| |
Debian: DSA-4629-1: python-django security update (Feb 19) |
| |
Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
|
| |
Debian: DSA-4628-1: php7.0 security update (Feb 18) |
| |
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
|
| |
Debian: DSA-4627-1: webkit2gtk security update (Feb 17) |
| |
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-3862
|
| |
Debian: DSA-4626-1: php7.3 security update (Feb 17) |
| |
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
|
| |
Debian: DSA-4625-1: thunderbird security update (Feb 15) |
| |
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (stretch), these problems have been fixed
|
| |
Debian: DSA-4624-1: evince security update (Feb 14) |
| |
Several vulnerabilities were discovered in evince, a simple multi-page document viewer. CVE-2017-1000159
|
| |
Debian: DSA-4623-1: postgresql-11 security update (Feb 13) |
| |
Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For the stable distribution (buster), this problem has been fixed in
|
| |
Debian: DSA-4622-1: postgresql-9.6 security update (Feb 13) |
| |
Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For the oldstable distribution (stretch), this problem has been fixed
|
| |
|
| |
Fedora 31: webkit2gtk3 FEDORA-2020-3269917c2f (Feb 20) |
| |
* Always use a light theme for rendering form controls. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868
|
| |
Fedora 31: dovecot FEDORA-2020-10a58fda28 (Feb 20) |
| |
- dovecot updated to 2.3.9.3 - fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. - fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
|
| |
Fedora 31: ceph FEDORA-2020-ed1f14985e (Feb 20) |
| |
rhbz#1784216, python3-remoto ---- Security fix for CVE-2020-1699
|
| |
Fedora 30: dovecot FEDORA-2020-0e6a67af5a (Feb 19) |
| |
- dovecot updated to 2.3.9.3 - fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. - fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
|
| |
Fedora 30: poppler FEDORA-2020-b8b7a4a0e5 (Feb 19) |
| |
Security fix for CVE-2019-14494.
|
| |
Fedora 31: thunderbird FEDORA-2020-6e76510e21 (Feb 18) |
| |
Update to latest upstream version
|
| |
Fedora 31: cacti-spine FEDORA-2020-90f1c8229e (Feb 18) |
| |
- Update to 1.2.9 - CVE-2020-7106, CVE-2020-7237 Release notes:
|
| |
Fedora 31: cacti FEDORA-2020-90f1c8229e (Feb 18) |
| |
- Update to 1.2.9 - CVE-2020-7106, CVE-2020-7237 Release notes:
|
| |
Fedora 31: mbedtls FEDORA-2020-5bcfae9f46 (Feb 18) |
| |
- Update to 2.16.4 - CVE-2019-18222 Release notes: https://www.trustedfirmware.org/projects/mbed-tls/ Security Advisory:
|
| |
Fedora 30: cacti-spine FEDORA-2020-0fc6dd0fd2 (Feb 18) |
| |
- Update to 1.2.9 - CVE-2020-7106, CVE-2020-7237 Release notes:
|
| |
Fedora 30: cacti FEDORA-2020-0fc6dd0fd2 (Feb 18) |
| |
- Update to 1.2.9 - CVE-2020-7106, CVE-2020-7237 Release notes:
|
| |
Fedora 30: mbedtls FEDORA-2020-8d3ea0fe8d (Feb 18) |
| |
- Update to 2.16.4 - CVE-2019-18222 Release notes: https://www.trustedfirmware.org/projects/mbed-tls/ Security Advisory:
|
| |
Fedora 31: kernel-headers FEDORA-2020-f884f9dd7d (Feb 17) |
| |
Update to Linux v5.4.19
|
| |
Fedora 31: kernel FEDORA-2020-f884f9dd7d (Feb 17) |
| |
Update to Linux v5.4.19
|
| |
Fedora 31: sway FEDORA-2020-f49a5b4422 (Feb 17) |
| |
Add patch to fix segfault after sleep
|
| |
Fedora 30: kernel-headers FEDORA-2020-2a5cdd665c (Feb 17) |
| |
Update to Linux v5.4.19
|
| |
Fedora 30: kernel FEDORA-2020-2a5cdd665c (Feb 17) |
| |
Update to Linux v5.4.19
|
| |
Fedora 31: ksh FEDORA-2020-d940aca772 (Feb 15) |
| |
Do not evaluate arithmetic expressions from environment variables at startup
|
| |
Fedora 30: ksh FEDORA-2020-a0f0eb8500 (Feb 15) |
| |
Do not evaluate arithmetic expressions from environment variables at startup
|
| |
Fedora 31: libxml2 FEDORA-2020-41fe1680f6 (Feb 14) |
| |
Fix CVE-2019-20388 and CVE-2020-7595
|
| |
Fedora 31: firefox FEDORA-2020-8123a8fa34 (Feb 13) |
| |
- Update to 73.0
|
| |
Fedora 31: cutter-re FEDORA-2020-acd8cdb08d (Feb 13) |
| |
Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland.
|
| |
Fedora 31: radare2 FEDORA-2020-acd8cdb08d (Feb 13) |
| |
Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland.
|
| |
Fedora 31: php-horde-Horde-Data FEDORA-2020-1e7cc91d55 (Feb 13) |
| |
**Horde_Data 2.1.5** * [jan] Fix Remote Code Execution vulnerability (CVE-2020-8518, Reported by: Andrea Cardaci/SSD).
|
| |
Fedora 30: texlive-base FEDORA-2020-fa1956e637 (Feb 13) |
| |
Resolve buffer overflow in TexOpen() function, CVE-2019-19601
|
| |
Fedora 30: cutter-re FEDORA-2020-4a3ff78ba5 (Feb 13) |
| |
Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland.
|
| |
Fedora 30: radare2 FEDORA-2020-4a3ff78ba5 (Feb 13) |
| |
Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland.
|
| |
Fedora 30: php-horde-Horde-Data FEDORA-2020-0248ad925e (Feb 13) |
| |
**Horde_Data 2.1.5** * [jan] Fix Remote Code Execution vulnerability (CVE-2020-8518, Reported by: Andrea Cardaci/SSD).
|
| |
|
| |
RedHat: RHSA-2020-0566:01 Important: python-pillow security update (Feb 20) |
| |
An update for python-pillow is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0565:01 Important: thunderbird security update (Feb 20) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0564:01 Important: systemd security update (Feb 20) |
| |
An update for systemd is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0559:01 Important: ksh security update (Feb 20) |
| |
An update for ksh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0556:01 Important: Open Liberty 20.0.0.2 Runtime security (Feb 19) |
| |
Open Liberty 20.0.0.2 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0451:01 Moderate: OpenShift Container Platform 3.11 (Feb 19) |
| |
Red Hat OpenShift Container Platform release 3.11.170 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0555:01 Moderate: virt:8.1 and virt-devel:8.1 security (Feb 19) |
| |
An update for the virt:8.1 and virt-devel:8.1 modules is now available for Advanced Virtualization for RHEL 8.1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-0553:01 Low: rabbitmq-server security update (Feb 19) |
| |
An update for rabbitmq-server is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-0550:01 Important: openjpeg2 security update (Feb 19) |
| |
An update for openjpeg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0540:01 Important: sudo security update (Feb 18) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0541:01 Important: java-1.7.0-openjdk security update (Feb 18) |
| |
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0543:01 Important: kernel security, bug fix, (Feb 18) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0544:01 Moderate: curl security update (Feb 18) |
| |
An update for curl is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-0542:01 Moderate: ruby security update (Feb 18) |
| |
An update for ruby is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-0520:01 Important: firefox security update (Feb 17) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0521:01 Important: firefox security update (Feb 17) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0519:01 Important: firefox security update (Feb 17) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0515:01 Important: ksh security update (Feb 17) |
| |
An update for ksh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0512:01 Important: firefox security update (Feb 17) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0514:01 Important: chromium-browser security update (Feb 17) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0513:01 Critical: flash-plugin security update (Feb 17) |
| |
An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-0509:01 Important: sudo security update (Feb 13) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0498:01 Moderate: Red Hat Virtualization Engine security, (Feb 13) |
| |
An update is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-0497:01 Important: AMQ Online security update (Feb 13) |
| |
An update of the Red Hat OpenShift Container Platform 3.11 and 4.1 container images is now available for Red Hat AMQ Online. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0487:01 Important: sudo security update (Feb 13) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
|
| |
Slackware: 2020-051-01: proftpd Security Update (Feb 20) |
| |
New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
|
| |
|
| |
SUSE: 2020:0429-1 important: nodejs12 (Feb 20) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
SUSE: 2020:14286-1 important: java-1_7_0-ibm (Feb 20) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:0427-1 important: nodejs10 (Feb 20) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:0424-1 moderate: rsyslog (Feb 19) |
| |
An update that solves two vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2020:0419-1 moderate: dnsmasq (Feb 19) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:0420-1 moderate: slurm (Feb 19) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0407-1 important: sudo (Feb 19) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0410-1 important: wicked (Feb 19) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:0412-1 moderate: dpdk (Feb 19) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2020:0411-1 moderate: ImageMagick (Feb 19) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0413-1 moderate: enigmail (Feb 19) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:0408-1 important: sudo (Feb 19) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:0405-1 important: ipmitool (Feb 19) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0409-1 important: sudo (Feb 19) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:0406-1 important: sudo (Feb 19) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:0394-1 moderate: gcc9 (Feb 18) |
| |
An update that solves two vulnerabilities and has 5 fixes is now available.
|
| |
SUSE: 2020:0397-1 important: php72 (Feb 18) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:0393-1 moderate: fontforge (Feb 18) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2820-2 important: dbus-1 (Feb 18) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0390-1 important: sudo (Feb 18) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0388-1 important: xen (Feb 17) |
| |
An update that fixes 25 vulnerabilities is now available.
|
| |
SUSE: 2020:0384-1 important: MozillaFirefox (Feb 17) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2020:0383-1 important: MozillaFirefox (Feb 17) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2020:0385-1 important: MozillaThunderbird (Feb 17) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
|
| |
Ubuntu 4289-1: Squid vulnerabilities (Feb 20) |
| |
Several security issues were fixed in Squid.
|
| |
Ubuntu 4288-1: ppp vulnerability (Feb 20) |
| |
ppp could be made to crash or run programs if it received specially crafted network traffic.
|
| |
Ubuntu 4279-2: PHP regression (Feb 19) |
| |
USN-4279-1 introduced a regression in PHP.
|
| |
Ubuntu 0063-1: Linux kernel vulnerability (Feb 19) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu 4286-2: Linux kernel (Xenial HWE) vulnerabilities (Feb 18) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4287-2: Linux kernel (Azure) vulnerabilities (Feb 18) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4287-1: Linux kernel vulnerabilities (Feb 18) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4286-1: Linux kernel vulnerabilities (Feb 18) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4285-1: Linux kernel vulnerabilities (Feb 18) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4284-1: Linux kernel vulnerabilities (Feb 18) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4283-1: QEMU vulnerabilities (Feb 18) |
| |
Several security issues were fixed in QEMU.
|
| |
Ubuntu 4280-2: ClamAV vulnerability (Feb 18) |
| |
ClamAV could be made to crash if it opened a specially crafted file.
|
| |
Ubuntu 4282-1: PostgreSQL vulnerability (Feb 18) |
| |
PostgreSQL could allow unintended access to the database.
|
| |
Ubuntu 4281-1: WebKitGTK+ vulnerabilities (Feb 18) |
| |
Several security issues were fixed in WebKitGTK+.
|
| |
Ubuntu 4280-1: ClamAV vulnerability (Feb 18) |
| |
ClamAV could be made to crash if it opened a specially crafted file.
|
| |
Ubuntu 4279-1: PHP vulnerabilities (Feb 17) |
| |
Several security issues were fixed in PHP.
|
| |
Ubuntu 4278-1: Firefox vulnerabilities (Feb 13) |
| |
Firefox could be made to crash or run programs as your login if it opened a malicious website.
|
| |
|
| |
Debian LTS: DLA-2110-1: netty-3.9 security update (Feb 19) |
| |
Several vulnerabilities were discovered in Netty, a Java NIO client/server socket framework:
|
| |
Debian LTS: DLA-2109-1: netty security update (Feb 19) |
| |
Several vulnerabilities were discovered in the HTTP server provided by Netty, a Java NIO client/server socket framework:
|
| |
Debian LTS: DLA-2106-1: libgd2 security update (Feb 17) |
| |
A vulnerability was discovered in libgd2, the GD graphics library, whereby an attacker can employ a specific function call sequence to trigger a NULL pointer dereference, subsequently crash the application
|
| |
Debian LTS: DLA-2105-1: postgresql-9.4 security update (Feb 17) |
| |
Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For Debian 8 "Jessie", this problem has been fixed in version
|
| |
Debian LTS: DLA-2104-1: thunderbird security update (Feb 17) |
| |
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", these problems have been fixed in version
|
| |
Debian LTS: DLA-2103-1: debian-security-support update: libqb and mysql-5.5 end (Feb 13) |
| |
debian-security-support, the Debian security support coverage checker, has been updated in jessie-security. This marks the end of life of the libqb package in jessie. A recently
|
| |
|
| |
ArchLinux: 202002-9: thunderbird: multiple issues (Feb 17) |
| |
The package thunderbird before version 68.5.0-1 is vulnerable to multiple issues including arbitrary code execution, cross-site scripting, denial of service and information disclosure.
|
| |
ArchLinux: 202002-8: systemd: privilege escalation (Feb 17) |
| |
The package systemd before version 244.2-1 is vulnerable to privilege escalation.
|
| |
ArchLinux: 202002-7: webkit2gtk: arbitrary code execution (Feb 13) |
| |
The package webkit2gtk before version 2.26.3-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202002-6: dovecot: denial of service (Feb 13) |
| |
The package dovecot before version 2.3.9.3-1 is vulnerable to denial of service.
|
| |
ArchLinux: 202002-5: firefox: multiple issues (Feb 13) |
| |
The package firefox before version 73.0-1 is vulnerable to multiple issues including arbitrary code execution and cross-site scripting.
|
| |
|
| |
CentOS: CESA-2020-0550: Important CentOS 7 openjpeg2 (Feb 20) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0550
|
| |
CentOS: CESA-2020-0540: Important CentOS 7 sudo (Feb 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0540
|
| |
CentOS: CESA-2020-0541: Important CentOS 7 java-1.7.0-openjdk (Feb 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0541
|
| |
CentOS: CESA-2020-0520: Important CentOS 7 firefox (Feb 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0520
|
| |
CentOS: CESA-2020-0515: Important CentOS 6 ksh (Feb 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0515
|
| |
CentOS: CESA-2020-0521: Important CentOS 6 firefox (Feb 18) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0521
|
| |
|
| |
SciLinux: SLSA-2020-0550-1 Important: openjpeg2 on SL7.x x86_64 (Feb 19) |
| |
openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112) SL7 x86_64 openjpeg2-2.3.1-3.el7_7.i686.rpm openjpeg2-2.3.1-3.el7_7.x86_64.rpm openjpeg2-debuginfo-2.3.1-3.el7_7.i686.rpm openjpeg2-debuginfo-2.3.1-3.el7_7.x86_64.rpm openjpeg2-devel-2.3.1-3.el7_7.i686.rpm openjpeg2-devel-2.3.1-3.el7_7.x86_64.rpm openjpeg2-tools-2. [More...]
|
| |
SciLinux: SLSA-2020-0540-1 Important: sudo on SL7.x x86_64 (Feb 18) |
| |
sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634) SL7 x86_64 sudo-1.8.23-4.el7_7.2.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.2.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.2.i686.rpm sudo-devel-1.8.23-4.el7_7.2.i686.rpm sudo-devel-1.8.23-4.el7_7.2.x86_64.rpm - Scientific Linux Development Team
|
| |
SciLinux: SLSA-2020-0541-1 Important: java-1.7.0-openjdk on SL7.x x86_64 (Feb 18) |
| |
OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalizat [More...]
|
| |
SciLinux: SLSA-2020-0515-1 Important: ksh on SL6.x i386/x86_64 (Feb 17) |
| |
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) SL6 x86_64 ksh-20120801-38.el6_10.x86_64.rpm ksh-debuginfo-20120801-38.el6_10.x86_64.rpm i386 ksh-20120801-38.el6_10.i686.rpm ksh-debuginfo-20120801-38.el6_10.i686.rpm - Scientific Linux Development Team
|
| |
SciLinux: SLSA-2020-0521-1 Important: firefox on SL6.x i386/x86_64 (Feb 17) |
| |
Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) SL6 x86_64 firefox-68.5.0-2.el6_10.x86_64.rpm firefox-debuginfo-68.5.0-2.el6_10.x86_64.rpm firefox-68.5.0-2.el6_10.i686.rpm firefox-debuginfo-68.5.0-2.el6_10.i686.rpm i386 firefox-68.5.0-2.el6_ [More...]
|
| |
SciLinux: SLSA-2020-0520-1 Important: firefox on SL7.x x86_64 (Feb 17) |
| |
Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) * Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) SL7 x86_64 firefox-68.5.0-2.el7_7.x86_64.rpm firefox-debuginfo-68.5.0-2.el7_7.x86_64.rpm firefox-68.5.0- [More...]
|
| |
|
| |
openSUSE: 2020:0234-1: moderate: inn (Feb 19) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0235-1: important: rmt-server (Feb 19) |
| |
An update that solves one vulnerability and has three fixes is now available.
|
| |
openSUSE: 2020:0233-1: important: chromium, re2 (Feb 19) |
| |
An update that fixes 38 vulnerabilities is now available.
|
| |
openSUSE: 2020:0230-1: important: MozillaFirefox (Feb 18) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2020:0231-1: important: MozillaThunderbird (Feb 18) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
openSUSE: 2020:0229-1: moderate: nextcloud (Feb 17) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2020:0222-1: moderate: hostapd (Feb 15) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
openSUSE: 2020:0220-1: moderate: nextcloud (Feb 15) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2020:0220-1: moderate: nextcloud (Feb 15) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2020:0219-1: moderate: docker-runc (Feb 13) |
| |
An update that fixes one vulnerability is now available.
|
| |
|
| |
Mageia 2020-0092: webkit2 security update (Feb 18) |
| |
webkit2 packages have been updated to 2.26.4 and fixed the followin security vulnerabilities: A malicious website may be able to cause a denial of service (CVE-2020-3862).
|
| |
Mageia 2020-0091: thunderbird security update (Feb 18) |
| |
Updated thunderbird packages fix security vulnerabilities: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents (CVE-2020-6792).
|
| |
Mageia 2020-0090: firefox security update (Feb 18) |
| |
Updated firefox packages fix security vulnerabilities: Due to a missing bounds check on shared memory read in the parent process, a content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have
|
| |
Mageia 2020-0089: kernel-linus security update (Feb 18) |
| |
This update provides upstream 5.4.20, adding support for new hardware and features, and resolves atleast the following security issues: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest.
|
| |
Mageia 2020-0088: python-pillow security update (Feb 18) |
| |
Updated python-pillow packages fix security vulnerabilities: It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service (CVE-2019-16865, CVE-2019-19911).
|
| |
Mageia 2020-0087: sphinx security update (Feb 18) |
| |
Updated sphinx packages fix security vulnerability: A vulnerability was found in Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet, unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only
|
| |
Mageia 2020-0086: mutt security update (Feb 18) |
| |
Updated mutt packages fix security vulnerability: Invalid format of RFC parameter passed to atoi() function in rfc2231.c could lead to unexpected behavior (rhbz#1710397, bdo#929017
|
| |
Mageia 2020-0085: flash-player-plugin security update (Feb 13) |
| |
Updated flash-player-plugin package fixes a security vulnerability: Type confusion that leads to arbitrary code executionin the context of the current user. (CVE-2020-3757)
|
| |
Mageia 2020-0084: exiv2 security update (Feb 13) |
| |
The updated packages fix a security vulnerability: In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service
|
| |
Mageia 2020-0083: python-waitress security update (Feb 13) |
| |
Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways.
|
| |
Mageia 2020-0082: vim and neovim security update (Feb 13) |
| |
Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the `:source!` command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to
|
