Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9 articles for you...
172
security advisoryUbuntuuser privilegesUbuntu 23.10 USN-6808-1 Moderate: Atril Path Traversal Issue
Atril could be made to create arbitrary files when opening a specially crafted EPUB file.. ========================================================================== Ubuntu Security Notice USN-6808-1 June 05, 2024 atril vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Atril could be made to create arbitrary files when opening a specially crafted EPUB file. Software Description: - atril: Official Document Viewer of the MATE Desktop Environment Details: It was discovered that Atril was vulnerable to a path traversal attack. An attacker could possibly use this vulnerability to create arbitrary files on the host filesystem with user privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 atril 1.26.0-2ubuntu0.1 atril-common 1.26.0-2ubuntu0.1 libatrildocument3 1.26.0-2ubuntu0.1 Ubuntu 22.04 LTS atril 1.26.0-1ubuntu1.1 atril-common 1.26.0-1ubuntu1.1 libatrildocument3 1.26.0-1ubuntu1.1 Ubuntu 20.04 LTS atril 1.24.0-1ubuntu0.1 atril-common 1.24.0-1ubuntu0.1 libatrildocument3 1.24.0-1ubuntu0.1 Ubuntu 18.04 LTS atril 1.20.1-2ubuntu2+esm1 Available with Ubuntu Pro atril-common 1.20.1-2ubuntu2+esm1 Available with Ubuntu Pro libatrildocument3 1.20.1-2ubuntu2+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS atril 1.12.2-1ubuntu0.3+esm1 Available with Ubuntu Pro atril-common 1.12.2-1ubuntu0.3+esm1 Available with Ubuntu Pro libatrildocument3 1.12.2-1ubuntu0.3+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6808-1 CVE-2023-52076 Package Information: https://launchpad.net/ubuntu/+source/atril/1.26.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/atril/1.26.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/atril/1.24.0-1ubuntu0.1 . A critical flaw in Atril on Ubuntu enables unauthorized file generation through malicious EPUB files. Ensure you upgrade your packages promptly to safeguard your system.. Atril Security, Path Traversal, Ubuntu Advisory. . LinuxSecurity.com Team
Jun 05, 2024
Ubuntu
203
security advisorymoderateupdateMageia 7, 8: MGASA-2021-0121 Moderate: PostgreSQL Access Control Issue
A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message (CVE-2021-3393). A user having a SELECT privilege on an individual column can craft a special . MGASA-2021-0121 - Updated postgresql packages fix security vulnerabilities Publication date: 12 Mar 2021 URL: https://advisories.mageia.org/MGASA-2021-0121.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-3393, CVE-2021-20229 A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message (CVE-2021-3393). A user having a SELECT privilege on an individual column can craft a special query that returns all columns of the table. Additionally, a stored view that uses column-level privileges will have incomplete column-usage bitmaps. In installations that depend on column-level permissions for security, it is recommended to execute CREATE OR REPLACE on all user-defined views to force them to be re-parsed (CVE-2021-20229). PostgreSQL 11 was only affected by CVE-2021-3393 and both PostgreSQL 11 and 13 were affected by CVE-2021-20229. PostgreSQL 9.6 was updated to fix bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=28373 - https:// - https://www.cve.org/CVERecord?id=CVE-2021-3393 - https://www.cve.org/CVERecord?id=CVE-2021-20229 SRPMS: - 7/core/postgresql9.6-9.6.21-1.mga7 - 7/core/postgresql11-11.11-1.mga7 - 8/core/postgresql11-11.11-1.mga8 - 8/core/postgresql13-13.2-1.mga8 . Mageia 2021-0121 enhances security by updating postgresql packages to address vulnerabilities that affect both security protocols and access restrictions.. Postgresql Update, Security Advisory, Mageia 2021, Access Control Issues. . LinuxSecurity.com Team
Mar 11, 2021
Mageia
197
security advisoryXSSdebianDebian 8: DLA-2208-1 Moderate: Wordpress Script Execution and XSS
Multiple CVE(s) were discovered in the src:wordpress package. CVE-2020-11026 . Package : wordpress Version : 4.1.30+dfsg-0+deb8u1 CVE ID : CVE-2020-11026 CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 Debian Bug : 959391 Multiple CVE(s) were discovered in the src:wordpress package. CVE-2020-11026 Files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. CVE-2020-11027 A password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. CVE-2020-11028 Some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. CVE-2020-11029 A vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. For Debian 8 "Jessie", these problems have been fixed in version 4.1.30+dfsg-0+deb8u1. We recommend that you upgrade your wordpress packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Best, Utkarsh . WordPress has rolled out an update addressing several CVEs that include vulnerabilities related to unauthorized script execution and flaws in the password reset mechanism on Debian 8 systems.. Wordpress Security, Debian LTS, CVE Fix, Software Update, Cybersecurity Advisory. . LinuxSecurity.com Team
May 11, 2020
Debian LTS
197
security advisorysecurity issuebuffer overflowDebian 8: DLA-2094-1 Moderate: sudo Buffer Overflow Threat
A stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the pwfeedback option enabled. An unprivileged user . Package : sudo Version : 1.8.10p3-1+deb8u7 CVE ID : CVE-2019-18634 A stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the pwfeedback option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges. For Debian 8 "Jessie", this problem has been fixed in version 1.8.10p3-1+deb8u7. We recommend that you upgrade your sudo packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Critical stack overflow flaw in sudo demands immediate attention from Debian LTS users. Update required!. Debian Security Update, sudo Buffer Overflow, User Privileges, LTS Advisory. . LinuxSecurity.com Team
Feb 01, 2020
Debian LTS
98
security advisorymoderateRed HatRedHat: RHSA-2019-3083-01 Moderate: JBoss Enterprise Application Update
A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.2.4 security update Advisory ID: RHSA-2019:3083-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:3083 Issue date: 2019-10-15 CVE Names: CVE-2019-14838 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on WildFly. This asynchronous patch is a security update for the wildfly-core package in Red Hat JBoss Enterprise Application Platform 7.2. Security Fix(es): * wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The JBoss server process must be restarted for the update to take effect. The References section of this erratumcontains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 5. References: https://access.redhat.com/security/cve/CVE-2019-14838 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.2 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXaX9N9zjgjWX9erEAQh+Tw/+Plel6xqijdKo8JbGwRzvyH9VjbOFss51 m1BnTmUGOTb+pWlyJXBqPGJRxPnF6ne9sxt+87fO11F45NC/xN2zCZb3bZ7KVM47 agsewyk3MfiEwhkL5VZVjj2RFT8NxiJBE6fYSQTBiKnIRZAHIO0QixjKbKCEAaGX 5mAyeoBSWvEflvxK+/qapCnAVEnyYeXqTOQLyWBVR1bi/fYQH285aWxyHxouHTwh JhKRB84bPSEElu/I7GwpoDYQfetyJSn5PgcX62xkGp5N/UaMu+Il965GQX6Fgy4w Rpn2vQyBWW3wvIMFTKODEqLJx+bFQAyIiho2nb5paXPXcgBUucLRRdVO7mkNdCMm PNAmFvg82VMplrPAxrjPG1yRZq94lgcltpFD1sgxjN2wC036yKhIoRd13G9hQUb/ Q+GCZkYsoIeeBhD0yR4w63KUbDAKOmOSe85m5qK/j59W5Dn/GDzIiAdAzR5okae/ 1kCEDmHlwIXwVXQRrFhNZO18SCQJ1g3RzZSDZTIhd1ER0c+MGccG8G+D/rjGpDYA XifL4s2g1zAmWjRf5PLQghKsSp3XNq2EsYz2oYYqARBNs83Sajwt+0EGFK6rbwd4 ks2QdoJQ2tK1BGyRfUtGoQ6UhKmw0LgVE93H9q3OYzSfjrJhj43B2DjCPhxI+Hhw oiqA80/A7RQ=qgRo -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 15, 2019
Red Hat
91
security advisorygentooeximGentoo: 2017-09-19 Warning: Exim Local Security Vulnerability Detected
A vulnerability in Exim may allow local users to gain root privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201709-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Exim: Local privilege escalation Date: September 24, 2017 Bugs: #622212 ID: 201709-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in Exim may allow local users to gain root privileges. Background ========= Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-mta/exim < 4.89-r1 > = 4.89-r1 Description ========== Exim supports the use of multiple "-p" command line arguments causing a memory leak. This could lead to a stack-clash in user-space and as result the attacker can, "clash" or "smash" the stack or another memory region, or "jump" over the stack guard-page. Impact ===== A local attacker could obtain root privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All Exim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-mta/exim-4.89-r1" References ========= [ 1 ] CVE-2017-1000369 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000369 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201709-19 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 24, 2017
Gentoo
200
security advisoryimportantmalicious contentSciLinux: SLSA-2016:1041-1 Important: Thunderbird Security Update
Important: thunderbird security update. Date: Tue, 17 May 2016 20:24:31 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA Important: thunderbird on SL5.x, SL7.x i386/x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Important: thunderbird security update Advisory ID: SLSA-2016:1041-1 Issue Date: 2016-05-12 CVE Numbers: CVE-2016-2805 CVE-2016-2807 -- This update upgrades Thunderbird to version 38.8.0. Security Fix(es): * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-2805, CVE-2016-2807) -- SL5 x86_64 thunderbird-38.8.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.8.0-1.el5_11.x86_64.rpm i386 thunderbird-38.8.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.8.0-1.el5_11.i386.rpm SL7 x86_64 thunderbird-38.8.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.8.0-1.el7_2.x86_64.rpm - Scientific Linux Development Team . Falcon email client releases vital patch for vulnerabilities, enhancing stability and thwarting potential exploitations.. thunderbird security update, Scientific Linux, email client security, SL5 SL7. . Severity: Important. LinuxSecurity.com Team
May 17, 2016
•Important
Scientific Linux
98
security advisorysecurity issuered hatRed Hat: RHSA-2014:0450-01 Critical: Firefox Security Vulnerability Alert
An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2014:0449-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0449.html Issue date: 2014-04-29 CVE Names: CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 ==================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531) A use-after-free flaw was found in the way Thunderbird resolved hosts in certain circumstances. An attacker could usethis flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1532) An out-of-bounds read flaw was found in the way Thunderbird decoded JPEG images. Loading an email or a web page containing a specially crafted JPEG image could cause Thunderbird to crash. (CVE-2014-1523) A flaw was found in the way Thunderbird handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse Schwartzentrube as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.5.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.5.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1092657 - CVE-2014-1518 Mozilla: Miscellaneous memory safety hazards (rv:24.5) (MFSA 2014-34) 1092660 - CVE-2014-1523 Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37) 1092663 - CVE-2014-1524 Mozilla: Buffer overflow when using non-XBL object as XBL (MFSA 2014-38) 1092664 - CVE-2014-1529 Mozilla: Privilege escalation through Web Notification API (MFSA 2014-42) 1092666 - CVE-2014-1530 Mozilla: Cross-site scripting (XSS) using history navigations (MFSA 2014-43) 1092668 - CVE-2014-1531 Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44) 1092670 - CVE-2014-1532 Mozilla: Use-after-free in nsHostResolver (MFSA 2014-46) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: thunderbird-24.5.0-1.el5_10.i386.rpm thunderbird-debuginfo-24.5.0-1.el5_10.i386.rpm x86_64: thunderbird-24.5.0-1.el5_10.x86_64.rpm thunderbird-debuginfo-24.5.0-1.el5_10.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: i386: thunderbird-24.5.0-1.el5_10.i386.rpm thunderbird-debuginfo-24.5.0-1.el5_10.i386.rpm x86_64: thunderbird-24.5.0-1.el5_10.x86_64.rpm thunderbird-debuginfo-24.5.0-1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: i386: thunderbird-24.5.0-1.el6_5.i686.rpm thunderbird-debuginfo-24.5.0-1.el6_5.i686.rpm x86_64: thunderbird-24.5.0-1.el6_5.x86_64.rpm thunderbird-debuginfo-24.5.0-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: thunderbird-24.5.0-1.el6_5.i686.rpm thunderbird-debuginfo-24.5.0-1.el6_5.i686.rpm ppc64: thunderbird-24.5.0-1.el6_5.ppc64.rpm thunderbird-debuginfo-24.5.0-1.el6_5.ppc64.rpm s390x: thunderbird-24.5.0-1.el6_5.s390x.rpm thunderbird-debuginfo-24.5.0-1.el6_5.s390x.rpm x86_64: thunderbird-24.5.0-1.el6_5.x86_64.rpm thunderbird-debuginfo-24.5.0-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: thunderbird-24.5.0-1.el6_5.i686.rpm thunderbird-debuginfo-24.5.0-1.el6_5.i686.rpm x86_64: thunderbird-24.5.0-1.el6_5.x86_64.rpm thunderbird-debuginfo-24.5.0-1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2014-1518 https://access.redhat.com/security/cve/CVE-2014-1523 https://access.redhat.com/security/cve/CVE-2014-1524 https://access.redhat.com/security/cve/CVE-2014-1529 https://access.redhat.com/security/cve/CVE-2014-1530 https://access.redhat.com/security/cve/CVE-2014-1531 https://access.redhat.com/security/cve/CVE-2014-1532 https://access.redhat.com/security/updates/classification#important https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. . Ubuntu has released an upgrade for Firefox, implementing critical patches for various vulnerabilities, ensuring enhanced safety for its users.. Thunderbird Update, Red Hat Security, Important Update, Security Flaws, Code Execution Risk. . Severity: Important. LinuxSecurity.com Team
Apr 29, 2014
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!