sudo on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: sudo security, bug fix and enhancement update Advisory ID: SLSA-2013:1701-2 Issue Date: 2013-11-21 CVE Numbers: CVE-2013-1775 CVE-2013-2776 CVE-2013-2777 -- A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-1775) It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-2776, CVE-2013-2777) This update also fixes the following bugs: * Previously, sudo did not support netgroup filtering for sources from the System Security Services Daemon (SSSD). Consequently, SSSD rules were applied to all users even when they did not belong to the specified netgroup. With this update, netgroup filtering for SSSD sources has been implemented. As a result, rules with a netgroup specification are applied only to users that are part of the netgroup. * When the sudo utility set up the environment in which it ran a command, it reset the value of the RLIMIT_NPROC resource limit to the parent's value of this limit if both the soft (current) and hard (maximum) values of RLIMIT_NPROC were not limited. An upstream patch has been provided to address this bug and RLIMIT_NPROC can now be set to "unlimited". * Due to the refactoring of the sudo code by upstream, the SUDO_USER variable that stores the name ofthe user running the sudo command was not logged to the /var/log/secure file as before. Consequently, user name "root" was always recorded instead of the real user name. With this update, the previous behavior of sudo has been restored. As a result, the expected user name is now written to /var/log/secure. * Due to an error in a loop condition in sudo's rule listing code, a buffer overflow could have occurred in certain cases. This condition has been fixed and the buffer overflow no longer occurs. In addition, this update adds the following enhancements: * With this update, sudo has been modified to send debug messages about netgroup matching to the debug log. These messages should provide better understanding of how sudo matches netgroup database records with values from the running system and what the values are exactly. * With this update, sudo has been modified to accept the ipa_hostname value from the /etc/sssd/sssd.conf configuration file when matching netgroups. -- SL6 x86_64 sudo-1.8.6p3-12.el6.x86_64.rpm sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm sudo-debuginfo-1.8.6p3-12.el6.i686.rpm sudo-devel-1.8.6p3-12.el6.i686.rpm sudo-devel-1.8.6p3-12.el6.x86_64.rpm i386 sudo-1.8.6p3-12.el6.i686.rpm sudo-debuginfo-1.8.6p3-12.el6.i686.rpm sudo-devel-1.8.6p3-12.el6.i686.rpm - Scientific Linux Development Team . A minor severity notice for Scientific Linux 6.x revealing vulnerabilities and solutions pertaining to the sudo command.. Scientific Linux 6,x,x64,sudo security,bug fix. . Severity: Low. LinuxSecurity.com Team
Dec 09, 2013
•Low
Scientific Linux
200
security advisorysecurity issuerace conditionScientific Linux 6: SLSA-2013:1274-1 Critical: HPLIP Race Condition Issue
Important: hplip security update. Date: Thu, 19 Sep 2013 19:26:11 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: hplip on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: hplip security update Advisory ID: SLSA-2013:1274-1 Issue Date: 2013-09-19 CVE Numbers: CVE-2013-4325 -- HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4325) -- SL6 x86_64 hpijs-3.12.4-4.el6_4.1.x86_64.rpm hplip-3.12.4-4.el6_4.1.x86_64.rpm hplip-common-3.12.4-4.el6_4.1.x86_64.rpm hplip-debuginfo-3.12.4-4.el6_4.1.i686.rpm hplip-debuginfo-3.12.4-4.el6_4.1.x86_64.rpm hplip-gui-3.12.4-4.el6_4.1.x86_64.rpm hplip-libs-3.12.4-4.el6_4.1.i686.rpm hplip-libs-3.12.4-4.el6_4.1.x86_64.rpm libsane-hpaio-3.12.4-4.el6_4.1.x86_64.rpm i386 hpijs-3.12.4-4.el6_4.1.i686.rpm hplip-3.12.4-4.el6_4.1.i686.rpm hplip-common-3.12.4-4.el6_4.1.i686.rpm hplip-debuginfo-3.12.4-4.el6_4.1.i686.rpm hplip-gui-3.12.4-4.el6_4.1.i686.rpm hplip-libs-3.12.4-4.el6_4.1.i686.rpm libsane-hpaio-3.12.4-4.el6_4.1.i686.rpm - Scientific Linux Development Team . Crucial security patch for HPLIP resolving a synchronization flaw on SL6.x platforms. Discover methods to minimize vulnerability.. HPLIP Security Update, Scientific Linux, Race Condition Fix. . Severity: Important. LinuxSecurity.com Team
Sep 19, 2013
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!