Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryhigh severityfedoraFedora 39: FEDORA-2023-1de2fe25c4 High: WebRTC Buffer Overflow
update to 120.0.6099.129 - High CVE-2023-7024: Heap buffer overflow in WebRTC. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-1de2fe25c4 2023-12-22 02:42:12.356806 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 39 Version : 120.0.6099.129 Release : 1.fc39 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: update to 120.0.6099.129 - High CVE-2023-7024: Heap buffer overflow in WebRTC -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Than Ngo - 120.0.6099.129-1 - update to 120.0.6099.129 * High CVE-2023-7024: Heap buffer overflow in WebRTC -------------------------------------------------------------------------------- References: [ 1 ] Bug #2255489 - CVE-2023-7024 chromium: chromium-browser: Heap buffer overflow in WebRTC [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2255489 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-1de2fe25c4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Dec 22, 2023
Fedora
98
security advisoryupdatered hatRed Hat: RHSA-2020-4311-01 Important: Firefox Security Update for Linux 8
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:4311-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4311 Issue date: 2020-10-22 CVE Names: CVE-2020-15683 CVE-2020-15969 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted forthe changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.0): Source: firefox-78.4.0-1.el8_0.src.rpm aarch64: firefox-78.4.0-1.el8_0.aarch64.rpm firefox-debuginfo-78.4.0-1.el8_0.aarch64.rpm firefox-debugsource-78.4.0-1.el8_0.aarch64.rpm ppc64le: firefox-78.4.0-1.el8_0.ppc64le.rpm firefox-debuginfo-78.4.0-1.el8_0.ppc64le.rpm firefox-debugsource-78.4.0-1.el8_0.ppc64le.rpm s390x: firefox-78.4.0-1.el8_0.s390x.rpm firefox-debuginfo-78.4.0-1.el8_0.s390x.rpm firefox-debugsource-78.4.0-1.el8_0.s390x.rpm x86_64: firefox-78.4.0-1.el8_0.x86_64.rpm firefox-debuginfo-78.4.0-1.el8_0.x86_64.rpm firefox-debugsource-78.4.0-1.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-15683 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX5G0xtzjgjWX9erEAQgEYw/+L+KANezFxZ8JjSdDi3nJaMxXv4HIYtwH 94LCZgrLHluos9XZxIO01pViPthi76E0X4eGjy8BpHK3G9IGGpbV/Nux5OFswOvR S3zT6lkA7EDD/IqHvhH/zoS6+DNv5CbUbS6BzO/LeLgUPYezbO7Ggj2IuHcuzpjU VRI7k3TFmM6u8JHFYr1SidUq+rc0dzZ1KmItZ3PD2IpcD9T3nMotUVGVNHcF8s5z 2yrTUSDbvmq0OOJ29dQvp4eLw9CFW0ykkW8jE0fvLDzUyWrkwzJBtGRyrcvYTJ5G KjV9U/mnAwriGxOvhcMSQXs9mikzEmUUBnmBcld9ilfg0B9EguuTe7j9l332inZq I4WipwHK4X3wia0fIXtXgNb5WnMdVoNgAGUDiA0n5Oh4GIBzdyMTXduJOB3WG4es 4M7TcOCGiMwBGJFuxLEjVfdMnJAaLbkTG1iCIOsMKugStaVugvv0uTJ2gUiewTmX Ngu749VBY4juql1xveZ+pvVwhubbN+99TMo+5i7j+N9yfNNL5CJH7A7fAQkblUh7 /dmmQPIeaomP4MU/iuEuEQfSj9ojZfnHVqQSpAzm9Yg2ibbh52xmyJe984b7Yf0G mcwclYb41AiclWaHwMf/zI8y4VBNGPw0vRsgEeOhKs7VZVELWjKVcXhEido/SJI/ sPB6Cm+U2rg=zKim -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 22, 2020
•Important
Red Hat
89
security advisoryfedoraupdateFedora 31 Firefox Update FEDORA-2019-7f7bace5b4: Wayland Rendering Fixes
- Updated to new upstream (69.0.1) - Wayland rendering fixes ---- - The update to 69.0.1 - Fix flickering issues - Fix disappearing webrtc dialogs ---- - Fixed rendering artifacts on Wayland backend. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-7f7bace5b4 2019-09-21 00:00:44.539947 --------------------------------------------------------------------------------Name : firefox Product : Fedora 31 Version : 69.0.1 Release : 3.fc31 URL : https://www.firefox.com/en-US/?redirect_source=mozilla-org Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. --------------------------------------------------------------------------------Update Information: - Updated to new upstream (69.0.1) - Wayland rendering fixes ---- - The update to 69.0.1 - Fix flickering issues - Fix disappearing webrtc dialogs ---- -Fixed rendering artifacts on Wayland backend --------------------------------------------------------------------------------References: [ 1 ] Bug #1748442 - Firefox 69.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1748442 [ 2 ] Bug #1751372 - [Wayland] [regression] After updating to version 69, switching between tabs doesn't always update the window's contents https://bugzilla.redhat.com/show_bug.cgi?id=1751372 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-7f7bace5b4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 20, 2019
•Critical
Fedora
98
security advisoryimportantred hat enterpriseRed Hat: RHSA-2018:2282-01 Important: Chromium Browser Security Fix
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2018:2282-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2282 Issue date: 2018-07-30 CVE Names: CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179 ==================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is anopen-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 68.0.3440.75. Security Fix(es): * chromium-browser: Stack buffer overflow in Skia (CVE-2018-6153) * chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6154) * chromium-browser: Use after free in WebRTC (CVE-2018-6155) * chromium-browser: Heap buffer overflow in WebRTC (CVE-2018-6156) * chromium-browser: Type confusion in WebRTC (CVE-2018-6157) * chromium-browser: Cross origin information disclosure in Service Workers(CVE-2018-6150) * chromium-browser: Bad cast in DevTools (CVE-2018-6151) * chromium-browser: Local file write in DevTools (CVE-2018-6152) * chromium-browser: Use after free in Blink (CVE-2018-6158) * chromium-browser: Same origin policy bypass in ServiceWorker (CVE-2018-6159) * chromium-browser: Same origin policy bypass in WebAudio (CVE-2018-6161) * chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6162) * chromium-browser: URL spoof in Omnibox (CVE-2018-6163) * chromium-browser: Same origin policy bypass in ServiceWorker (CVE-2018-6164) * chromium-browser: URL spoof in Omnibox (CVE-2018-6165) * chromium-browser: URL spoof in Omnibox (CVE-2018-6166) * chromium-browser: URL spoof in Omnibox (CVE-2018-6167) * chromium-browser: CORS bypass in Blink (CVE-2018-6168) * chromium-browser: Permissions bypass in extension installation (CVE-2018-6169) * chromium-browser: Type confusion in PDFium (CVE-2018-6170) * chromium-browser: Use after free in WebBluetooth (CVE-2018-6171) * chromium-browser: URL spoof in Omnibox (CVE-2018-6172) * chromium-browser: URL spoof in Omnibox (CVE-2018-6173) * chromium-browser: Integer overflow in SwiftShader (CVE-2018-6174) * chromium-browser: URL spoof in Omnibox (CVE-2018-6175) * chromium-browser: Local user privilege escalation in Extensions (CVE-2018-6176) * chromium-browser: Cross origin information leak in Blink (CVE-2018-4117) * chromium-browser: Request privilege escalation in Extensions (CVE-2018-6044) * chromium-browser: Crossorigin information leak in Blink (CVE-2018-6177) * chromium-browser: UI spoof in Extensions (CVE-2018-6178) * chromium-browser: Local file information leak in Extensions (CVE-2018-6179) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1608177 - CVE-2018-6153 chromium-browser: Stack buffer overflow in Skia 1608178 - CVE-2018-6154 chromium-browser: Heap buffer overflow in WebGL 1608179 - CVE-2018-6155 chromium-browser: Use after free in WebRTC 1608180 - CVE-2018-6156 chromium-browser: Heap buffer overflow in WebRTC 1608181 - CVE-2018-6157 chromium-browser: Type confusion in WebRTC 1608182 - CVE-2018-6158 chromium-browser: Use after free in Blink 1608183 - CVE-2018-6159 chromium-browser: Same origin policy bypass in ServiceWorker 1608185 - CVE-2018-6161 chromium-browser: Same origin policy bypass in WebAudio 1608186 - CVE-2018-6162 chromium-browser: Heap buffer overflow in WebGL 1608187 - CVE-2018-6163 chromium-browser: URL spoof in Omnibox 1608188 - CVE-2018-6164 chromium-browser: Same origin policy bypass in ServiceWorker 1608189 - CVE-2018-6165 chromium-browser: URL spoof in Omnibox 1608190 - CVE-2018-6166 chromium-browser: URL spoof in Omnibox 1608191 - CVE-2018-6167 chromium-browser: URL spoof in Omnibox 1608192 - CVE-2018-6168 chromium-browser: CORS bypass in Blink 1608193 - CVE-2018-6169 chromium-browser: Permissions bypass in extension installation 1608194 - CVE-2018-6170 chromium-browser: Type confusion in PDFium 1608195 - CVE-2018-6171 chromium-browser: Use after free in WebBluetooth 1608196 - CVE-2018-6172 chromium-browser: URL spoof in Omnibox 1608197 - CVE-2018-6173 chromium-browser:URL spoof in Omnibox 1608198 - CVE-2018-6174 chromium-browser: Integer overflow in SwiftShader 1608199 - CVE-2018-6175 chromium-browser: URL spoof in Omnibox 1608200 - CVE-2018-6176 chromium-browser: Local user privilege escalation in Extensions 1608201 - CVE-2018-6177 chromium-browser: Cross origin information leak in Blink 1608202 - CVE-2018-6178 chromium-browser: UI spoof in Extensions 1608203 - CVE-2018-6179 chromium-browser: Local file information leak in Extensions 1608204 - CVE-2018-6044 chromium-browser: Request privilege escalation in Extensions 1608205 - CVE-2018-4117 chromium-browser: Cross origin information leak in Blink 1608206 - CVE-2018-6150 chromium-browser: Cross origin information disclosure in Service Workers1608207 - CVE-2018-6151 chromium-browser: Bad cast in DevTools 1608208 - CVE-2018-6152 chromium-browser: Local file write in DevTools 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-68.0.3440.75-1.el6_10.i686.rpm chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm x86_64: chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-68.0.3440.75-1.el6_10.i686.rpm chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm x86_64: chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-68.0.3440.75-1.el6_10.i686.rpm chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm x86_64: chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2018-4117 https://access.redhat.com/security/cve/CVE-2018-6044 https://access.redhat.com/security/cve/CVE-2018-6150 https://access.redhat.com/security/cve/CVE-2018-6151 https://access.redhat.com/security/cve/CVE-2018-6152 https://access.redhat.com/security/cve/CVE-2018-6153 https://access.redhat.com/security/cve/CVE-2018-6154 https://access.redhat.com/security/cve/CVE-2018-6155 https://access.redhat.com/security/cve/CVE-2018-6156 https://access.redhat.com/security/cve/CVE-2018-6157 https://access.redhat.com/security/cve/CVE-2018-6158 https://access.redhat.com/security/cve/CVE-2018-6159 https://access.redhat.com/security/cve/CVE-2018-6161 https://access.redhat.com/security/cve/CVE-2018-6162 https://access.redhat.com/security/cve/CVE-2018-6163 https://access.redhat.com/security/cve/CVE-2018-6164 https://access.redhat.com/security/cve/CVE-2018-6165 https://access.redhat.com/security/cve/CVE-2018-6166 https://access.redhat.com/security/cve/CVE-2018-6167 https://access.redhat.com/security/cve/CVE-2018-6168 https://access.redhat.com/security/cve/CVE-2018-6169 https://access.redhat.com/security/cve/CVE-2018-6170 https://access.redhat.com/security/cve/CVE-2018-6171 https://access.redhat.com/security/cve/CVE-2018-6172 https://access.redhat.com/security/cve/CVE-2018-6173 https://access.redhat.com/security/cve/CVE-2018-6174 https://access.redhat.com/security/cve/CVE-2018-6175 https://access.redhat.com/security/cve/CVE-2018-6176 https://access.redhat.com/security/cve/CVE-2018-6177 https://access.redhat.com/security/cve/CVE-2018-6178 https://access.redhat.com/security/cve/CVE-2018-6179 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBW18qZtzjgjWX9erEAQhZ2w/+O2aOCGCk2DIKqwT/ErfmvasFiNz7u8I1 +yPMYTQ1NFrs8cjt/ym7PH50aFOMS/YO3n/YL5ROLzoDW/PqXvJdxvi9opWG958V ftc20yBBa4EdJExqkKQYefxg9qD4emt6jkVBzSd/xZ3XcF50oKBG0m1aEPmCzM/G +o3ohQPiKgAMXJMtqTvSXxy1dV0LuoFOWYS6FPrO2F2MzY0Vd8/GXP1bnxqqqYxT ohA0f2yoPWVGzQQBRGCeHvTjv6Mt0PdGejKAoUxptgXenOQ9xAyRBuhSBkvBXAAN 3m+pEmWpHdOdEWoiIx07QcaH408ji+gs2oMSybS16PUwe9VsuOOJBOgFSLjxdb3d bzUjIKZHHscjxA1KIVtAx2JdqTLUKlSjSvaaZxa5d/wFq2UticBM8+EotuIOdE5J 6BVLVX+0GUCizPNbgC2f4i2G3xd60uiym9KP70Z7X+W7vMl9qXcab+GOJCAufwY8 +dfchywwsT19FdQLBJEjKPm7b33FNdr0oLvg6D5RK4pdJMYiEXoCt6ElLBBQzSEA 3vXsagWAaeDEBsLeDNapkLh1BHUx86iMVLGUtiwFgbtAXg7Jbz82AHZmtwT1bf6I KR7aOFFs2zKjRSuQDQZlOPNQVCt04+NbMZYEw6cHIT/+wX7ZrXaNZp+4tTo9gnOf R1+VLpZrH1Q=jHL1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 30, 2018
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!