Advisories

Linux Advisory Watch

Don't want to miss that crucial security notice?. The editorial staff at Guardian Digital will bring you complete coverage and in-depth
descriptions of all security bulletins, vulnerabilities and updated packages, all in one convenient weekly newsletter.

Linux Advisory Watch: April 30th, 2021

Linux Advisory Watch: April 30th, 2021

Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.

Important advisories issued this week include a warning from Debian of an SQL injection vulnerability in libhibernate3-java that could allow an attacker to access unauthorized information or possibly conduct further attacks, and an issue with composer, a dependency manager for PHP. It was discovered that composer did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution. Continue reading to learn about other significant advisories issued this week.

As part of our website redesign that is now in its final stages, we will be updating the format of our Linux Advisory Watch newsletter, and adding the ability for you to create a User Profile and customize it to include the latest advisories for the distros you are tracking. The new site will be live this coming week - stay tuned! Have a happy, healthy and secure weekend!

Yours in Open Source,

Brittany Day Signature


LinuxSecurity.com Feature Extras:

Protect Your WordPress Sites with CrowdSec - The CrowdSec team is expanding the capabilities of their open-source and free security solution by finalizing the release of its brand new application bouncer on the WordPress marketplace.

Cybersecurity World Mourns Over Security Researcher Dan Kaminsky's Passing - On Saturday, April 24th, 2021, the computer security world was shaken by the news of the sudden death of Dan Kaminsky, a renowned hacker best known for his contributions in the realm of DNS security.


  Debian: DSA-4908-1: libhibernate3-java security update (Apr 29)
 

It was discovered that libhibernate3-java, a powerful, high performance object/relational persistence and query service, is prone to an SQL injection vulnerability allowing an attacker to access unauthorized information or possibly conduct further attacks.

  Debian: DSA-4907-1: composer security update (Apr 29)
 

It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution.

  Debian: DSA-4906-1: chromium security update (Apr 27)
 

Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21201

  Debian: DSA-4905-1: shibboleth-sp security update (Apr 27)
 

It was discovered that the Shibboleth Service Provider is prone to a NULL pointer dereference flaw in the cookie-based session recovery feature. A remote, unauthenticated attacker can take advantage of this flaw to cause a denial of service (crash in the shibd daemon/service).

  Debian: DSA-4904-1: gst-plugins-ugly1.0 security update (Apr 24)
 

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

  Debian: DSA-4903-1: gst-plugins-base1.0 security update (Apr 24)
 

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

  Debian: DSA-4902-1: gst-plugins-bad1.0 security update (Apr 24)
 

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

  Debian: DSA-4901-1: gst-libav1.0 security update (Apr 24)
 

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

  Debian: DSA-4900-1: gst-plugins-good1.0 (Apr 24)
 

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

  Debian: DSA-4899-1: openjdk-11 security update (Apr 23)
 

It was discovered that the OpenJDK Java platform incompletely enforced configuration settings used in Jar signing verifications. For the stable distribution (buster), this problem has been fixed in

  Debian: DSA-4898-1: wpa security update (Apr 22)
 

Several vulnerabilities have been discovered in wpa_supplicant and hostapd. CVE-2020-12695

  Debian: DSA-4897-1: thunderbird security update (Apr 22)
 

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. In adddition a number of security issues were addressed in the OpenPGP support.

  Fedora 32: java-1.8.0-openjdk 2021-f71b592e07 (Apr 29)
 

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release notes can be found at: * https://bitly.com/openjdk8u292 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ## Security fixes - JDK-8227467: Better class method invocations * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of

  Fedora 34: samba 2021-7de0418ec8 (Apr 29)
 

Update to Samba 4.14.4 - security fixes for CVE-2021-20254 ---- Fix wrong conditional build check of AD DC

  Fedora 34: jetty 2021-fd66b2bd53 (Apr 29)
 

Update to Jetty 9.4.40 (fixes multiple CVEs)

  Fedora 33: java-1.8.0-openjdk 2021-8b80ef64f1 (Apr 29)
 

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release notes can be found at: * https://bitly.com/openjdk8u292 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ## Security fixes - JDK-8227467: Better class method invocations * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of

  Fedora 32: jetty 2021-444e38face (Apr 28)
 

Update to Jetty 9.4.40 (fixes multiple CVEs)

  Fedora 32: ceph 2021-168fbed46f (Apr 28)
 

ceph 14.2.20 GA Security fix for CVE-2021-20288 bugs=1938031,1952085

  Fedora 32: openvpn 2021-d6b9d8497b (Apr 28)
 

Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)

  Fedora 33: jetty 2021-35f06984d7 (Apr 28)
 

Update to Jetty 9.4.40 (fixes multiple CVEs)

  Fedora 33: ceph 2021-e65b9fb52e (Apr 28)
 

ceph 15.2.11 GA Security fix for CVE-2021-20288 bugs=1938031,1952085

  Fedora 33: shim-unsigned-x64 2021-f6c91e2b75 (Apr 28)
 

Update to shim 15.4

  Fedora 34: kernel 2021-a963f04012 (Apr 28)
 

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

  Fedora 34: kernel-headers 2021-a963f04012 (Apr 28)
 

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

  Fedora 34: kernel-tools 2021-a963f04012 (Apr 28)
 

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: salt 2021-5aaebdae8e (Apr 27)
 

Update to feature release 3003-1 for Python 3, Security fix for CVE-2021-31607

  Fedora 34: ceph 2021-e29c1ee892 (Apr 27)
 

ceph 16.2.1 GA Security fix for CVE-2021-20288 bugs=1938031,1952085

  Fedora 32: kernel-headers 2021-8cd093f639 (Apr 26)
 

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: kernel-tools 2021-8cd093f639 (Apr 26)
 

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: kernel 2021-8cd093f639 (Apr 26)
 

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: rust 2021-d7f74f0250 (Apr 26)
 

Security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit from the fixes. The actual security implications will depend on how these APIs are used in each particular case.

  Fedora 33: kernel-tools 2021-e6b4847979 (Apr 26)
 

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: kernel 2021-e6b4847979 (Apr 26)
 

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: kernel-headers 2021-e6b4847979 (Apr 26)
 

The 5.11.16 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: rust 2021-b1ba54add6 (Apr 26)
 

Security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit from the fixes. The actual security implications will depend on how these APIs are used in each particular case.

  Fedora 34: java-1.8.0-openjdk 2021-25b47f16af (Apr 26)
 

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release notes can be found at: * https://bitly.com/openjdk8u292 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ## Security fixes - JDK-8227467: Better class method invocations * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of

  Fedora 32: firefox 2021-d8b1386945 (Apr 25)
 

- Enabled crashreporter to report Firefox crashes at Mozilla database ---- - New upstream version (88.0)

  Fedora 34: java-11-openjdk 2021-65aa196c14 (Apr 25)
 

# New in release OpenJDK 11.0.11 (2021-04-20) Live versions of these release notes can be found at: * https://bitly.com/openjdk11011 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt ## Security fixes * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of abstract classes * JDK-8249906,

  Fedora 34: openvpn 2021-b805c26afa (Apr 25)
 

Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)

  Fedora 34: gmic 2021-2aaba884af (Apr 25)
 

new version

  Fedora 34: CImg 2021-2aaba884af (Apr 25)
 

new version

  Fedora 34: nodejs 2021-568b18102a (Apr 25)
 

https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/

  Fedora 34: firefox 2021-d1dbb4a38f (Apr 24)
 

- New upstream version (88.0)

  Fedora 34: rust 2021-d0ba1901ca (Apr 24)
 

Security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit from the fixes. The actual security implications will depend on how these APIs are used in each particular case.

  Fedora 34: container-selinux 2021-83b3740389 (Apr 24)
 

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 34: containers-common 2021-83b3740389 (Apr 24)
 

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 34: conmon 2021-83b3740389 (Apr 24)
 

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 34: crun 2021-83b3740389 (Apr 24)
 

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 34: runc 2021-83b3740389 (Apr 24)
 

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 34: podman 2021-83b3740389 (Apr 24)
 

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 34: buildah 2021-83b3740389 (Apr 24)
 

crun and runc now both `Provides: oci-runtime`. ---- Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 34: kernel-tools 2021-d56567bdab (Apr 24)
 

The 5.11.14 stable kernel update contains a number of important fixes across the tree.

  Fedora 34: kernel-headers 2021-d56567bdab (Apr 24)
 

The 5.11.14 stable kernel update contains a number of important fixes across the tree.

  Fedora 34: os-autoinst 2021-aa39748257 (Apr 24)
 

This update is intended to fix two bugs in os-autoinst: a crash on exit that commonly occurs, and a problem that can occur where a dbus-broker per-UID queued data limit is exceeded if many tap tests are running simultaneously for too long.

  Fedora 34: mediawiki 2021-d298103d3a (Apr 24)
 

https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000272.html

  Fedora 34: rpm-ostree 2021-c6802f0b69 (Apr 24)
 

New upstream release: https://github.com/coreos/rpm-ostree/releases/tag/v2021.4 Includes fix for CVE-2021-3445 (https://bugzilla.redhat.com/show_bug.cgi?id=1932079).

  Fedora 34: mingw-binutils 2021-7ca24ddc86 (Apr 24)
 

Backport patch for CVE-2021-3487.

  Fedora 34: kernel 2021-8b64847a44 (Apr 24)
 

The 5.11.13 stable kernel update contains a number of important fixes across the tree.

  Fedora 34: mingw-libjpeg-turbo 2021-94e37443bb (Apr 24)
 

Backport fix for CVE-2021-20205.

  Fedora 34: seamonkey 2021-d1fdd76443 (Apr 24)
 

Appled all the changes from the upstream 2.53.7.1 update. Fixed tab opening in background and tab choosing on a tab close.

  Fedora 34: file-roller 2021-7109d72f07 (Apr 24)
 

Fix CVE-2020-36314

  Fedora 34: gnuchess 2021-ff3297913b (Apr 24)
 

Patch for CVE-2021-30184.

  Fedora 34: singularity 2021-e49f5e66f8 (Apr 24)
 

Upgrade to upstream security release 3.7.3

  Fedora 34: python3.8 2021-a26257ccf5 (Apr 24)
 

This is the ninth maintenance release of Python 3.8. [Changelog](https://docs.py thon.org/release/3.8.9/whatsnew/changelog.html#python-3-8-9). Contains a security fix for CVE-2021-3426.

  Fedora 34: python3.9 2021-0a8f3ffbc0 (Apr 24)
 

Update Python to 3.9.4. [Changelog](https://docs.python.org/release/3.9.4/whatsn ew/changelog.html#changelog). Contains security fix for CVE-2021-3426.

  Fedora 34: python3-docs 2021-0a8f3ffbc0 (Apr 24)
 

Update Python to 3.9.4. [Changelog](https://docs.python.org/release/3.9.4/whatsn ew/changelog.html#changelog). Contains security fix for CVE-2021-3426.

  Fedora 34: libpano13 2021-af806dd42d (Apr 24)
 

Upstream release, security fix for CVE-2021-20307

  Fedora 34: perl-Net-CIDR-Lite 2021-3393b2b19d (Apr 24)
 

This update disallows use of IP addresses with leading zeroes in the octet values, which could have been interpreted ambiguously as either octal or decimal values.

  Fedora 32: xorg-x11-server 2021-f7b4c97879 (Apr 24)
 

xserver 1.20.11 Security fix for CVE-2021-3472 / ZDI-CAN-1259

  Fedora 33: java-11-openjdk 2021-6eb9bbbf0c (Apr 24)
 

# New in release OpenJDK 11.0.11 (2021-04-20) Live versions of these release notes can be found at: * https://bitly.com/openjdk11011 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt ## Security fixes * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of abstract classes * JDK-8249906,

  Fedora 33: runc 2021-ec00da7faa (Apr 24)
 

- crun and runc both `Provides: oci-runtime`. - containers-common now has `Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by default unless runc is already installed. ---- buildah: Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 33: podman 2021-ec00da7faa (Apr 24)
 

- crun and runc both `Provides: oci-runtime`. - containers-common now has `Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by default unless runc is already installed. ---- buildah: Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 33: openvpn 2021-242ef81244 (Apr 24)
 

Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)

  Fedora 33: buildah 2021-ec00da7faa (Apr 24)
 

- crun and runc both `Provides: oci-runtime`. - containers-common now has `Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by default unless runc is already installed. ---- buildah: Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 33: crun 2021-ec00da7faa (Apr 24)
 

- crun and runc both `Provides: oci-runtime`. - containers-common now has `Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by default unless runc is already installed. ---- buildah: Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 33: containers-common 2021-ec00da7faa (Apr 24)
 

- crun and runc both `Provides: oci-runtime`. - containers-common now has `Requires: oci-runtime`. - `dnf install oci-runtime` will install crun by default unless runc is already installed. ---- buildah: Security fix for CVE-2021-20291 Autobuilt v1.20.1

  Fedora 33: nextcloud-client 2021-1ffffa0251 (Apr 24)
 

3.1.3 release

  Fedora 34: efi-rpm-macros 2021-cab258a413 (Apr 23)
 

- Update to shim 15.4 - Support for revocations via the ".sbat" section and SBAT EFI variable - A new unit test framework and a bunch of unit tests - No external gnu-efi dependency - Better CI Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-27779 Resolves: CVE-2021-20225 Resolves: CVE-2021-20233 - Mark

  Fedora 34: shim 2021-cab258a413 (Apr 23)
 

- Update to shim 15.4 - Support for revocations via the ".sbat" section and SBAT EFI variable - A new unit test framework and a bunch of unit tests - No external gnu-efi dependency - Better CI Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-27779 Resolves: CVE-2021-20225 Resolves: CVE-2021-20233 - Mark

  Fedora 34: shim-unsigned-aarch64 2021-cab258a413 (Apr 23)
 

- Update to shim 15.4 - Support for revocations via the ".sbat" section and SBAT EFI variable - A new unit test framework and a bunch of unit tests - No external gnu-efi dependency - Better CI Resolves: CVE-2020-14372 Resolves: CVE-2020-25632 Resolves: CVE-2020-25647 Resolves: CVE-2020-27749 Resolves: CVE-2020-27779 Resolves: CVE-2021-20225 Resolves: CVE-2021-20233 - Mark

  Fedora 33: python3-docs 2021-067c9deff1 (Apr 23)
 

Update Python to 3.9.4. [Changelog](https://docs.python.org/release/3.9.4/whatsn ew/changelog.html#changelog). Contains security fix for CVE-2021-3426.

  Fedora 33: python3.9 2021-067c9deff1 (Apr 23)
 

Update Python to 3.9.4. [Changelog](https://docs.python.org/release/3.9.4/whatsn ew/changelog.html#changelog). Contains security fix for CVE-2021-3426.

  Fedora 32: python3-docs 2021-b6b6093b3a (Apr 23)
 

**Update to 3.8.9.** [Full changelog.](https://docs.python.org/release/3.8.9/whatsnew/changelog.html) Contains security fix for CVE-2021-3426. ---- **Update to 3.8.8.** [Full changelog.](https://docs.python.org/release/3.8.8/whatsnew/changelog.html) Contains security fix for CVE-2021-23336.

  RedHat: RHSA-2021-1469:01 Important: bind security update (Apr 29)
 

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-1468:01 Important: bind security update (Apr 29)
 

An update for bind is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1452:01 Important: Red Hat Ceph Storage security, bug fix, (Apr 28)
 

An update for ceph, ceph-ansible, gperftools, and tcmu-runner is now available for Red Hat Ceph Storage 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1448:01 Moderate: Red Hat Advanced Cluster Management (Apr 28)
 

Red Hat Advanced Cluster Management for Kubernetes 2.0.10 General Availability release, which fixes bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-1444:01 Moderate: OpenJDK 8u292 Security Update for (Apr 28)
 

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-1445:01 Moderate: OpenJDK 8u292 Windows Builds release (Apr 28)
 

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-1446:01 Moderate: OpenJDK 11.0.11 Security Update for (Apr 28)
 

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-1447:01 Moderate: OpenJDK 11.0.11 Security Update for (Apr 28)
 

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-1407:01 Moderate: etcd security update (Apr 27)
 

An update for etcd is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-1389:01 Moderate: openldap security update (Apr 27)
 

An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-1384:01 Moderate: nss security and bug fix update (Apr 27)
 

An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-1230:01 Important: OpenShift Container Platform 4.6.26 (Apr 27)
 

Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.

  RedHat: RHSA-2021-1401:01 Moderate: Red Hat Fuse 7.8.1 patch release and (Apr 27)
 

A micro version update (from 7.8.0 to 7.8.1) is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2. The purpose of this text-only errata is to inform you about the security issues fixed in this release.

  RedHat: RHSA-2021-1376:01 Important: kernel security and bug fix update (Apr 27)
 

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1377:01 Important: kpatch-patch security update (Apr 27)
 

An update is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1379:01 Important: kernel-alt security and bug fix update (Apr 27)
 

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-1373:01 Important: kernel security and bug fix update (Apr 27)
 

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1225:01 Moderate: OpenShift Container Platform 4.7.8 (Apr 26)
 

Red Hat OpenShift Container Platform release 4.7.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7.

  RedHat: RHSA-2021-1227:01 Moderate: OpenShift Container Platform 4.7.8 (Apr 26)
 

Red Hat OpenShift Container Platform release 4.7.8 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-1369:01 Moderate: Red Hat Advanced Cluster Management (Apr 26)
 

Red Hat Advanced Cluster Management for Kubernetes 2.1.6 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-1363:01 Important: firefox security update (Apr 26)
 

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-1361:01 Important: firefox security update (Apr 26)
 

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1360:01 Important: firefox security update (Apr 26)
 

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-1362:01 Important: firefox security update (Apr 26)
 

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1350:01 Important: thunderbird security update (Apr 26)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-1352:01 Important: thunderbird security update (Apr 26)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1351:01 Important: thunderbird security update (Apr 26)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1354:01 Important: xstream security update (Apr 26)
 

An update for xstream is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-1353:01 Important: thunderbird security update (Apr 26)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-1342:01 Moderate: Ansible security update (2.9.20) (Apr 22)
 

An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-1343:01 Moderate: Ansible security update (2.9.20) (Apr 22)
 

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-1338:01 Moderate: Release of OpenShift Serverless 1.14.0 (Apr 22)
 

Release of OpenShift Serverless 1.14.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-1339:01 Moderate: Release of OpenShift Serverless Client (Apr 22)
 

Release of OpenShift Serverless Client kn 1.14.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-1322:01 Important: Red Hat OpenShift Service Mesh 1.1.13 (Apr 22)
 

An update for servicemesh and servicemesh-proxy is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1324:01 Important: Red Hat OpenShift Service Mesh 2.0.3 (Apr 22)
 

An update for servicemesh-proxy is now available for OpenShift Service Mesh 2.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  Slackware: 2021-118-01: bind Security Update (Apr 28)
 

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

  SUSE: 2021:130-1 suse/sles12sp5 Security Update (Apr 30)
 

The container suse/sles12sp5 was updated. The following patches have been included in this update:

  SUSE: 2021:129-1 suse/sles12sp4 Security Update (Apr 30)
 

The container suse/sles12sp4 was updated. The following patches have been included in this update:

  SUSE: 2021:128-1 suse/sle15 Security Update (Apr 29)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:127-1 suse/sle15 Security Update (Apr 29)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:125-1 suse/sles12sp5 Security Update (Apr 29)
 

The container suse/sles12sp5 was updated. The following patches have been included in this update:

  SUSE: 2021:124-1 suse/sles12sp3 Security Update (Apr 29)
 

The container suse/sles12sp3 was updated. The following patches have been included in this update:

  SUSE: 2021:118-1 ses/7/cephcsi/cephcsi Security Update (Apr 24)
 

The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update:

  Debian LTS: DLA-2645-1: edk2 security update (Apr 29)
 

For Debian 9 stretch, these problems have been fixed in version 0~20161202.7bbe0b3e-1+deb9u2. We recommend that you upgrade your edk2 packages.

  Debian LTS: DLA-2644-1: gst-libav1.0 security update (Apr 27)
 

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

  Debian LTS: DLA-2643-1: gst-plugins-ugly1.0 security update (Apr 27)
 

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

  Debian LTS: DLA-2642-1: gst-plugins-bad1.0 security update (Apr 27)
 

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

  Debian LTS: DLA-2641-1: gst-plugins-base1.0 security update (Apr 27)
 

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

  Debian LTS: DLA-2640-1: gst-plugins-good1.0 security update (Apr 26)
 

A use-after-free vulnerability was found in the Matroska plugin of the the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

  Debian LTS: DLA-2639-1: opendmarc security update (Apr 25)
 

It was discovered that OpenDMARC, a milter implementation of DMARC, has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory

  Debian LTS: DLA-2638-1: jackson-databind security update (Apr 24)
 

Multiple security vulnerabilities were found in Jackson Databind. CVE-2020-24616

  Debian LTS: DLA-2637-1: drupal7 security update (Apr 23)
 

The Drupal project identified a vulnerability in the sanitization performed in the _filter_xss_arttributes function, potentially allowing a cross-site scripting, and granted it the Drupal Security Advisory ID SA-CORE-2021-002:

  Debian LTS: DLA-2635-1: libspring-java security update (Apr 23)
 

Multiple vulnerabilities were discovered in libspring-java, a modular Java/J2EE application framework. An attacker may execute code, perform XST attack, issue unauthorized cross-domain requests or cause a DoS (Denial-of-Service) in specific configurations.

  Debian LTS: DLA-2636-1: pjproject security update (Apr 23)
 

An issue has been found in pjproject, a set of libraries for the PJ Project. Due to bad handling of two consecutive crafted answers to an INVITE, the

  Debian LTS: DLA-2633-1: firefox-esr security update (Apr 23)
 

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, privilege escalation or spoofing.

  Debian LTS: DLA-2634-1: openjdk-8 security update (Apr 23)
 

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in bypass of sandbox restrictions. For Debian 9 stretch, these problems have been fixed in version

  Debian LTS: DLA-2632-1: thunderbird security update (Apr 22)
 

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. In adddition a number of security issues were addressed in the OpenPGP support.

  ArchLinux: 202104-10: bind: multiple issues (Apr 29)
 

The package bind before version 9.16.15-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

  ArchLinux: 202104-9: virtualbox: multiple issues (Apr 29)
 

The package virtualbox before version 6.1.20-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary filesystem access and information disclosure.

  ArchLinux: 202104-8: libupnp: content spoofing (Apr 29)
 

The package libupnp before version 1.14.6-1 is vulnerable to content spoofing.

  ArchLinux: 202104-7: chromium: multiple issues (Apr 29)
 

The package chromium before version 90.0.4430.85-1 is vulnerable to multiple issues including arbitrary code execution and sandbox escape.

  ArchLinux: 202104-6: nimble: multiple issues (Apr 29)
 

The package nimble before version 1:0.13.1-1 is vulnerable to multiple issues including arbitrary command execution and man-in-the-middle.

  ArchLinux: 202104-5: opera: multiple issues (Apr 29)
 

The package opera before version 76.0.4017.94-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, sandbox escape and content spoofing.

  ArchLinux: 202104-4: thunderbird: multiple issues (Apr 29)
 

The package thunderbird before version 78.10.0-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary command execution, content spoofing, information disclosure, sandbox escape, access restriction bypass and signature forgery.

  ArchLinux: 202104-3: firefox: multiple issues (Apr 29)
 

The package firefox before version 88.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, arbitrary command execution, sandbox escape and access restriction bypass.

  ArchLinux: 202104-2: vivaldi: multiple issues (Apr 29)
 

The package vivaldi before version 3.8.2259.37-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, insufficient validation, sandbox escape, access restriction bypass, content spoofing and incorrect calculation.

  ArchLinux: 202104-1: gitlab: multiple issues (Apr 29)
 

The package gitlab before version 13.10.3-1 is vulnerable to multiple issues including arbitrary code execution and incorrect calculation.

  SciLinux: SLSA-2021-1389-1 Moderate: openldap on SL7.x x86_64 (Apr 27)
 

openldap: NULL pointer dereference for unauthenticated packet in slapd (CVE-2020-25692) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - openldap-2.4.44-23.el7_9.i686.rpm - openldap-2.4.44-23.el7_9.x86_64.rpm - openldap-clients-2.4.44-23.el7_9.x86_64.rpm - openldap-debugin [More...]

  SciLinux: SLSA-2021-1384-1 Moderate: nss on SL7.x x86_64 (Apr 27)
 

nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * FTBFS: Paypal Cert expired * FTBFS: IKE CLASS_1563 fails gtest * Cannot compile code with nss headers and -Werror=strict-prototypes * CA HSM ncipher token disabled after [More...]

  SciLinux: SLSA-2021-1363-1 Important: firefox on SL7.x x86_64 (Apr 26)
 

This update upgrades Firefox to version 78.10.0 ESR. * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may h [More...]

  SciLinux: SLSA-2021-1350-1 Important: thunderbird on SL7.x x86_64 (Apr 26)
 

This update upgrades Thunderbird to version 78.10.0. * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may h [More...]

  SciLinux: SLSA-2021-1354-1 Important: xstream on SL7.x noarch (Apr 26)
 

XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346) * XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347 [More...]

  openSUSE: 2021:0628-1 moderate: nim (Apr 29)
 

An update that fixes three vulnerabilities is now available.

  openSUSE: 2021:0621-1 important: MozillaFirefox (Apr 26)
 

An update that fixes 8 vulnerabilities is now available.

  openSUSE: 2021:0620-1 moderate: jhead (Apr 26)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0619-1: libdwarf (Apr 25)
 

An update that contains security fixes can now be installed.

  openSUSE: 2021:0618-1 moderate: nim (Apr 25)
 

An update that fixes three vulnerabilities is now available.

  openSUSE: 2021:0607-1 moderate: ruby2.5 (Apr 24)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0606-1 moderate: ImageMagick (Apr 23)
 

An update that fixes four vulnerabilities is now available.

  openSUSE: 2021:0605-1 moderate: apache-commons-io (Apr 23)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0600-1 important: qemu (Apr 23)
 

An update that solves 15 vulnerabilities and has two fixes is now available.

  openSUSE: 2021:0601-1 important: nodejs-underscore (Apr 23)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0602-1 important: sudo (Apr 23)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0598-1 important: shim (Apr 23)
 

An update that solves one vulnerability and has 7 fixes is now available.

  openSUSE: 2021:0595-1 moderate: irssi (Apr 22)
 

An update that contains security fixes can now be installed.

  openSUSE: 2021:0597-1 moderate: python-django-registration (Apr 22)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0594-1 moderate: jhead (Apr 22)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0592-1 important: opera (Apr 22)
 

An update that fixes 9 vulnerabilities is now available.

  Mageia 2021-0199: firefox security update (Apr 29)
 

More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine (CVE-2021-23961).

  Mageia 2021-0198: thunderbird security update (Apr 29)
 

More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine (CVE-2021-23961).

  Mageia 2021-0197: virtualbox security update (Apr 23)
 

This update provides the upstream 6.1.20 maintenance release that fixes atleast the following security vulnerabilities: A difficult to exploit vulnerability in the Oracle VM VirtualBox (component: Core) prior to 6.1.20 allows high privileged attacker with

  Mageia 2021-0196: krb5-appl security update (Apr 23)
 

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or

  Mageia 2021-0195: connman security update (Apr 23)
 

A remote information leak vulnerability and a remote buffer overflow vulnerability were discovered in ConnMan, which could result in denial of service or the execution of arbitrary code (CVE-2021-26675, CVE-2021-26676). References:

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.