Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisoryRed Hatmemory corruptionRedHat 8.6: RHSA-2023-4959-01 Important: Firefox Memory Corruption Fix
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2023:4959-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4959 Issue date: 2023-09-04 CVE Names: CVE-2023-4051 CVE-2023-4053 CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4577 CVE-2023-4578 CVE-2023-4580 CVE-2023-4581 CVE-2023-4583 CVE-2023-4584 CVE-2023-4585 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575) * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577) * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, FirefoxESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584) * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585) * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) * Mozilla: Full screen notification obscured by external program (CVE-2023-4053) * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578) * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580) * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581) * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator 2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback 2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback 2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics 2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog 2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception 2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program 2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted 2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings 2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially notcleared when closing Private Window 2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.6): Source: firefox-102.15.0-1.el8_6.src.rpm aarch64: firefox-102.15.0-1.el8_6.aarch64.rpm firefox-debuginfo-102.15.0-1.el8_6.aarch64.rpm firefox-debugsource-102.15.0-1.el8_6.aarch64.rpm ppc64le: firefox-102.15.0-1.el8_6.ppc64le.rpm firefox-debuginfo-102.15.0-1.el8_6.ppc64le.rpm firefox-debugsource-102.15.0-1.el8_6.ppc64le.rpm s390x: firefox-102.15.0-1.el8_6.s390x.rpm firefox-debuginfo-102.15.0-1.el8_6.s390x.rpm firefox-debugsource-102.15.0-1.el8_6.s390x.rpm x86_64: firefox-102.15.0-1.el8_6.x86_64.rpm firefox-debuginfo-102.15.0-1.el8_6.x86_64.rpm firefox-debugsource-102.15.0-1.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-4051 https://access.redhat.com/security/cve/CVE-2023-4053 https://access.redhat.com/security/cve/CVE-2023-4573 https://access.redhat.com/security/cve/CVE-2023-4574 https://access.redhat.com/security/cve/CVE-2023-4575 https://access.redhat.com/security/cve/CVE-2023-4577 https://access.redhat.com/security/cve/CVE-2023-4578 https://access.redhat.com/security/cve/CVE-2023-4580 https://access.redhat.com/security/cve/CVE-2023-4581 https://access.redhat.com/security/cve/CVE-2023-4583 https://access.redhat.com/security/cve/CVE-2023-4584 https://access.redhat.com/security/cve/CVE-2023-4585 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGPSIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk9istAAoJENzjgjWX9erEAcYP/0jMxjfcFvz9D5s76gQ4lJc/ 01p5/rpxgxHgfPJE783lx8WxyYgg3TRHhHmPah3D5maMxHVjOFJJPKUb0sq5luBn pguLuFl4HINMgytCevvY8xFFsD9I7M+J6CZFOYauN8ivu5n7h/m7lJtt8aVVrtG4 VYipsC/kp9/TO0PSwEB51xhE/KSQYv8FWaxbTVHUv1nQ2Tsob1zCpmWipWbiRQMh nNlqEHKurQIMpvDMvJN1qPLWG0LxL5nMwAZm3EfqB0HdL1p/t2iUPR2zKxAGJAsD PvZ9ea6JQTrh5Y5vGxXA9gcQZXUuIj5hUIhvlGJHujHq/nihMoXsr7Fxni7Plp+T FVIHjFFtYAZOzsaAmE0yYksHLgUvRhYndrOuw+LlIbF3lg+r0K2OEST8EJ47687E s5p+BOvJBOPn9lPseCQvj9MuEXPEpaUutZUBo29aW/oFmcuEmNKh27CBOJdZASUV 8+ycE7xZ8/bOKTrIbj0vQ9tVry77PPtN0ZEgEETY8cwGSExIIYOsOustyQwEmnCJ febq9z68w91gZpFa6eLvOYIE3OImAVv/eyEOGEV7Z/b3UlY8LP87rBV4sfyOwnBR JXuzdnpoOunsOtRuOP60c0HCUOkJjzgmKN6i8PRVK5RIcobcCnmyeaK5SMsIMar6 9RQRDb495QeQOQ7jdlMJ =mUND -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 04, 2023
•Important
Red Hat
172
security advisorycriticalremote code executionUbuntu 22.04: 5732-1 Severe: WebKitGTK Arbitrary Code Execution Threat
Several security issues were fixed in WebKitGTK.. =========================================================================Ubuntu Security Notice USN-4939-1 May 10, 2021 webkit2gtk vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in WebKitGTK. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: libjavascriptcoregtk-4.0-18 2.32.0-0ubuntu0.20.10.1 libwebkit2gtk-4.0-37 2.32.0-0ubuntu0.20.10.1 Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.32.0-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.32.0-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.32.0-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.32.0-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4939-1 CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.0-0ubuntu0.20.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.0-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.0-0ubuntu0.18.04.1 . Numerous security patchesfor WebKitGTK in Ubuntu tackle severe vulnerabilities, including issues related to Remote Code Execution.. WebKitGTK Threats, Ubuntu Security Updates, Remote Code Execution. . Severity: Critical. LinuxSecurity.com Team
May 10, 2021
•Critical
Ubuntu
98
security advisoryupdatecriticalRedHat: RHSA-2020-1339 Critical: Firefox Security Update for RHEL 6
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2020:1339-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1339 Issue date: 2020-04-07 CVE Names: CVE-2020-6819 CVE-2020-6820 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.1 ESR. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) For more details about the security issue(s), including theimpact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1820869 - CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor 1820878 - CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-68.6.1-1.el6_10.src.rpm i386: firefox-68.6.1-1.el6_10.i686.rpm firefox-debuginfo-68.6.1-1.el6_10.i686.rpm x86_64: firefox-68.6.1-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.1-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-68.6.1-1.el6_10.i686.rpm firefox-debuginfo-68.6.1-1.el6_10.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-68.6.1-1.el6_10.src.rpm x86_64: firefox-68.6.1-1.el6_10.i686.rpm firefox-68.6.1-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.1-1.el6_10.i686.rpm firefox-debuginfo-68.6.1-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-68.6.1-1.el6_10.src.rpm i386: firefox-68.6.1-1.el6_10.i686.rpm firefox-debuginfo-68.6.1-1.el6_10.i686.rpm ppc64: firefox-68.6.1-1.el6_10.ppc64.rpm firefox-debuginfo-68.6.1-1.el6_10.ppc64.rpm s390x: firefox-68.6.1-1.el6_10.s390x.rpm firefox-debuginfo-68.6.1-1.el6_10.s390x.rpm x86_64: firefox-68.6.1-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.1-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: firefox-68.6.1-1.el6_10.i686.rpm firefox-debuginfo-68.6.1-1.el6_10.i686.rpm Red Hat Enterprise Linux Workstation (v.6): Source: firefox-68.6.1-1.el6_10.src.rpm i386: firefox-68.6.1-1.el6_10.i686.rpm firefox-debuginfo-68.6.1-1.el6_10.i686.rpm x86_64: firefox-68.6.1-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.1-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-68.6.1-1.el6_10.i686.rpm firefox-debuginfo-68.6.1-1.el6_10.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-6819 https://access.redhat.com/security/cve/CVE-2020-6820 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXow90NzjgjWX9erEAQg1fhAAp+8i8Lfh5a1rzhYyoa5R4bMn/jf3+CcS NqPVMtVZuD+Y1PMzSdQ0NMhkef3kipCS2PYIs2Ef+swY3eUNmwdHglxkuWkSOLky l5Wc+lm3k/VRLRA3/W2qd977WmqSnyKD1O5huA0TDUFLf5WiQMfxvmymfKApDhcL Q1osCMWzo1dwxt3ybOZ/e1F7V6k9V6M849nCSMGieNXHC6Se23FXrFWFrnEDrlnZ 3HArMxfxB/OyTNfLsBjnbYmvqfpra1Th4ZQfglkgz6dqNK6vnaslopD+3uaGpE2s ta0VWl6Uqclcrs0r2PQyWwZ5EBxBZ6z4eX03hyuMATHI1FDOSoMXcRGduHU+WK0f 4Z81Wkr5hSd1huBOd+7iCGQyctM3IsDSMZ3vIEKT+p1evEGPuRG+06JmQwNDsAgr dtgKl6w658AB0qS6RwJMWf4RIiI/Kl3UVtTPudg3G7F3Q786a9Y9fz56LJHngK4A JrNTQ/QxlmceC7feej6e1i8vL5JMMJfHjXxXc06FiXDnzXztBBTW27e6cj+d7/aR uTOxR06ORxZTbzSHB8f2DqnTQofi1CGvRzWx8V/nvcvSp28xGWH9qQY6xF8Gtm6E 339ojPFHqFPpQj4wHlPk+6zEAjA5Hs3P9bfFx/wH2pCUaqRjdn9lizYNDceKm2EP O7BEi1oGCDc=fGtt -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 07, 2020
•Critical
Red Hat
172
security advisorydenial of serviceremote code executionUbuntu 19.04 & 18.04 LTS: USN-4178-1 Critical WebKitGTK+ Security Advisory
Several security issues were fixed in WebKitGTK+.. =========================================================================Ubuntu Security Notice USN-4178-1 November 07, 2019 webkit2gtk vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: libjavascriptcoregtk-4.0-18 2.26.1-0ubuntu0.19.04.3 libwebkit2gtk-4.0-37 2.26.1-0ubuntu0.19.04.3 Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.26.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.26.1-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4178-1 CVE-2019-8625, CVE-2019-8720, CVE-2019-8769, CVE-2019-8771 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.26.1-0ubuntu0.19.04.3 https://launchpad.net/ubuntu/+source/webkit2gtk/2.26.1-0ubuntu0.18.04.1 . Significant patch addresses various vulnerabilities in WebKitGTK+ for Ubuntu 19.04 and 18.04 LTS editions.. WebKitGTK+, Ubuntu Security Notice, denial of service, remote code execution, cross-site scripting. . Severity: Critical.LinuxSecurity.com Team
Nov 07, 2019
•Critical
Ubuntu
98
security advisoryRed Hatmoderate severityRed Hat: RHSA-2019-0396-01 Moderate: Chromium-Web Browser Security Threat
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: chromium-browser security update Advisory ID: RHSA-2019:0396-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2019:0396 Issue date: 2019-02-25 CVE Names: CVE-2019-5784 ==================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 72.0.3626.96. Security Fix(es): * chromium-browser: Inappropriate implementation in V8 (CVE-2019-5784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for thechanges to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1676527 - CVE-2019-5784 chromium-browser: Inappropriate implementation in V8 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-72.0.3626.96-1.el6_10.i686.rpm chromium-browser-debuginfo-72.0.3626.96-1.el6_10.i686.rpm x86_64: chromium-browser-72.0.3626.96-1.el6_10.x86_64.rpm chromium-browser-debuginfo-72.0.3626.96-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-72.0.3626.96-1.el6_10.i686.rpm chromium-browser-debuginfo-72.0.3626.96-1.el6_10.i686.rpm x86_64: chromium-browser-72.0.3626.96-1.el6_10.x86_64.rpm chromium-browser-debuginfo-72.0.3626.96-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-72.0.3626.96-1.el6_10.i686.rpm chromium-browser-debuginfo-72.0.3626.96-1.el6_10.i686.rpm x86_64: chromium-browser-72.0.3626.96-1.el6_10.x86_64.rpm chromium-browser-debuginfo-72.0.3626.96-1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-5784 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXHPFzNzjgjWX9erEAQhsFxAAg6qCIi1WMl1HyNHJ/j/rO7++d8JCqfa5 BY7MqN+q2N1LPVwT9GLA1DfccAEph02LPPI8fnHOVkWK7sJyqwqE5QC8pfheSMBP c8Wea3e5DY6Q7/YblQsTd4eoPDLmaqyr0niupGNn2vfqZHLA0yro9YviZHNyyQGQ ma74w2bykc2924Bw60EWTpGTpdHxfTvezLhNazDcNsbHp9gWN/uheer68h6bny+u BQMJp6V1G99qJrbaZZ6z4vEtdh5IR3KIemMXKI8kdyFxVAKK+5vP+zSx4ntCo0IM 7cUjdOGAjr6CPedvk+4tnNRJrJ1DJKlyFvGM0xzN3hDYt9WqBVML+xvoVfBaocEu +W+iR2GR03Hw94d8Wsy9bypkPdpV/vv8UDtrMhK+OZFuLoOKAG1TZ5ULnyCm36Ps EggeWkGY5i5LtDzCpA2lDa9T/mPzfH7qf1MLt82o2LPSxvBHTND8On6MIc8UC43g TiR6/DR60EYjqbiClMijAEAyFTyw6UvQKj22RxeO3SbT4hd8xIHcVLIADOoyKLYy VMzilkIMwwNcuzvsfWoWopoaIv+PCoJnnm78E4LS36+oPnhD1pQlfH8ISQtV3S9w E0qLP5A9pqS+f3mRMQwojziatuvKErj/7s8AqYnzcKesy1YwrqkbLPnbjLlsbCdU Di6DdoQJPuE=TLbN -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 25, 2019
Red Hat
98
security advisorysoftware updatecritical advisoryRed Hat: RHSA-2015:0629-01 Critical: Firefox Security Issues
Updated firefox packages that fix multiple security issues are now available for the little-endian 64-bit PowerPC platform architecture (ppc64le) on Red Hat Enterprise Linux 7. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2015:0629-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0629.html Issue date: 2015-03-05 CVE Names: CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 ==================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for the little-endian 64-bit PowerPC platform architecture (ppc64le) on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - ppc64le 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827) An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file. (CVE-2015-0822) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, LizHenry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 31.5.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1195605 - CVE-2015-0836 Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11) 1195619 - CVE-2015-0831 Mozilla: Use-after-free in IndexedDB (MFSA 2015-16) 1195623 - CVE-2015-0827 Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19) 1195638 - CVE-2015-0822 Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24) 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: firefox-31.5.0-2.ael7b_1.src.rpm ppc64le: firefox-31.5.0-2.ael7b_1.ppc64le.rpm firefox-debuginfo-31.5.0-2.ael7b_1.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-0822 https://access.redhat.com/security/cve/CVE-2015-0827 https://access.redhat.com/security/cve/CVE-2015-0831 https://access.redhat.com/security/cve/CVE-2015-0836 https://access.redhat.com/security/updates/classification#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr31.5 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . The urgent notice from Red Hat regarding Firefox highlights numerous vulnerabilities that threaten the security of users operating on ppc64le platforms.. Firefox Update, Red Hat Enterprise, Critical Advisor, ppc64le Security, Web Browser Issues. . Severity: Critical. LinuxSecurity.com Team
Mar 05, 2015
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!