Linux Advisory Watch: June 11th, 2021

Multiple vulnerabilities were discovered in libwebp, the implementation of the WebP image format, which could result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed images are processed.

Multiple security issues were discovered in the Rails web framework which could result in denial of service. For the stable distribution (buster), these problems have been fixed in

A buffer overflow was discovered in HTMLDOC, a HTML processor that generates indexed HTML, PS, and PDF, which could potentially result in the execution of arbitrary code. In addition a number of crashes were addressed.

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. In adddition two security issues were addressed in the OpenPGP support.

It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control.

- Update to Firefox 89.0

CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses

1965325 - CVE-2021-20718 mod_auth_openidc: DoS in oidc_util_read_post_params() in util.c

**Redis 6.0.14** - Released Tue June 1 12:00:00 IST 2021 Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. MODERATE otherwise. Fix integer overflow in STRALGO LCS (**CVE-2021-32625**) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially

Fix log permissions issue ---- Security: 1-byte memory overwrite might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash or, potentially, arbitrary code execution (CVE-2021-23017).

- version update - security update

CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses

1965325 - CVE-2021-20718 mod_auth_openidc: DoS in oidc_util_read_post_params() in util.c

**Redis 6.2.4** - Released Tue June 1 12:00:00 IST 2021 Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. MODERATE otherwise. Fix integer overflow in STRALGO LCS (**CVE-2021-32625**) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially

Fix log permissions issue ---- Security: 1-byte memory overwrite might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash or, potentially, arbitrary code execution (CVE-2021-23017).

Update to upstream 2.1-33. 20210608 * Addition of 06-55-05/0xb7 (CLX-SP A0) microcode at revision 0x3000010; * Addition of 06-6a-05/0x87 (ICX-SP C0) microcode at revision 0xc0002f0; * Addition of 06-6a-06/0x87 (ICX-SP D0) microcode at revision 0xd0002a0; * Addition of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f; * Addition of 06-86-05/0x01 (SNR B1) microcode (in intel-

- Updated to Firefox 89.0

Fix security issues.

#### What's new for 1.2.2 The release adds the `_Fork` function from the upcoming edition of POSIX and takes advantage of the interpretation dropping the async-signal-safety requirement from `fork` to provide a consistent execution environment (not restricted to calling only async-signal-safe functions) after a multithreaded parent forks. This solves deadlocks which would otherwise be

#### What's new for 1.2.2 The release adds the `_Fork` function from the upcoming edition of POSIX and takes advantage of the interpretation dropping the async-signal-safety requirement from `fork` to provide a consistent execution environment (not restricted to calling only async-signal-safe functions) after a multithreaded parent forks. This solves deadlocks which would otherwise be

CVE-2021-3560 mitigation

- New upstream release 3.2.8a - Add patches from upstream git fixing a couple of issues which may have security implications (CVE-2021-3561)

- New upstream release 3.2.8a - Add patches from upstream git fixing a couple of issues which may have security implications (CVE-2021-3561)

New version 3.4.5, Fix for CVE-2021-22207.

Fix for CVE-2021-25217

New version 3.4.5, Fix for CVE-2021-22207.

Backport fixes for CVE-2021-32617, CVE-2021-29623.

Apply fix for CVE-2021-3500. ---- Apply fix for CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493

Upgrade to upstream security release 3.7.4

Backport fixes for CVE-2021-32617, CVE-2021-29623.

Apply fix for CVE-2021-3500. ---- Apply fix for CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493

Upgrade to upstream security release 3.7.4

Fix CVE-2021-28957: missing input sanitization for formaction HTML5 attributes may lead to XSS

An update for servicemesh-operator is now available for OpenShift Service Mesh 2.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat OpenShift Container Platform release 3.11.452 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11.

An update for gupnp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the postgresql:9.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for dhcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions.

An update for nettle is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions.

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libwebp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for qt5-qtimageformats is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for hivex is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libldb is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the nginx:1.16 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.1 Extended Update Support, and Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact

An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for nettle is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rh-nginx116-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libwebp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the nginx:1.18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rh-nginx118-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rh-ruby27-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for rh-ruby26-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for polkit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for polkit is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New rust-toolset-1.49 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for polkit is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New polkit packages are available for Slackware 14.2 and -current to fix a security issue.

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

The container sles-15-sp2-chost-byos-v20210610 was updated. The following patches have been included in this update:

The container suse-sles-15-sp2-chost-byos-v20210610-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

The container ses/7/rook/ceph was updated. The following patches have been included in this update:

The container ses/7/ceph/ceph was updated. The following patches have been included in this update:

The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update:

The container ses/6/rook/ceph was updated. The following patches have been included in this update:

The container ses/6/ceph/ceph was updated. The following patches have been included in this update:

The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update:

USN-4986-1 caused a regression in rpcbind.

libwebp could be made to crash or run programs as your login if it opened a specially crafted file.

rpcbind could be made to consume resources and crash if it received specially crafted network traffic.

Several security issues were fixed in Intel Microcode.

rpcbind could be made to consume resources and crash if it received specially crafted network traffic.

USN-4937-1 introduced a regression in GNOME Autoar.

USN-4969-1 introduced a regression in DHCP.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in Squid.

The system could be made to run programs as an administrator.

A vulnerability was discovered in lasso, a library for Liberty Alliance and SAML protocols, which results to a improper verification of a cryptographic signature.

rxvt, VT102 terminal emulator for the X Window System, allowed (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q).

mrxvt, lightweight multi-tabbed X terminal emulator, allowed (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q).

eterm, an enlightened terminal emulator, allowed (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q).

Jamie Landeg-Jones and Manfred Paul discovered a buffer overflow vulnerability in NGINX, a small, powerful, scalable web/proxy server. NGINX has a buffer overflow for years that exceed four digits, as demonstrated

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. In addition two security issues were addressed in the OpenPGP support.

An XXE vulnerability was found in Nokogiri, a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing

Multiple security issues have been discovered in libwebp CVE-2018-25009

Multiple security issues have been discovered in libwebp CVE-2018-25009

It was found that the fix for CVE-2020-25712 in the Xorg X server, addressed in DLA-2486-1, caused a regression in caribou, making it crash whenever special (shifted) characters were entered.

Jon Franklin and Pawel Wieczorkiewicz found an issue in the ISC DHCP client and server when parsing lease information, which could lead to denial of service via application crash.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Multiple security issues have been discovered in imagemagick. CVE-2020-27751

The package wireshark-cli before version 3.4.6-1 is vulnerable to denial of service.

The package kube-apiserver before version 1.21.1-1 is vulnerable to insufficient validation.

The package nettle before version 3.7.3-1 is vulnerable to denial of service.

The package isync before version 1.4.2-1 is vulnerable to arbitrary code execution.

The package python-websockets before version 9.1-1 is vulnerable to private key recovery.

The package python-urllib3 before version 1.26.5-1 is vulnerable to denial of service.

The package polkit before version 0.119-1 is vulnerable to privilege escalation.

The package apache before version 2.4.48-1 is vulnerable to denial of service.

The package thunderbird before version 78.11.0-1 is vulnerable to arbitrary code execution.

The package gitlab before version 13.12.2-1 is vulnerable to multiple issues including denial of service, information disclosure, access restriction bypass, authentication bypass, cross-site scripting and content spoofing.

The package inetutils before version 2.0-1 is vulnerable to arbitrary code execution.

The package keycloak before version 13.0.1-1 is vulnerable to incorrect calculation.

The package packagekit before version 1.2.3-1 is vulnerable to information disclosure.

The package rabbitmq before version 3.8.16-1 is vulnerable to denial of service.

The package pam-u2f before version 1.1.1-1 is vulnerable to authentication bypass.

The package postgresql before version 13.3-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

The package ruby-bundler before version 2.2.18-1 is vulnerable to insufficient validation.

The package zint before version 2.9.1-2 is vulnerable to arbitrary code execution.

The package redis before version 6.2.4-1 is vulnerable to arbitrary code execution.

The package dhcp before version 4.4.2.P1-1 is vulnerable to arbitrary code execution.

The package dhclient before version 4.4.2.P1-1 is vulnerable to arbitrary code execution.

The package lib32-libcurl-gnutls before version 7.77.0-1 is vulnerable to information disclosure.

The package libcurl-gnutls before version 7.77.0-1 is vulnerable to information disclosure.

The package lib32-libcurl-compat before version 7.77.0-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

The package libcurl-compat before version 7.77.0-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

The package lib32-curl before version 7.77.0-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

The package curl before version 7.77.0-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.

The package firefox before version 89.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, information disclosure and access restriction bypass.

The package chromium before version 91.0.4472.77-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, insufficient validation and content spoofing.

The package opera before version 76.0.4017.154-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, incorrect calculation and information disclosure.

libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011) * libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014) * libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgme [More...]

samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token (CVE-2021-20254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * smb.service stops when samba rpms are updated * samba printing dumps core --- SL7 x86_64 libsmbclient- [More...]

hivex: Buffer overflow when provided invalid node key length (CVE-2021-3504) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 hivex-1.3.10-6.11.el7_9.i686.rpm hivex-1.3.10-6.11.el7_9.x86_64.rpm hivex-debuginfo-1.3.10-6.11.el7_9.i686.rpm hivex-debuginfo-1.3.10-6.11.el7_9.x86_64.r [More...]

QEMU: ide: atapi: OOB access while processing read commands (CVE-2020-29443) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 qemu-img-1.5.3-175.el7_9.4.x86_64.rpm qemu-kvm-1.5.3-175.el7_9.4.x86_64.rpm qemu-kvm-common-1.5.3-175.el7_9.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-175.el7_ [More...]

389-ds-base: information disclosure during the binding of a DN (CVE-2020-35518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Add new access log keywords for time spent in work queue and actual operation time --- SL7 x86_64 389-ds-base-1.3.10.2-12.el7_9.x86_64.rpm 389-ds-ba [More...]

libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011) * libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 [More...]

This update upgrades Thunderbird to version 78.11.0. * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 (CVE-2021-29967) * Mozilla: Thunderbird stored OpenPGP secret keys without master password protection (CVE-2021-29956) * Mozilla: Partial protection of inline OpenPGP message not indicated (CVE-2021-29957) For more details about the security issue(s), including the imp [More...]

This update upgrades Firefox to version 78.11.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 (CVE-2021-29967) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - firefox-78.11.0-3.el7_9.i686.rpm - firefox-78.11.0-3.el7_9.x86_64.rpm - firefox-deb [More...]

An update that fixes one vulnerability is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has one errata is now available.

An update that solves one vulnerability and has one errata is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves 12 vulnerabilities and has 23 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes 21 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 11 vulnerabilities is now available.

An update that fixes 15 vulnerabilities is now available.

An update that fixes 15 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process (CVE-2021-3560). References: - https://bugs.mageia.org/show_bug.cgi?id=29076 - https://access.redhat.com/errata/RHSA-2021:2238

TELNET stack contents disclosure (CVE-2021-22898). References: - https://bugs.mageia.org/show_bug.cgi?id=28971 - https://curl.se/docs/CVE-2021-22898.html

The updated packages fix security vulnerabilities: Out of bounds-read when parsing a `WM_COPYDATA` message. (CVE-2021-29964) Memory safety bugs fixed in Thunderbird 78.11. (CVE-2021-29967)

The updated package fixes security vulnerabilities: A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. (CVE-2020-24119)

The updated packages fix security vulnerabilities: Heap-based buffer overflow in Jp2Image::readMetadata(). (CVE-2021-3482) Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata.

Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability (CVE-2020-28601).

Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability (CVE-2020-28601).

Updated squid packages fix security vulnerabilities: Due to improper input validation Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid

Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29967). This update also fixes:

Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file (CVE-2021-30145). References: - https://bugs.mageia.org/show_bug.cgi?id=29058 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/QVXB4F67QODLPKYBZX7SBXTE7ESGKGOD/

This update patches the vendored `smallvec` Rust crate in librsvg to fix a security vulnerability: The Iterator implementation mishandles destructors, leading to a double free (CVE-2021-25900). References:

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability (CVE-2021-20193). References: - https://bugs.mageia.org/show_bug.cgi?id=29049 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/XRDSUUE3LUKBDRLPB7GTT5QZRPV5J7O4/

Exponential entity expansion attack bypasses all existing protection mechanisms. (CVE-2021-3541). References: - https://bugs.mageia.org/show_bug.cgi?id=29039 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/NYSYJVWYEQHFG2TBIQJRJ5COUR5LNFJJ/

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier (CVE-2021-3448). This kind of configuration is the default when network-manager uses dnsmasq. References: - https://bugs.mageia.org/show_bug.cgi?id=29030

Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20.rc2 and earlier can lead to read and write arbitrary memory values (CVE-2021-20307). References: - https://bugs.mageia.org/show_bug.cgi?id=28997 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/JE6YZSXNVD6WZ3AG3ENL2DIHQFF24LYX/

An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well (CVE-2021-3520). References: - https://bugs.mageia.org/show_bug.cgi?id=28990 - https://www.debian.org/security/2021/dsa-4919

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. (CVE-2020-18032) References: - https://bugs.mageia.org/show_bug.cgi?id=28989 - https://www.debian.org/security/2021/dsa-4914

A remote user could create a specifically crafted file that could trigger some various issues. It is possible to trigger a remote code execution through a specifically crafted playlist, and tricking the user into interacting with that playlist elements. It is also possible to trigger read or write buffer overflows with some crafted files or by a MITM attack on the automatic updater

Updated libebml packages fix security vulnerabilities: Heap use-after-free when parsing malformed file. A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml (CVE-2021-3405).