|
Debian: DSA-4635-1: proftpd-dfsg security update (Feb 26) |
|
Antonio Morales discovered an user-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary
|
|
Debian: DSA-4634-1: opensmtpd security update (Feb 26) |
|
Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code.
|
|
Debian: DSA-4633-1: curl security update (Feb 24) |
|
Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2019-5436
|
|
Debian: DSA-4632-1: ppp security update (Feb 22) |
|
Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service
|
|
Debian: DSA-4631-1: pillow security update (Feb 21) |
|
Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed.
|
|
Debian: DSA-4630-1: python-pysaml2 security update (Feb 21) |
|
It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
|
|
|
|
Fedora 31: proftpd FEDORA-2020-876b1f664e (Feb 27) |
|
This update, to the current upstream stable release version, is a cumulative bug-fix release including a security fix for a use-after-free vulnerability (CVE-2020-9273): successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
|
|
Fedora 31: mingw-libpng FEDORA-2020-2f4a1bffba (Feb 27) |
|
Update to libpng-1.6.37, see https://sourceforge.net/projects/libpng/files/libpng16/1.6.37/ for details.
|
|
Fedora 31: php FEDORA-2020-32f9a2b308 (Feb 27) |
|
**PHP version 7.3.15** (20 Feb 2020) **Core:** * Fixed bug php#71876 (Memory corruption htmlspecialchars(): charset `*' not supported). (Nikita) * Fixed bug #php#79146 (cscript can fail to run on some systems). (clarodeus) * Fixed bug php#78323 (Code 0 is returned on invalid options). (Ivan Mikheykin) * Fixed bug php#76047 (Use-after-free when accessing already destructed backtrace
|
|
Fedora 31: firejail FEDORA-2020-7f6e0e6e00 (Feb 27) |
|
Rebase to version 0.9.62
|
|
Fedora 31: golang-vitess FEDORA-2020-bd764dd275 (Feb 27) |
|
Rebuilt to fix [GHSA-jf24-p9p9-4rjh](https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh); Potential DoS Vector in gorilla/websocket <= v1.4.0.
|
|
Fedora 31: golang-github-gorilla-websocket FEDORA-2020-0ae6297680 (Feb 27) |
|
Update to latest version. Fix GHSA-jf24-p9p9-4rjh.
|
|
Fedora 30: proftpd FEDORA-2020-76c707cff0 (Feb 27) |
|
This update, to the current upstream stable release version, is a cumulative bug-fix release including a security fix for a use-after-free vulnerability (CVE-2020-9273): successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
|
|
Fedora 30: mingw-libpng FEDORA-2020-512f0121dc (Feb 27) |
|
Update to libpng-1.6.37, see https://sourceforge.net/projects/libpng/files/libpng16/1.6.37/ for details.
|
|
Fedora 30: php FEDORA-2020-4ea970ebc6 (Feb 27) |
|
**PHP version 7.3.15** (20 Feb 2020) **Core:** * Fixed bug php#71876 (Memory corruption htmlspecialchars(): charset `*' not supported). (Nikita) * Fixed bug #php#79146 (cscript can fail to run on some systems). (clarodeus) * Fixed bug php#78323 (Code 0 is returned on invalid options). (Ivan Mikheykin) * Fixed bug php#76047 (Use-after-free when accessing already destructed backtrace
|
|
Fedora 30: firejail FEDORA-2020-0fb484d7f7 (Feb 27) |
|
Rebase to version 0.9.62
|
|
Fedora 30: hugo FEDORA-2020-279c61dd70 (Feb 27) |
|
Rebuilt to fix [GHSA-jf24-p9p9-4rjh](https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh); Potential DoS Vector in gorilla/websocket <= v1.4.0.
|
|
Fedora 30: caddy FEDORA-2020-279c61dd70 (Feb 27) |
|
Rebuilt to fix [GHSA-jf24-p9p9-4rjh](https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh); Potential DoS Vector in gorilla/websocket <= v1.4.0.
|
|
Fedora 30: golang-github-gorilla-websocket FEDORA-2020-8f18c45545 (Feb 27) |
|
Update to latest version. Fix GHSA-jf24-p9p9-4rjh.
|
|
Fedora 31: NetworkManager-ssh FEDORA-2020-28ae68ec60 (Feb 26) |
|
Fix privilege escalation (https://bugzilla.redhat.com/show_bug.cgi?id=1803499)
|
|
Fedora 30: python-psutil FEDORA-2020-a06ebafad8 (Feb 25) |
|
Update to 5.6.7 to fix CVE-2019-18874
|
|
Fedora 30: NetworkManager-ssh FEDORA-2020-76d608179d (Feb 25) |
|
Fix privilege escalation (https://bugzilla.redhat.com/show_bug.cgi?id=1803499)
|
|
Fedora 31: hiredis FEDORA-2020-53a54ef986 (Feb 23) |
|
Fix for CVE-2020-7105 hiredis: NULL pointer dereference in async.c and dict.c
|
|
Fedora 30: hiredis FEDORA-2020-f6cc7883b8 (Feb 23) |
|
Fix for CVE-2020-7105 hiredis: NULL pointer dereference in async.c and dict.c
|
|
Fedora 30: skopeo FEDORA-2020-2a0aac3502 (Feb 23) |
|
Resolves: #1795838, #1802904 - Security fix for CVE-2020-8945
|
|
Fedora 31: skopeo FEDORA-2020-f317e13ecf (Feb 22) |
|
Resolves: #1795838, #1802904 - Security fix for CVE-2020-8945
|
|
Fedora 30: webkit2gtk3 FEDORA-2020-4d11d35a1f (Feb 22) |
|
* Always use a light theme for rendering form controls. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868
|
|
Fedora 30: glib2 FEDORA-2020-092ef6572a (Feb 22) |
|
Add patch for CVE-2020-6750 and related issues.
|
|
Fedora 30: http-parser FEDORA-2020-830d8a1a92 (Feb 22) |
|
Update to 10.19.0
|
|
Fedora 30: nodejs FEDORA-2020-830d8a1a92 (Feb 22) |
|
Update to 10.19.0
|
|
Fedora 30: libuv FEDORA-2020-47efc31973 (Feb 22) |
|
Update to Node.js 12.5.0
|
|
Fedora 30: nghttp2 FEDORA-2020-47efc31973 (Feb 22) |
|
Update to Node.js 12.5.0
|
|
Fedora 31: firefox FEDORA-2020-65b80edd9b (Feb 21) |
|
- New upstream release (73.0.1)
|
|
Fedora 31: openjpeg2 FEDORA-2020-ad63f760f4 (Feb 21) |
|
This update backports a patch for CVE-2020-8112.
|
|
Fedora 31: mingw-openjpeg2 FEDORA-2020-ad63f760f4 (Feb 21) |
|
This update backports a patch for CVE-2020-8112.
|
|
Fedora 30: python-pillow FEDORA-2020-5cdbb19cca (Feb 21) |
|
Backport patches for CVE-2020-5313, CVE-2020-5312, CVE-2020-5311, CVE-2020-5310, CVE-2019-19911
|
|
Fedora 31: webkit2gtk3 FEDORA-2020-3269917c2f (Feb 20) |
|
* Always use a light theme for rendering form controls. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868
|
|
Fedora 31: dovecot FEDORA-2020-10a58fda28 (Feb 20) |
|
- dovecot updated to 2.3.9.3 - fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. - fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
|
|
Fedora 31: ceph FEDORA-2020-ed1f14985e (Feb 20) |
|
rhbz#1784216, python3-remoto ---- Security fix for CVE-2020-1699
|
|
|
|
RedHat: RHSA-2020-0637:01 Low: Red Hat Satellite 5 - 90 day End Of Life (Feb 27) |
|
This is the 90 day notification of the End Of Life (EOL) plans for the following versions of Red Hat Satellite 5: * Red Hat Satellite 5.8 on Red Hat Enterprise Linux 6 2. Relevant releases/architectures:
|
|
RedHat: RHSA-2020-0638:01 Low: Red Hat Satellite Proxy 5 - 90 day End Of (Feb 27) |
|
This is the 90 day notification of the End Of Life (EOL) plans for the following versions of Red Hat Satellite Proxy 5: * Red Hat Satellite Proxy 5.8 2. Relevant releases/architectures:
|
|
RedHat: RHSA-2020-0631:01 Important: ppp security update (Feb 27) |
|
An update for ppp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0633:01 Important: ppp security update (Feb 27) |
|
An update for ppp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0632:01 Important: java-1.7.0-openjdk security update (Feb 27) |
|
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0634:01 Important: ppp security update (Feb 27) |
|
An update for ppp is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0630:01 Important: ppp security update (Feb 27) |
|
An update for ppp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0526:01 Moderate: OpenShift Container Platform 4.2.20 (Feb 27) |
|
An update for jenkins-slave-base-rhel7-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0609:01 Important: kernel-rt security and bug fix update (Feb 26) |
|
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0605:01 Important: Red Hat JBoss Enterprise Application (Feb 25) |
|
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0606:01 Important: Red Hat JBoss Enterprise Application (Feb 25) |
|
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0602:01 Important: rh-nodejs12-nodejs security update (Feb 25) |
|
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0601:01 Important: AMQ Clients 2.6.0 Release (Feb 25) |
|
An update is now available for Red Hat AMQ Clients 2.6.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
|
|
RedHat: RHSA-2020-0598:01 Important: nodejs:12 security update (Feb 25) |
|
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0597:01 Important: rh-nodejs10-nodejs security update (Feb 25) |
|
An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0591:01 Moderate: ruby security update (Feb 25) |
|
An update for ruby is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
|
RedHat: RHSA-2020-0593:01 Moderate: systemd security update (Feb 25) |
|
An update for systemd is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
|
RedHat: RHSA-2020-0592:01 Important: kernel security, bug fix, (Feb 25) |
|
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
|
RedHat: RHSA-2020-0595:01 Moderate: procps-ng security update (Feb 25) |
|
An update for procps-ng is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
|
RedHat: RHSA-2020-0594:01 Moderate: curl security update (Feb 25) |
|
An update for curl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
|
RedHat: RHSA-2020-0579:01 Important: nodejs:10 security update (Feb 25) |
|
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0562:01 Moderate: OpenShift Container Platform 4.3.3 (Feb 25) |
|
An update for jenkins-slave-base-rhel7-container is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0589:01 Important: CloudForms 4.7.15 security, (Feb 25) |
|
An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0588:01 Important: CloudForms 5.0.3 security update (Feb 25) |
|
An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0578:01 Important: python-pillow security update (Feb 24) |
|
An update for python-pillow is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0580:01 Important: python-pillow security update (Feb 24) |
|
An update for python-pillow is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0573:01 Important: nodejs:10 security update (Feb 24) |
|
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0576:01 Important: thunderbird security update (Feb 24) |
|
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0574:01 Important: thunderbird security update (Feb 24) |
|
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0575:01 Important: systemd security and bug fix update (Feb 24) |
|
An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0577:01 Important: thunderbird security update (Feb 24) |
|
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0570:01 Important: openjpeg2 security update (Feb 24) |
|
An update for openjpeg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0569:01 Important: openjpeg2 security update (Feb 24) |
|
An update for openjpeg2 is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0568:01 Important: ksh security update (Feb 24) |
|
An update for ksh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0566:01 Important: python-pillow security update (Feb 20) |
|
An update for python-pillow is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0565:01 Important: thunderbird security update (Feb 20) |
|
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0564:01 Important: systemd security update (Feb 20) |
|
An update for systemd is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0559:01 Important: ksh security update (Feb 20) |
|
An update for ksh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
|
|
Slackware: 2020-051-01: proftpd Security Update (Feb 20) |
|
New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
|
|
|
|
SUSE: 2020:0512-1 moderate: rsyslog (Feb 27) |
|
An update that solves two vulnerabilities and has four fixes is now available.
|
|
SUSE: 2020:0511-1 important: the Linux Kernel (Feb 27) |
|
An update that solves 34 vulnerabilities and has 170 fixes is now available.
|
|
SUSE: 2020:0510-1 moderate: python (Feb 27) |
|
An update that solves two vulnerabilities and has one errata is now available.
|
|
SUSE: 2020:0516-1 moderate: openssl (Feb 27) |
|
An update that contains security fixes can now be installed.
|
|
SUSE: 2020:0519-1 moderate: texlive-filesystem (Feb 27) |
|
An update that contains security fixes can now be installed.
|
|
SUSE: 2020:14295-1 moderate: openssl (Feb 27) |
|
An update that contains security fixes can now be installed.
|
|
SUSE: 2020:0520-1 moderate: texlive-filesystem (Feb 27) |
|
An update that contains security fixes can now be installed.
|
|
SUSE: 2020:0505-1 moderate: mariadb (Feb 27) |
|
An update that solves two vulnerabilities and has four fixes is now available.
|
|
SUSE: 2020:14294-1 moderate: libexif (Feb 27) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0496-1 moderate: mariadb (Feb 26) |
|
An update that solves two vulnerabilities and has three fixes is now available.
|
|
SUSE: 2020:0497-1 moderate: python3 (Feb 26) |
|
An update that fixes 6 vulnerabilities is now available.
|
|
SUSE: 2020:0495-1 moderate: ovmf (Feb 26) |
|
An update that solves four vulnerabilities and has one errata is now available.
|
|
SUSE: 2020:0493-1 moderate: squid (Feb 26) |
|
An update that fixes four vulnerabilities is now available.
|
|
SUSE: 2020:0490-1 important: ppp (Feb 26) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0487-1 moderate: squid (Feb 26) |
|
An update that fixes four vulnerabilities is now available.
|
|
SUSE: 2020:0488-1 important: nodejs6 (Feb 26) |
|
An update that fixes three vulnerabilities is now available.
|
|
SUSE: 2020:0489-1 important: ppp (Feb 26) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0474-1 moderate: openssl (Feb 25) |
|
An update that solves one vulnerability and has two fixes is now available.
|
|
SUSE: 2020:14292-1 important: ppp (Feb 25) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0454-1 important: nodejs8 (Feb 25) |
|
An update that fixes three vulnerabilities is now available.
|
|
SUSE: 2020:0455-1 important: nodejs10 (Feb 25) |
|
An update that fixes three vulnerabilities is now available.
|
|
SUSE: 2020:0458-1 moderate: libexif (Feb 25) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0459-1 moderate: libvpx (Feb 25) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0456-1 important: java-1_7_1-ibm (Feb 25) |
|
An update that fixes four vulnerabilities is now available.
|
|
SUSE: 2020:0468-1 important: webkit2gtk3 (Feb 25) |
|
An update that fixes 8 vulnerabilities is now available.
|
|
SUSE: 2020:0457-1 moderate: libexif (Feb 25) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0467-1 moderate: python3 (Feb 25) |
|
An update that solves two vulnerabilities and has two fixes is now available.
|
|
SUSE: 2020:0466-1 important: java-1_8_0-ibm (Feb 25) |
|
An update that fixes 5 vulnerabilities is now available.
|
|
SUSE: 2020:14291-1 moderate: openssl1 (Feb 24) |
|
An update that contains security fixes can now be installed.
|
|
SUSE: 2020:0443-1 moderate: pdsh, slurm_18_08 (Feb 24) |
|
An update that solves 8 vulnerabilities and has two fixes is now available.
|
|
SUSE: 2020:0440-1 moderate: python-azure-agent (Feb 24) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0439-1 moderate: dpdk (Feb 24) |
|
An update that solves one vulnerability and has two fixes is now available.
|
|
SUSE: 2020:14290-1 important: MozillaFirefox (Feb 24) |
|
An update that fixes 5 vulnerabilities is now available.
|
|
SUSE: 2020:14289-1 moderate: php53 (Feb 24) |
|
An update that fixes 6 vulnerabilities is now available.
|
|
SUSE: 2020:0434-1 moderate: pdsh, slurm_18_08 (Feb 21) |
|
An update that solves 8 vulnerabilities and has two fixes is now available.
|
|
SUSE: 2020:0432-1 moderate: libsolv, libzypp, zypper (Feb 21) |
|
An update that solves one vulnerability and has 10 fixes is now available.
|
|
SUSE: 2020:14287-1 important: java-1_7_1-ibm (Feb 21) |
|
An update that fixes four vulnerabilities is now available.
|
|
SUSE: 2020:0429-1 important: nodejs12 (Feb 20) |
|
An update that fixes 6 vulnerabilities is now available.
|
|
SUSE: 2020:14286-1 important: java-1_7_0-ibm (Feb 20) |
|
An update that fixes four vulnerabilities is now available.
|
|
SUSE: 2020:0427-1 important: nodejs10 (Feb 20) |
|
An update that fixes three vulnerabilities is now available.
|
|
|
|
Ubuntu 4292-1: rsync vulnerabilities (Feb 24) |
|
Several security issues were fixed in rsync.
|
|
Ubuntu 4291-1: mod-auth-mellon vulnerability (Feb 24) |
|
libapache2-mod-auth-mellon could be made to redirect users to malicious sites.
|
|
Ubuntu 4290-1: libpam-radius-auth vulnerability (Feb 24) |
|
libpam-radius-auth could be made to crash if it received specially crafted network traffic.
|
|
Ubuntu 4289-1: Squid vulnerabilities (Feb 20) |
|
Several security issues were fixed in Squid.
|
|
Ubuntu 4288-1: ppp vulnerability (Feb 20) |
|
ppp could be made to crash or run programs if it received specially crafted network traffic.
|
|
|
|
Debian LTS: DLA-2123-1: pure-ftpd security update (Feb 27) |
|
An uninitialized pointer vulnerability was discovered in pure-ftpd, a secure and efficient FTP server, which could result in an out-of-bounds memory read and potential information disclosure.
|
|
Debian LTS: DLA-2122-1: libusbmuxd security update (Feb 27) |
|
It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.
|
|
Debian LTS: DLA-2121-1: libimobiledevice security update (Feb 27) |
|
It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.
|
|
Debian LTS: DLA-2120-1: rake security update (Feb 26) |
|
There is an OS command injection vulnerability in Rake (a ruby make-like utility) < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
|
|
Debian LTS: DLA-2119-1: python-pysaml2 security update (Feb 26) |
|
It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
|
|
Debian LTS: DLA-2118-1: otrs2 security update (Feb 24) |
|
It was discovered that the jQuery version embedded in OTRS, a ticket request system, was prone to a cross site scripting vulnerability in jQuery.extend().
|
|
Debian LTS: DLA-2116-1: libpam-radius-auth security update (Feb 22) |
|
A vulnerability was found in pam_radius: the password length check was done incorrectly in the add_password() function in pam_radius_auth.c, resulting in a stack based buffer overflow.
|
|
Debian LTS: DLA-2115-1: proftpd-dfsg security update (Feb 21) |
|
It was discovered that there was a a use-after-free vulnerability in in the proftpd-dfsg FTP server. Exploitation of this vulnerability within the memory pool handling
|
|
|
|
CentOS: CESA-2020-0630: Important CentOS 7 ppp (Feb 27) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0630
|
|
CentOS: CESA-2020-0632: Important CentOS 6 java-1.7.0-openjdk (Feb 27) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0632
|
|
CentOS: CESA-2020-0631: Important CentOS 6 ppp (Feb 27) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0631
|
|
CentOS: CESA-2020-0574: Important CentOS 6 thunderbird (Feb 26) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0574
|
|
CentOS: CESA-2020-0576: Important CentOS 7 thunderbird (Feb 26) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0576
|
|
CentOS: CESA-2020-0568: Important CentOS 7 ksh (Feb 26) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0568
|
|
CentOS: CESA-2020-0578: Important CentOS 7 python-pillow (Feb 26) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0578
|
|
CentOS: CESA-2020-0374: Important CentOS 7 kernel (Feb 26) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0374
|
|
CentOS: CESA-2020-0550: Important CentOS 7 openjpeg2 (Feb 20) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0550
|
|
|
|
SciLinux: SLSA-2020-0632-1 Important: java-1.7.0-openjdk on SL6.x i386/x86_64 (Feb 27) |
|
OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalizat [More...]
|
|
SciLinux: SLSA-2020-0631-1 Important: ppp on SL6.x i386/x86_64 (Feb 27) |
|
ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) SL6 x86_64 ppp-2.4.5-11.el6_10.x86_64.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.x86_64.rpm i386 ppp-2.4.5-11.el6_10.i686.rpm ppp-debuginfo-2.4.5-11.el6_10.i686.rpm [More...]
|
|
SciLinux: SLSA-2020-0630-1 Important: ppp on SL7.x x86_64 (Feb 27) |
|
ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) SL7 x86_64 ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm - Scientific Linux Development Team
|
|
SciLinux: SLSA-2020-0574-1 Important: thunderbird on SL6.x i386/x86_64 (Feb 25) |
|
Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords (CVE-2020-6794) Mozilla: Crash processing S/MIME messages with multiple signatures (CVE-2020-6795) Mozilla: Incorrect p [More...]
|
|
SciLinux: SLSA-2020-0578-1 Important: python-pillow on SL7.x x86_64 (Feb 25) |
|
python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312) python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service (CVE-2019-16865) SL7 x86_64 python-pillow-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm python-pillow-debuginfo-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm python-pillow- [More...]
|
|
SciLinux: SLSA-2020-0568-1 Important: ksh on SL7.x x86_64 (Feb 25) |
|
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) SL7 x86_64 ksh-20120801-140.el7_7.x86_64.rpm ksh-debuginfo-20120801-140.el7_7.x86_64.rpm - Scientific Linux Development Team
|
|
SciLinux: SLSA-2020-0576-1 Important: thunderbird on SL7.x x86_64 (Feb 25) |
|
Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords (CVE-2020-6794) Mozilla: Crash processing S/MIME messages with multiple signatures (CVE-2020-6795) Mozilla: Incorrect p [More...]
|
|
|
|
openSUSE: 2020:0255-1: moderate: libsolv, libzypp, zypper (Feb 27) |
|
An update that solves one vulnerability and has 10 fixes is now available.
|
|
openSUSE: 2020:0253-1: moderate: yast2-rmt (Feb 27) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0250-1: moderate: enigmail (Feb 27) |
|
An update that contains security fixes can now be installed.
|
|
openSUSE: 2020:0259-1: important: chromium (Feb 27) |
|
An update that solves two vulnerabilities and has one errata is now available.
|
|
openSUSE: 2020:0248-1: important: weechat (Feb 27) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0247-1: important: ipmitool (Feb 27) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0245-1: important: chromium (Feb 26) |
|
An update that solves two vulnerabilities and has one errata is now available.
|
|
openSUSE: 2020:0244-1: important: sudo (Feb 25) |
|
An update that solves one vulnerability and has one errata is now available.
|
|
openSUSE: 2020:0242-1: moderate: inn (Feb 24) |
|
An update that fixes one vulnerability is now available.
|
|
|
|
Mageia 2020-0106: squid security update (Feb 26) |
|
Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory (CVE-2019-12528).
|
|
Mageia 2020-0105: clamav security update (Feb 26) |
|
The updated packages fix a security vulnerability: A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on
|
|
Mageia 2020-0104: xmlsec1 security update (Feb 26) |
|
Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP
|
|
Mageia 2020-0103: opencontainers-runc security update (Feb 26) |
|
Updated opencontainers-runc package fixes security vulnerability: An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the
|
|
Mageia 2020-0102: graphicsmagick security update (Feb 26) |
|
Updated graphicsmagick packages fix security vulnerabilities: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c (CVE-2019-19950).
|
|
Mageia 2020-0101: libxml2_2 security update (Feb 24) |
|
Updated libxml2 packages fix security vulnerabilities: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak (CVE-2019-20388).
|
|
Mageia 2020-0100: radare2 security update (Feb 24) |
|
Updated radare2 packages fix security vulnerabilities: A vulnerability was found in radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free
|
|
Mageia 2020-0099: nextcloud security update (Feb 24) |
|
Updated nextcloud packages fix security vulnerability: A bug in Nextcloud Server causes the workflow rules to depend their behavior on the file extension when checking file mimetypes (CVE-2019-15613).
|
|
Mageia 2020-0098: libgd security update (Feb 24) |
|
The updated packages fix a security vulnerability: gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. (CVE-2018-14553)
|
|
Mageia 2020-0097: ipmitool security update (Feb 24) |
|
Updated ipmitool package fix security vulnerability: Christopher Ertl found that multiple functions in ipmitool neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool
|
|
Mageia 2020-0096: upx security update (Feb 24) |
|
The updated packages fix security vulnerabilities: PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have
|
|
Mageia 2020-0095: postgresql security update (Feb 21) |
|
Updated postgresql9.6 and postgresql11 packages fix security vulnerability: The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is
|
|
Mageia 2020-0094: systemd security update (Feb 21) |
|
Updated systemd packages fix security vulnerabilities: It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service (CVE-2019-20386).
|
|
Mageia 2020-0093: patch security update (Feb 21) |
|
Updated patch package fixes security vulnerabilities: * In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. (CVE-2019-13636).
|
