Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 2 hours 30 min ago

Fedora 33: linux-firmware 2021-4ead17c8f6>

7 hours 26 min ago
* Update to upstream 20210716 release * update NXP 8897/8997 firmware images * rtlwifi: de-dupe rtl8723b/rtl8192e SDIO/USB WiFi firmware * Mediatek: update WiFi/bluetooth chip (MT7921) * Mediatek: update MT7915 firmware to 20201105 * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2946 * cxgb4: Update firmware to revision 1.26.0.0 * firmware/i915/guc: Add HuC v7.9.3 for TGL & DG1 *

SciLinux: SLSA-2021-2881-1 Important: thunderbird on SL7.x x86_64>

9 hours 38 min ago
This update upgrades Thunderbird to version 78.12.0. * Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969) * Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970) * Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976) * chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547) [More...]

SciLinux: SLSA-2021-2845-1 Important: java-1.8.0-openjdk on SL7.x x86_64>

10 hours 44 min ago
OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the [More...]

SciLinux: SLSA-2021-2784-1 Important: java-11-openjdk on SL7.x x86_64>

10 hours 44 min ago
OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the [More...]

SciLinux: SLSA-2021-2725-1 Important: kernel on SL7.x x86_64>

10 hours 45 min ago
kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) * kernel: use-after-free in show_numa_stats function (CVE-2019-20934) * kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668) * kernel: use-after-free in cipso_v4 [More...]

Debian LTS: DLA-2721-1: drupal7 security update>

14 hours 30 min ago
The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. The vulnerability is mitigated by the fact that Drupal core's use of

Ubuntu 5023-1: Aspell vulnerability>

15 hours 42 min ago
Aspell could be made to execute arbitrary code or cause a crash if it received a specially crafted input.

RedHat: RHSA-2021-2763:01 Important: OpenShift Container Platform 4.7.21>

15 hours 45 min ago
An update is now available for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

Ubuntu 5022-1: MySQL vulnerabilities>

16 hours 34 min ago
Several security issues were fixed in MySQL.

Debian LTS: DLA-2718-1: intel-microcode security update>

18 hours 52 min ago
This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities which could result in privilege escalation in combination with VT-d and various side channel attacks.

Ubuntu 0079-1: Linux kernel vulnerability>

19 hours 28 min ago
Several security issues were fixed in the kernel.

RedHat: RHSA-2021-2881:01 Important: thunderbird security update>

20 hours 12 min ago
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2021-2883:01 Important: thunderbird security update>

20 hours 21 min ago
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2021-2882:01 Important: thunderbird security update>

20 hours 50 min ago
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Fedora 33: chromium 2021-30c84b4924>

Sunday 25th of July 2021 09:02:49 PM
Update to 91.0.4472.164. CVE-2021-30559 CVE-2021-30541 CVE-2021-30560 CVE-2021-30561 CVE-2021-30562 CVE-2021-30563 CVE-2021-30564

Fedora 34: fossil 2021-8523af7a88>

Sunday 25th of July 2021 08:42:04 PM
Upgrade to fossil 2.14.2

Debian LTS: DLA-2720-1: aspell security update>

Sunday 25th of July 2021 06:04:19 PM
Two issue have been found in aspell, the GNU Aspell spell-checker. One issue is related to a stack-based buffer over-read via an isolated \

Mageia 2021-0373: redis security update>

Sunday 25th of July 2021 12:46:13 PM
An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution (CVE-2021-29477). An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt

Mageia 2021-0372: nodejs security update>

Sunday 25th of July 2021 12:46:12 PM
This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true (CVE-2020-7774).

Mageia 2021-0371: python-pip security update>

Sunday 25th of July 2021 12:46:11 PM
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository (CVE-2021-3572). The bundled python-urllib3 was also vulnerable to: