Linux Advisory Watch: March 12th, 2021

Python 3.10.0a6. Security fix for CVE-2021-23336.

https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/

- updated to 4.1.0

Various performance, accuracy and stability issues have been fixed.

Python 3.10.0a6. Security fix for CVE-2021-23336.

https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/

- updated to 4.1.0

Various performance, accuracy and stability issues have been fixed.

tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue

3.0.32

This release fixes an insecure permissins of shared memory semgentes created by an x11vnc server. Previously the segments were readable and writable for any local user. Now they are accessible only to the user who executed the x11vnc server.

tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue

3.0.32

This release fixes an insecure permissins of shared memory semgentes created by an x11vnc server. Previously the segments were readable and writable for any local user. Now they are accessible only to the user who executed the x11vnc server.

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

Fixed several heap overflow bugs in the `ReadData` functions of various data type classes. This fixes CVE-2021-3405.

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

Stability update for hardware accelerated backend (mozbz#1694670). ---- New upstream version (86.0)

Fixed several heap overflow bugs in the `ReadData` functions of various data type classes. This fixes CVE-2021-3405.

Security fix for CVE-2021-27803

Fix for CVE-2020-13977 BZ1849087 Require plugins needed for localhost monitoring (#1932297) Update to 4.4.6

Fix for CVE-2020-13977 BZ1849087 Require plugins needed for localhost monitoring (#1932297) Update to 4.4.6

Stability update for hardware accelerated backend (mozbz#1694670). ---- New upstream update (86.0). Should also fix some rendering issues in KDE in certain configurations. Depends on and cannot be pushed stable without https://bodhi.fedoraproject.org/updates/FEDORA-2021-bdc10e21fc .

CVE-2021-3407

CVE-2021-3407

CVE-2021-3407

notes=Security fix for CVE-2020-27839, CVE-2020-25678 ceph 15.2.9 GA bugs=1892109,1900681,1901330,1906954 Note: Bodhi does not allow me to find/enter 1892109 or 1901330 in the Bugs section.

CVE-2021-3407

CVE-2021-3407

CVE-2021-3407

Security update for CVE-2021-26937

Update to latest upstream release 1.4.1 (#1931574)

Updated OVS to 2.15 and DPDK to 20.11

Updated OVS to 2.15 and DPDK to 20.11

- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions

- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions

- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions

- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions

An update to the Camel K operator image for Red Hat Integration tech-preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact

An update for wpa_supplicant is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat OpenShift Container Platform release 4.5.34 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.5.

An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for RHEL-8-CNV-2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for .NET Core 2.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat Ansible Tower 3.8.2-1 - Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

Red Hat Ansible Tower 3.6.7-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which

Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which

An update is now available for Red Hat Ansible Automation Platform 1.2.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

An update for nss-softokn is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

An update for curl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

An update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for screen is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for bind is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

The container ses/7/rook/ceph was updated. The following patches have been included in this update:

The container ses/7/cephcsi/csi-snapshotter was updated. The following patches have been included in this update:

The container ses/7/cephcsi/csi-resizer was updated. The following patches have been included in this update:

The container ses/7/cephcsi/csi-provisioner was updated. The following patches have been included in this update:

The container ses/7/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update:

The container ses/7/cephcsi/csi-attacher was updated. The following patches have been included in this update:

The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update:

The container suse/sle-micro/5.0/toolbox was updated. The following patches have been included in this update:

The container suse-sles-15-sp2-chost-byos-v20210304-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

The container suse-sles-15-sp2-chost-byos-v20210304-gen2 was updated. The following patches have been included in this update:

The container sles-15-sp2-chost-byos-v20210304 was updated. The following patches have been included in this update:

The container sles-15-sp1-chost-byos-v20210304 was updated. The following patches have been included in this update:

The container suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

The container suse-sles-15-sp1-chost-byos-v20210304-gen2 was updated. The following patches have been included in this update:

The container suse-sles-15-chost-byos-v20210304-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sles12sp5 was updated. The following patches have been included in this update:

The container suse/sles12sp5 was updated. The following patches have been included in this update:

CVE-2020-26519 A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of

Two security issues have been detected in zeromq3. CVE-2021-20234

Multiple vulnerabilites were discovered in privoxy, a web proxy with advanced filtering capabilities. CVE-2021-20272

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

The patch to address CVE-2019-5086 and CVE-2019-5087 was not portable and did not work on 32 bit processor architectures. This update fixes the problem. For reference, the original advisory text follows.

libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.

Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709

A vulnerability was discovered in mqtt-client wher unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 wpa_supplicant-2.6-12.el7_9.2.x86_64.rpm wpa_supplicant-debuginfo-2.6-12.el7_9.2.x86_64.rpm - Scientific Linux Development Team

screen: crash when processing combining chars (CVE-2021-26937) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 screen-4.1.0-0.27.20120314git3c2946.el7_9.x86_64.rpm screen-debuginfo-4.1.0-0.27.20120314git3c2946.el7_9.x86_64.rpm - Scientific Linux Development Team

An update that fixes 42 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 9 vulnerabilities and has 115 fixes is now available.

An update that fixes 42 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that contains security fixes can now be installed.

An update that fixes four vulnerabilities is now available.

An update that fixes one vulnerability is now available.

User data leak in snmp_facts module (CVE-2021-20178). The bitbucket_pipeline_variable module exposed secured values (CVE-2021-20180).

User data leak in snmp_facts module (CVE-2021-20178). Multiple collections exposed secured values (CVE-2021-20191). In basic.py, no_log with fallback option (CVE-2021-20228). The ansible package has been patched to fix these issues.

This update fixes cross-site scripting (XSS) via HTML messages with malicious CSS content (CVE-2021-26925). References: - https://bugs.mageia.org/show_bug.cgi?id=28387

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow (CVE-2020-36242). References:

A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context (CVE-2021-3410). References: - https://bugs.mageia.org/show_bug.cgi?id=28556

Double free when executing print_set_output() (CVE-2020-25559). Additionally, a missing require for gnuplot has been added to gnuplot-qt package.

A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard with passwords visible. The highest threat from this vulnerability is to confidentiality (CVE-2020-25678).

Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text (CVE-2021-27229). References:

In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability. Affected versions of Mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel#open method (CVE-2021-21289).

* Fix various instances within GLib where `g_memdup()` was vulnerable to a silent integer truncation and heap overflow problem (discovered by Kevin Backhouse, work by Philip Withnall) (#2319) * Fix some issues with handling over-long (invalid) input when parsing for

A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server (CVE-2021-21240). References:

A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message (CVE-2021-3393). A user having a SELECT privilege on an individual column can craft a special

Roman Fiedler discovered a vulnerability in the OverlayFS code in firejail, which could result in root privilege escalation. This update disables OverlayFS support in firejail (CVE-2021-26910). References:

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client) (CVE-2020-14145).

This kernel update is based on upstream 5.10.20 and fixes atleast the following security issues: An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of

The updated cups packages fix security vulnerability: Out-of-bounds read in the ippReadIO function (CVE-2020-10001). References: - https://bugs.mageia.org/show_bug.cgi?id=28277

This update fixes a buffer-overrun bug related to the MNG LOOP chunk (which gets noticed even in PNG files if the -s option is used). (RHBZ#1908559). It also fixes a buffer overrun for certain invalid MNG PPLT chunk contents.

Infinite loop in SML lexer may lead to DoS. When the SMLLexer gets fed the string "exception" it seems to loop indefinitely (rhbz#1922136). References: - https://bugs.mageia.org/show_bug.cgi?id=28319

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components (CVE-2021-3272). A flaw was found in jasper. An out of bounds read issue was found in jp2_decode

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font (CVE-2020-25725).

Yiit Can Ylmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution (CVE-2020-36241).

A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, which could result in denial of service (daemon crash), or potentially the execution of arbitrary code (CVE-2020-8625).

Felix Weinmann reported a flaw in the handling of combining characters in screen, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence (CVE-2021-26937).

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service (CVE-2021-23840). Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer

The webkit2 package has been updated to version 2.30.5, fixing several security issues and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=28370

The updated packages fix security vulnerabilities. References: - https://bugs.mageia.org/show_bug.cgi?id=28369 - https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html

It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2020-36221). It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A

Updated nonfree firmwares fixees various issues, adds new / improved hardware support and fixes atleast the following security issue: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to

Updated nonfree firmwares fixees various issues, adds new / improved hardware support and fixes atleast the following security issue: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to

This kernel-linus update is based on upstream 5.10.19 and fixes atleast the following security issues: An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant

This kernel update is based on upstream 5.10.19 and fixes atleast the following security issues: An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant

This kernel-linus update is based on upstream 5.10.19 and fixes atleast the following security issues: There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y, CONFIG_BPF=y,

This kernel update is based on upstream 5.10.19 and fixes atleast the following security issues: There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y, CONFIG_BPF=y,

The updated libtiff packages fix security vulnerabilities: - Integer overflow in tif_getimage.c (CVE-2020-35523). - Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524). References:

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs (CVE-2021-23968).

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs (CVE-2021-23968).