Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -2 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraimportant

Fedora 41: gum 2025-abcd1234efg critical: address CVE-2025-22873

Update to version 0.16.1 for various bugfixes. This also fixes CVE-2025-22872 in the bundled golang.org/x/net/html.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f8047140f4 2025-06-29 01:22:44.380080+00:00 -------------------------------------------------------------------------------- Name : gum Product : Fedora 41 Version : 0.16.1 Release : 1.fc41 URL : https://github.com/charmbracelet/gum Summary : Tool for glamorous shell scripts Description : A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Gloss in your scripts and aliases without writing any Go code! -------------------------------------------------------------------------------- Update Information: Update to version 0.16.1 for various bugfixes. This also fixes CVE-2025-22872 in the bundled golang.org/x/net/html. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 18 2025 Carl George - 0.16.1-1 - Update to version 0.16.1 rhbz#2369461 * Fri Apr 18 2025 Carl George - 0.16.0-1 - Update to version 0.16.0 rhbz#2351450 * Tue Feb 11 2025 Carl George - 0.15.2-1 - Update to version 0.15.2 rhbz#2337426 * Fri Jan 17 2025 Fedora Release Engineering - 0.14.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2360604 - CVE-2025-22872 gum: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2360604 [ 2 ] Bug #2369461 - gum-0.16.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2369461 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f8047140f4' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Modify the gum utility in Fedora 41 to address CVE-2025-22872, improving both its security measures and overall stability for shell scripting applications.. Fedora 41 Update, gum Tool Fix, CVE-2025-22872, Shell Script Enhancements. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 29, 2025 Critical Fedora
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of serviceremote attack

Ubuntu 22.04 LTS USN-5642-1 Moderate: WebKitGTK Remote Exploitation

Several security issues were fixed in WebKitGTK.. =========================================================================Ubuntu Security Notice USN-5642-1 September 26, 2022 webkit2gtk vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in WebKitGTK. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.36.8-0ubuntu0.22.04.1 libjavascriptcoregtk-4.1-0 2.36.8-0ubuntu0.22.04.1 libwebkit2gtk-4.0-37 2.36.8-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 2.36.8-0ubuntu0.22.04.1 Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.36.8-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.36.8-0ubuntu0.20.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5642-1 CVE-2022-32886 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.8-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.8-0ubuntu0.20.04.1 . Ubuntu Security Announcement USN-5642-1 highlights vulnerabilities in WebKitGTK, which may allow remote exploitation across various versions.. WebKitGTK Issues, RemoteAttacks, DoS Threats. . LinuxSecurity.com Team

Calendar 2 Sep 26, 2022 Ubuntu
Banner 3 1028x280 1708121785 1771599793
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorycriticalsoftware update

Mageia 6 - MGASA-2019-0198: Firefox Critical Update for Type Confusion

The updated firefox packages fix a security vulnerability that's being exploited in the wild: Type confusion in Array.pop. (CVE-2019-11707) . MGASA-2019-0198 - Updated firefox packages fix security vulnerability Publication date: 21 Jun 2019 URL: https://advisories.mageia.org/MGASA-2019-0198.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-11707 The updated firefox packages fix a security vulnerability that's being exploited in the wild: Type confusion in Array.pop. (CVE-2019-11707) References: - https://bugs.mageia.org/show_bug.cgi?id=24976 - https://www.firefox.com/en-US/firefox/60.7.1/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/ - https://www.cve.org/CVERecord?id=CVE-2019-11707 SRPMS: - 6/core/firefox-60.7.1-1.mga6 - 6/core/firefox-l10n-60.7.1-1.mga6 . MGASA-2019-0198 - Updated firefox packages fix security vulnerability Publication date: 21 Jun 2019 . updated, firefox, packages, security, vulnerability, that's, being, exploited. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 20, 2019 Critical Mageia
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorybuffer overflowmemory corruption

Mageia: 2018-0483 Moderate: Firefox Buffer Overflow and Use-After-Free

A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash (CVE-2018-17466). A use-after-free vulnerability can occur after deleting a selection . MGASA-2018-0483 - Updated firefox packages fix security vulnerabilities Publication date: 15 Dec 2018 URL: https://advisories.mageia.org/MGASA-2018-0483.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498 A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash (CVE-2018-17466). A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash (CVE-2018-18492). A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash (CVE-2018-18493). A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft (CVE-2018-19494). A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write (CVE-2018-18498). Memory safety bugs present in Firefox ESR 60.3, some of which showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code (CVE-2018-12405). References: -https://bugs.mageia.org/show_bug.cgi?id=23991 - https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/ - https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ - https://www.cve.org/CVERecord?id=CVE-2018-12405 - https://www.cve.org/CVERecord?id=CVE-2018-17466 - https://www.cve.org/CVERecord?id=CVE-2018-18492 - https://www.cve.org/CVERecord?id=CVE-2018-18493 - https://www.cve.org/CVERecord?id=CVE-2018-18494 - https://www.cve.org/CVERecord?id=CVE-2018-18498 SRPMS: - 6/core/firefox-60.4.0-1.mga6 - 6/core/firefox-l10n-60.4.0-1.mga6 . Enhanced Chromium packages address vulnerabilities related to memory corruption and race conditions in Debian.. Mageia Security Update, Firefox Vulnerability Fix, Buffer Overflow, Use-After-Free, Memory Safety. . LinuxSecurity.com Team

Calendar 2 Dec 15, 2018 Mageia
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updatered hat

Red Hat 6: RHSA-2017-0860-01 Critical Chromium-Browser Security Update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: chromium-browser security update Advisory ID: RHSA-2017:0860-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:0860 Issue date: 2017-03-31 CVE Names: CVE-2017-5052 CVE-2017-5053 CVE-2017-5054 CVE-2017-5055 CVE-2017-5056 ==================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 57.0.2987.133. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5055, CVE-2017-5052, CVE-2017-5053, CVE-2017-5054, CVE-2017-5056) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory,refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1437348 - CVE-2017-5055 chromium-browser: use after free in printing 1437350 - CVE-2017-5054 chromium-browser: heap buffer overflow in v8 1437351 - CVE-2017-5052 chromium-browser: bad cast in blink 1437352 - CVE-2017-5056 chromium-browser: use after free in blink 1437353 - CVE-2017-5053 chromium-browser: out of bounds memory access in v8 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-57.0.2987.133-1.el6_9.i686.rpm chromium-browser-debuginfo-57.0.2987.133-1.el6_9.i686.rpm x86_64: chromium-browser-57.0.2987.133-1.el6_9.x86_64.rpm chromium-browser-debuginfo-57.0.2987.133-1.el6_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-57.0.2987.133-1.el6_9.i686.rpm chromium-browser-debuginfo-57.0.2987.133-1.el6_9.i686.rpm x86_64: chromium-browser-57.0.2987.133-1.el6_9.x86_64.rpm chromium-browser-debuginfo-57.0.2987.133-1.el6_9.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-57.0.2987.133-1.el6_9.i686.rpm chromium-browser-debuginfo-57.0.2987.133-1.el6_9.i686.rpm x86_64: chromium-browser-57.0.2987.133-1.el6_9.x86_64.rpm chromium-browser-debuginfo-57.0.2987.133-1.el6_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-5052 https://access.redhat.com/security/cve/CVE-2017-5053 https://access.redhat.com/security/cve/CVE-2017-5054 https://access.redhat.com/security/cve/CVE-2017-5055 https://access.redhat.com/security/cve/CVE-2017-5056 https://access.redhat.com/security/updates/classification/#critical https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html 8. Contact: The RedHat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY3jBmXlSAg2UNWIIRAqx8AKCwU72uHgmJfIhJCYFdsUb8bXRVawCglJru xTtkj1O9HKUJ+VDadY8qRGM=QWt/ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Essential security patch for chromium-browser on Red Hat Enterprise Linux 6. Implement the update to safeguard against vulnerabilities.. Red Hat, chromium-browser, enterprise security, security patch, web exploitation. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 31, 2017 Critical Red Hat
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryremote code executionDebian

Debian 5.0 DSA-1950 Critical: WebKit Remote Code Execution Issues

Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1950 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Giuseppe Iuculano December 12, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : webkit Vulnerability : several Problem type : remote (local) Debian-specific: no CVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714 CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693 CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692 Debian Bug : 532724 532725 534946 535793 538346 Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. CVE-2009-1687 The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." CVE-2009-1690 Use-after-free vulnerability in WebKit, allows remote attackers to execute arbitrary code or cause a denial of service (memorycorruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." CVE-2009-1698 WebKit does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. CVE-2009-1711 WebKit does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. CVE-2009-1712 WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. CVE-2009-1725 WebKit do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. CVE-2009-1714 Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. CVE-2009-1710 WebKit allows remote attackers to spoof the browser's display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. CVE-2009-1697 CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. CVE-2009-1695 Cross-sitescripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. CVE-2009-1693 WebKit allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." CVE-2009-1694 WebKit does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." CVE-2009-1681 WebKit does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. CVE-2009-1684 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. CVE-2009-1692 WebKit allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. For the stable distribution (lenny), these problems has been fixed in version 1.0.1-4+lenny2. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.1.16-1. We recommend that you upgrade your webkit package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the properconfiguration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466 Size/MD5 checksum: 35369 506c8f2fef73a9fc856264f11a3ad27e Size/MD5 checksum: 1447 b5f01d6428f01d79bfe18338064452ab Architecture independent packages: Size/MD5 checksum: 35164 df682bbcd13389c2f50002c2aaf7347b alpha architecture (DEC Alpha) Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae Size/MD5 checksum: 4254938 252b95b962bda11c000f9c0543673c1b amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 3502994 4a96cad1e302e7303d41d6f866215da4 Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950 arm architecture (ARM) Size/MD5 checksum: 2721324 1fac2f59ffa9e3d7b8697aae262f09e4 Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff armel architecture (ARM EABI) Size/MD5 checksum: 2770654 5b88754e9804d9290537afdf6127643a Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490 hppa architecture (HP PA RISC) Size/MD5 checksum: 3869020 c61be734b6511788e8cc235a5d672eab Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30 i386 architecture (Intel ia32) Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca Size/MD5 checksum: 3016584 b854f5294527adac80e9776efed37cd7 ia64 architecture (Intel ia64) Size/MD5 checksum: 5547624 2bd2100a345089282117317a9ab2e7d1 Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 3109134 a680a8f105a19bf1b21a5034c14c4822 Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 2992848 952d643be475c35e253a8757075cd41b Size/MD5 checksum: 621359707cd635047e3f9bd000ff4547a47eaaec s390 architecture (IBM S/390) Size/MD5 checksum: 3456914 6fc856a50b3f899c36381ed8d51af44e Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70 Size/MD5 checksum: 3499170 3f2084d6416459ce1416bd6f6f2845e3 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Various vulnerabilities in WebKit facilitate remote exploitation; critical updates needed for Debian installations to bolster security measures.. Debian Security Advisory, WebKit Exploitation, Remote Threats. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 12, 2009 Critical Debian
Banner 3 1028x280 1708121785 1771599793
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of servicecritical

Ubuntu 8.10, 9.04: USN-836-1 Critical: WebKit Code Execution

It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) [More...]. ==========================================================Ubuntu Security Notice USN-836-1 September 23, 2009 webkit vulnerabilities CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1712, CVE-2009-1725 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libwebkit-1.0-1 1.0.1-2ubuntu0.2 libwebkit-1.0-1-dbg 1.0.1-2ubuntu0.2 libwebkit-dev 1.0.1-2ubuntu0.2 Ubuntu 9.04: libwebkit-1.0-1 1.0.1-4ubuntu0.1 libwebkit-1.0-1-dbg 1.0.1-4ubuntu0.1 libwebkit-dev 1.0.1-4ubuntu0.1 After a standard system upgrade you need to restart any applications that use WebKit, such as Epiphany-webkit and Midori, to effect the necessary changes. Details follow: It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It wasdiscovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712) Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 25401 ca58f621eec09ea60847fb7eeb18ef2a Size/MD5: 1538 ebdb32117beca5fff473ca0c1b065b42 Size/MD5: 13418752 4de68a5773998bea14e8939aa341c466 Architecture independent packages: Size/MD5: 34590 acb9cdfb9608c5f4146ea88eef384e75 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 62592212 df3152f6a40e538e3a267908d83783c0 Size/MD5: 3501472 e68f67894e53eb2faa48191ea3953732 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 62206938 b7d1dde62360865cbc814122b93d4005 Size/MD5: 3014500 73a5a3e9985f6d165120c5c3cca6d06b lpia architecture (Low Power Intel Architecture): Size/MD5: 62284322 75ff8aefee1fdea994f660dab5f6554f Size/MD5: 2966170 1c52f1920282c659a0a81a3be44dde7f Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 30900 0ea9f48f994b9bd759446a939ff5dca3 Size/MD5: 1538 31502504b765f1161825ccdb82f71788 Size/MD5: 13418752 4de68a5773998bea14e8939aa341c466 Architecture independent packages: Size/MD5: 34678 5042c01c01e9d128a13d1457c56b0cbd amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 62772554 3026ef7b332447cae68ed4f72b35ddb2 Size/MD5: 3502830 0fcd75b07524e2d70f8770ccd5bdc0c3 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 62357024 777eb37c5384472cf9b4adac21f0d116 Size/MD5: 3014688 100fd9406ea649edd954f4d154ab4d30 lpia architecture (Low Power Intel Architecture): Size/MD5: 62441454 18aa72b5c443a86153906e5ba4a87e55 Size/MD5: 29680409651199f95dfee6252e2aacde99ebbbf . Security vulnerabilities in WebKit on Ubuntu could permit unauthorized code execution and lead to service interruptions. Ensure your system is updated for protection.. WebKitExploit, UbuntuSecurityNotice, CodeExecutionRisk, DenialOfService, SVGPathListIssue. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 23, 2009 Critical Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here