Advisories

Linux Advisory Watch

Don't want to miss that crucial security notice?. The editorial staff at Guardian Digital will bring you complete coverage and in-depth
descriptions of all security bulletins, vulnerabilities and updated packages, all in one convenient weekly newsletter.

Linux Advisory Watch: December 4th, 2020

Linux Advisory Watch: December 4th, 2020

Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.

Important advisories issued this week include a SUSE xen update mitigating five vulnerabilities and Firefox and Thunderbird updates available to RedHat users. Continue reading to learn about other significant advisories issued this week. Wishing you a healthy, safe and secure holiday season!

Yours in Open Source,

Brittany Day Signature


LinuxSecurity.com Feature Extras:

Verifying Linux Server Security: What Every Admin Needs to Know - This article will introduce LinuxSecurity’s top methods and tools for verifying the security of your Linux servers - specifically, port scanning, intrusion detection, penetration testing, reverse engineering and auditing - and will point you in the direction of some other valuable resources to help you get started on this journey.

OctopusWAF: A Customizable Open-Source WAF for High Performance Applications - OctopusWAF is customizable, user-friendly and optimized for a large number of parallel connections - making it ideal for high performance AJAX applications.


  Debian: DSA-4802-1: thunderbird security update (Dec 3)
 

Chiaki Ishikawa discovered a stack overflow in SMTP server status handling which could potentially result in the execution of arbitrary code.

  Debian: DSA-4801-1: brotli security update (Dec 1)
 

A buffer overflow was discovered in Brotli, a generic-purpose lossless compression suite. For the stable distribution (buster), this problem has been fixed in

  Debian: DSA-4800-1: libproxy security update (Nov 28)
 

Two vulnerabilities were discovered in libproxy, an automatic proxy configuration management library, which could result in denial of service, or possibly, execution of arbitrary code.

  Debian: DSA-4799-1: x11vnc security update (Nov 28)
 

Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC

  Fedora 32: webkit2gtk3 2020-e8a7566e80 (Dec 3)
 

Update to WebKitGTK 2.30.3: * Fix backdrop filters with rounded borders. * Fix scrolling iframes when async scrolling is enabled. * Allow applications to handle drag and drop on the web view again. * Update Outlook user agent quirk. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-9983, CVE-2020-13584

  Fedora 32: xen 2020-4ff32ef9be (Dec 3)
 

stack corruption from XSA-346 change [XSA-355] ---- support zstd compressed kernels (dom0 only) based on linux kernel code

  Fedora 32: pdfresurrect 2020-92195be0e2 (Dec 3)
 

PDFresurrect 0.21

  Fedora 32: c-ares 2020-307e873389 (Dec 3)
 

Security fix for CVE-2020-8277.

  Fedora 32: perl-Convert-ASN1 2020-d8bc3a9874 (Dec 2)
 

Security fix for CVE-2013-7488

  Fedora 33: php-pear 2020-f351eb14e3 (Dec 2)
 

* Fix Bug #27002: Filename manipulation vulnerabilities (CVE-2020-28948 / CVE-2020-28949) [mrook]

  Fedora 32: php-pear 2020-5271a896ff (Dec 2)
 

* Fix Bug #27002: Filename manipulation vulnerabilities (CVE-2020-28948 / CVE-2020-28949) [mrook]

  Fedora 33: thunderbird 2020-24bedcb95c (Nov 30)
 

Update to latest upstream version.

  Fedora 33: xen 2020-d71fa5f0b9 (Nov 30)
 

stack corruption from XSA-346 change [XSA-355] ---- Information leak via power sidechannel [XSA-351]

  Fedora 32: libuv 2020-eb942ee0db (Nov 30)
 

Update to Node.js 12.18.4 September 2020 security release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

  Fedora 32: nodejs 2020-eb942ee0db (Nov 30)
 

Update to Node.js 12.18.4 September 2020 security release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

  Fedora 33: tcpdump 2020-fae2e1f2bc (Nov 29)
 

Security fix for CVE-2020-8037

  Fedora 33: webkit2gtk3 2020-145877bcd3 (Nov 28)
 

Update to WebKitGTK 2.30.3: * Fix backdrop filters with rounded borders. * Fix scrolling iframes when async scrolling is enabled. * Allow applications to handle drag and drop on the web view again. * Update Outlook user agent quirk. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-9983, CVE-2020-13584

  Fedora 32: microcode_ctl 2020-1afbe7ba2d (Nov 28)
 

- Update to upstream 2.1-31. 20201118 - Removal of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68[1]; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up to 0x34[2]. [1] The microcode has been removed after reports of system hangs: https://github.com/intel/Intel-Linux-Processor- Microcode-Data-Files/issues/44 [2] Addresses CVE-2020-8695 for this platform.

  Fedora 32: moodle 2020-db73e37548 (Nov 27)
 

Fix for multiple CVEs

  Fedora 33: pam 2020-22532a1a81 (Nov 27)
 

fix CVE-2020-27780: authentication bypass when the user doesn't exist

  Fedora 33: asterisk 2020-6b277646c7 (Nov 27)
 

Update to upstream 17.9.0 for bug and security fixes

  Fedora 33: moodle 2020-304aa2c365 (Nov 27)
 

Fix for multiple CVEs

  Fedora 33: c-ares 2020-7473744de1 (Nov 27)
 

Security fix for CVE-2020-8277.

  Fedora 33: drupal7 2020-7d8f772540 (Nov 26)
 

- https://www.drupal.org/project/drupal/releases/7.74 - https://www.drupal.org/sa-core-2020-012 - https://www.drupal.org/project/drupal/releases/7.73 - https://www.drupal.org/sa-core-2020-007

  Fedora 33: java-1.8.0-openjdk-aarch32 2020-9dc3df49f0 (Nov 26)
 

8u275 update

  Fedora 33: pacemaker 2020-3d0e38b9e7 (Nov 26)
 

** Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 ** - a little more syncing with upstream spec-file ** Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 ** - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or

  Fedora 33: swtpm 2020-00d28cf56b (Nov 26)
 

Another build of v0.5.1 after more fixes

  Fedora 33: slurm 2020-49b97c38e7 (Nov 26)
 

Update to 20.02.6. Closes security issues CVE-2020-27745 and CVE-2020-27746.

  Fedora 32: drupal7 2020-088196d926 (Nov 26)
 

- https://www.drupal.org/project/drupal/releases/7.74 - https://www.drupal.org/sa-core-2020-012 - https://www.drupal.org/project/drupal/releases/7.73 - https://www.drupal.org/sa-core-2020-007

  Fedora 32: java-1.8.0-openjdk-aarch32 2020-8bfc7c49d1 (Nov 26)
 

8u275 update

  Fedora 32: pacemaker 2020-2cbe0089e2 (Nov 26)
 

* Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 - a little more syncing with upstream spec-file * Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or

  Fedora 32: swtpm 2020-c707fcb91f (Nov 26)
 

Another build of v0.5.1 after more fixes

  Fedora 32: slurm 2020-98a5098030 (Nov 26)
 

Update to 19.05.08. Closes security issues CVE-2020-27745 and CVE-2020-27746

  Fedora 32: libxml2 2020-b6aaf25741 (Nov 26)
 

Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot.

  RedHat: RHSA-2020-5342:01 Important: Red Hat JBoss Enterprise Application (Dec 3)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5341:01 Important: Red Hat JBoss Enterprise Application (Dec 3)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5340:01 Important: Red Hat JBoss Enterprise Application (Dec 3)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5344:01 Important: Red Hat JBoss Enterprise Application (Dec 3)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of

  RedHat: RHSA-2020-5333:01 Moderate: go-toolset-1.14-golang security update (Dec 3)
 

An update for go-toolset-1.14-golang is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5325:01 Moderate: Red Hat Ceph Storage 4.1 security and (Dec 2)
 

An update is now available for Red Hat Ceph Storage 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5317:01 Important: rh-postgresql12-postgresql security (Dec 2)
 

An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5316:01 Important: rh-postgresql10-postgresql security (Dec 2)
 

An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5314:01 Important: firefox security update (Dec 1)
 

An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5305:01 Moderate: rh-nodejs12-nodejs security update (Dec 1)
 

An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5275:01 Moderate: rh-php73-php security, bug fix, (Dec 1)
 

An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5302:01 Important: Red Hat build of Quarkus 1.7.5 SP1 (Dec 1)
 

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each

  RedHat: RHSA-2020-5194:01 Moderate: OpenShift Container Platform 4.5.21 bug (Dec 1)
 

Red Hat OpenShift Container Platform release 4.5.21 is now available with updates to packages and images that fix several bugs. This release includes a security update for openshift-enterprise-hyperkube for Red Hat OpenShift Container Platform 4.5.21.

  RedHat: RHSA-2020-5239:01 Important: firefox security update (Nov 30)
 

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-5257:01 Important: firefox security update (Nov 30)
 

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-5235:01 Important: thunderbird security update (Nov 30)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-5254:01 Important: Red Hat Single Sign-On 7.4.3 one-off (Nov 30)
 

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5159:01 Low: OpenShift Container Platform 4.6.6 security (Nov 30)
 

An update for faq is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5249:01 Moderate: security update - Red Hat Ansible Tower (Nov 30)
 

Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container 2. Description: * Fixed two jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023) * Improved Ansible Tower's web service configuration to allow for

  RedHat: RHSA-2020-5246:01 Important: rh-mariadb103-mariadb and (Nov 30)
 

An update for rh-mariadb103-mariadb and rh-mariadb103-galera is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5237:01 Important: firefox security update (Nov 30)
 

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-5234:01 Important: firefox security update (Nov 30)
 

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5238:01 Important: thunderbird security update (Nov 30)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-5232:01 Important: thunderbird security update (Nov 30)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5236:01 Important: thunderbird security update (Nov 30)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-5233:01 Important: firefox security update (Nov 30)
 

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5231:01 Important: thunderbird security update (Nov 30)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5240:01 Important: thunderbird security update (Nov 30)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  SUSE: 2020:3615-1 important: xen (Dec 3)
 

An update that solves 5 vulnerabilities and has one errata is now available.

  SUSE: 2020:3613-1 moderate: rpmlint (Dec 3)
 

An update that contains security fixes can now be installed.

  SUSE: 2020:3614-1 important: gdm (Dec 3)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3611-1 important: xen (Dec 3)
 

An update that solves 5 vulnerabilities and has one errata is now available.

  SUSE: 2020:3612-1 important: xen (Dec 3)
 

An update that solves one vulnerability and has one errata is now available.

  SUSE: 2020:3599-1 moderate: python-pip (Dec 2)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3593-1 important: python3 (Dec 2)
 

An update that solves one vulnerability and has one errata is now available.

  SUSE: 2020:3594-1 important: python-setuptools (Dec 2)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3591-1 important: java-1_8_0-openjdk (Dec 2)
 

An update that contains security fixes can now be installed.

  SUSE: 2020:3592-1 moderate: python-cryptography (Dec 2)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3597-1 important: python (Dec 2)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3596-1 important: python3 (Dec 2)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:14553-1 important: xorg-x11-server (Dec 1)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3585-1 important: xorg-x11-server (Dec 1)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3586-1 important: xorg-x11-server (Dec 1)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3587-1 important: xorg-x11-server (Dec 1)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3582-1 important: xorg-x11-server (Dec 1)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3589-1 important: xorg-x11-server (Dec 1)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3588-1 important: xorg-x11-server (Dec 1)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:2475-2 moderate: libX11 (Dec 1)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:14551-1 important: mutt (Nov 30)
 

An update that solves one vulnerability and has one errata is now available.

  SUSE: 2020:3564-1 important: mariadb (Nov 30)
 

An update that fixes 5 vulnerabilities is now available.

  SUSE: 2020:3563-1 important: python36 (Nov 30)
 

An update that fixes 7 vulnerabilities, contains two features is now available.

  SUSE: 2020:3568-1 important: mutt (Nov 30)
 

An update that solves one vulnerability and has one errata is now available.

  SUSE: 2020:3566-1 important: python-setuptools (Nov 30)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3565-1 important: python-pip (Nov 30)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3552-1 moderate: binutils (Nov 27)
 

An update that solves 8 vulnerabilities, contains three features and has 6 fixes is now available.

  SUSE: 2020:3551-1 moderate: libssh2_org (Nov 27)
 

An update that fixes 10 vulnerabilities, contains one feature is now available.

  SUSE: 2020:3549-1 important: nodejs12 (Nov 27)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3550-1 important: LibVNCServer (Nov 27)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:2474-2 moderate: libX11 (Nov 27)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3548-1 important: MozillaFirefox (Nov 27)
 

An update that fixes 12 vulnerabilities is now available.

  SUSE: 2020:728-1 ses/7/rook/ceph Security Update (Nov 27)
   
  SUSE: 2020:717-1 ses/7/ceph/ceph Security Update (Nov 27)
   
  SUSE: 2020:715-1 ses/7/ceph/grafana Security Update (Nov 27)
   
  SUSE: 2020:712-1 ses/7/cephcsi/cephcsi Security Update (Nov 27)
   
  SUSE: 2020:3544-1 important: the Linux Kernel (Nov 26)
 

An update that solves 26 vulnerabilities and has 34 fixes is now available.

  SUSE: 2020:3473-2 moderate: ceph (Nov 26)
 

An update that solves one vulnerability, contains two features and has 23 fixes is now available.

  SUSE: 2020:3544-1 important: the Linux Kernel (Nov 26)
 

An update that solves 26 vulnerabilities and has 34 fixes is now available.

  SUSE: 2020:3539-1 important: ceph (Nov 26)
 

An update that solves one vulnerability and has 5 fixes is now available.

  SUSE: 2020:3532-1 important: the Linux Kernel (Nov 26)
 

An update that solves 26 vulnerabilities and has 32 fixes is now available.

  SUSE: 2020:14549-1 important: LibVNCServer (Nov 26)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:14550-1 important: python (Nov 26)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3532-1 important: the Linux Kernel (Nov 26)
 

An update that solves 26 vulnerabilities and has 32 fixes is now available.

  SUSE: 2020:3528-1 important: MozillaThunderbird (Nov 26)
 

An update that fixes 12 vulnerabilities is now available.

  SUSE: 2020:709-1 ses/7/rook/ceph Security Update (Nov 26)
   
  SUSE: 2020:708-1 ses/7/prometheus-webhook-snmp Security Update (Nov 26)
   
  SUSE: 2020:707-1 ses/7/cephcsi/csi-snapshotter Security Update (Nov 26)
   
  SUSE: 2020:706-1 ses/7/cephcsi/csi-resizer Security Update (Nov 26)
   
  SUSE: 2020:705-1 ses/7/cephcsi/csi-provisioner Security Update (Nov 26)
   
  SUSE: 2020:704-1 ses/7/cephcsi/csi-node-driver-registrar Security Update (Nov 26)
   
  SUSE: 2020:703-1 ses/7/cephcsi/csi-livenessprobe Security Update (Nov 26)
   
  SUSE: 2020:702-1 ses/7/cephcsi/csi-attacher Security Update (Nov 26)
   
  SUSE: 2020:699-1 ses/7/ceph/ceph Security Update (Nov 26)
   
  SUSE: 2020:698-1 ses/7/ceph/grafana Security Update (Nov 26)
   
  SUSE: 2020:696-1 ses/7/cephcsi/cephcsi Security Update (Nov 26)
   
  Debian LTS: DLA-2479-1: thunderbird security update (Dec 4)
 

Chiaki Ishikawa discovered a stack overflow in SMTP server status handling which could potentially result in the execution of arbitrary code.

  Debian LTS: DLA-2478-1: postgresql-9.6 security update (Dec 2)
 

Several vulnerabilities have been found in the PostgreSQL database system. CVE-2020-25694

  Debian LTS: DLA-2471-1: libxstream-java security update (Nov 30)
 

It was found that XStream is vulnerable to Remote Code Execution. The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Users who rely on blocklists are affected (the default in Debian). We strongly recommend to use the

  Debian LTS: DLA-2470-1: zsh security update (Nov 30)
 

Several security vulnerabilities were found and corrected in zsh, a powerful shell and scripting language. Off-by-one errors, wrong parsing of shebang lines and buffer overflows may lead to unexpected behavior. A local, unprivileged user can create a specially crafted message file or directory path. If the

  Debian LTS: DLA-2474-1: musl security update (Nov 30)
 

The wcsnrtombs function in all musl libc versions up through 1.2.1 has been found to have multiple bugs in handling of destination buffer size when limiting the input character count, which can lead to infinite loop with no forward progress (no overflow) or

  Debian LTS: DLA-2473-1: vips security update (Nov 30)
 

In VIPS, an image processing system, an uninitialized variable which may cause the leakage of remote server path or stack address was fixed. For Debian 9 stretch, this problem has been fixed in version

  Debian LTS: DLA-2472-1: mutt security update (Nov 30)
 

In Mutt, a text-based Mail User Agent, invalid IMAP server responses were not properly handled, potentially resulting in authentication credentials being exposed or man-in-the-middle attacks.

  Debian LTS: DLA-2469-1: qemu security update (Nov 29)
 

Some issues have been found in qemu, a fast processor emulator. All issues are related to assertion failures, out-of-bounds access

  Debian LTS: DLA-2468-1: tcpflow security update (Nov 28)
 

An issue has been found in tcpflow, a TCP flow recorder. Due to an overflow vulnerability in function handle_80211, an

  Debian LTS: DLA-2466-1: drupal7 security update (Nov 27)
 

Two vulnerabilities were found in the Archive_Tar PHP module, used by Drupal, which could result in the execution of arbitrary code if a malicious user is allowed to upload tar archives.

  Debian LTS: DLA-2467-1: lxml security update (Nov 26)
 

CVE-2018-19787 It was discovered that there was a XSS injection vulnerability in

  ArchLinux: 202011-21: swtpm: privilege escalation (Nov 29)
 

The package swtpm before version 0.5.1-1 is vulnerable to privilege escalation.

  ArchLinux: 202011-20: raptor: arbitrary code execution (Nov 29)
 

The package raptor before version 2.0.15-14 is vulnerable to arbitrary code execution.

  ArchLinux: 202011-19: libass: arbitrary code execution (Nov 29)
 

The package libass before version 0.15.0-1 is vulnerable to arbitrary code execution.

  ArchLinux: 202011-18: c-ares: denial of service (Nov 29)
 

The package c-ares before version 1.17.1-1 is vulnerable to denial of service.

  ArchLinux: 202011-17: rclone: private key recovery (Nov 29)
 

The package rclone before version 1.53.3-1 is vulnerable to private key recovery.

  ArchLinux: 202011-16: go: multiple issues (Nov 26)
 

The package go before version 2:1.15.5-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

  ArchLinux: 202011-15: libxml2: multiple issues (Nov 26)
 

The package libxml2 before version 2.9.10-6 is vulnerable to multiple issues including denial of service and information disclosure.

  ArchLinux: 202011-14: postgresql: multiple issues (Nov 26)
 

The package postgresql before version 12.5-1 is vulnerable to multiple issues including sandbox escape, arbitrary code execution and silent downgrade.

  ArchLinux: 202011-13: wireshark-cli: denial of service (Nov 26)
 

The package wireshark-cli before version 3.4.0-1 is vulnerable to denial of service.

  SciLinux: SLSA-2020-5235-1 Important: thunderbird on SL7.x i386/x86_64 (Nov 30)
 

This update upgrades Thunderbird to version 78.5.0. * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enable [More...]

  openSUSE: 2020:2152-1 important: python3 (Dec 3)
 

An update that solves one vulnerability and has one errata is now available.

  openSUSE: 2020:2149-1 moderate: mariadb (Dec 2)
 

An update that fixes 5 vulnerabilities is now available.

  openSUSE: 2020:2147-1 important: xorg-x11-server (Dec 2)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:2141-1 important: mutt (Dec 1)
 

An update that solves one vulnerability and has one errata is now available.

  openSUSE: 2020:2142-1 important: libqt5-qtbase (Dec 1)
 

An update that solves one vulnerability and has one errata is now available.

  openSUSE: 2020:2143-1 important: python-setuptools (Dec 1)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:2139-1 moderate: go1.15 (Dec 1)
 

An update that solves three vulnerabilities and has one errata is now available.

  openSUSE: 2020:2133-1 moderate: MozillaThunderbird (Dec 1)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:2129-1 moderate: libssh2_org (Dec 1)
 

An update that fixes 10 vulnerabilities is now available.

  openSUSE: 2020:2128-1 important: mutt (Dec 1)
 

An update that solves one vulnerability and has one errata is now available.

  openSUSE: 2020:2126-1 moderate: libssh2_org (Nov 30)
 

An update that fixes 10 vulnerabilities is now available.

  openSUSE: 2020:2111-1 moderate: fontforge (Nov 29)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:2112-1 important: the Linux Kernel (Nov 29)
 

An update that solves 15 vulnerabilities and has 102 fixes is now available.

  openSUSE: 2020:2106-1 moderate: buildah (Nov 29)
   
  openSUSE: 2020:2107-1 moderate: wireshark (Nov 29)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:2097-1 important: LibVNCServer (Nov 28)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:2098-1 important: ucode-intel (Nov 28)
   
  openSUSE: 2020:2096-1 important: MozillaThunderbird (Nov 28)
 

An update that fixes 12 vulnerabilities is now available.

  openSUSE: 2020:2092-1 moderate: c-ares (Nov 28)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:2090-1 moderate: mariadb (Nov 28)
 

An update that fixes 5 vulnerabilities is now available.

  openSUSE: 2020:2082-1 moderate: ceph (Nov 27)
 

An update that solves one vulnerability and has 23 fixes is now available.

  openSUSE: 2020:2076-1 moderate: wireshark (Nov 27)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:2067-1 moderate: go1.14 (Nov 27)
 

An update that solves three vulnerabilities and has one errata is now available.

  openSUSE: 2020:2064-1 moderate: perl-DBI (Nov 27)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:2063-1 moderate: podman (Nov 27)
 

An update that solves one vulnerability and has two fixes is now available.

  openSUSE: 2020:2065-1 moderate: dash (Nov 27)
 

An update that contains security fixes can now be installed.

  openSUSE: 2020:2075-1 important: ucode-intel (Nov 27)
 

An update that solves three vulnerabilities and has one errata is now available.

  openSUSE: 2020:2059-1 moderate: wpa_supplicant (Nov 27)
 

An update that fixes 22 vulnerabilities is now available.

  openSUSE: 2020:2062-1 moderate: krb5 (Nov 27)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:2057-1 moderate: ceph (Nov 27)
 

An update that solves one vulnerability and has 8 fixes is now available.

  openSUSE: 2020:2056-1 important: slurm (Nov 26)
 

An update that solves two vulnerabilities and has one errata is now available.

  openSUSE: 2020:2055-1 important: chromium (Nov 26)
 

An update that fixes 23 vulnerabilities is now available.

  openSUSE: 2020:2045-1 moderate: c-ares (Nov 26)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:2051-1 moderate: perl-DBI (Nov 26)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:2046-1 moderate: dash (Nov 26)
 

An update that contains security fixes can now be installed.

  openSUSE: 2020:2048-1 moderate: java-1_8_0-openjdk (Nov 26)
 

An update that fixes 16 vulnerabilities is now available.

  openSUSE: 2020:2053-1 moderate: wpa_supplicant (Nov 26)
 

An update that fixes 22 vulnerabilities is now available.

  openSUSE: 2020:2039-1 moderate: podman (Nov 26)
 

An update that solves one vulnerability and has two fixes is now available.

  openSUSE: 2020:2047-1 moderate: go1.14 (Nov 26)
 

An update that solves three vulnerabilities and has one errata is now available.

  openSUSE: 2020:2037-1 moderate: krb5 (Nov 26)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:2030-1 important: xen (Nov 26)
 

An update that solves one vulnerability and has two fixes is now available.

  openSUSE: 2020:2031-1 important: MozillaFirefox (Nov 26)
 

An update that fixes 12 vulnerabilities is now available.

  openSUSE: 2020:2032-1 important: chromium (Nov 26)
 

An update that fixes 23 vulnerabilities is now available.

  openSUSE: 2020:2033-1 important: slurm (Nov 26)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:2028-1 important: postgresql10 (Nov 26)
 

An update that fixes three vulnerabilities is now available.

  openSUSE: 2020:2029-1 important: postgresql12 (Nov 26)
 

An update that fixes three vulnerabilities is now available.

  openSUSE: 2020:2034-1 important: the Linux Kernel (Nov 26)
 

An update that solves four vulnerabilities and has 20 fixes is now available.

  openSUSE: 2020:2026-1 important: chromium (Nov 26)
 

An update that fixes 23 vulnerabilities is now available.

  openSUSE: 2020:2025-1 important: LibVNCServer (Nov 26)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:2024-1 moderate: blueman (Nov 26)
 

An update that fixes one vulnerability is now available.

  Mageia 2020-0446: xdg-utils security update (Dec 3)
 

Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information (CVE-2020-27748). References:

  Mageia 2020-0445: poppler security update (Dec 3)
 

buffer overflow in pdftohtml could result in a DoS (CVE-2020-27778). References: - https://bugs.mageia.org/show_bug.cgi?id=27687 - https://ubuntu.com/security/notices/USN-4646-1

  Mageia 2020-0444: pngcheck security update (Dec 3)
 

This update fixes a potential global buffer overflow in the check_chunk_name function via a crafted png file. References: - https://bugs.mageia.org/show_bug.cgi?id=27658

  Mageia 2020-0443: cimg security update (Dec 3)
 

Multiple heap buffer overflows. (CVE-2020-25693) References: - https://bugs.mageia.org/show_bug.cgi?id=27651 - https://www.debian.org/lts/security/2020/dla-2462

  Mageia 2020-0442: tor security update (Dec 3)
 

When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel (TROVE-2020-005).

  Mageia 2020-0441: webkit2 security update (Nov 27)
 

The webkit2 package has been updated to version 2.30.3, fixing several security issues and other bugs. A type confusion issue may lead to arbitrary code execution with a maliciously crafted web content, fixed with improved memory handling (CVE-2020-9948).

  Mageia 2020-0440: jruby security update (Nov 27)
 

Response Splitting attack in the HTTP server of WEBrick (CVE-2017-17742). Delete directory using symlink when decompressing tar (CVE-2019-8320). Escape sequence injection vulnerability in verbose (CVE-2019-8321).

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.