Linux Advisory Watch: April 30th, 2021

It was discovered that libhibernate3-java, a powerful, high performance object/relational persistence and query service, is prone to an SQL injection vulnerability allowing an attacker to access unauthorized information or possibly conduct further attacks.

It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution.

Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21201

It was discovered that the Shibboleth Service Provider is prone to a NULL pointer dereference flaw in the cookie-based session recovery feature. A remote, unauthenticated attacker can take advantage of this flaw to cause a denial of service (crash in the shibd daemon/service).

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

It was discovered that the OpenJDK Java platform incompletely enforced configuration settings used in Jar signing verifications. For the stable distribution (buster), this problem has been fixed in

Several vulnerabilities have been discovered in wpa_supplicant and hostapd. CVE-2020-12695

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. In adddition a number of security issues were addressed in the OpenPGP support.

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release notes can be found at: * https://bitly.com/openjdk8u292 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ## Security fixes - JDK-8227467: Better class method invocations * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of

Update to Samba 4.14.4 - security fixes for CVE-2021-20254 ---- Fix wrong conditional build check of AD DC

Update to Jetty 9.4.40 (fixes multiple CVEs)

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release notes can be found at: * https://bitly.com/openjdk8u292 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ## Security fixes - JDK-8227467: Better class method invocations * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of

Update to Jetty 9.4.40 (fixes multiple CVEs)

ceph 14.2.20 GA Security fix for CVE-2021-20288 bugs=1938031,1952085

Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)

Update to Jetty 9.4.40 (fixes multiple CVEs)

ceph 15.2.11 GA Security fix for CVE-2021-20288 bugs=1938031,1952085

Update to shim 15.4

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

Update to feature release 3003-1 for Python 3, Security fix for CVE-2021-31607

ceph 16.2.1 GA Security fix for CVE-2021-20288 bugs=1938031,1952085

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

Security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit from the fixes. The actual security implications will depend on how these APIs are used in each particular case.

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

Security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit from the fixes. The actual security implications will depend on how these APIs are used in each particular case.

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release notes can be found at: * https://bitly.com/openjdk8u292 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ## Security fixes - JDK-8227467: Better class method invocations * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of

- Enabled crashreporter to report Firefox crashes at Mozilla database ---- - New upstream version (88.0)

# New in release OpenJDK 11.0.11 (2021-04-20) Live versions of these release notes can be found at: * https://bitly.com/openjdk11011 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt ## Security fixes * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of abstract classes * JDK-8249906,

Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)

new version

new version

- New upstream version (88.0)

Security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit from the fixes. The actual security implications will depend on how these APIs are used in each particular case.

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

The 5.11.14 stable kernel update contains a number of important fixes across the tree.

The 5.11.14 stable kernel update contains a number of important fixes across the tree.

This update is intended to fix two bugs in os-autoinst: a crash on exit that commonly occurs, and a problem that can occur where a dbus-broker per-UID queued data limit is exceeded if many tap tests are running simultaneously for too long.

https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000272.html

New upstream release: https://github.com/coreos/rpm-ostree/releases/tag/v2021.4 Includes fix for CVE-2021-3445 (https://bugzilla.redhat.com/show_bug.cgi?id=1932079).

Backport patch for CVE-2021-3487.

The 5.11.13 stable kernel update contains a number of important fixes across the tree.

Backport fix for CVE-2021-20205.

Appled all the changes from the upstream 2.53.7.1 update. Fixed tab opening in background and tab choosing on a tab close.

Fix CVE-2020-36314

Patch for CVE-2021-30184.

Upgrade to upstream security release 3.7.3

This is the ninth maintenance release of Python 3.8. [Changelog]( thon.org/release/3.8.9/whatsnew/changelog.html#python-3-8-9). Contains a security fix for CVE-2021-3426.

Update Python to 3.9.4. [Changelog]( thon.org/release/3.9.4/whatsnew/changelog.html#changelog). Contains security fix for CVE-2021-3426.

Update Python to 3.9.4. [Changelog]( thon.org/release/3.9.4/whatsnew/changelog.html#changelog). Contains security fix for CVE-2021-3426.

Upstream release, security fix for CVE-2021-20307

This update disallows use of IP addresses with leading zeroes in the octet values, which could have been interpreted ambiguously as either octal or decimal values.

xserver 1.20.11 Security fix for CVE-2021-3472 / ZDI-CAN-1259

# New in release OpenJDK 11.0.11 (2021-04-20) Live versions of these release notes can be found at: * https://bitly.com/openjdk11011 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt ## Security fixes * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of abstract classes * JDK-8249906,

- crun and runc both `Provides: oci-runtime`. - containers-common now has `Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by default unless runc is already installed. ---- buildah: Security fix for CVE-2021-20291 Autobuilt v1.20.1

- crun and runc both `Provides: oci-runtime`. - containers-common now has `Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by default unless runc is already installed. ---- buildah: Security fix for CVE-2021-20291 Autobuilt v1.20.1

Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)

- crun and runc both `Provides: oci-runtime`. - containers-common now has `Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by default unless runc is already installed. ---- buildah: Security fix for CVE-2021-20291 Autobuilt v1.20.1

- crun and runc both `Provides: oci-runtime`. - containers-common now has `Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by default unless runc is already installed. ---- buildah: Security fix for CVE-2021-20291 Autobuilt v1.20.1

- crun and runc both `Provides: oci-runtime`. - containers-common now has `Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by default unless runc is already installed. ---- buildah: Security fix for CVE-2021-20291 Autobuilt v1.20.1

3.1.3 release

- Update to shim 15.4 - Support for revocations via the ".sbat" section and SBAT EFI variable - A new unit test framework and a bunch of unit tests - No external gnu-efi dependency - Better CI Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-27779 Resolves: CVE-2021-20225 Resolves: CVE-2021-20233 - Mark

- Update to shim 15.4 - Support for revocations via the ".sbat" section and SBAT EFI variable - A new unit test framework and a bunch of unit tests - No external gnu-efi dependency - Better CI Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-27779 Resolves: CVE-2021-20225 Resolves: CVE-2021-20233 - Mark

- Update to shim 15.4 - Support for revocations via the ".sbat" section and SBAT EFI variable - A new unit test framework and a bunch of unit tests - No external gnu-efi dependency - Better CI Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-27779 Resolves: CVE-2021-20225 Resolves: CVE-2021-20233 - Mark

Update Python to 3.9.4. [Changelog]( thon.org/release/3.9.4/whatsnew/changelog.html#changelog). Contains security fix for CVE-2021-3426.

Update Python to 3.9.4. [Changelog]( thon.org/release/3.9.4/whatsnew/changelog.html#changelog). Contains security fix for CVE-2021-3426.

**Update to 3.8.9.** [Full changelog.]( thon.org/release/3.8.9/whatsnew/changelog.html) Contains security fix for CVE-2021-3426. ---- **Update to 3.8.8.** [Full changelog.]( thon.org/release/3.8.8/whatsnew/changelog.html) Contains security fix for CVE-2021-23336.

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for bind is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for ceph, ceph-ansible, gperftools, and tcmu-runner is now available for Red Hat Ceph Storage 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat Advanced Cluster Management for Kubernetes 2.0.10 General Availability release, which fixes bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for etcd is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.

A micro version update (from 7.8.0 to 7.8.1) is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2. The purpose of this text-only errata is to inform you about the security issues fixed in this release.

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat OpenShift Container Platform release 4.7.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7.

Red Hat OpenShift Container Platform release 4.7.8 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Red Hat Advanced Cluster Management for Kubernetes 2.1.6 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for xstream is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

Release of OpenShift Serverless 1.14.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

Release of OpenShift Serverless Client kn 1.14.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for servicemesh and servicemesh-proxy is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for servicemesh-proxy is now available for OpenShift Service Mesh 2.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

The container suse/sles12sp5 was updated. The following patches have been included in this update:

The container suse/sles12sp4 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sles12sp5 was updated. The following patches have been included in this update:

The container suse/sles12sp3 was updated. The following patches have been included in this update:

The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update:

For Debian 9 stretch, these problems have been fixed in version 0~20161202.7bbe0b3e-1+deb9u2. We recommend that you upgrade your edk2 packages.

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

A use-after-free vulnerability was found in the Matroska plugin of the the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

It was discovered that OpenDMARC, a milter implementation of DMARC, has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory

Multiple security vulnerabilities were found in Jackson Databind. CVE-2020-24616

The Drupal project identified a vulnerability in the sanitization performed in the _filter_xss_arttributes function, potentially allowing a cross-site scripting, and granted it the Drupal Security Advisory ID SA-CORE-2021-002:

Multiple vulnerabilities were discovered in libspring-java, a modular Java/J2EE application framework. An attacker may execute code, perform XST attack, issue unauthorized cross-domain requests or cause a DoS (Denial-of-Service) in specific configurations.

An issue has been found in pjproject, a set of libraries for the PJ Project. Due to bad handling of two consecutive crafted answers to an INVITE, the

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, privilege escalation or spoofing.

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in bypass of sandbox restrictions. For Debian 9 stretch, these problems have been fixed in version

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. In adddition a number of security issues were addressed in the OpenPGP support.

The package bind before version 9.16.15-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

The package virtualbox before version 6.1.20-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary filesystem access and information disclosure.

The package libupnp before version 1.14.6-1 is vulnerable to content spoofing.

The package chromium before version 90.0.4430.85-1 is vulnerable to multiple issues including arbitrary code execution and sandbox escape.

The package nimble before version 1:0.13.1-1 is vulnerable to multiple issues including arbitrary command execution and man-in-the-middle.

The package opera before version 76.0.4017.94-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, sandbox escape and content spoofing.

The package thunderbird before version 78.10.0-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary command execution, content spoofing, information disclosure, sandbox escape, access restriction bypass and signature forgery.

The package firefox before version 88.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, arbitrary command execution, sandbox escape and access restriction bypass.

The package vivaldi before version 3.8.2259.37-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, insufficient validation, sandbox escape, access restriction bypass, content spoofing and incorrect calculation.

The package gitlab before version 13.10.3-1 is vulnerable to multiple issues including arbitrary code execution and incorrect calculation.

openldap: NULL pointer dereference for unauthenticated packet in slapd (CVE-2020-25692) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - openldap-2.4.44-23.el7_9.i686.rpm - openldap-2.4.44-23.el7_9.x86_64.rpm - openldap-clients-2.4.44-23.el7_9.x86_64.rpm - openldap-debugin [More...]

nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * FTBFS: Paypal Cert expired * FTBFS: IKE CLASS_1563 fails gtest * Cannot compile code with nss headers and -Werror=strict-prototypes * CA HSM ncipher token disabled after [More...]

This update upgrades Firefox to version 78.10.0 ESR. * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may h [More...]

This update upgrades Thunderbird to version 78.10.0. * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may h [More...]

XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346) * XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347 [More...]

An update that fixes three vulnerabilities is now available.

An update that fixes 8 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that contains security fixes can now be installed.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes four vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 15 vulnerabilities and has two fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has 7 fixes is now available.

An update that contains security fixes can now be installed.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 9 vulnerabilities is now available.

More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine (CVE-2021-23961).

More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine (CVE-2021-23961).

This update provides the upstream 6.1.20 maintenance release that fixes atleast the following security vulnerabilities: A difficult to exploit vulnerability in the Oracle VM VirtualBox (component: Core) prior to 6.1.20 allows high privileged attacker with

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or

A remote information leak vulnerability and a remote buffer overflow vulnerability were discovered in ConnMan, which could result in denial of service or the execution of arbitrary code (CVE-2021-26675, CVE-2021-26676). References: