Updated thunderbird packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash (CVE-2021-29980).
Updated qtwebengine5 packages fix security vulnerabilities: The qtwebengine5 package has been updated to version 5.15.5, fixing several security issues in the bundled chromium code.
Updated spice packages fix security vulnerability: A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection
The recent fix for CVE-2021-33574 released in MGASA-2021-0308 introduced a NULL pointer dereference that will result in segmentation fault. This update adds the missing NULL pointer check to resolve this issue. References:
Updated firefox packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash (CVE-2021-29980).
Updated mariadb packages fix security vulnerabilities: A security issue has been found in the InnoDB component of MariaDB before version 10.6.4. A difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to
Updated dino packages fix security vulnerability: Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators (CVE-2021-33896).
Updated webkit2 packages fix security vulnerabilities: A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further
Updated libvirt packages fix security vulnerability: insecure sVirt label generation (CVE-2021-3631). References:
This kernel-linus update is based on upstream 5.10.56 and fixes atleast the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store
This kernel update is based on upstream 5.10.56 and fixes atleast the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store
Updated exiv2 packages fix security vulnerability: A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS) via crafted metadata (CVE-2021-31291).
Updated bluez packages fix security vulnerability: Adapter incorrectly restores Discoverable state after powered down (CVE-2021-3658).
Updated nodejs packages fix security vulnerability: Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior (CVE-2021-22930)
Updated php-pear packages fix security vulnerability: In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive (CVE-2021-32610).
Updated libsndfile packages fix security vulnerability: A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file (CVE-2021-3246).
Updated fetchmail packages fix security vulnerability: report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other
Updated rabbitmq-server packages fix security vulnerabilities: RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by
Updated python-pillow packages fix security vulnerabilities: An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la (CVE-2021-25287).
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list) (CVE-2019-25051). References:
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
