This update provides the binutils 2.33.1 and fixes atleast the following security issues: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a
This update is based on upstream 5.5.6 and fixes atleast the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the
Updated hiredis packages fix security vulnerability: async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked (CVE-2020-7105).
Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9840,
Updated zsh packages fix security vulnerability: A privilege escalation vulnerability was discovered in zsh, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted (CVE-2019-20044).
Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory (CVE-2019-12528).
The updated packages fix a security vulnerability: A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on
Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP