Linux Advisory Watch: February 5th, 2021

Moshe Kol and Shlomi Oberman of JSOF discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server. They could result in denial of service, cache poisoning or the execution of arbitrary code.

Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash, infinite loops) via

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or an information leak.

# New in release OpenJDK 11.0.10 (2021-01-19): Live versions of these release notes can be found at: * https://bitly.com/openjdk11010 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.10.txt ## Security fixes * JDK-8247619: Improve Direct Buffering of Characters ## Other changes * [JDK-8213821](https://bugs.openjdk.org/browse/JDK-8213821)

The 5.10.12 stable kernel update contains a number of important fixes across the tree.

Security fix for [CVE-2021-3325]. This new version fixes a security bug introduced in the 3.13.0 version that lead the HTTP built-in server to bypass the Basic Authentication when the option hosts_deny is not defined, which is the default. Besides this fix, this version also updates the main configuration file to add the option hosts_deny = all by default inside the auth subsection,

The 5.10.12 stable kernel update contains a number of important fixes across the tree.

Security fix for [CVE-2021-3325]. This new version fixes a security bug introduced in the 3.13.0 version that lead the HTTP built-in server to bypass the Basic Authentication when the option hosts_deny is not defined, which is the default. Besides this fix, this version also updates the main configuration file to add the option hosts_deny = all by default inside the auth subsection,

New upstream version 10.94.00. Introduced new script pamhomography.

Fixes CVE-2020-28374 See tcmu-runner commit 2b16e96e6b63d0419d857f53e4cc67f0adb383fd tcmu-runner can't determine whether the device(s) referred to in XCOPY Copy Source/Copy Destination (CSCD) descriptors should be accessible to the initiator via transport settings, ACLs, etc. Consequently, fail XCOPY requests with CSCD descriptors which refer to any

Fixes heap use-after-free when parsing malformed file (upstream issue [2989](https://gitlab.com/users/sign_in

New upstream version 2.0.24 with all reported CVE fixes available.

This update rebases QtWebEngine to the latest Qt 5 release, 5.15.2, fixing dozens of security issues. (The same version is already shipped on Fedora 33 and Rawhide.) The included kf5-messagelib update backports a fix for compatibility with QtWebEngine 5.15.x. The Chromium version has been updated to 83.0.4103.122, with backported security fixes from Chromium up to version

This update rebases QtWebEngine to the latest Qt 5 release, 5.15.2, fixing dozens of security issues. (The same version is already shipped on Fedora 33 and Rawhide.) The included kf5-messagelib update backports a fix for compatibility with QtWebEngine 5.15.x. The Chromium version has been updated to 83.0.4103.122, with backported security fixes from Chromium up to version

New upstream version 10.94.00. Introduced new script pamhomography.

Fixes heap use-after-free when parsing malformed file (upstream issue [2989](https://gitlab.com/users/sign_in

New upstream version 2.0.24 with all reported CVE fixes available.

IRQ vector leak on x86 [XSA-360]

This is probably not the update you want. Let me be clear, it does fix the security vulnerabilities in this list: CVE-2020-16044 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134

Fixes startup crash.

Update to latest upstream version.

**opensmtpd 6.8.0p2** New Features: - ECDSA privsep engine support for OpenSSL, sponsored by anonymous community member Bug fixes: - Fixed a resolver memory leak as well as a regex table memory leak - Fixed a bug in the filters state machine leading to a possible crash of the daemon - Fixed the logging format which output truncated process names on some systems - Fixed

This update backports a security fix for CVE-2021-3177.

**opensmtpd 6.8.0p2** New Features: - ECDSA privsep engine support for OpenSSL, sponsored by anonymous community member Bug fixes: - Fixed a resolver memory leak as well as a regex table memory leak - Fixed a bug in the filters state machine leading to a possible crash of the daemon - Fixed the logging format which output truncated process names on some systems - Fixed

This update backports a security fix for CVE-2021-3177.

New Firefox version (85.0) with various Wayland fixes. New NSS version (3.60).

New Firefox version (85.0) with various Wayland fixes. New NSS version (3.60).

Erlang ver. 23.2.3 ---- Erlang ver. 23.2.2

Update to 2.53.6

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

A vulnerability was discovered in NSD which could allow a local attacker to cause a Denial of Service condition.

A buffer overflow in VLC might allow remote attacker(s) to execute arbitrary code.

A vulnerability in ImageMagick's handling of PDF was discovered possibly allowing code execution.

An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Red Hat Quay 3.4.0 is now available with bug fixes and various enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Red Hat AMQ Broker 7.8.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat OpenShift Container Platform release 4.4.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.4.

Red Hat OpenShift Container Platform release 4.4.33 is now available with updates to packages and images that fix several bugs. This release includes a security update for jenkins-2-plugins, openshift, and openshift-kuryr for Red Hat OpenShift Container Platform 4.4.

An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for perl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for net-snmp is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

Red Hat AMQ Broker 7.4.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

New Red Hat Single Sign-On 7.4.5 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update is now available for Red Hat JBoss Enterprise Application Platform XP. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for flatpak is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for flatpak is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for flatpak is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse-sles-15-sp2-chost-byos-v20210202-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

The container sles-15-sp2-chost-byos-v20210202 was updated. The following patches have been included in this update:

The container sles-15-sp1-chost-byos-v20210202 was updated. The following patches have been included in this update:

The container suse-sles-15-sp1-chost-byos-v20210202-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

CVE-2020-8020 An improper neutralization of input during web page generation vulnerability in open-build-service allows remote attackers to

Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash, infinite loops) via

This update includes the changes in tzdata 2021a for the Perl bindings. For the list of changes, see DLA-2542-1. For Debian 9 stretch, this problem has been fixed in version

This update includes the changes in tzdata 2021a. Notable changes are: - South Sudan changed from +03 to +02 on 2021-02-01.

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or an information leak.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.

It was discovered that there was a potential directory-traversal in Django, a Python-based web development framework. For Debian 9 "Stretch", this problem has been fixed in version

Two vulnerabilities were fixed by upgrading the MariaDB database server packages to the latest version on the 10.1 branch. For Debian 9 stretch, these problems have been fixed in version

It was discovered that CVE-2020-26159 in the Oniguruma regular expressions library, notably used in PHP mbstring, was a false-positive. In consequence the patch for CVE-2020-26159 was reverted. For reference, the original advisory text follows.

Several issues have been found in libsdl2, a library for portable low level access to a video framebuffer, audio output, mouse, and keyboard. All issues are related to either buffer overflow, integer overflow or

The package libgcrypt before version 1.9.1-1 is vulnerable to arbitrary code execution.

The package home-assistant before version 2021.1.4-1 is vulnerable to information disclosure.

The package mutt before version 2.0.5-1 is vulnerable to denial of service.

The package libvirt before version 1:7.0.0-1 is vulnerable to arbitrary code execution.

The package jenkins before version 2.275-1 is vulnerable to multiple issues including cross-site scripting, directory traversal, incorrect calculation, arbitrary filesystem access, denial of service, information disclosure and insufficient validation.

The package flatpak before version 1.10.0-1 is vulnerable to sandbox escape.

The package erlang before version 23.2.2-1 is vulnerable to certificate verification bypass.

The package dnsmasq before version 2.83-1 is vulnerable to multiple issues including arbitrary code execution, denial of service and insufficient validation.

The package virtualbox before version 6.1.18-1 is vulnerable to multiple issues including arbitrary code execution, insufficient validation, denial of service and information disclosure.

The package podofo before version 0.9.7-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

The package vlc before version 3.0.12-1 is vulnerable to arbitrary code execution.

The package gptfdisk before version 1.0.6-1 is vulnerable to arbitrary code execution.

The package linux before version 5.10.7.arch1-1 is vulnerable to directory traversal.

The package linux-hardened before version 5.10.7.a-1 is vulnerable to directory traversal.

The package linux-zen before version 5.10.7.zen1-1 is vulnerable to directory traversal.

The package linux-lts before version 5.4.89-1 is vulnerable to directory traversal.

The package lldpd before version 1.0.8-1 is vulnerable to information disclosure.

The package openvswitch before version 2.14.1-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

The package go before version 2:1.15.7-1 is vulnerable to multiple issues including arbitrary command execution and incorrect calculation.

The package gobby before version 1:0.5.0+116+g295e697-1 is vulnerable to denial of service.

Upstream details at : https://access.redhat.com/errata/RHSA-2021:0339

Upstream details at : https://access.redhat.com/errata/RHSA-2021:0347

Upstream details at : https://access.redhat.com/errata/RHSA-2021:0343

Upstream details at : https://access.redhat.com/errata/RHSA-2021:0348

kernel: use-after-free in fs/block_dev.c (CVE-2020-15436) * kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513) Bug Fix(es): * double free issue in filelayout_alloc_commit_info * Regression: Plantronics Device SHS2355-11 PTT button does not work after update to 7.7 * Openstack network node reports unregister_netdevice: waiting for qr- 3cec0c92-9a to bec [More...]

This update upgrades Thunderbird to version 78.7.0. * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954) * Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964) * Mozilla: IMAP Response Injection when using STAR [More...]

An update that contains security fixes can now be installed.

An update that contains security fixes can now be installed.

An update that fixes one vulnerability is now available.

An update that fixes 5 vulnerabilities is now available.

An update that fixes 5 vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes 6 vulnerabilities is now available.

An update that fixes 6 vulnerabilities is now available.

An update that contains security fixes can now be installed.

An update that contains security fixes can now be installed.

An update that fixes one vulnerability is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes 26 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service because rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a

It was discovered that there was an issue in nodejs-ini, where an application could be exploited by a malicious input file. This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context

In KDE KMail, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the

Cross-origin information leakage via redirected PDF requests. (CVE-2021-23953) Type confusion when using logical assignment operators in JavaScript switch statements. (CVE-2021-23954)

A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and crash the application. The highest threat from this vulnerability is to system

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename (CVE-2019-5477).

This kernel-linus update is based on upstream 5.10.12 and fixes atleast the following security issue: An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local

This kernel update is based on upstream 5.10.12 and fixes atleast the following security issues: fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to

The updated php-pear packages fix a security vulnerability in component Archive_tar, a symlink out-of-path write vulnerability. Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. (CVE-2020-36193).

Multiples vulnerabilities have been discovered in dnsmasq up to version 2.82: - subtle errors in dnsmasq's protections against cache-poisoning attacks (CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686) - buffer overflow in dnsmasq's DNSSEC code (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 and CVE-2020-25687)

This kernel-linus update is based on upstream 5.10.11 and fixes atleast the following security issue: SCSI EXTENDED COPY (XCOPY) requests sent to a Linux SCSI target (LIO) allow an attacker to read or write anywhere on any LIO backstore configured

Vulnerability in the Data Store component of Oracle Berkeley DB. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data