Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
172
security advisorymoderateUbuntuUbuntu 23.04 USN-6161-2 Moderate: Fix for .NET Certificate Imports
USN 6161-1 introduced a regression in .NET that could incorrectly cause X.509 certificate imports to fail when they should succeed.. =========================================================================Ubuntu Security Notice USN-6161-2 June 23, 2023 dotnet6, dotnet7 regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS Summary: USN 6161-1 introduced a regression in .NET that could incorrectly cause X.509 certificate imports to fail when they should succeed. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. (CVE-2023-24936) Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-29331) Kalle Niemitalo discovered that the .NET package manager, NuGet, was susceptible to a potential race condition. An attacker could possibly use this issue to perform remote code execution. (CVE-2023-29337) Tom Deseyn discovered that .NET did not properly process certain arguments when extracting the contents of a tar file. An attacker could possibly use this issue to elevate their privileges. This issue only affected the dotnet7 package. (CVE-2023-32032) It was discovered that .NET did not properly handle memory in certain circumstances. Anattacker could possibly use this issue to cause a denial of service or perform remote code execution. (CVE-2023-33128) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.118-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-host 6.0.118-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.118-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.118-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.118-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.107-0ubuntu1~23.04.1 dotnet6 6.0.118-0ubuntu1~23.04.1 dotnet7 7.0.107-0ubuntu1~23.04.1 Ubuntu 22.10: aspnetcore-runtime-6.0 6.0.118-0ubuntu1~22.10.1 aspnetcore-runtime-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-host 6.0.118-0ubuntu1~22.10.1 dotnet-host-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-hostfxr-6.0 6.0.118-0ubuntu1~22.10.1 dotnet-hostfxr-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-runtime-6.0 6.0.118-0ubuntu1~22.10.1 dotnet-runtime-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-sdk-6.0 6.0.118-0ubuntu1~22.10.1 dotnet-sdk-7.0 7.0.107-0ubuntu1~22.10.1 dotnet6 6.0.118-0ubuntu1~22.10.1 dotnet7 7.0.107-0ubuntu1~22.10.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.118-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-host 6.0.118-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.118-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.118-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.118-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.107-0ubuntu1~22.04.1 dotnet6 6.0.118-0ubuntu1~22.04.1 dotnet7 7.0.107-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6161-2 https://bugs.launchpad.net/ubuntu/+source/dotnet7/+bug/2024893, https://bugs.launchpad.net/ubuntu/+source/dotnet6/+bug/2024894 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.119-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.108-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.119-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.108-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.119-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.108-0ubuntu1~22.04.1 . Resolve .NET regression issues in Ubuntu affecting certificate imports with improved security update guidance.. Dotnet Update, Ubuntu Security, Software Regression, Certificate Error. . LinuxSecurity.com Team
Jun 23, 2023
Ubuntu
172
security advisorybug fixfirefoxUbuntu 20.04 & 18.04 USN-5954-2 Critical: Firefox Software Fixes
USN-5954-1 caused some minor regressions in Firefox.. =========================================================================Ubuntu Security Notice USN-5954-2 March 27, 2023 firefox regressions ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: USN-5954-1 caused some minor regressions in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-25750, CVE-2023-25752, CVE-2023-28162, CVE-2023-28176, CVE-2023-28177) Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-25751) Rob Wu discovered that Firefox did not properly manage the URLs when following a redirect to a publicly accessible web extension file. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-28160) Luan Herrera discovered that Firefox did not properly manage cross-origin iframe when dragging a URL. An attacker could potentially exploit this issue to perform spoofing attacks. (CVE-2023-28164) Khiem Tran discovered that Firefox did not properly manage one-time permissions granted to a document loaded using a file: URL. An attacker could potentially exploit this issue to use granted one-time permissions on the local files came from different sources.(CVE-2023-28161) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: firefox 111.0.1+build2-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: firefox 111.0.1+build2-0ubuntu0.18.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5954-2 https://ubuntu.com/security/notices/USN-5954-1 https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2012696 Package Information: https://launchpad.net/ubuntu/+source/firefox/111.0.1+build2-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/firefox/111.0.1+build2-0ubuntu0.18.04.1 . Important fixes for Firefox issues included in Ubuntu Security Notice USN-5954-2. Ensure you update your system to prevent complications.. Ubuntu Security Update, Firefox Bug Fix, USN-5954-2. . Severity: Critical. LinuxSecurity.com Team
Mar 27, 2023
•Critical
Ubuntu
172
security advisorymoderatesecurity issueUbuntu 20.04 LTS USN-5782-2 Moderate: Firefox Minor Non-critical Issues
USN-5782-1 caused some minor regressions in Firefox.. =========================================================================Ubuntu Security Notice USN-5782-2 January 05, 2023 firefox regressions ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: USN-5782-1 caused some minor regressions in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. (CVE-2022-46871) Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. (CVE-2022-46872) Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. (CVE-2022-46873) Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. (CVE-2022-46874) Hafiizh discovered that Firefox was not handling fullscreen notifications when the browser window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. (CVE-2022-46877) Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, anattacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2022-46878, CVE-2022-46879) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: firefox 108.0.1+build1-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: firefox 108.0.1+build1-0ubuntu0.18.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5782-2 https://ubuntu.com/security/notices/USN-5782-1 https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2001921 Package Information: https://launchpad.net/ubuntu/+source/firefox/108.0.1+build1-0ubuntu0.18.04.1 . The small bugs in Firefox were addressed through Ubuntu Security Notice USN-5782-2 on the fifth of January in the year 2023.. Ubuntu Security Notice, Firefox Update, Software Regression. . LinuxSecurity.com Team
Jan 05, 2023
Ubuntu
172
security advisorydenial of serviceUbuntuUbuntu 18.04, 16.04 LTS: USN-4436-2 Update on Librsvg Regression
USN-4436-1 introduced a regression in librsvg.. =========================================================================Ubuntu Security Notice USN-4436-2 July 29, 2020 librsvg regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-4436-1 introduced a regression in librsvg. Software Description: - librsvg: renderer library for SVG files Details: USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation. Original advisory details: It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: librsvg2-2 2.40.20-2ubuntu0.2 Ubuntu 16.04 LTS: librsvg2-2 2.40.13-3ubuntu0.2 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4436-2 https://ubuntu.com/security/notices/USN-4436-1 https://bugs.launchpad.net/ubuntu/xenial/+source/librsvg/+bug/1889206 Package Information: https://launchpad.net/ubuntu/+source/librsvg/2.40.20-2ubuntu0.2 https://launchpad.net/ubuntu/+source/librsvg/2.40.13-3ubuntu0.2 . Ubuntu Security Notice USN-4436-3 highlights an important fix in libgtkacross multiple versions, with significant information provided.. Ubuntu Security Notice,librsvg regression,software patch,security update. . Severity: Critical. LinuxSecurity.com Team
Jul 29, 2020
•Critical
Ubuntu
172
security advisorysoftware updatefirefoxUbuntu 19.10: USN-4165-2 Moderate: Firefox Software Regression
USN-4165-1 caused some minor regressions in Firefox.. =========================================================================Ubuntu Security Notice USN-4165-2 November 05, 2019 firefox regressions ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-4165-1 caused some minor regressions in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: USN-4165-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, bypass content security policy (CSP) protections, or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: firefox 70.0.1+build1-0ubuntu0.19.10.1 Ubuntu 19.04: firefox 70.0.1+build1-0ubuntu0.19.04.1 Ubuntu 18.04 LTS: firefox 70.0.1+build1-0ubuntu0.18.04.1 Ubuntu 16.04 LTS: firefox 70.0.1+build1-0ubuntu0.16.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4165-2 https://ubuntu.com/security/notices/USN-4165-1 https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1851445 PackageInformation: https://launchpad.net/ubuntu/+source/firefox/70.0.1+build1-0ubuntu0.19.10.1 https://launchpad.net/ubuntu/+source/firefox/70.0.1+build1-0ubuntu0.19.04.1 https://launchpad.net/ubuntu/+source/firefox/70.0.1+build1-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/firefox/70.0.1+build1-0ubuntu0.16.04.1 . Ubuntu Security Notice USN-4165-3 tackles vulnerabilities in Firefox that emerged due to a recent update impacting several editions.. Firefox Update, Ubuntu Security, Software Regression, Mozilla Browser Fix, USN-4165-2. . LinuxSecurity.com Team
Nov 05, 2019
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!