| |
Debian: DSA-4722-1: ffmpeg security update (Jul 8) |
| |
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
|
| |
Debian: DSA-4721-1: ruby2.5 security update (Jul 8) |
| |
Several vulnerabilities have been discovered in the interpreter for the Ruby language. CVE-2020-10663
|
| |
Debian: DSA-4720-1: roundcube security update (Jul 8) |
| |
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize incoming mail messages. This would allow a remote attacker to perform a Cross-Side Scripting (XSS) attack.
|
| |
Debian: DSA-4719-1: php7.3 security update (Jul 6) |
| |
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or potentially the execution of arbitrary code.
|
| |
Debian: DSA-4718-1: thunderbird security update (Jul 5) |
| |
Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code.
|
| |
Debian: DSA-4717-1: php7.0 security update (Jul 5) |
| |
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or potentially the execution of arbitrary code.
|
| |
Debian: DSA-4714-2: chromium regression update (Jul 4) |
| |
The previous update for chromium released as DSA 4714-1 was mistakenly built without compiler optimizations. This caused high CPU load and frequent crashes. Updated chromium packages are now available that correct this issue.
|
| |
Debian: DSA-4716-1: docker.io security update (Jul 2) |
| |
Etienne Champetier discovered that Docker, a Linux container runtime, created network bridges which by default accept IPv6 router advertisements. This could allow an attacker with the CAP_NET_RAW capability in a container to spoof router advertisements, resulting in information
|
| |
Debian: DSA-4715-1: imagemagick security update (Jul 2) |
| |
This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.
|
| |
Fedora 32: LibRaw 2020-f421eea477 (Jul 9) |
| |
Backported patch for CVE-2020-15503
|
| |
Fedora 31: python-pillow 2020-d0737711b6 (Jul 9) |
| |
This update fixes CVE-2020-10177, CVE-2020-10994, CVE-2020-10379, CVE-2020-11538 and CVE-2020-10378.
|
| |
Fedora 31: python36 2020-ea5bdbcc90 (Jul 9) |
| |
# Python 3.6.11 Python 3.6.11 is the latest security fix release of Python 3.6. - bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks. - bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. -
|
| |
Fedora 31: curl 2020-55f1f7cb13 (Jul 9) |
| |
- avoid overwriting a local file with -J (CVE-2020-8177) - fix partial password leak over DNS on HTTP redirect (CVE-2020-8169)
|
| |
Fedora 31: mingw-pcre2 2020-b11cf352bd (Jul 8) |
| |
FIx CVE-2019-20454
|
| |
Fedora 31: xrdp 2020-9c26a458ae (Jul 8) |
| |
This is a security fix release that includes fixes for the following local buffer overflow vulnerability. - CVE-2022-4044: Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it This update is recommended for all xrdp users.
|
| |
Fedora 31: remmina 2020-dd8c133829 (Jul 8) |
| |
Remmina 1.4.7 and FreeRDP 2.1.2 to fix many bugs and CVEs
|
| |
Fedora 31: freerdp 2020-dd8c133829 (Jul 8) |
| |
Remmina 1.4.7 and FreeRDP 2.1.2 to fix many bugs and CVEs
|
| |
Fedora 31: gupnp 2020-e538e3e526 (Jul 8) |
| |
Security update for CVE-2020-12695 (CallStranger)
|
| |
Fedora 31: gssdp 2020-e538e3e526 (Jul 8) |
| |
Security update for CVE-2020-12695 (CallStranger)
|
| |
Fedora 32: xrdp 2020-9666e4c9cd (Jul 8) |
| |
This is a security fix release that includes fixes for the following local buffer overflow vulnerability. - CVE-2022-4044: Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it This update is recommended for all xrdp users.
|
| |
Fedora 32: remmina 2020-a3ef998a70 (Jul 8) |
| |
Remmina 1.4.7 and FreeRDP 2.1.2 to fix many bugs and CVEs
|
| |
Fedora 32: freerdp 2020-a3ef998a70 (Jul 8) |
| |
Remmina 1.4.7 and FreeRDP 2.1.2 to fix many bugs and CVEs
|
| |
Fedora 31: firefox 2020-8ba9376229 (Jul 7) |
| |
Update to latest upstream version
|
| |
Fedora 31: ngircd 2020-8c33e3a771 (Jul 7) |
| |
Update to version 26, a bugfix and security release. FIxes CVE-2020-14148.
|
| |
Fedora 31: chromium 2020-77f89ab772 (Jul 7) |
| |
Update to 83.0.4103.116. Fixes CVE-2020-6509. ---- Black Lives Matter. Saying this does not mean that other lives do not matter. It should not be controversial to say this. If I say Chromium updates matter, it does not mean that other Fedora packages do not matter, it means that a Chromium update is needed to fix this giant pile of severe security vulnerabilities, here, today,
|
| |
Fedora 32: ngircd 2020-e6d1d849c5 (Jul 7) |
| |
Update to version 26, a bugfix and security release. FIxes CVE-2020-14148.
|
| |
Fedora 32: gst 2020-9e6f5b3ae2 (Jul 6) |
| |
Update to latest version
|
| |
Fedora 31: gst 2020-3d23d3ea02 (Jul 6) |
| |
Update to latest version
|
| |
Fedora 32: ceph 2020-c9bff9688e (Jul 5) |
| |
Security fix for CVE-2020-10753 ceph: radosgw: HTTP header injection via CORS ExposeHeader tag
|
| |
Fedora 32: xpdf 2020-f34d97b1fd (Jul 4) |
| |
Fix CVE-2019-12360.
|
| |
Fedora 32: mediawiki 2020-9c97633708 (Jul 4) |
| |
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-June/000252.html
|
| |
Fedora 31: xpdf 2020-de27bb80af (Jul 4) |
| |
Fix CVE-2019-12360.
|
| |
Fedora 32: libldb 2020-ccd9bdb2eb (Jul 3) |
| |
Update to Samba 4.12.5
|
| |
Fedora 32: samba 2020-ccd9bdb2eb (Jul 3) |
| |
Update to Samba 4.12.5
|
| |
Fedora 32: python-pillow 2020-c52106e48a (Jul 3) |
| |
This update fixes CVE-2020-10177, CVE-2020-10994, CVE-2020-10379, CVE-2020-11538 and CVE-2020-10378.
|
| |
Fedora 32: python36 2020-8bdd3fd7a4 (Jul 3) |
| |
# Python 3.6.11 Python 3.6.11 is the latest security fix release of Python 3.6. - bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks. - bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. -
|
| |
Fedora 32: libfilezilla 2020-74dd64990b (Jul 3) |
| |
3.48.1
|
| |
Fedora 32: gupnp 2020-1f7fc0d0c9 (Jul 3) |
| |
Security update for CVE-2020-12695 (CallStranger)
|
| |
Fedora 32: gssdp 2020-1f7fc0d0c9 (Jul 3) |
| |
Security update for CVE-2020-12695 (CallStranger)
|
| |
Fedora 31: alpine 2020-f822ea9330 (Jul 2) |
| |
2.23 fixes CVE-2020-14929 (#1850048,#1850047) and new version (#1848786)
|
| |
Fedora 32: firefox 2020-55077d678a (Jul 2) |
| |
Update to latest upstream version
|
| |
Fedora 32: hostapd 2020-df3e1cfde9 (Jul 2) |
| |
Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP)
|
| |
Fedora 32: mutt 2020-1cb4c3697b (Jul 2) |
| |
Security fix for CVE-2020-14954
|
| |
Fedora 32: alpine 2020-386249cec2 (Jul 2) |
| |
2.23 fixes CVE-2020-14929 (#1850048,#1850047) and new version (#1848786)
|
| |
RedHat: RHSA-2020-2870:01 Important: Red Hat OpenShift Service Mesh 1.0 (Jul 7) |
| |
An update for servicemesh-cni is now available for OpenShift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2863:01 Important: Red Hat OpenShift Service Mesh 1.0 (Jul 7) |
| |
An update for servicemesh-prometheus is now available for OpenShift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2861:01 Important: Red Hat OpenShift Service Mesh 1.0 (Jul 7) |
| |
An update for servicemesh-grafana is now available for OpenShift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2864:01 Important: Red Hat OpenShift Service Mesh 1.0 (Jul 7) |
| |
An update for servicemesh-proxy is now available for OpenShift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2854:01 Important: kernel-alt security and bug fix update (Jul 7) |
| |
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2840:01 Important: tomcat security update (Jul 7) |
| |
An update for tomcat is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2846:01 Low: gettext security update (Jul 7) |
| |
An update for gettext is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2838:01 Low: file security update (Jul 7) |
| |
An update for file is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2842:01 Moderate: microcode_ctl security, (Jul 7) |
| |
An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2839:01 Moderate: ruby security update (Jul 7) |
| |
An update for ruby is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2844:01 Important: qemu-kvm security update (Jul 7) |
| |
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2835:01 Critical: php security update (Jul 7) |
| |
An update for php is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2833:01 Important: kdelibs security update (Jul 7) |
| |
An update for kdelibs is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2851:01 Important: kernel security and bug fix update (Jul 7) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2852:01 Important: nodejs:12 security update (Jul 7) |
| |
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2848:01 Important: nodejs:10 security update (Jul 7) |
| |
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2849:01 Important: nodejs:10 security update (Jul 7) |
| |
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2847:01 Important: nodejs:12 security update (Jul 7) |
| |
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2850:01 Important: nghttp2 security update (Jul 7) |
| |
An update for nghttp2 is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2832:01 Important: kernel security and bug fix update (Jul 7) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2020-2831:01 Important: kernel security and bug fix update (Jul 7) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2827:01 Important: firefox security update (Jul 6) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2826:01 Important: firefox security update (Jul 6) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2828:01 Important: firefox security update (Jul 6) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2824:01 Important: firefox security update (Jul 6) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2823:01 Important: nghttp2 security update (Jul 6) |
| |
An update for nghttp2 is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2789:01 Low: OpenShift Container Platform 4.4.11 (Jul 6) |
| |
An update for ose-baremetal-operator-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2825:01 Important: firefox security update (Jul 6) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2793:01 Low: OpenShift Container Platform 4.4.11 (Jul 6) |
| |
An update for atomic-openshift-descheduler-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2790:01 Low: OpenShift Container Platform 4.4.11 (Jul 6) |
| |
An update for ose-azure-machine-controllers-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2792:01 Moderate: OpenShift Container Platform 4.4.11 (Jul 6) |
| |
An update for grafana-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2819:01 Moderate: Red Hat OpenShift Jaeger 1.17.2 (Jul 6) |
| |
An update for jaeger-all-in-one-rhel7-container and jaeger-query-rhel7-container is now available for Jaeger-1.17. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2817:01 Moderate: rh-nginx116-nginx security update (Jul 2) |
| |
An update for rh-nginx116-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2816:01 Important: RH-SSO 7.4.1 adapters for Red Hat (Jul 2) |
| |
A security update is now available for Red Hat Single Sign-On 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 6 Red Hat Product Security has rated this update as having a security impact of
|
| |
RedHat: RHSA-2020-2814:01 Important: RH-SSO 7.4.1 adapters for Red Hat (Jul 2) |
| |
A security update is now available for Red Hat Single Sign-On 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 7.3 Red Hat Product Security has rated this update as having a security impact of
|
| |
RedHat: RHSA-2020-2813:01 Important: Red Hat Single Sign-On 7.4.1 security (Jul 2) |
| |
A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
Slackware: 2020-189-01: seamonkey Security Update (Jul 7) |
| |
New seamonkey packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2020-186-01: libvorbis Security Update (Jul 4) |
| |
New libvorbis packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
|
| |
SUSE: 2020:1591-2 important: MozillaThunderbird (Jul 8) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:1580-2 moderate: texlive-filesystem (Jul 8) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:1297-2 moderate: libvpx (Jul 8) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1695-2 moderate: osc (Jul 8) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1553-2 moderate: libexif (Jul 8) |
| |
An update that fixes 9 vulnerabilities is now available.
|
| |
SUSE: 2020:0819-2 important: icu (Jul 8) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1417-2 moderate: freetds (Jul 8) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2425-2 important: nmap (Jul 8) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:1621-2 important: libEMF (Jul 8) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:2891-2 moderate: python-ecdsa (Jul 8) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:14421-1 important: MozillaFirefox (Jul 8) |
| |
An update that fixes 13 vulnerabilities is now available.
|
| |
SUSE: 2019:3192-2 moderate: opencv (Jul 8) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:1873-1 important: LibVNCServer (Jul 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0111-2 moderate: Mesa (Jul 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0594-2 moderate: gd (Jul 7) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:1661-2 moderate: php7 (Jul 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1682-2 important: perl (Jul 7) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0629-2 moderate: librsvg (Jul 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1164-2 important: LibVNCServer (Jul 7) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:1300-2 important: gstreamer-plugins-base (Jul 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1864-1 moderate: nasm (Jul 7) |
| |
An update that solves 12 vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:3033-2 moderate: djvulibre (Jul 7) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:2463-2 moderate: SDL2 (Jul 7) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:1511-2 important: java-11-openjdk (Jul 7) |
| |
An update that fixes 13 vulnerabilities is now available.
|
| |
SUSE: 2019:3184-2 important: ffmpeg (Jul 7) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:14419-1 important: openldap2 (Jul 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1855-1 important: openldap2 (Jul 6) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:1858-1 moderate: permissions (Jul 6) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:1857-1 moderate: permissions (Jul 6) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:14418-1 important: mozilla-nspr, mozilla-nss (Jul 6) |
| |
An update that solves 5 vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2020:1856-1 important: openldap2 (Jul 6) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:1859-1 important: openldap2 (Jul 6) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2020:1860-1 moderate: permissions (Jul 6) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2019:2971-2 important: libjpeg-turbo (Jul 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1850-1 moderate: mozilla-nss (Jul 6) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:1843-1 moderate: nasm (Jul 6) |
| |
An update that solves 13 vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:1842-1 moderate: systemd (Jul 3) |
| |
An update that solves one vulnerability and has 9 fixes is now available.
|
| |
SUSE: 2020:1841-1 important: tomcat (Jul 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1396-2 moderate: zstd (Jul 3) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:1839-1 important: mozilla-nspr, mozilla-nss (Jul 3) |
| |
An update that solves three vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2020:1828-1 moderate: systemd (Jul 2) |
| |
An update that solves one vulnerability and has 9 fixes is now available.
|
| |
SUSE: 2020:1822-1 important: python3 (Jul 2) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1823-1 moderate: ntp (Jul 2) |
| |
An update that solves four vulnerabilities and has two fixes is now available.
|
| |
Ubuntu 4376-2: OpenSSL vulnerabilities (Jul 9) |
| |
Several security issues were fixed in OpenSSL.
|
| |
Ubuntu 4421-1: Thunderbird vulnerabilities (Jul 8) |
| |
Several security issues were fixed in Thunderbird.
|
| |
Ubuntu 4420-1: Cinder and os-brick vulnerability (Jul 7) |
| |
Cinder and os-brick could be made to expose sensitive information.
|
| |
Ubuntu 4419-1: Linux kernel vulnerabilities (Jul 6) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4417-2: NSS vulnerability (Jul 6) |
| |
NSS could be made to expose sensitive information.
|
| |
Ubuntu 4418-1: OpenEXR vulnerabilities (Jul 6) |
| |
OpenEXR could be made to crash or run programs if it opened a specially crafted file.
|
| |
Ubuntu 4417-1: NSS vulnerability (Jul 6) |
| |
NSS could be made to expose sensitive information.
|
| |
Ubuntu 4416-1: GNU C Library vulnerabilities (Jul 6) |
| |
Several security issues were fixed in GNU C Library.
|
| |
Ubuntu 4415-1: coTURN vulnerabilities (Jul 6) |
| |
Several security issues were fixed in coTURN.
|
| |
Ubuntu 4414-1: Linux kernel vulnerabilities (Jul 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4413-1: Linux kernel vulnerabilities (Jul 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4412-1: Linux kernel vulnerabilities (Jul 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4411-1: Linux kernel vulnerabilities (Jul 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4410-1: Net-SNMP vulnerability (Jul 2) |
| |
Net-SNMP could be made to crash if it received specially crafted input.
|
| |
Ubuntu 4409-1: Samba vulnerabilities (Jul 2) |
| |
Several security issues were fixed in Samba.
|
| |
Ubuntu 4408-1: Firefox vulnerabilities (Jul 2) |
| |
Firefox could be made to crash or run programs as your login if it opened a malicious website.
|
| |
Ubuntu 4407-1: LibVNCServer vulnerabilities (Jul 2) |
| |
Several security issues were fixed in LibVNCServer.
|
| |
Ubuntu: Ubuntu 19.10 (Eoan Ermine) reaches End of Life on July 17 2020 (Jul 2) |
| |
|
| |
CentOS: CESA-2020-2824: Important CentOS 6 firefox (Jul 8) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:2824
|
| |
CentOS: CESA-2020-2827: Important CentOS 7 firefox (Jul 8) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:2827
|
| |
SciLinux: SLSA-2020-2824-1 Important: firefox on SL6.x i386/x86_64 (Jul 7) |
| |
Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) SL6 x86_64 firefox-68.10.0-1.el6_10.x86_64.rpm [More...]
|
| |
SciLinux: SLSA-2020-2827-1 Important: firefox on SL7.x x86_64 (Jul 7) |
| |
Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate tr [More...]
|
| |
openSUSE: 2020:0950-1: important: opera (Jul 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0949-1: important: opera (Jul 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0947-1: important: chocolate-doom (Jul 8) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0945-1: moderate: rust, rust-cbindgen (Jul 7) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2020:0937-1: moderate: coturn (Jul 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0944-1: moderate: live555 (Jul 7) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2020:0935-1: important: the Linux Kernel (Jul 7) |
| |
An update that solves 16 vulnerabilities and has 117 fixes is now available.
|
| |
openSUSE: 2020:0939-1: important: chocolate-doom (Jul 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0940-1: important: python3 (Jul 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0934-1: moderate: ntp (Jul 6) |
| |
An update that solves four vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2020:0933-1: moderate: rust, rust-cbindgen (Jul 6) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2020:0931-1: important: python3 (Jul 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0928-1: important: chocolate-doom (Jul 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0925-1: moderate: Virtualbox (Jul 3) |
| |
An update that fixes 19 vulnerabilities is now available.
|
| |
openSUSE: 2020:0917-1: important: opera (Jul 2) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
Mageia 2020-0289: samba security update (Jul 10) |
| |
Updated samba packages fix security vulnerabilities: Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code
|
| |
Mageia 2020-0288: vino security update (Jul 10) |
| |
The updated package fixes security vulnerabilities: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. (CVE-2020-14397) Byte-aligned data is accessed through uint16_t pointers in
|
| |
Mageia 2020-0287: coturn security update (Jul 10) |
| |
The updated package fixes a security vulnerability: In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker)
|
| |
Mageia 2020-0286: pdns-recursor security update (Jul 7) |
| |
Updated pdns-recursor package fixes security vulnerability: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server,
|
| |
Mageia 2020-0285: ruby security update (Jul 7) |
| |
Updated ruby packages fix security vulnerability: An issue was discovered in Ruby through 2.5.7. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the
|
| |
Mageia 2020-0284: mariadb security update (Jul 7) |
| |
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Client product of MariaDB (component: C API) Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Client.
|
| |
Mageia 2020-0283: libvirt security update (Jul 6) |
| |
Updated libvirt packages fix security vulnerability: A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent.
|
| |
Mageia 2020-0282: curl security update (Jul 5) |
| |
Updated curl packages fix security vulnerabilities: libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s) (CVE-2020-8169).
|
| |
Mageia 2020-0281: ntp security update (Jul 5) |
| |
Updated ntp packages fix security vulnerability: ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is
|
| |
Mageia 2020-0280: libvncserver security update (Jul 5) |
| |
Updated libvncserver packages fix security vulnerabilities: libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long socket filename (CVE-2019-20839).
|
| |
Mageia 2020-0279: docker security update (Jul 5) |
| |
Updated docker packages fix security vulnerability: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router
|
| |
Mageia 2020-0278: tcpreplay security update (Jul 5) |
| |
Updated tcpreplay package fixes security vulnerability: tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c (CVE-2020-12740).
|
| |
Mageia 2020-0277: tomcat security update (Jul 5) |
| |
Updated tomcat packages fix security vulnerability: When using Apache Tomcat versions 9.0.0.M1 to 9.0.34, if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a
|
| |
Mageia 2020-0276: mailman security update (Jul 5) |
| |
Updated mailman package fixes security vulnerability: Up to mailman 2.1.29 when sending a file without a file extension (or an unknown file extension) then the file is stored in the list archive with the file extension .obj. Most web servers will try to assign a mime type
|
| |
Mageia 2020-0275: perl-YAML security update (Jul 5) |
| |
Updated perl-YAML package fixes security vulnerability: This update enforces that $LoadCode must be enabled to use the feature of evaluating typeglobs, because with the typeglob feature you would be able to set the variable $YAML::LoadCode from a YAML file, and that would be a
|
| |
Mageia 2020-0274: firefox security update (Jul 4) |
| |
Updated nss and firefox packages fix security vulnerabilities: NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys (CVE-2020-12399).
|
| |
Mageia 2020-0273: libexif security update (Jul 4) |
| |
The updated packages fix a security vulnerability: In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction
|
| |
Mageia 2020-0272: vlc security update (Jul 4) |
| |
Updated vlc packages fixes security vulnerability: A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash)
|
| |
Mageia 2020-0271: libxml2 security update (Jul 4) |
| |
Updated libxml2 packages fix security vulnerability: The fix for CVE-2019-19956 introduced regressions which can cause invalid xmlns references in output and memory leaks, possibly leading to more serious security issues. The broken fix has been reverted.
|
| |
Mageia 2020-0270: libupnp security update (Jul 4) |
| |
The updated packages fix a security vulnerability: Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions
|
| |
Mageia 2020-0269: python-httplib2 security update (Jul 4) |
| |
Updated python-httplib2 packages fix security vulnerability: In httplib2, an attacker controlling unescaped part of uri for httplib2.Http.request() could change request headers and body, send additional hidden requests to same server. This vulnerability impacts
|
