This update provides the upstream 6.0.20 adding support for kernel 5.6 series and fixes the following security vulnerabilities: Oracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure where
The updated package fixes a security vulnerability: A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service. (CVE-2019-18359)
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. (CVE-2020-6816) Regular expression denial of service. (CVE-2020-6817)
With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol (CVE-2020-5260).
Chromium-browser 81.0.4044.92 fixes security issues: Multiple flaws were found in the way Chromium 80.0.3987.149 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code,
Updated golang packages fix security vulnerability: An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or