| |
Debian: DSA-4661-1: openssl security update (Apr 21) |
| |
Bernd Edlinger discovered that malformed data passed to the SSL_check_chain() function during or after a TLS 1.3 handshake could cause a NULL dereference, resulting in denial of service.
|
| |
Debian: DSA-4660-1: awl security update (Apr 21) |
| |
Andrew Bartlett discovered that awl, DAViCal Andrew's Web Libraries, did not properly handle session management: this would allow a malicious user to impersonate other sessions or users.
|
| |
Debian: DSA-4659-1: git security update (Apr 20) |
| |
Carlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for
|
| |
Debian: DSA-4658-1: webkit2gtk security update (Apr 16) |
| |
The following vulnerability has been discovered in the webkit2gtk web engine: CVE-2020-11793
|
| |
|
| |
Fedora 31: libssh FEDORA-2020-5a77f0d68f (Apr 17) |
| |
Fixes CVE-2020-1730
|
| |
Fedora 31: git FEDORA-2020-cdef88bb89 (Apr 17) |
| |
Security fix for CVE-2020-5260 From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.4.txt): > With a crafted URL that contains a newline in it, the credential > helper machinery can be fooled to give credential information for > a wrong host. The attack has been made impossible by forbidding > a newline character in any value
|
| |
Fedora 31: chromium FEDORA-2020-161c87cbc7 (Apr 17) |
| |
Bugfix release from Google for 80.0.3987.162. ---- Update to 80.0.3987.162. Fixes the following CVEs: * CVE-2020-6450 * CVE-2020-6451 * CVE-2020-6452
|
| |
Fedora 30: nss FEDORA-2020-68ab318468 (Apr 16) |
| |
- New Firefox and NSS upstream update - More info at https://www.mozilla.org/en-US/firefox/75.0/releasenotes/
|
| |
Fedora 30: firefox FEDORA-2020-68ab318468 (Apr 16) |
| |
- New Firefox and NSS upstream update - More info at https://www.mozilla.org/en-US/firefox/75.0/releasenotes/
|
| |
Fedora 31: thunderbird FEDORA-2020-b6dbdc3071 (Apr 16) |
| |
Update to latest upstream version
|
| |
Gentoo Security Advisories
|
| |
Gentoo: GLSA-202004-13: Git: Information disclosure (Apr 23) |
| |
Multiple vulnerabilities have been found in Git which might all allow attackers to access sensitive information.
|
| |
Gentoo: GLSA-202004-12: Chromium, Google Chrome: Multiple vulnerabilities (Apr 23) |
| |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. [More...]
|
| |
Gentoo: GLSA-202004-11: Mozilla Firefox: Multiple vulnerabilities (Apr 23) |
| |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202004-10: OpenSSL: Multiple vulnerabilities (Apr 23) |
| |
Multiple vulnerabilities were found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition.
|
|
|
Red Hat Security Advisories
|
| |
RedHat: RHSA-2020-1561:01 Important: python-twisted-web security update (Apr 23)
|
| |
An update for python-twisted-web is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1545:01 Moderate: OpenShift Container Platform 4.1.41 (Apr 22) |
| |
An update for openshift-enterprise-ansible-operator-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-1449:01 Low: OpenShift Container Platform 4.1.41 security (Apr 22) |
| |
Red Hat OpenShift Container Platform release 4.1.41 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1544:01 Important: Ansible security and bug fix update (Apr 22) |
| |
An update for ansible is now available for Ansible Engine 2.7 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1543:01 Important: Ansible security and bug fix update (Apr 22) |
| |
An update for ansible is now available for Ansible Engine 2.8 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1541:01 Important: Ansible security and bug fix update (Apr 22) |
| |
An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1542:01 Important: Ansible security and bug fix update (Apr 22) |
| |
An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1538:01 Low: AMQ Online security update (Apr 22) |
| |
An update of the Red Hat OpenShift Container Platform 3.11 and 4.1 container images is now available for Red Hat AMQ Online. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-1515:01 Important: java-1.8.0-openjdk security update (Apr 22) |
| |
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1516:01 Important: java-1.8.0-openjdk security update (Apr 22) |
| |
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1517:01 Important: java-11-openjdk security update (Apr 22) |
| |
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1524:01 Important: kernel security update (Apr 22) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1526:01 Moderate: OpenShift Container Platform 4.2.29 (Apr 22) |
| |
An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-1527:01 Moderate: OpenShift Container Platform 4.2.29 (Apr 22) |
| |
An update for openshift is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-1513:01 Important: git security update (Apr 21) |
| |
An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1518:01 Important: git security update (Apr 21) |
| |
An update for git is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1514:01 Important: java-11-openjdk security update (Apr 21) |
| |
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1523:01 Important: rh-maven35-jackson-databind security (Apr 21) |
| |
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1512:01 Important: java-1.8.0-openjdk security update (Apr 21) |
| |
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1509:01 Important: java-11-openjdk security update (Apr 21) |
| |
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1510:01 Important: http-parser security update (Apr 21) |
| |
An update for http-parser is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1511:01 Important: git security update (Apr 21) |
| |
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1520:01 Important: Red Hat JBoss Web Server 5.3 release (Apr 21) |
| |
Updated Red Hat JBoss Web Server 5.3.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact
|
| |
RedHat: RHSA-2020-1521:01 Important: Red Hat JBoss Web Server 5.3 release (Apr 21) |
| |
Red Hat JBoss Web Server 5.3.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this release as having a security impact of
|
| |
RedHat: RHSA-2020-1506:01 Important: java-1.8.0-openjdk security update (Apr 21) |
| |
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1507:01 Important: java-1.7.0-openjdk security update (Apr 21) |
| |
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1508:01 Important: java-1.7.0-openjdk security update (Apr 21) |
| |
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1505:01 Important: qemu-kvm-ma security update (Apr 21) |
| |
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1504:01 Critical: chromium-browser security update (Apr 21) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-1503:01 Important: rh-git218-git security update (Apr 21) |
| |
An update for rh-git218-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1485:01 Moderate: OpenShift Container Platform 4.3.13 (Apr 20) |
| |
An update for runc is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-1497:01 Moderate: tigervnc security update (Apr 16) |
| |
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-1495:01 Important: thunderbird security update (Apr 16) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1496:01 Important: thunderbird security update (Apr 16) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1493:01 Important: kernel-alt security and bug fix update (Apr 16) |
| |
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1488:01 Important: thunderbird security update (Apr 16) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1489:01 Important: thunderbird security update (Apr 16) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-1486:01 Important: ipmitool security update (Apr 16) |
| |
An update for ipmitool is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-1487:01 Important: chromium-browser security update (Apr 16) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
Slackware Security Advisories
|
| |
Slackware: 2020-112-01: git Security Update (Apr 21) |
| |
New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
|
| |
Slackware: 2020-107-01: openvpn Security Update (Apr 17) |
| |
New openvpn packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
|
| |
SUSE Security Advisories
|
| |
SUSE: 2020:1088-1 file-roller (Apr 23) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1091-1 important: resource-agents (Apr 23) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:1092-1 important: resource-agents (Apr 23) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:1089-1 important: resource-agents (Apr 23) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:1090-1 important: resource-agents (Apr 23) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:1087-1 important: the Linux Kernel (Apr 23) |
| |
An update that solves 12 vulnerabilities and has 139 fixes is now available.
|
| |
SUSE: 2020:1084-1 important: the Linux Kernel (Apr 23) |
| |
An update that solves 11 vulnerabilities and has 107 fixes is now available.
|
| |
SUSE: 2020:1045-1 important: cups (Apr 23) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14341-1 important: cups (Apr 23) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1083-1 important: cups (Apr 23) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1085-1 important: the Linux Kernel (Apr 23) |
| |
An update that solves 11 vulnerabilities and has 91 fixes is now available.
|
| |
SUSE: 2020:1077-1 important: Test SUSE:SLE-15-SP2 (Apr 22) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:1072-1 important: pacemaker (Apr 22) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:1065-1 moderate: ovmf (Apr 22) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1066-1 moderate: ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ar (Apr 22) |
| |
An update that solves 9 vulnerabilities and has 14 fixes is now available.
|
| |
SUSE: 2020:1058-1 important: openssl-1_1 (Apr 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1057-1 moderate: puppet (Apr 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1049-1 important: the Linux Kernel (Live Patch 10 for SLE 15 SP1) (Apr 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14342-1 important: apache2 (Apr 21) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:1027-1 important: MozillaThunderbird (Apr 17) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2020:1023-1 moderate: freeradius-server (Apr 17) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:1021-1 moderate: libqt4 (Apr 17) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:1020-1 moderate: freeradius-server (Apr 17) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:1018-1 moderate: freeradius-server (Apr 17) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:1009-1 moderate: quartz (Apr 16) |
| |
An update that fixes one vulnerability is now available.
|
| |
Ubuntu Security Advisories
|
| |
Ubuntu 4338-1: re2c vulnerability (Apr 22) |
| |
re2c could be made to execute arbitrary code if it received a specially crafted file.
|
| |
Ubuntu 4337-1: OpenJDK vulnerabilities (Apr 22) |
| |
Several security issues were fixed in OpenJDK.
|
| |
Ubuntu 4336-1: GNU binutils vulnerabilities (Apr 22) |
| |
Several security issues were fixed in GNU binutils.
|
| |
Ubuntu 4335-1: Thunderbird vulnerabilities (Apr 21) |
| |
Several security issues were fixed in Thunderbird.
|
| |
Ubuntu 4333-1: Python vulnerabilities (Apr 21) |
| |
Several security issues were fixed in Python.
|
| |
Ubuntu 4334-1: Git vulnerability (Apr 21) |
| |
Git could be made to expose sensitive information.
|
| |
Ubuntu 4332-1: File Roller vulnerability (Apr 20) |
| |
File Roller could be made to expose sensitive information.
|
| |
Ubuntu 4331-1: WebKitGTK+ vulnerability (Apr 20) |
| |
Several security issues were fixed in WebKitGTK+.
|
| |
Debian LTS Security Advisories
|
| |
Debian LTS: DLA-2181-1: shiro security update (Apr 19) |
| |
It was discovered that there was a path-traversal issue in Apache Shiro, a security framework for the Java programming language. A specially-crafted request could cause an authentication bypass.
|
| |
Debian LTS: DLA-2180-1: file-roller security update (Apr 18) |
| |
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the
|
| |
Debian LTS: DLA-2179-1: jackson-databind security update (Apr 18) |
| |
Following CVEs were reported against the jackson-databind source package :
|
| |
Debian LTS: DLA-2178-1: awl security update (Apr 18) |
| |
Following CVEs were reported against the awl source package: CVE-2020-11728
|
| |
ArchLinux Security Advisories
|
| |
ArchLinux: 202004-19: lib32-openssl: denial of service (Apr 23) |
| |
The package lib32-openssl before version 1.1.1.g-1 is vulnerable to denial of service.
|
| |
ArchLinux: 202004-18: openssl: denial of service (Apr 22) |
| |
The package openssl before version 1.1.1.g-1 is vulnerable to denial of service.
|
| |
ArchLinux: 202004-17: webkit2gtk: arbitrary code execution (Apr 21) |
| |
The package webkit2gtk before version 2.28.1-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202004-16: openvpn: denial of service (Apr 19) |
| |
The package openvpn before version 2.4.9-1 is vulnerable to denial of service.
|
| |
ArchLinux: 202004-15: chromium: arbitrary code execution (Apr 17) |
| |
The package chromium before version 81.0.4044.113-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202004-14: apache: multiple issues (Apr 17) |
| |
The package apache before version 2.4.43-1 is vulnerable to multiple issues including information disclosure and open redirect.
|
| |
SciLinux Security Advisories
|
| |
SciLinux: SLSA-2020-1561-1 Important: python-twisted-web on SL7.x x86_64 (Apr 23) |
| |
python-twisted: HTTP request smuggling when presented with two Content-Length headers (CVE-2020-10108) * python-twisted: HTTP request smuggling when presented with a Content-Length and a chunked Transfer-Encoding header (CVE-2020-10109) SL7 x86_64 python-twisted-web-12.1.0-7.el7_8.x86_64.rpm - Scientific Linux Development Team
|
| |
SciLinux: SLSA-2020-1524-1 Important: kernel on SL6.x i386/x86_64 (Apr 22) |
| |
kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371) SL6 x86_64 kernel-2.6.32-754.29.1.el6.x86_64.rpm kernel-debug-2.6.32-754.29.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.3 [More...]
|
| |
SciLinux: SLSA-2020-1509-1 Important: java-11-openjdk on SL7.x x86_64 (Apr 21) |
| |
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) * OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) * [More...]
|
| |
SciLinux: SLSA-2020-1512-1 Important: java-1.8.0-openjdk on SL7.x x86_64 (Apr 21) |
| |
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2 [More...]
|
| |
SciLinux: SLSA-2020-1507-1 Important: java-1.7.0-openjdk on SL7.x x86_64 (Apr 21) |
| |
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2 [More...]
|
| |
SciLinux: SLSA-2020-1511-1 Important: git on SL7.x x86_64 (Apr 21) |
| |
git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260) SL7 x86_64 git-1.8.3.1-22.el7_8.x86_64.rpm git-daemon-1.8.3.1-22.el7_8.x86_64.rpm git-debuginfo-1.8.3.1-22.el7_8.x86_64.rpm git-gnome-keyring-1.8.3.1-22.el7_8.x86_64.rpm git-svn-1.8.3.1-22.el7_8.x86_64.rpm noarch emacs-git-1.8.3.1-22.el7_8.noarch.rpm emacs-git-el-1.8.3.1-22.el7_8.no [More...]
|
| |
SciLinux: SLSA-2020-1508-1 Important: java-1.7.0-openjdk on SL6.x i386/x86_64 (Apr 21) |
| |
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2 [More...]
|
| |
SciLinux: SLSA-2020-1506-1 Important: java-1.8.0-openjdk on SL6.x i386/x86_64 (Apr 21) |
| |
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2 [More...]
|
| |
SciLinux: SLSA-2020-1003-1 Moderate: mod_auth_mellon on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1208-1 Important: qemu-kvm on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1045-1 Moderate: lftp on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1181-1 Low: unzip on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1173-1 Moderate: okular on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1334-1 Important: telnet on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1338-1 Critical: firefox on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1091-1 Moderate: python-twisted-web on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1037-1 Moderate: advancecomp on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1054-1 Moderate: mailman on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1126-1 Moderate: mutt on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1167-1 Low: nbdkit on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1113-1 Moderate: bash on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1034-1 Low: doxygen on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1189-1 Moderate: libqb on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1116-1 Important: qemu-kvm on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1151-1 Moderate: libreoffice on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1062-1 Moderate: dovecot on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1068-1 Moderate: squid on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1178-1 Moderate: zziplib on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1185-1 Moderate: libsndfile on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1074-1 Moderate: poppler and evince on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1000-1 Moderate: rsyslog on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1112-1 Moderate: php on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1047-1 Moderate: wireshark on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1190-1 Moderate: libxml2 on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1022-1 Low: file on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1175-1 Low: taglib on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1101-1 Low: bluez on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1172-1 Moderate: qt on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1084-1 Moderate: samba on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1100-1 Moderate: mariadb on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1011-1 Moderate: expat on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1020-1 Low: curl on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1135-1 Low: polkit on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1021-1 Moderate: GNOME on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1131-1 Moderate: python on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1138-1 Low: gettext on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1121-1 Moderate: httpd on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1132-1 Moderate: python3 on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1016-1 Moderate: kernel on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1051-1 Low: libosinfo on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1081-1 Moderate: net-snmp on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1180-1 Moderate: ImageMagick on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1036-1 Moderate: texlive on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1061-1 Moderate: bind on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1050-1 Moderate: cups on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1080-1 Moderate: evolution on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1176-1 Low: avahi on SL7.x x86_64 (Apr 20) |
| |
|
| |
SciLinux: SLSA-2020-1420-1 Important: firefox on SL7.x x86_64 (Apr 20) |
| |
This update upgrades Firefox to version 68.7.0 ESR. * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) SL7 x86_64 firefox-68.7.0-2.el7_8.x86_64.rpm f [More...]
|
| |
SciLinux: SLSA-2020-1489-1 Important: thunderbird on SL7.x x86_64 (Apr 20) |
| |
Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeDat [More...]
|
| |
SciLinux: SLSA-2020-1488-1 Important: thunderbird on SL6.x i386/x86_64 (Apr 16) |
| |
Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeDat [More...]
|
| |
openSUSE Security Advisories
|
| |
openSUSE: 2020:0545-1: moderate: vlc (Apr 23) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
openSUSE: 2020:0543-1: important: the Linux Kernel (Apr 23) |
| |
An update that solves 7 vulnerabilities and has 76 fixes is now available.
|
| |
openSUSE: 2020:0544-1: important: MozillaThunderbird (Apr 23) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2020:0542-1: important: freeradius-server (Apr 23) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:0541-1: critical: chromium (Apr 20) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0540-1: important: chromium (Apr 18) |
| |
An update that fixes 26 vulnerabilities is now available.
|
| |
openSUSE: 2020:0539-1: moderate: mp3gain (Apr 18) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:0535-1: moderate: gstreamer-rtsp-serveropen (Apr 17) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0534-1: moderate: gnuhealthopen (Apr 17) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2020:0524-1: important: gitopen (Apr 16) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0523-1: moderate: ansible (Apr 16) |
| |
An update that solves 8 vulnerabilities and has two fixes is now available.
|
| |
Mageia Security Advisories
|
| |
Mageia 2020-0178: php security update (Apr 20) |
| |
Updated php packages fix security vulnerabilities: - OOB Read in urldecode() (CVE-2020-7067) - Integer Overflow in shmop_open() Noteable changes:
|
| |
Mageia 2020-0177: webkit2 security update (Apr 20) |
| |
The webkit2 package has been updated to version 2.28.1, fixing security issues and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=26487
|
| |
Mageia 2020-0176: python-bleach security update (Apr 20) |
| |
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. (CVE-2020-6816) Regular expression denial of service. (CVE-2020-6817)
|
| |
Mageia 2020-0175: git security update (Apr 16) |
| |
With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol (CVE-2020-5260).
|
| |
Mageia 2020-0174: chromium-browser-stable security update (Apr 16) |
| |
Chromium-browser 81.0.4044.92 fixes security issues: Multiple flaws were found in the way Chromium 80.0.3987.149 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code,
|
