Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE libyang Important Buffer Overflow Advisory 2026-2381-1

Calendar White Jun 12, 2026
Important
Opensuse Large Esm H900
openSUSE

openSUSE HPLIP Severe Code Execution Denial of Service 2026-2380-1

Calendar White Jun 12, 2026
Critical
Suse Large Esm H900
SuSE

openSUSE HPLIP Critical Escalation DoS Advisory SUSE-2026-2380-1

Calendar White Jun 12, 2026
Critical
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.2 python-Pygments Low Denial of Service CVE-2026-4539

Calendar White Jun 12, 2026
Low
Ubuntu Large Esm H900
Ubuntu

Ubuntu 16.04 LTS GStreamer Base Plugins Critical DoS CVE-2026-2921

Calendar White Jun 12, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 12 Linux Base Update Brings Important Security Fix DLA-4628-1

Calendar White Jun 12, 2026
Informational
Debianlts Large Esm H800
Debian LTS

Debian 12 Kernel-Wedge Update for Linux 6.12 DLA-4627-1

Calendar White Jun 12, 2026
Informational
Opensuse Large Esm H900
openSUSE

openSUSE NetworkManager-libreswan Important Security Update CVE-2024-9050

Calendar White Jun 12, 2026
Important
Opensuse Large Esm H900
openSUSE

openSUSE Rclone Critical Security Update CVE-2026-25680 CVE-2026-25681

Calendar White Jun 12, 2026
Critical
Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":556,"type":"x","order":1,"pct":78.75,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.25,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.82,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.18,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag%201security advisorygentooarbitrary code execution

Gentoo: GLSA 200907-01 Normal: libwmf User Code Execution Risk

libwmf bundles an old GD version which contains a "use-after-free" vulnerability.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libwmf: User-assisted execution of arbitrary code Date: July 02, 2009 Bugs: #268161 ID: 200907-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= libwmf bundles an old GD version which contains a "use-after-free" vulnerability. Background ========= libwmf is a library for converting WMF files. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libwmf < 0.2.8.4-r3 > = 0.2.8.4-r3 Description ========== The embedded fork of the GD library introduced a "use-after-free" vulnerability in a modification which is specific to libwmf. Impact ===== A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All libwmf users should upgrade to the latest version which no longer builds the GD library: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/libwmf-0.2.8.4-r3" References ========= [ 1 ] CVE-2009-1364 https://www.cve.org/CVERecord?id=CVE-2009-1364 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200907-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . The recent Gentoo security advisory GLSA 202108-02 highlights a vulnerability in the libpng library that could lead to potential remote code execution under specific user conditions.. libwmf,Code Execution Risk,Gentoo Advisory,Use After Free,GD Library Security. . LinuxSecurity.com Team

Calendar%202 Jul 02, 2009 Gentoo
91
Ls Advisories Gentoo Esm H240
Price Tag%201security advisorygentooarbitrary code execution

Gentoo: GLSA-200805-18 Normal: Mozilla Multiple Issues Detected

Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla products: Multiple vulnerabilities Date: May 20, 2008 Bugs: #208128, #214816, #218065 ID: 200805-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Background ========= Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mozilla-firefox < 2.0.0.14 > = 2.0.0.14 2 mozilla-firefox-bin < 2.0.0.14 > = 2.0.0.14 3 mozilla-thunderbird < 2.0.0.14 > = 2.0.0.14 4 mozilla-thunderbird-bin < 2.0.0.14 > = 2.0.0.14 5 seamonkey < 1.1.9-r1 > = 1.1.9-r1 6 seamonkey-bin < 1.1.9 > = 1.1.9 7 xulrunner < 1.8.1.14 > = 1.8.1.14 ------------------------------------------------------------------- 7 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== The following vulnerabilities were reported in all mentioned Mozilla products: * Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). * Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). * David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). * moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). * Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). * moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415). * Gerry Eisenhaur discovered a directory traversal vulnerability when using "flat" addons (CVE-2008-0418). * Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the "0x80" character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416). The following vulnerability was reportedin Thunderbird and SeaMonkey: * regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304). The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: * The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380). * hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414). * Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a "canvas" feature (CVE-2008-0420). * Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241). * oo.rio.oo discovered that a plain text file with a "Content-Disposition: attachment" prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592). * Martin Straka reported that the ".href" property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593). * Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the "Referer:" HTTP header are removed (CVE-2008-1238). * Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879). * Gregory Fleischer reported that web content fetched via the "jar:" protocol was not subject to network access restrictions (CVE-2008-1240). The following vulnerabilities were reported in Firefox: * Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417). * Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591). * Emil Ljungdahl andLars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594). Impact ===== A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. Workaround ========= There is no known workaround at this time. Resolution ========= All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask -1 -v "> =www-client/mozilla-firefox-2.0.0.14" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask -1 -v "> =www-client/mozilla-firefox-bin-2.0.0.14" All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask -1 -v "> =mail-client/mozilla-thunderbird-2.0.0.14" All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge -a -1 -v "> =mail-client/mozilla-thunderbird-bin-2.0.0.14" All SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask -1 -v "> =www-client/seamonkey-1.1.9-r1" All SeaMonkey binary users should upgrade to the latest version: # emerge --sync # emerge --ask -1 -v "> =www-client/seamonkey-bin-1.1.9" All XULRunner users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-libs/xulrunner-1.8.1.14" NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the SeaMonkey binary ebuild, as no precompiled packages have been released. Until an update is available, we recommend all SeaMonkey users to disableJavaScript, use Firefox for JavaScript-enabled browsing, or switch to the SeaMonkey source ebuild. References ========= [ 1 ] CVE-2007-4879 https://www.cve.org/CVERecord?id=CVE-2007-4879 [ 2 ] CVE-2008-0304 https://www.cve.org/CVERecord?id=CVE-2008-0304 [ 3 ] CVE-2008-0412 https://www.cve.org/CVERecord?id=CVE-2008-0412 [ 4 ] CVE-2008-0413 https://www.cve.org/CVERecord?id=CVE-2008-0413 [ 5 ] CVE-2008-0414 https://www.cve.org/CVERecord?id=CVE-2008-0414 [ 6 ] CVE-2008-0415 https://www.cve.org/CVERecord?id=CVE-2008-0415 [ 7 ] CVE-2008-0416 https://www.cve.org/CVERecord?id=CVE-2008-0416 [ 8 ] CVE-2008-0417 https://www.cve.org/CVERecord?id=CVE-2008-0417 [ 9 ] CVE-2008-0418 https://www.cve.org/CVERecord?id=CVE-2008-0418 [ 10 ] CVE-2008-0419 https://www.cve.org/CVERecord?id=CVE-2008-0419 [ 11 ] CVE-2008-0420 https://www.cve.org/CVERecord?id=CVE-2008-0420 [ 12 ] CVE-2008-0591 https://www.cve.org/CVERecord?id=CVE-2008-0591 [ 13 ] CVE-2008-0592 https://www.cve.org/CVERecord?id=CVE-2008-0592 [ 14 ] CVE-2008-0593 https://www.cve.org/CVERecord?id=CVE-2008-0593 [ 15 ] CVE-2008-0594 https://www.cve.org/CVERecord?id=CVE-2008-0594 [ 16 ] CVE-2008-1233 https://www.cve.org/CVERecord?id=CVE-2008-1233 [ 17 ] CVE-2008-1234 https://www.cve.org/CVERecord?id=CVE-2008-1234 [ 18 ] CVE-2008-1235 https://www.cve.org/CVERecord?id=CVE-2008-1235 [ 19 ] CVE-2008-1236 https://www.cve.org/CVERecord?id=CVE-2008-1236 [ 20 ] CVE-2008-1237 https://www.cve.org/CVERecord?id=CVE-2008-1237 [ 21 ] CVE-2008-1238 https://www.cve.org/CVERecord?id=CVE-2008-1238 [ 22 ] CVE-2008-1240 https://www.cve.org/CVERecord?id=CVE-2008-1240 [ 23 ] CVE-2008-1241 https://www.cve.org/CVERecord?id=CVE-2008-1241 [ 24 ] CVE-2008-1380 https://www.cve.org/CVERecord?id=CVE-2008-1380 Availability =========== This GLSA and anyupdates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200805-18 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Numerous vulnerabilities detected in Mozilla applications on Gentoo necessitating immediate upgrades for safeguarding users.. Mozilla Vulnerabilities,Gentoo Security Update,Software Issues. . LinuxSecurity.com Team

Calendar%202 May 20, 2008 Gentoo
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":556,"type":"x","order":1,"pct":78.75,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.25,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.82,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.18,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here