Linux Advisory Watch: December 18th, 2020

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or the disclosure of hidden users.

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information leak.

It was discovered that xerces-c, a validating XML parser library for C++, did not correctly scan DTDs. The use-after-free vulnerability resulting from this issue would allow a remote attacker to leverage a specially crafted XML file in order to crash the application or

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass.

Multiple vulnerabilities have been discovered in the Xen hypervisor: Several security issues affecting Xenstore could result in cross domain access (denial of service, information leaks or privilege

It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream.

Yaniv Nizry discovered that the clean module of lxml, Python bindings for libxml2 and libxslt could be bypassed. For the stable distribution (buster), this problem has been fixed in

Update to 2.16.9 Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.16.9

The 5.9.14 stable kernel update contains a number of important fixes across the tree.

Update of fprintd and libfprint. There are two main tests: * Check that enroll still works (and requires a password) * Check that no other USB devices become unusable (e.g. mouse suddenly lags until clicked) Important changes: * Require authentication for enroll (i.e. password) * Fix race conditions in pam_fprintd * More udev autosupsend rules * Plenty of bugfixes * New

Update of fprintd and libfprint. There are two main tests: * Check that enroll still works (and requires a password) * Check that no other USB devices become unusable (e.g. mouse suddenly lags until clicked) Important changes: * Require authentication for enroll (i.e. password) * Fix race conditions in pam_fprintd * More udev autosupsend rules * Plenty of bugfixes * New

The 5.9.14 stable kernel update contains a number of important fixes across the tree.

Upstream update to v1.12.0-stable Security fix for CVE-2020-15117

This update backports patches for CVE-2020-27824 and CVE-2020-27823.

This update backports patches for CVE-2020-27824 and CVE-2020-27823.

Upstream update to v1.12.0-stable Security fix for CVE-2020-15117

- curl: Inferior OCSP verification (CVE-2020-8286) - libcurl: FTP wildcard stack overflow (CVE-2020-8285) - curl: trusting FTP PASV responses (CVE-2020-8284)

Update to version 1.9.8.1307. Correct playback speed with PulseAdio. Don't try to guess whether to use HTTPS, provided you're using LMS 8.

Update to version 1.9.8.1307. Correct playback speed with PulseAdio. Don't try to guess whether to use HTTPS, provided you're using LMS 8.

https://lists.wikimedia.org/hyperkitty/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/KSMS2ET2EWZJT7Y3H335B3XNV723FOZR/ The 1.34.x series is now end-of-life and the 1.35.x series is a LTS release.

https://lists.wikimedia.org/hyperkitty/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/KSMS2ET2EWZJT7Y3H335B3XNV723FOZR/ The 1.34.x series is now end-of-life and the 1.35.x series is a LTS release.

https://lists.wikimedia.org/hyperkitty/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/KSMS2ET2EWZJT7Y3H335B3XNV723FOZR/ The 1.34.x series is now end-of-life and the 1.35.x series is a LTS release.

Ruild with hardening flags enabled; also, add -doc subpackage, fix .so version symlinking, make -devel dependency on main package strict (arched), and other minor improvements

New version 3.4.0. Security fix for CVE-2020-26575, CVE-2020-28030.

Build with hardening flags enabled; also, add -doc subpackage, fix .so version symlinking, make -devel dependency on main package strict (arched), and other minor improvements.

Update to 14.15.1

New version 3.4.0. Security fix for CVE-2020-26575, CVE-2020-28030.

Security fix for CVE-2020-27819

Security fix for CVE-2020-27819

New upstream release (#1884886) with fixes for CVE-2020-26572, CVE-2020-26571, CVE-2020-26570

fix CVE-2020-27780: authentication bypass when the user doesn't exist

Updated images are now available for Red Hat OpenShift Container Storage 4.6.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openssl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the postgresql:9.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for cockpit-ovirt, redhat-release-virtualization-host, redhat-virtualization-host, and v2v-conversion-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact

An update for fapolicyd is now available for Red Hat Enterprise Linux 8. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description:

An update for fapolicyd is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

An update for fapolicyd is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64

An update for mcg is now available for Red Hat OpenShift Container Storage 4.6.0 on RHEL-8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Updated web-admin-build packages that fixes one bug are now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openssl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for python-XStatic-jQuery is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for memcached is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for python-django-horizon is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Red Hat OpenShift Container Platform release 3.11.343 is now available with updates to packages and images that fix several bugs. This release includes a security update for Kubernetes for Red Hat OpenShift Container Platform 3.11.

A minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact

An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat build of Thorntail. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each

An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

Red Hat OpenShift Container Platform release 4.5.23 is now available with updates to packages and images that fix several bugs. This release includes a security update for Kubernetes for Red Hat OpenShift Container Platform 4.5.

A new image is available for Red Hat Single Sign-On 7.4.4 on OpenJDK, running on OpenShift Container Platform of versions 3.10, 3.11, up to the 4.6. Red Hat Product Security has rated this update as having a security impact

An update for python-XStatic-jQuery224 is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for python-django-horizon is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for the nginx:1.16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

New Red Hat Single Sign-On 7.4.4 packages are now available for Red Hat Enterprise Linux 8. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.4 for RHEL 8 - noarch

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New Red Hat Single Sign-On 7.4.4 packages are now available for Red Hat Enterprise Linux 7. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.4 for RHEL 7 Server - noarch

An update for pacemaker is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for mariadb-connector-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

New Red Hat Single Sign-On 7.4.4 packages are now available for Red Hat Enterprise Linux 6. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.4 for RHEL 6 Server - noarch

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for net-snmp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for linux-firmware is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for pacemaker is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for targetcli is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for gd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for python-rtslib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openssl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

An update for net-snmp is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for curl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for pacemaker is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat OpenShift Container Platform release 4.6.8 is now available with updates to packages and images that fix several bugs. This release includes a security update for openshift-enterprise-builder-container for Red Hat OpenShift Container

An update for libexif is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

Red Hat OpenShift Container Platform release 4.6.8 is now available with updates to packages and images that fix several bugs. An update for ironic-images, openshift, openshift-ansible, openshift-clients, and python-eventlet, cri-o, openshift-kuryr,

An update for libpq is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libexif is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libexif is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libexif is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libexif is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New p11-kit packages are available for Slackware 14.2 and -current to fix security issues.

The container suse-sles-15-chost-byos-v20201210-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

The container caasp/v4.5/velero-restic-restore-helper was updated. The following patches have been included in this update:

The container caasp/v4.5/velero-plugin-for-microsoft-azure was updated. The following patches have been included in this update:

The container caasp/v4.5/velero-plugin-for-gcp was updated. The following patches have been included in this update:

The container caasp/v4.5/velero-plugin-for-aws was updated. The following patches have been included in this update:

The container caasp/v4.5/velero was updated. The following patches have been included in this update:

The container caasp/v4.5/skuba-tooling was updated. The following patches have been included in this update:

The container caasp/v4.5/rsyslog was updated. The following patches have been included in this update:

The container caasp/v4.5/reloader was updated. The following patches have been included in this update:

The container caasp/v4.5/prometheus-server was updated. The following patches have been included in this update:

The container caasp/v4.5/prometheus-pushgateway was updated. The following patches have been included in this update:

The container caasp/v4.5/prometheus-node-exporter was updated. The following patches have been included in this update:

The container caasp/v4.5/prometheus-alertmanager was updated. The following patches have been included in this update:

The container caasp/v4.5/metrics-server was updated. The following patches have been included in this update:

The container caasp/v4.5/kured was updated. The following patches have been included in this update:

The container caasp/v4.5/kucero was updated. The following patches have been included in this update:

The container caasp/v4.5/kubernetes-client was updated. The following patches have been included in this update:

The container caasp/v4.5/kube-state-metrics was updated. The following patches have been included in this update:

The container caasp/v4.5/kube-state-metrics was updated. The following patches have been included in this update:

The container caasp/v4.5/kube-scheduler was updated. The following patches have been included in this update:

The container caasp/v4.5/kube-proxy was updated. The following patches have been included in this update:

The container caasp/v4.5/kube-controller-manager was updated. The following patches have been included in this update:

The container caasp/v4.5/kube-apiserver was updated. The following patches have been included in this update:

The container caasp/v4.5/k8s-sidecar was updated. The following patches have been included in this update:

The container caasp/v4.5/istio-proxyv2 was updated. The following patches have been included in this update:

The container caasp/v4.5/istio-pilot was updated. The following patches have been included in this update:

The container caasp/v4.5/istio-base was updated. The following patches have been included in this update:

The container caasp/v4.5/ingress-nginx-controller was updated. The following patches have been included in this update:

The container caasp/v4.5/helm-tiller was updated. The following patches have been included in this update:

The container caasp/v4.5/grafana was updated. The following patches have been included in this update:

The container caasp/v4.5/gangway was updated. The following patches have been included in this update:

The container caasp/v4.5/etcd was updated. The following patches have been included in this update:

The container caasp/v4.5/default-http-backend was updated. The following patches have been included in this update:

The container caasp/v4.5/curl was updated. The following patches have been included in this update:

The container caasp/v4.5/coredns was updated. The following patches have been included in this update:

The container caasp/v4.5/configmap-reload was updated. The following patches have been included in this update:

The container caasp/v4.5/cilium-operator was updated. The following patches have been included in this update:

The container caasp/v4.5/cilium was updated. The following patches have been included in this update:

The container caasp/v4.5/cilium-etcd-operator was updated. The following patches have been included in this update:

The container caasp/v4.5/cilium-etcd-operator was updated. The following patches have been included in this update:

The container caasp/v4.5/cert-manager-webhook was updated. The following patches have been included in this update:

The container caasp/v4.5/cert-manager-controller was updated. The following patches have been included in this update:

The container caasp/v4.5/cert-manager-cainjector was updated. The following patches have been included in this update:

The container caasp/v4.5/cert-exporter was updated. The following patches have been included in this update:

The container caasp/v4.5/caasp-dex was updated. The following patches have been included in this update:

The container caasp/v4.5/busybox was updated. The following patches have been included in this update:

The container caasp/v4.5/389-ds was updated. The following patches have been included in this update:

The container caasp/v4/velero-restic-restore-helper was updated. The following patches have been included in this update:

The container caasp/v4/velero-plugin-for-microsoft-azure was updated. The following patches have been included in this update:

The container caasp/v4/velero-plugin-for-gcp was updated. The following patches have been included in this update:

The container caasp/v4/velero-plugin-for-aws was updated. The following patches have been included in this update:

The container caasp/v4/velero was updated. The following patches have been included in this update:

The container caasp/v4/test-update was updated. The following patches have been included in this update:

The container caasp/v4/skuba-tooling was updated. The following patches have been included in this update:

The container caasp/v4/rsyslog was updated. The following patches have been included in this update:

The container caasp/v4/prometheus-server was updated. The following patches have been included in this update:

The container caasp/v4/prometheus-pushgateway was updated. The following patches have been included in this update:

The container caasp/v4/prometheus-server was updated. The following patches have been included in this update:

The container caasp/v4/prometheus-alertmanager was updated. The following patches have been included in this update:

The container caasp/v4/metrics-server was updated. The following patches have been included in this update:

The container caasp/v4/metrics-server was updated. The following patches have been included in this update:

The container caasp/v4/kured was updated. The following patches have been included in this update:

The container caasp/v4/kubernetes-client was updated. The following patches have been included in this update:

The container caasp/v4/kube-state-metrics was updated. The following patches have been included in this update:

The container caasp/v4/hyperkube was updated. The following patches have been included in this update:

The container caasp/v4/helm-tiller was updated. The following patches have been included in this update:

The container caasp/v4/prometheus was updated. The following patches have been included in this update:

The container caasp/v4/gangway was updated. The following patches have been included in this update:

The container caasp/v4/etcd was updated. The following patches have been included in this update:

The container caasp/v4/curl was updated. The following patches have been included in this update:

The container caasp/v4/coredns was updated. The following patches have been included in this update:

The container caasp/v4/configmap-reload was updated. The following patches have been included in this update:

The container caasp/v4/cloud-provider-openstack was updated. The following patches have been included in this update:

The container caasp/v4/cilium-operator was updated. The following patches have been included in this update:

The container caasp/v4/cilium-init was updated. The following patches have been included in this update:

The container caasp/v4/cilium was updated. The following patches have been included in this update:

The container caasp/v4/cilium-etcd-operator was updated. The following patches have been included in this update:

The container caasp/v4/cert-exporter was updated. The following patches have been included in this update:

The container caasp/v4/caasp-dex was updated. The following patches have been included in this update:

The container caasp/v4/busybox was updated. The following patches have been included in this update:

The container caasp/v4/389-ds was updated. The following patches have been included in this update:

An update that solves 11 vulnerabilities and has 62 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability, contains one feature and has 6 fixes is now available.

An update that fixes 8 vulnerabilities is now available.

An update that solves four vulnerabilities and has 11 fixes is now available.

The container sles-15-sp2-chost-byos-v20201208 was updated. The following patches have been included in this update:

The container suse-sles-15-sp2-chost-byos-v20201208-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

The container suse-sles-15-sp2-chost-byos-v20201208-gen2 was updated. The following patches have been included in this update:

The container sles-15-sp1-chost-byos-v20201209 was updated. The following patches have been included in this update:

The container suse-sles-15-sp1-chost-byos-v20201209-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

The container suse-sles-15-sp1-chost-byos-v20201209-gen2 was updated. The following patches have been included in this update:

The container suse/sles12sp5 was updated. The following patches have been included in this update:

An update that solves 12 vulnerabilities and has 72 fixes is now available.

An update that solves one vulnerability, contains one feature and has 7 fixes is now available.

An update that solves 12 vulnerabilities and has 72 fixes is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 5 vulnerabilities and has one errata is now available.

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sles12sp5 was updated. The following patches have been included in this update:

Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.

Sympa, a modern mailing list manager, grants full SOAP API access by sending invalid string as the cookie value, if the SOAP endpoint was enabled. An attacker could manipulate the mailing lists, including subscribing e-mails or getting the list of subscribers.

The UK's National Cyber Security Centre (NCSC) discovered that Xerces-C, a validating XML parser library for C++, contains a use-after-free error triggered during the scanning of external DTDs. An attacker could cause a Denial of Service (DoS) and possibly

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information leak.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass.

It was discovered that Apache Tomcat from 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an

David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function which could cause a NULL dereference, resulting in denial of service. For Debian 9 stretch, this problem has been fixed in version

David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function which could cause a NULL dereference, resulting in denial of service. For Debian 9 stretch, this problem has been fixed in version

Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for

It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the "CallStranger" UPnP

The update of sqlite3 released as DLA-2340-1 contained an incomplete fix for CVE-2019-20218. Updated sqlite3 packages are now available to correct this issue.

Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.

The package lib32-gdk-pixbuf2 before version 2.42.2-1 is vulnerable to denial of service.

The package gdk-pixbuf2 before version 2.42.2-1 is vulnerable to denial of service.

The package nsd before version 4.3.4-1 is vulnerable to denial of service.

The package unbound before version 1.13.0-1 is vulnerable to denial of service.

The package hostapd before version 2.9-4 is vulnerable to proxy injection.

The package minidlna before version 1.3.0-1 is vulnerable to arbitrary code execution.

The package chromium before version 87.0.4280.88-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, insufficient validation and denial of service.

The package pam before version 1.5.0-2 is vulnerable to authentication bypass.

The package blueman before version 2.1.4-1 is vulnerable to privilege escalation.

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5443

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5434

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5453

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5435

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5439

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5566

This update upgrades Thunderbird to version 78.6.0. * chromium-browser: Uninitialized Use in V8 (CVE-2020-16042) * Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971) * Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973) * Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use- after-free (CVE-2020-26974) * Mozilla: Memory safety bugs fixed in Firef [More...]

openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) SL7 x86_64 openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm opens [More...]

samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472) * samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318) * samba: Unprivileged user can crash winbind (CVE-2020-14323) SL7 x86_64 libsmbclient-4.10.16-9.el7_9.i686.rpm libsmbclient-4.10.16-9.el7_9.x86_64.rpm libwbclient-4.10.16-9.el7_9.i686.rpm libwbclient-4.10.16-9. [More...]

gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766) SL7 x86_64 gd-2.0.35-27.el7_9.i686.rpm gd-2.0.35-27.el7_9.x86_64.rpm gd-debuginfo-2.0.35-27.el7_9.i686.rpm gd-debuginfo-2.0.35-27.el7_9.x86_64.rpm gd-devel-2.0.35-27.el7_9.i686.rpm gd-devel-2.0.35-27.el7_9.x86_64.rpm gd-progs-2.0.35-27.el7_9.x86_64.rpm - Scientific Linux Developme [More...]

kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: The flow_dissector feature allows device tracking (CVE-2019-18282) * kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769) * kernel: buffer uses out of index in ext3/4 f [More...]

python-rtslib: weak permissions for /etc/target/saveconfig.json (CVE-2020-14019) SL7 noarch python-rtslib-2.1.74-1.el7_9.noarch.rpm python-rtslib-doc-2.1.74-1.el7_9.noarch.rpm - Scientific Linux Development Team

targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867) SL7 noarch targetcli-2.1.53-1.el7_9.noarch.rpm - Scientific Linux Development Team

pacemaker: ACL restrictions bypass (CVE-2020-25654) SL7 x86_64 pacemaker-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-cli-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-cluster-libs-1.1.23-1.el7_9.1.i686.rpm pacemaker-cluster-libs-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-cts-1.1.23-1.el7_9.1.x86_64.rpm pacemaker-debuginfo-1.1.23-1.el7_9.1.i686.rpm pacemaker-debuginfo-1.1.23-1.el7_9 [More...]

Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) SL7 x86_64 thunderbird-78.5.1-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.5.1-1.el7_9.x86_64.rpm - Scientific Linux Development Team

xorg-x11-server: Out-of-bounds access in XkbSetMap function (CVE-2020-14360) * xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability (CVE-2020-25712) * xorg-x11-server: Leak of uninitialized heap memory from the X server to clients in AllocatePixmap of dix/pixmap.c (CVE-2020-14347) SL7 x86_64 xorg-x11-server-Xephyr-1.20.4-15.el7_9.x86_64.rpm [More...]

libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452) SL7 x86_64 libexif-0.6.22-2.el7_9.i686.rpm libexif-0.6.22-2.el7_9.x86_64.rpm libexif-debuginfo-0.6.22-2.el7_9.i686.rpm libexif-debuginfo-0.6.22-2.el7_9.x86_64.rpm libexif-devel-0.6.22-2.el7_9.i686.rpm libexif-devel-0.6.22-2.el7_9.x86_64.rpm libexif-doc-0.6.22-2.el7_9.x86_64.r [More...]

An update that fixes 14 vulnerabilities is now available.

An update that solves one vulnerability and has 6 fixes is now available.

An update that fixes 14 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves 12 vulnerabilities and has 72 fixes is now available.

An update that fixes 5 vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has 6 fixes is now available.

An update that contains security fixes can now be installed.

An update that fixes 6 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability (CVE-2020-27828).

When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read (CVE-2020-16042). Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow in WebGL on some video drivers (CVE-2020-26971).

When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read (CVE-2020-16042). Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow in WebGL on some video drivers (CVE-2020-26971).

dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c. (CVE-2019-13989) References: - https://bugs.mageia.org/show_bug.cgi?id=27759 - https://security-tracker.debian.org/tracker/CVE-2019-13989

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp. (CVE-2017-14628). In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array

Multiple vulnerabilities have been discovered in Bitcoin. In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. (CVE-2020-26215) References: - https://bugs.mageia.org/show_bug.cgi?id=27705 - https://www.debian.org/lts/security/2020/dla-2477

A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-14360).