Advisory: ArchLinux Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
The package flatpak before version 1.10.2-1 is vulnerable to sandbox escape.
The package git before version 2.30.2-1 is vulnerable to arbitrary code execution.
The package wireshark-qt before version 3.4.4-1 is vulnerable to arbitrary code execution.
The package gnutls before version 3.7.1-1 is vulnerable to arbitrary code execution.
The package thrift before version 0.14.0-1 is vulnerable to denial of service.
The package openssl before version 1.1.1.j-1 is vulnerable to multiple issues including denial of service and incorrect calculation.
The package tar before version 1.34-1 is vulnerable to denial of service.
The package bind before version 9.16.12-1 is vulnerable to arbitrary code execution.
The package ipmitool before version 1.8.18-7 is vulnerable to arbitrary code execution.
The package isync before version 1.3.5-1 is vulnerable to directory traversal.
The package python before version 3.9.2-1 is vulnerable to multiple issues including arbitrary code execution and url request injection.
The package python-cryptography before version 3.4-1 is vulnerable to incorrect calculation.
The package python-httplib2 before version 0.19.0-1 is vulnerable to denial of service.
The package intel-ucode before version 20210216-1 is vulnerable to information disclosure.
The package salt before version 3002.5-3 is vulnerable to multiple issues including access restriction bypass, arbitrary command execution, certificate verification bypass, cross-site scripting, insufficient validation, privilege escalation, directory traversal and information disclosure.
The package mumble before version 1.3.4-1 is vulnerable to arbitrary code execution.
The package postgresql before version 13.2-1 is vulnerable to information disclosure.
The package ansible-base before version 2.10.6-1 is vulnerable to information disclosure.
The package keycloak before version 12.0.3-1 is vulnerable to cross- site scripting.
The package python-django before version 3.1.7-1 is vulnerable to url request injection.