Advisories

Linux Advisory Watch

Don't want to miss that crucial security notice?. The editorial staff at Guardian Digital will bring you complete coverage and in-depth
descriptions of all security bulletins, vulnerabilities and updated packages, all in one convenient weekly newsletter.

Linux Advisory Watch: February 26th, 2021

Linux Advisory Watch: February 26th, 2021

Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.

Important advisories issued this week include a warning from Debian of two Node.js vulnerabilities, which could result in DoS or DNS rebinding attacks (now fixed in the stable distro) and advisories from multiple distros of various flaws discovered in the popular Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure. Continue reading to learn about other significant advisories issued this week. Have a safe and secure weekend - both on and offline!

Yours in Open Source,

Brittany Day Signature


LinuxSecurity.com Feature Extras:

Introducing Crowdsec: A Modernized, Collaborative Massively Multiplayer Firewall for Linux - CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.

Member Profile: My Expedition Through nmap Lab How to get through the NMAP room in Tryhackme - Our newest member Valentina, a Nigerian cybersecurity professional, recently went through the Tryhackme online learning platform, and shares her experience, as well as a few quick tips on using nmap.


  Debian: DSA-4863-1: nodejs security update (Feb 24)
 

Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. For the stable distribution (buster), these problems have been fixed in

  Debian: DSA-4862-1: firefox-esr security update (Feb 24)
 

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.

  Debian: DSA-4861-1: screen security update (Feb 21)
 

Felix Weinmann reported a flaw in the handling of combining characters in screen, a terminal multiplexer with VT100/ANSI terminal emulation, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence.

  Debian: DSA-4860-1: openldap security update (Feb 20)
 

A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd daemon crash)

  Debian: DSA-4859-1: libzstd security update (Feb 20)
 

It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions.

  Debian: DSA-4858-1: chromium security update (Feb 19)
 

Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21148

  Debian: DSA-4857-1: bind9 security update (Feb 18)
 

A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, a DNS server implementation, which could result in denial of service (daemon crash), or potentially the execution of arbitrary code.

  Fedora 33: libpq 2021-3286ac2acc (Feb 25)
 

Update postgresql and libpq to the new upstream release.

  Fedora 33: postgresql 2021-3286ac2acc (Feb 25)
 

Update postgresql and libpq to the new upstream release.

  Fedora 33: xen 2021-47f53a940a (Feb 25)
 

Linux: display frontend "be-alloc" mode is unsupported (comment only) [XSA-363, CVE-2021-26934] (#1929549) arm: The cache may not be cleaned for newly allocated scrubbed pages [XSA-364, CVE-2021-26933] (#1929547)

  Fedora 33: containernetworking-plugins 2021-fb466fb623 (Feb 25)
 

bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1

  Fedora 33: containers-common 2021-fb466fb623 (Feb 25)
 

bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1

  Fedora 33: podman 2021-fb466fb623 (Feb 25)
 

bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1

  Fedora 33: skopeo 2021-fb466fb623 (Feb 25)
 

bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1

  Fedora 33: buildah 2021-fb466fb623 (Feb 25)
 

bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1

  Fedora 32: xen 2021-4c819bf1ad (Feb 25)
 

Linux: display frontend "be-alloc" mode is unsupported (comment only) [XSA-363, CVE-2021-26934] (#1929549) arm: The cache may not be cleaned for newly allocated scrubbed pages [XSA-364, CVE-2021-26933] (#1929547)

  Fedora 33: xterm 2021-e7a8e79fa8 (Feb 25)
 

Security fix for CVE-2021-27135

  Fedora 32: libpq 2021-3db6876545 (Feb 25)
 

Update to the latest upstream release.

  Fedora 32: postgresql 2021-3db6876545 (Feb 25)
 

Update to the latest upstream release.

  Fedora 32: libmysofa 2021-4e40ccb5e6 (Feb 25)
 

Fixes various security issues by upgrading to the current 1.2 version.

  Fedora 32: keylime 2021-11e4ae96a7 (Feb 24)
 

Keylime 6.0.0 release. Contains fix CVE-2021-3406

  Fedora 32: dotnet5.0 2021-56e894d5ca (Feb 24)
 

This is the update to .NET 5.0 SDK 5.0.103 and Runtime 5.0.3. This includes fixes for CVE-2021-1721 and CVE-2021-24112

  Fedora 32: dotnet3.1 2021-48ca39b6ad (Feb 24)
 

This is the [February 2021 update for .NET Core](https://github.com/dotnet/core/blob/master/release- notes/3.1/3.1.12/3.1.12.md). It updates the .NET Core SDK to 3.1.112 and the .NET Core Runtime to 3.1.12. This update includes fixes for CVE-2021-1721 and CVE-2021-24112.

  Fedora 32: wireshark 2021-f22ce64b3b (Feb 24)
 

New version 3.4.3 Security fix for CVE-2021-22173, CVE-2021-22174

  Fedora 32: radare2 2021-e3c95619c1 (Feb 24)
 

Update to version 5.1.1. Security fix for CVE-CVE-2020-16269 and CVE-2020-17487

  Fedora 32: php-horde-Horde-Text-Filter 2021-cbfa969c98 (Feb 24)
 

**Horde_Text_Filter 2.3.7** * [mjr] SECURITY: Fix XSS via Text2Html filter (Reported by: Alex Birnberg<This email address is being protected from spambots. You need JavaScript enabled to view it.>, **CVE 2021-26929**)

  Fedora 33: keylime 2021-5c01339c12 (Feb 24)
 

Keylime 6.0.0 release. Contains fix CVE-2021-3406

  Fedora 33: dotnet3.1 2021-c3d7fc8949 (Feb 24)
 

This is the [February 2021 update for .NET Core](https://github.com/dotnet/core/blob/master/release- notes/3.1/3.1.12/3.1.12.md). It updates the .NET Core SDK to 3.1.112 and the .NET Core Runtime to 3.1.12. This update includes fixes for CVE-2021-1721 and CVE-2021-24112.

  Fedora 33: wireshark 2021-5522a34aa0 (Feb 24)
 

New version 3.4.3 Security fix for CVE-2021-22173, CVE-2021-22174

  Fedora 33: php-horde-Horde-Text-Filter 2021-f8368da9af (Feb 24)
 

**Horde_Text_Filter 2.3.7** * [mjr] SECURITY: Fix XSS via Text2Html filter (Reported by: Alex Birnberg<This email address is being protected from spambots. You need JavaScript enabled to view it.>, **CVE 2021-26929**)

  Fedora 33: gdk-pixbuf2-xlib 2021-2e59756cbe (Feb 22)
 

gdk-pixbuf2 2.42.2 release, fixing CVE-2021-20240 and CVE-2020-29385. This update also includes new gdk-pixbuf2-xlib package that was split out from gdk- pixbuf2 to its own source rpm. The gdk-pixbuf2-xlib and gdk-pixbuf2-xlib-devel binary package names are identical to what they were before the split.

  Fedora 33: gdk-pixbuf2 2021-2e59756cbe (Feb 22)
 

gdk-pixbuf2 2.42.2 release, fixing CVE-2021-20240 and CVE-2020-29385. This update also includes new gdk-pixbuf2-xlib package that was split out from gdk- pixbuf2 to its own source rpm. The gdk-pixbuf2-xlib and gdk-pixbuf2-xlib-devel binary package names are identical to what they were before the split.

  Fedora 33: dotnet5.0 2021-b881ee9839 (Feb 20)
 

This is the update to .NET 5.0 SDK 5.0.103 and Runtime 5.0.3. This includes fixes for CVE-2021-1721 and CVE-2021-24112

  Fedora 32: subversion 2021-16e51e39a6 (Feb 19)
 

This update includes the latest stable release of _Apache Subversion_, version **1.14.1**. This release includes the fix for `CVE-2020-17525`, a remote unauthenticated denial-of-service in Subversion mod_authz_svn. The full upstream security advisory for `CVE-2020-17525` is available at: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt ### User-

  Fedora 32: wpa_supplicant 2021-1a2443baa0 (Feb 19)
 

security fix for CVE-2021-0326 see also: https://w1.fi/security/2020-2/

  Fedora 32: libntlm 2020-1f643c272c (Feb 18)
 

Update to security fix 1.6 version. Fixes CVE-2019-17455

  Fedora 33: kiwix-desktop 2021-aa347d2b99 (Feb 18)
 

Always use HTTPS for the catalog downloads.

  RedHat: RHSA-2021-0100:01 Moderate: OpenShift Container Platform 4.7 (Feb 24)
 

The file-integrity-operator image update is now available for OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5364:01 Moderate: OpenShift Container Platform 4.7 (Feb 24)
 

An update for cnf-tests-container, dpdk-base-container, performance-addon-operator-bundle-registry-container, performance-addon-operator-container, and performance-addon-operator-must-gather-rhel8-container is now available for

  RedHat: RHSA-2021-0663:01 Moderate: Ansible security and bug fix update (Feb 24)
 

An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-0664:01 Moderate: Ansible security and bug fix update (Feb 24)
 

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5633:01 Moderate: OpenShift Container Platform 4.7.0 (Feb 24)
 

Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-0661:01 Important: thunderbird security update (Feb 24)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-0662:01 Important: thunderbird security update (Feb 24)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0656:01 Critical: firefox security update (Feb 24)
 

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-0660:01 Critical: firefox security update (Feb 24)
 

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0658:01 Important: thunderbird security update (Feb 24)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0657:01 Important: thunderbird security update (Feb 24)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-0659:01 Critical: firefox security update (Feb 24)
 

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5634:01 Moderate: OpenShift Container Platform 4.7.0 (Feb 24)
 

Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5635:01 Moderate: OpenShift Container Platform 4.7.0 (Feb 24)
 

Red Hat OpenShift Container Platform release 4.7.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.7.

  RedHat: RHSA-2021-0655:01 Critical: firefox security update (Feb 24)
 

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-0651:01 Important: xterm security update (Feb 24)
 

An update for xterm is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0650:01 Important: xterm security update (Feb 24)
 

An update for xterm is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0648:01 Low: virt:8.2 and virt-devel:8.2 security update (Feb 23)
 

An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0617:01 Important: xterm security update (Feb 22)
 

An update for xterm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-0619:01 Important: stunnel security update (Feb 22)
 

An update for stunnel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0618:01 Important: stunnel security update (Feb 22)
 

An update for stunnel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-0620:01 Important: stunnel security update (Feb 22)
 

An update for stunnel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0611:01 Important: xterm security update (Feb 18)
 

An update for xterm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  SUSE: 2021:57-1 suse/sles12sp5 Security Update (Feb 26)
 

The container suse/sles12sp5 was updated. The following patches have been included in this update:

  Debian LTS: DLA-2577-1: python-pysaml2 security update (Feb 26)
 

Several issues have been found in python-pysaml2, a pure python implementation of SAML Version 2 Standard. CVE-2017-1000433

  Debian LTS: DLA-2575-1: firefox-esr security update (Feb 25)
 

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.

  Debian LTS: DLA-2574-1: openldap security update (Feb 20)
 

A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd

  Debian LTS: DLA-2573-1: libzstd security update (Feb 20)
 

It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions.

  Debian LTS: DLA-2572-1: wpa security update (Feb 20)
 

An issue has been found in wpa, a set of tools to support WPA and WPA2 (IEEE 802.11i). Missing validation of data can result in a buffer over-write, which might

  Debian LTS: DLA-2570-1: screen security update (Feb 19)
 

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

  Debian LTS: DLA-2571-1: openvswitch security update (Feb 19)
 

Several issues have been found in openvswitch, a production quality, multilayer, software-based, Ethernet virtual switch.

  Debian LTS: DLA-2564-1: php-horde-text-filter security update (Feb 19)
 

Alex Birnberg discovered a cross-site scripting (XSS) vulnerability in the Horde Application Framework, more precisely its Text Filter API. An attacker could take control of a user's mailbox by sending a crafted e-mail.

  Debian LTS: DLA-2567-1: unrar-free security update (Feb 18)
 

Several issues have been found in unrar-free, an unarchiver for .rar files. CVE-2017-14120

  Debian LTS: DLA-2566-1: libbsd security update (Feb 18)
 

An issue has been found in libbsd, a library with utility functions from BSD systems. A non-NUL terminated symbol name in the string table might result in an

  Debian LTS: DLA-2560-1: qemu security update (Feb 18)
 

Several vulnerabilities were discovered in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization). An attacker could trigger a denial-of-service (DoS), information leak, and possibly execute arbitrary code with the privileges of the QEMU

  ArchLinux: 202102-32: mumble: arbitrary code execution (Feb 25)
 

The package mumble before version 1.3.4-1 is vulnerable to arbitrary code execution.

  ArchLinux: 202102-31: postgresql: information disclosure (Feb 25)
 

The package postgresql before version 13.2-1 is vulnerable to information disclosure.

  ArchLinux: 202102-30: ansible-base: information disclosure (Feb 25)
 

The package ansible-base before version 2.10.6-1 is vulnerable to information disclosure.

  ArchLinux: 202102-29: keycloak: cross-site scripting (Feb 25)
 

The package keycloak before version 12.0.3-1 is vulnerable to cross- site scripting.

  ArchLinux: 202102-28: python-django: url request injection (Feb 22)
 

The package python-django before version 3.1.7-1 is vulnerable to url request injection.

  ArchLinux: 202102-27: roundcubemail: cross-site scripting (Feb 22)
 

The package roundcubemail before version 1.4.11-1 is vulnerable to cross-site scripting.

  ArchLinux: 202102-26: firejail: privilege escalation (Feb 22)
 

The package firejail before version 0.9.64.4-1 is vulnerable to privilege escalation.

  ArchLinux: 202102-25: wpa_supplicant: arbitrary code execution (Feb 22)
 

The package wpa_supplicant before version 2:2.9-8 is vulnerable to arbitrary code execution.

  ArchLinux: 202102-24: connman: multiple issues (Feb 22)
 

The package connman before version 1.39-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

  ArchLinux: 202102-23: linux: arbitrary code execution (Feb 22)
 

The package linux before version 5.10.12.arch1-1 is vulnerable to arbitrary code execution.

  SciLinux: SLSA-2021-0661-1 Important: thunderbird on SL7.x x86_64 (Feb 24)
 

This update upgrades Thunderbird to version 78.8.0. * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: Med [More...]

  SciLinux: SLSA-2021-0656-1 Important: firefox on SL7.x x86_64 (Feb 24)
 

This update upgrades Firefox to version 78.8.0 ESR. * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: Med [More...]

  SciLinux: SLSA-2021-0617-1 Important: xterm on SL7.x x86_64 (Feb 22)
 

xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 xterm-295-3.el7_9.1.x86_64.rpm xterm-debuginfo-295-3.el7_9.1.x86_64.rpm - Scientific Linux Development Team

  openSUSE: 2021:0341-1 moderate: nghttp2 (Feb 25)
 

An update that solves one vulnerability and has one errata is now available.

  openSUSE: 2021:0338-1 important: python-djangorestframework (Feb 25)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0337-1 moderate: postgresql, postgresql13 (Feb 24)
 

An update that solves three vulnerabilities and has one errata is now available.

  openSUSE: 2021:0335-1: MozillaFirefox (Feb 24)
 

An update that contains security fixes can now be installed.

  openSUSE: 2021:0334-1 moderate: tor (Feb 23)
 

An update that contains security fixes can now be installed.

  openSUSE: 2021:0331-1 moderate: python3 (Feb 22)
 

An update that solves two vulnerabilities and has two fixes is now available.

  openSUSE: 2021:0330-1 moderate: tomcat (Feb 22)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0322-1 important: python-djangorestframework (Feb 21)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0316-1 moderate: tor (Feb 20)
 

An update that contains security fixes can now be installed.

  openSUSE: 2021:0312-1 moderate: mumble (Feb 19)
 

An update that contains security fixes can now be installed.

  openSUSE: 2021:0310-1 moderate: buildah, libcontainers-common, podman (Feb 19)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2021:0304-1 important: screen (Feb 18)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0305-1 important: php7 (Feb 18)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0303-1 important: jasper (Feb 18)
 

An update that fixes two vulnerabilities is now available.

  Mageia 2021-0089: privoxy security update (Feb 19)
 

Fixed a memory leak when decompression fails "unexpectedly". (CVE-2021-20216) Prevent an assertion from getting triggered by a crafted CGI request. (CVE-2021-20217) References:

  Mageia 2021-0088: veracrypt security update (Feb 19)
 

IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by a Buffer Overflow that can lead to information disclosure of kernel stack through a locally executed code with IOCTL request to driver (CVE-2019-1010208).

  Mageia 2021-0087: coturn security update (Feb 19)
 

When sending a CONNECT request with the XOR-PEER-ADDRESS value of 0.0.0.0, a malicious user would be able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either [::1] or [::] as the peer address (CVE-2020-26262).

  Mageia 2021-0086: mediawiki security update (Feb 19)
 

In MediaWiki before 1.31.11, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right column with the changeable groups is not affected and is escaped correctly

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.