Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisorysoftware updateimportantSUSE: 2023:4214-1 Important: MozillaFirefox Memory Safety Issues
* bsc#1216338 Cross-References: * CVE-2023-5721 * CVE-2023-5722 . # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4214-1 Rating: important References: * bsc#1216338 Cross-References: * CVE-2023-5721 * CVE-2023-5722 * CVE-2023-5723 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5729 * CVE-2023-5730 * CVE-2023-5731 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSELinux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Updated to version 115.4.0 ESR (bsc#1216338): * CVE-2023-5721: Fixed a potential clickjack via queued up rendering. * CVE-2023-5722: Fixed a cross-Origin size and header leakage. * CVE-2023-5723: Fixed unexpected errors when handling invalid cookie characters. * CVE-2023-5724: Fixed a crash due to a large WebGL draw. * CVE-2023-5725: Fixed an issue where WebExtensions could open arbitrary URLs. * CVE-2023-5726: Fixed an issue where fullscreen notifications would be obscured by file the open dialog on macOS. * CVE-2023-5727: Fixed a download protection bypass on on Windows. * CVE-2023-5728: Fixed a crash caused by improper object tracking during GC in the JavaScript engine. * CVE-2023-5729: Fixed an issue where fullscreen notifications would be obscured by WebAuthn prompts. * CVE-2023-5730: Fixed multiple memory safety issues. * CVE-2023-5731: Fixed multiple memory safety issues. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4214=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4214=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4214=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4214=1 * SUSE LinuxEnterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4214=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4214=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4214=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4214=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4214=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4214=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4214=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4214=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-branding-upstream-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-branding-upstream-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * Desktop Applications Module 15-SP4(aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 *MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5722.html * https://www.suse.com/security/cve/CVE-2023-5723.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5729.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5731.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 . This crucial patch for GoogleChrome resolves several vulnerabilities, improving both performance and security.. MozillaFirefox Security Update,SUSE Security Advisory,Memory Safety Fixes. . Severity: Important. LinuxSecurity.com Team
Oct 26, 2023
•Important
SuSE
202
security advisoryimportantheap overflowopenSUSE: 2021:1392-1 Important: 16 Critical Chromium Fixes
An update that fixes 16 vulnerabilities is now available. . openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1392-1 Rating: important References: #1191844 Cross-References: CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 95.0.4638.54 (boo#1191844): * CVE-2021-37981: Heap buffer overflow in Skia * CVE-2021-37982: Use after free in Incognito * CVE-2021-37983: Use after free in Dev Tools * CVE-2021-37984: Heap buffer overflow in PDFium * CVE-2021-37985: Use after free in V8 * CVE-2021-37986: Heap buffer overflow in Settings * CVE-2021-37987: Use after free in Network APIs * CVE-2021-37988: Use after free in Profiles * CVE-2021-37989: Inappropriate implementation in Blink * CVE-2021-37990: Inappropriate implementation in WebView * CVE-2021-37991: Race in V8 * CVE-2021-37992: Out of bounds read in WebAudio * CVE-2021-37993: Use after free in PDF Accessibility * CVE-2021-37996: Insufficient validation of untrusted input in Downloads * CVE-2021-37994: Inappropriate implementation in iFrame Sandbox * CVE-2021-37995: Inappropriate implementation in WebApp Installer Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you canrun the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2021-1392=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-95.0.4638.54-bp153.2.37.1 chromium-95.0.4638.54-bp153.2.37.1 References: https://www.suse.com/security/cve/CVE-2021-37981.html https://www.suse.com/security/cve/CVE-2021-37982.html https://www.suse.com/security/cve/CVE-2021-37983.html https://www.suse.com/security/cve/CVE-2021-37984.html https://www.suse.com/security/cve/CVE-2021-37985.html https://www.suse.com/security/cve/CVE-2021-37986.html https://www.suse.com/security/cve/CVE-2021-37987.html https://www.suse.com/security/cve/CVE-2021-37988.html https://www.suse.com/security/cve/CVE-2021-37989.html https://www.suse.com/security/cve/CVE-2021-37990.html https://www.suse.com/security/cve/CVE-2021-37991.html https://www.suse.com/security/cve/CVE-2021-37992.html https://www.suse.com/security/cve/CVE-2021-37993.html https://www.suse.com/security/cve/CVE-2021-37994.html https://www.suse.com/security/cve/CVE-2021-37995.html https://www.suse.com/security/cve/CVE-2021-37996.html https://bugzilla.suse.com/1191844 . New release out for openSUSE remedying 18 major flaws in firefox, tackling urgent safety vulnerabilities.. openSUSE Update, Chromium Patch, Heap Overflow Fixes. . Severity: Important. LinuxSecurity.com Team
Oct 26, 2021
•Important
OpenSUSE
172
security advisorydenial of servicecriticalUbuntu 14.10 USN-2458-3 Critical: Firefox Regression Fix Details
USN-2458-1 introduced a regression in Firefox. =========================================================================Ubuntu Security Notice USN-2458-3 January 27, 2015 firefox regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: USN-2458-1 introduced a regression in Firefox Software Description: - firefox: Mozilla Open Source web browser Details: USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8634, CVE-2014-8635) Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2014-8636) Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential information. (CVE-2014-8637) Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted website, an attacker could potentiallyexploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638) Xiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially exploit this to conduct session-fixation attacks. (CVE-2014-8639) Holger Fuhrmannek discovered a crash in Web Audio while manipulating timelines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-8640) Mitchell Harper discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8641) Brian Smith discovered that OCSP responses would fail to verify if signed by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck extension, potentially allowing a user to connect to a site with a revoked certificate. (CVE-2014-8642) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: firefox 35.0.1+build1-0ubuntu0.14.10.1 Ubuntu 14.04 LTS: firefox 35.0.1+build1-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 35.0.1+build1-0ubuntu0.12.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. Package Information: https://launchpad.net/ubuntu/+source/firefox/35.0.1+build1-0ubuntu0.14.10.1 https://launchpad.net/ubuntu/+source/firefox/35.0.1+build1-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/firefox/35.0.1+build1-0ubuntu0.12.04.1 . A new patch has been released to address a significant Firefox issue impacting Ubuntu users, restricting theirinternet connectivity as a result of identified security vulnerabilities.. Firefox Regression, Ubuntu Security Update, Web Access Issues. . Severity: Critical. LinuxSecurity.com Team
Jan 27, 2015
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!