Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 8 articles for you...
172

Ubuntu 22.04 LTS: USN-6928-1 Critical Python Security Issues

Several security issues were fixed in Python.. ========================================================================== Ubuntu Security Notice USN-6928-1 July 30, 2024 python3.10, python3.8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Python. Software Description: - python3.10: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language Details: It was discovered that the Python ssl module contained a memory race condition when handling the APIs to obtain the CA certificates and certificate store statistics. This could possibly result in applications obtaining wrong results, leading to various SSL issues. (CVE-2024-0397) It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered "private" or "globally reachable". This could possibly result in applications applying incorrect security policies. (CVE-2024-4032) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS python3.10 3.10.12-1~22.04.5 python3.10-minimal 3.10.12-1~22.04.5 Ubuntu 20.04 LTS python3.8 3.8.10-0ubuntu1~20.04.11 python3.8-minimal 3.8.10-0ubuntu1~20.04.11 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6928-1 CVE-2024-0397, CVE-2024-4032 Package Information: https://launchpad.net/ubuntu/+source/python3.10/3.10.12-1~22.04.5 https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.11 . Update patches for Python in Ubuntu versions 20.04 and 22.04 resolve serious vulnerabilities related to SSL protocolsand IP address management.. Ubuntu Security, Python Update, Python Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 30, 2024 Critical Ubuntu
203

Mageia 8: MGASA-2021-0559 Moderate: PJProject Denial Of Service Risk

Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ . MGASA-2021-0559 - Updated pjproject packages fix security vulnerability Publication date: 19 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0559.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-32686 Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service (CVE-2021-32686). References: - https://bugs.mageia.org/show_bug.cgi?id=29317 - https://www.cve.org/CVERecord?id=CVE-2021-32686 SRPMS: - 8/core/pjproject-2.10-5.3.mga8 . Mageia has released MGASA-2021-0560 which tackles vulnerabilities in OpenSSL potentially exposing users to data breaches.. Mageia Security Update,PJProject Issues,SSL Vulnerability Fix,Denial of Service. . LinuxSecurity.com Team

Calendar%202 Dec 19, 2021 Mageia
202

openSUSE Leap 15.3: openSUSE-SU-2021:4058-1 Important: SSL Threats

An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:4058-1 Rating: important References: #1192516 Cross-References: CVE-2021-23214 CVE-2021-23222 CVSS scores: CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-4058=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): postgresql10-10.19-8.41.1 postgresql10-contrib-10.19-8.41.1 postgresql10-contrib-debuginfo-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 postgresql10-plperl-10.19-8.41.1 postgresql10-plperl-debuginfo-10.19-8.41.1 postgresql10-plpython-10.19-8.41.1 postgresql10-plpython-debuginfo-10.19-8.41.1 postgresql10-pltcl-10.19-8.41.1 postgresql10-pltcl-debuginfo-10.19-8.41.1 postgresql10-server-10.19-8.41.1 postgresql10-server-debuginfo-10.19-8.41.1 postgresql10-test-10.19-8.41.1 - openSUSE Leap 15.3 (noarch): postgresql10-docs-10.19-8.41.1 References: https://www.suse.com/security/cve/CVE-2021-23214.html https://www.suse.com/security/cve/CVE-2021-23222.html https://bugzilla.suse.com/1192516 . This release for Debian tackles essential flaws found in mysql5 to boost security measures and improve operational consistency.. openSUSE PostgreSQL Update, Postgresql Security Patch, SSL Improvements. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 14, 2021 Important OpenSUSE
197

Debian Stretch: DLA-2836-2 Severe NSS Regression Impacting SSL Connections

DLA-2836-1 was rolled out, fixing CVE-2021-43527 in nss, but that lead to a regression, preventing SSL connections in Chromium. The complete bug report could be found here: . . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2836-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta December 08, 2021 https://wiki.debian.org/LTS - ----------------------------------------------------------------------- Package : nss Version : 2:3.26.2-1.1+deb9u4 Debian Bug : 1001219 DLA-2836-1 was rolled out, fixing CVE-2021-43527 in nss, but that lead to a regression, preventing SSL connections in Chromium. The complete bug report could be found here: . For Debian 9 stretch, this problem has been fixed in version 2:3.26.2-1.1+deb9u4. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nss Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Addresses severe bug in NSS impacting SSL links within Chromium. Recommended update for users on Debian 9 stretch.. Debian LTS, NSS, SSL Issue, Security Advisory, Regression Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 07, 2021 Critical Debian LTS
197

Debian 9 Stretch DLA-2751-1 Moderate: PostgreSQL 9.6 SSL Renegotiation

PostgreSQL 9.6.23 fixes this security issue: Disallow SSL renegotiation more completely (Michael Paquier) . ------------------------------------------------------------------------- Debian LTS Advisory DLA-2751-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Christoph Berg August 31, 2021 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : postgresql-9.6 Version : 9.6.23-0+deb9u1 CVE ID : CVE-2021-3449 PostgreSQL 9.6.23 fixes this security issue: Disallow SSL renegotiation more completely (Michael Paquier) SSL renegotiation has been disabled for some time, but the server would still cooperate with a client-initiated renegotiation request. A maliciously crafted renegotiation request could result in a server crash (see OpenSSL issue CVE-2021-3449). Disable the feature altogether on OpenSSL versions that permit doing so, which are 1.1.0h and newer. For Debian 9 stretch, this problem has been fixed in version 9.6.23-0+deb9u1. We recommend that you upgrade your postgresql-9.6 packages. For the detailed security status of postgresql-9.6 please refer to its security tracker page at: Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ensure that your PostgreSQL 9.6 is updated to address SSL renegotiation vulnerabilities, enhancing overall security in compliance with Debian Advisory DLA-2751-1.. PostgreSQL Update, Debian Security Advisory, SSL Renegotiation Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 31, 2021 Important Debian LTS
202

openSUSE: 2020:1875-1 Important: Apache-Commons-Httpclient DoS Issue

An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for apache-commons-httpclient ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1875-1 Rating: important References: #1178171 #945190 Cross-References: CVE-2014-3577 CVE-2015-5262 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1875=1 Package List: - openSUSE Leap 15.2 (noarch): apache-commons-httpclient-3.1-lp152.6.3.1 apache-commons-httpclient-demo-3.1-lp152.6.3.1 apache-commons-httpclient-javadoc-3.1-lp152.6.3.1 apache-commons-httpclient-manual-3.1-lp152.6.3.1 References: https://www.suse.com/security/cve/CVE-2014-3577.html https://www.suse.com/security/cve/CVE-2015-5262.html https://bugzilla.suse.com/1178171 https://bugzilla.suse.com/945190 -- . A crucial security patch for openSUSE targets weaknesses found in apache-commons-httpclient. Read on for more information.. openSUSE Security Update, apache update, apache-commons-httpclient patch, important security patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 08, 2020 Important OpenSUSE
100

SUSE: 2019:0900-1 Important: Dovecot22 Stack Overflow and SSL Fixes

An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0900-1 Rating: important References: #1111789 #1123022 #1130116 Cross-References: CVE-2019-3814 CVE-2019-7524 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116). - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022). Other issue fixed: - Fixed handling of command continuation(bsc#1111789) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-900=1 - SUSE LinuxEnterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-900=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-900=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-900=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-900=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-900=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-900=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-900=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-900=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-900=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-900=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-900=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 dovecot22-devel-2.2.31-19.14.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 dovecot22-devel-2.2.31-19.14.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390xx86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Enterprise Storage 4 (x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 References: https://www.suse.com/security/cve/CVE-2019-3814.html https://www.suse.com/security/cve/CVE-2019-7524.html https://bugzilla.suse.com/1111789 https://bugzilla.suse.com/1123022 https://bugzilla.suse.com/1130116 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . Ensure SUSE Linux remains secure by applying this vital update for dovecot22, which tackles crucial security vulnerabilities and enhancements.. SUSE Dovecot Update, Dovecot Stack Overflow Fix, SSL Authentication Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 08, 2019 Important SuSE
99

Slackware 14.2: 2018-265-01 Critical: Mozilla-Firefox SSL Issue

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-265-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-60.2.1esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. For more information, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/ https://www.cve.org/CVERecord?id=CVE-2018-12383 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.2 package: 78eb6398d14511de491425e358670ac1 mozilla-firefox-60.2.1esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: e054cddedab4f816f9d620a82c37161e mozilla-firefox-60.2.1esr-x86_64-1_slack14.2.txz Slackware-current package: fab5c7ebb3898e4a1cb6997a62c64793 xap/mozilla-firefox-60.2.1esr-i686-1.txz Slackware x86_64 -current package: 0a72f509c4ada2b4a298d06d506253c7 xap/mozilla-firefox-60.2.1esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-firefox-60.2.1esr-i686-1_slack14.2.txz +-----+ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-265-01). mozilla-firefox, packages, slackware, -current, security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 22, 2018 Critical Slackware
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200