Advisories

Linux Advisory Watch

Don't want to miss that crucial security notice?. The editorial staff at Guardian Digital will bring you complete coverage and in-depth
descriptions of all security bulletins, vulnerabilities and updated packages, all in one convenient weekly newsletter.

Linux Advisory Watch: March 12th, 2021

Linux Advisory Watch: March 12th, 2021

Thank you for subscribing to the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.

Important advisories issued this week include Python 3.10.0a6 security fixes released by Fedora and a warning from Debian regarding several vulnerabilities discovered in the Linux kernel that could lead to a privilege escalation, denial of service (DoS), or information leakage. Continue reading to learn about other significant advisories issued this week. Have a healthy, safe and secure weekend!

Yours in Open Source,

Brittany Day Signature


LinuxSecurity.com Feature Extras:

Have You Taken Our LinuxSecurity User Survey? - We're rebuilding our site and need your help! LinuxSecurity is currently undergoing a major overhaul and we would like your input. We invite you to share your thoughts, feedback and suggestions by taking a brief survey.

How Secure Is Linux? - This article will examine the key factors that contribute to the robust security of Linux, and evaluate the level of protection  against vulnerabilities and attacks that Linux offers admins and users.


  Fedora 32: python3.10 2021-2897f5366c (Mar 11)
 

Python 3.10.0a6. Security fix for CVE-2021-23336.

  Fedora 32: nodejs 2021-f6bd75e9d4 (Mar 11)
 

https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/

  Fedora 32: arm-none-eabi-newlib 2021-332fb9c796 (Mar 11)
 

- updated to 4.1.0

  Fedora 32: suricata 2021-6c7cfe2532 (Mar 11)
 

Various performance, accuracy and stability issues have been fixed.

  Fedora 33: python3.10 2021-b326fcb83f (Mar 11)
 

Python 3.10.0a6. Security fix for CVE-2021-23336.

  Fedora 33: nodejs 2021-a760169c3c (Mar 11)
 

https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/

  Fedora 33: arm-none-eabi-newlib 2021-267c08cc40 (Mar 11)
 

- updated to 4.1.0

  Fedora 33: suricata 2021-9747ed7427 (Mar 11)
 

Various performance, accuracy and stability issues have been fixed.

  Fedora 33: libtpms 2021-caf9e04ef1 (Mar 9)
 

tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue

  Fedora 33: privoxy 2021-5fb8bd8258 (Mar 9)
 

3.0.32

  Fedora 33: x11vnc 2021-93911302d6 (Mar 9)
 

This release fixes an insecure permissins of shared memory semgentes created by an x11vnc server. Previously the segments were readable and writable for any local user. Now they are accessible only to the user who executed the x11vnc server.

  Fedora 32: libtpms 2021-e0f390c951 (Mar 9)
 

tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue

  Fedora 32: privoxy 2021-85087f8a70 (Mar 9)
 

3.0.32

  Fedora 32: x11vnc 2021-c5b679877e (Mar 9)
 

This release fixes an insecure permissins of shared memory semgentes created by an x11vnc server. Previously the segments were readable and writable for any local user. Now they are accessible only to the user who executed the x11vnc server.

  Fedora 33: kernel 2021-a2d3ad5dda (Mar 8)
 

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: kernel-tools 2021-a2d3ad5dda (Mar 8)
 

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: kernel-headers 2021-a2d3ad5dda (Mar 8)
 

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: libebml 2021-aa78f97893 (Mar 8)
 

Fixed several heap overflow bugs in the `ReadData` functions of various data type classes. This fixes CVE-2021-3405.

  Fedora 32: kernel 2021-1db4ab0a3d (Mar 8)
 

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: kernel-tools 2021-1db4ab0a3d (Mar 8)
 

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: kernel-headers 2021-1db4ab0a3d (Mar 8)
 

The 5.10.20 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: firefox 2021-43088486b2 (Mar 8)
 

Stability update for hardware accelerated backend (mozbz#1694670). ---- New upstream version (86.0)

  Fedora 32: libebml 2021-9a0fff8455 (Mar 8)
 

Fixed several heap overflow bugs in the `ReadData` functions of various data type classes. This fixes CVE-2021-3405.

  Fedora 32: wpa_supplicant 2021-99cad2b81f (Mar 8)
 

Security fix for CVE-2021-27803

  Fedora 33: nagios 2021-5689072a7e (Mar 7)
 

Fix for CVE-2020-13977 BZ1849087 Require plugins needed for localhost monitoring (#1932297) Update to 4.4.6

  Fedora 32: nagios 2021-b5e897a2e5 (Mar 7)
 

Fix for CVE-2020-13977 BZ1849087 Require plugins needed for localhost monitoring (#1932297) Update to 4.4.6

  Fedora 34: firefox 2021-578907b183 (Mar 6)
 

Stability update for hardware accelerated backend (mozbz#1694670). ---- New upstream update (86.0). Should also fix some rendering issues in KDE in certain configurations. Depends on and cannot be pushed stable without https://bodhi.fedoraproject.org/updates/FEDORA-2021-bdc10e21fc .

  Fedora 32: zathura-pdf-mupdf 2021-d8e6f014e5 (Mar 5)
 

CVE-2021-3407

  Fedora 32: mupdf 2021-d8e6f014e5 (Mar 5)
 

CVE-2021-3407

  Fedora 32: python-PyMuPDF 2021-d8e6f014e5 (Mar 5)
 

CVE-2021-3407

  Fedora 33: ceph 2021-93ff9e9103 (Mar 5)
 

notes=Security fix for CVE-2020-27839, CVE-2020-25678 ceph 15.2.9 GA bugs=1892109,1900681,1901330,1906954 Note: Bodhi does not allow me to find/enter 1892109 or 1901330 in the Bugs section.

  Fedora 33: mupdf 2021-572bb0f886 (Mar 5)
 

CVE-2021-3407

  Fedora 33: python-PyMuPDF 2021-572bb0f886 (Mar 5)
 

CVE-2021-3407

  Fedora 33: zathura-pdf-mupdf 2021-572bb0f886 (Mar 5)
 

CVE-2021-3407

  Fedora 33: screen 2021-9107eeb95c (Mar 4)
 

Security update for CVE-2021-26937

  Fedora 33: isync 2021-ef8c2acfce (Mar 4)
 

Update to latest upstream release 1.4.1 (#1931574)

  Fedora 33: openvswitch 2021-fba11d37ee (Mar 4)
 

Updated OVS to 2.15 and DPDK to 20.11

  Fedora 33: dpdk 2021-fba11d37ee (Mar 4)
 

Updated OVS to 2.15 and DPDK to 20.11

  Fedora 32: 389-ds-base 2021-dc1a4934a5 (Mar 4)
 

- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions

  Fedora 32: dogtag-pki 2021-dc1a4934a5 (Mar 4)
 

- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions

  Fedora 32: freeipa 2021-dc1a4934a5 (Mar 4)
 

- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions

  Fedora 32: pki-core 2021-dc1a4934a5 (Mar 4)
 

- 389-ds fixes an information disclosure during unsuccessful LDAP BIND operation, CVE-2020-35518 - Dogtag PKI adopted to work with 389-ds with the fix - FreeIPA rebuilt to require new Dogtag and 389-ds versions

  RedHat: RHSA-2021-0811:01 Low: Red Hat Integration Tech-Preview 3 Camel K (Mar 11)
 

An update to the Camel K operator image for Red Hat Integration tech-preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact

  RedHat: RHSA-2021-0809:01 Important: wpa_supplicant security update (Mar 11)
 

An update for wpa_supplicant is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0713:01 Low: OpenShift Container Platform 4.5.34 packages (Mar 10)
 

Red Hat OpenShift Container Platform release 4.5.34 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.5.

  RedHat: RHSA-2021-0808:01 Important: wpa_supplicant security update (Mar 10)
 

An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0799:01 Moderate: OpenShift Virtualization 2.6.0 security (Mar 10)
 

An update is now available for RHEL-8-CNV-2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-0794:01 Important: .NET 5.0 on Red Hat Enterprise Linux (Mar 9)
 

An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0793:01 Important: .NET Core on RHEL 8 security and (Mar 9)
 

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-0787:01 Important: .NET Core 2.1 on Red Hat Enterprise (Mar 9)
 

An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0789:01 Important: .NET Core 3.1 on Red Hat Enterprise (Mar 9)
 

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0788:01 Important: dotnet security and bugfix update (Mar 9)
 

An update for .NET Core 2.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0790:01 Important: dotnet3.1 security and bugfix update (Mar 9)
 

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0780:01 Important: Red Hat Ansible Tower 3.8.2-1 - (Mar 9)
 

Red Hat Ansible Tower 3.8.2-1 - Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-0778:01 Important: Red Hat Ansible Tower 3.6.7-1 - (Mar 9)
 

Red Hat Ansible Tower 3.6.7-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0779:01 Important: Red Hat Ansible Tower 3.7.5-1 - (Mar 9)
 

Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0781:01 Moderate: Red Hat Ansible Automation Platform (Mar 9)
 

An update is now available for Red Hat Ansible Automation Platform 1.2.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0765:01 Important: kernel security, bug fix, (Mar 9)
 

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0771:01 Low: virt:rhel and virt-devel:rhel security update (Mar 9)
 

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0774:01 Important: kernel-rt security and bug fix update (Mar 9)
 

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0763:01 Important: kpatch-patch security update (Mar 9)
 

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0760:01 Moderate: kernel security and bug fix update (Mar 9)
 

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  RedHat: RHSA-2021-0758:01 Moderate: nss-softokn security update (Mar 9)
 

An update for nss-softokn is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  RedHat: RHSA-2021-0759:01 Moderate: curl security update (Mar 9)
 

An update for curl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  RedHat: RHSA-2021-0761:01 Moderate: python security update (Mar 9)
 

An update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  RedHat: RHSA-2021-0744:01 Important: nodejs:14 security and bug fix update (Mar 8)
 

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0742:01 Important: screen security update (Mar 8)
 

An update for screen is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-0740:01 Important: nodejs:12 security update (Mar 8)
 

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0738:01 Important: nodejs:10 security update (Mar 8)
 

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0741:01 Important: nodejs:10 security update (Mar 8)
 

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0739:01 Important: nodejs:12 security update (Mar 8)
 

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0743:01 Important: virt:8.2 and virt-devel:8.2 security (Mar 8)
 

An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0736:01 Critical: java-1.8.0-ibm security update (Mar 4)
 

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0735:01 Important: nodejs:10 security update (Mar 4)
 

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0734:01 Important: nodejs:12 security update (Mar 4)
 

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0733:01 Critical: java-1.7.1-ibm security update (Mar 4)
 

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0727:01 Important: bind security update (Mar 4)
 

An update for bind is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  Slackware: 2021-070-01: git Security Update (Mar 11)
 

New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

  SUSE: 2021:76-1 ses/7/rook/ceph Security Update (Mar 12)
 

The container ses/7/rook/ceph was updated. The following patches have been included in this update:

  SUSE: 2021:75-1 ses/7/cephcsi/csi-snapshotter Security Update (Mar 12)
 

The container ses/7/cephcsi/csi-snapshotter was updated. The following patches have been included in this update:

  SUSE: 2021:74-1 ses/7/cephcsi/csi-resizer Security Update (Mar 12)
 

The container ses/7/cephcsi/csi-resizer was updated. The following patches have been included in this update:

  SUSE: 2021:73-1 ses/7/cephcsi/csi-provisioner Security Update (Mar 12)
 

The container ses/7/cephcsi/csi-provisioner was updated. The following patches have been included in this update:

  SUSE: 2021:72-1 ses/7/cephcsi/csi-node-driver-registrar Security Update (Mar 12)
 

The container ses/7/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update:

  SUSE: 2021:71-1 ses/7/cephcsi/csi-attacher Security Update (Mar 12)
 

The container ses/7/cephcsi/csi-attacher was updated. The following patches have been included in this update:

  SUSE: 2021:69-1 ses/7/cephcsi/cephcsi Security Update (Mar 12)
 

The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update:

  SUSE: 2021:67-1 suse/sle-micro/5.0/toolbox Security Update (Mar 11)
 

The container suse/sle-micro/5.0/toolbox was updated. The following patches have been included in this update:

  SUSE: 2021:416-1 suse-sles-15-sp2-chost-byos-v20210304-hvm-ssd-x86_64 Security Update (Mar 10)
 

The container suse-sles-15-sp2-chost-byos-v20210304-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

  SUSE: 2021:415-1 suse-sles-15-sp2-chost-byos-v20210304-gen2 Security Update (Mar 10)
 

The container suse-sles-15-sp2-chost-byos-v20210304-gen2 was updated. The following patches have been included in this update:

  SUSE: 2021:414-1 sles-15-sp2-chost-byos-v20210304 Security Update (Mar 10)
 

The container sles-15-sp2-chost-byos-v20210304 was updated. The following patches have been included in this update:

  SUSE: 2021:413-1 sles-15-sp1-chost-byos-v20210304 Security Update (Mar 10)
 

The container sles-15-sp1-chost-byos-v20210304 was updated. The following patches have been included in this update:

  SUSE: 2021:412-1 suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64 Security Update (Mar 10)
 

The container suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

  SUSE: 2021:411-1 suse-sles-15-sp1-chost-byos-v20210304-gen2 Security Update (Mar 10)
 

The container suse-sles-15-sp1-chost-byos-v20210304-gen2 was updated. The following patches have been included in this update:

  SUSE: 2021:410-1 suse-sles-15-chost-byos-v20210304-hvm-ssd-x86_64 Security Update (Mar 10)
 

The container suse-sles-15-chost-byos-v20210304-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

  SUSE: 2021:66-1 suse/sle15 Security Update (Mar 10)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:65-1 suse/sle15 Security Update (Mar 10)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:64-1 suse/sle15 Security Update (Mar 9)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:63-1 suse/sle15 Security Update (Mar 9)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:62-1 suse/sles12sp5 Security Update (Mar 9)
 

The container suse/sles12sp5 was updated. The following patches have been included in this update:

  SUSE: 2021:61-1 suse/sles12sp5 Security Update (Mar 4)
 

The container suse/sles12sp5 was updated. The following patches have been included in this update:

  Debian LTS: DLA-2589-1: mupdf security update (Mar 11)
 

CVE-2020-26519 A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of

  Debian LTS: DLA-2588-1: zeromq3 security update (Mar 10)
 

Two security issues have been detected in zeromq3. CVE-2021-20234

  Debian LTS: DLA-2587-1: privoxy security update (Mar 9)
 

Multiple vulnerabilites were discovered in privoxy, a web proxy with advanced filtering capabilities. CVE-2021-20272

  Debian LTS: DLA-2586-1: linux security update (Mar 9)
 

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

  Debian LTS: DLA-2553-2: xcftools regression update (Mar 8)
 

The patch to address CVE-2019-5086 and CVE-2019-5087 was not portable and did not work on 32 bit processor architectures. This update fixes the problem. For reference, the original advisory text follows.

  Debian LTS: DLA-2585-1: libupnp security update (Mar 7)
 

libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.

  Debian LTS: DLA-2584-1: libcaca security update (Mar 7)
 

A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.

  Debian LTS: DLA-2583-1: activemq security update (Mar 5)
 

Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709

  Debian LTS: DLA-2582-1: mqtt-client security update (Mar 5)
 

A vulnerability was discovered in mqtt-client wher unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

  SciLinux: SLSA-2021-0808-1 Important: wpa_supplicant on SL7.x x86_64 (Mar 11)
 

wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 wpa_supplicant-2.6-12.el7_9.2.x86_64.rpm wpa_supplicant-debuginfo-2.6-12.el7_9.2.x86_64.rpm - Scientific Linux Development Team

  SciLinux: SLSA-2021-0742-1 Important: screen on SL7.x x86_64 (Mar 8)
 

screen: crash when processing combining chars (CVE-2021-26937) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 screen-4.1.0-0.27.20120314git3c2946.el7_9.x86_64.rpm screen-debuginfo-4.1.0-0.27.20120314git3c2946.el7_9.x86_64.rpm - Scientific Linux Development Team

  openSUSE: 2021:0401-1 important: chromium (Mar 9)
 

An update that fixes 42 vulnerabilities is now available.

  openSUSE: 2021:0397-1 moderate: mbedtls (Mar 9)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0393-1 important: the Linux Kernel (Mar 8)
 

An update that solves 9 vulnerabilities and has 115 fixes is now available.

  openSUSE: 2021:0392-1 important: chromium (Mar 8)
 

An update that fixes 42 vulnerabilities is now available.

  openSUSE: 2021:0389-1 moderate: nodejs8 (Mar 6)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0390-1 moderate: gnome-autoar (Mar 6)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0386-1 important: bind (Mar 5)
 

An update that contains security fixes can now be installed.

  openSUSE: 2021:0387-1 important: MozillaThunderbird (Mar 5)
 

An update that fixes four vulnerabilities is now available.

  openSUSE: 2021:0384-1 moderate: mbedtls (Mar 5)
 

An update that fixes one vulnerability is now available.

  Mageia 2021-0132: ansible security update (Mar 11)
 

User data leak in snmp_facts module (CVE-2021-20178). The bitbucket_pipeline_variable module exposed secured values (CVE-2021-20180).

  Mageia 2021-0131: ansible security update (Mar 11)
 

User data leak in snmp_facts module (CVE-2021-20178). Multiple collections exposed secured values (CVE-2021-20191). In basic.py, no_log with fallback option (CVE-2021-20228). The ansible package has been patched to fix these issues.

  Mageia 2021-0130: roundcubemail security update (Mar 11)
 

This update fixes cross-site scripting (XSS) via HTML messages with malicious CSS content (CVE-2021-26925). References: - https://bugs.mageia.org/show_bug.cgi?id=28387

  Mageia 2021-0129: python-cryptography security update (Mar 11)
 

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow (CVE-2020-36242). References:

  Mageia 2021-0128: libcaca security update (Mar 11)
 

A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context (CVE-2021-3410). References: - https://bugs.mageia.org/show_bug.cgi?id=28556

  Mageia 2021-0127: gnuplot security update (Mar 11)
 

Double free when executing print_set_output() (CVE-2020-25559). Additionally, a missing require for gnuplot has been added to gnuplot-qt package.

  Mageia 2021-0126: ceph security update (Mar 11)
 

A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard with passwords visible. The highest threat from this vulnerability is to confidentiality (CVE-2020-25678).

  Mageia 2021-0125: mumble security update (Mar 11)
 

Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text (CVE-2021-27229). References:

  Mageia 2021-0124: ruby-mechanize security update (Mar 11)
 

In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability. Affected versions of Mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel#open method (CVE-2021-21289).

  Mageia 2021-0123: glib2.0 security update (Mar 11)
 

* Fix various instances within GLib where `g_memdup()` was vulnerable to a silent integer truncation and heap overflow problem (discovered by Kevin Backhouse, work by Philip Withnall) (#2319) * Fix some issues with handling over-long (invalid) input when parsing for

  Mageia 2021-0122: python-httplib2 security update (Mar 11)
 

A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server (CVE-2021-21240). References:

  Mageia 2021-0121: postgresql security update (Mar 11)
 

A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message (CVE-2021-3393). A user having a SELECT privilege on an individual column can craft a special

  Mageia 2021-0120: firejail security update (Mar 11)
 

Roman Fiedler discovered a vulnerability in the OverlayFS code in firejail, which could result in root privilege escalation. This update disables OverlayFS support in firejail (CVE-2021-26910). References:

  Mageia 2021-0119: python-yaml security update (Mar 11)
 

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the

  Mageia 2021-0118: openssh security update (Mar 11)
 

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client) (CVE-2020-14145).

  Mageia 2021-0117: kernel security update (Mar 7)
 

This kernel update is based on upstream 5.10.20 and fixes atleast the following security issues: An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of

  Mageia 2021-0116: cups security update (Mar 7)
 

The updated cups packages fix security vulnerability: Out-of-bounds read in the ippReadIO function (CVE-2020-10001). References: - https://bugs.mageia.org/show_bug.cgi?id=28277

  Mageia 2021-0115: pngcheck security update (Mar 5)
 

This update fixes a buffer-overrun bug related to the MNG LOOP chunk (which gets noticed even in PNG files if the -s option is used). (RHBZ#1908559). It also fixes a buffer overrun for certain invalid MNG PPLT chunk contents.

  Mageia 2021-0114: python-pygments security update (Mar 5)
 

Infinite loop in SML lexer may lead to DoS. When the SMLLexer gets fed the string "exception" it seems to loop indefinitely (rhbz#1922136). References: - https://bugs.mageia.org/show_bug.cgi?id=28319

  Mageia 2021-0113: jasper security update (Mar 4)
 

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components (CVE-2021-3272). A flaw was found in jasper. An out of bounds read issue was found in jp2_decode

  Mageia 2021-0112: xpdf security update (Mar 4)
 

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font (CVE-2020-25725).

  Mageia 2021-0111: gnome-autoar security update (Mar 4)
 

Yiit Can Ylmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution (CVE-2020-36241).

  Mageia 2021-0110: bind security update (Mar 4)
 

A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, which could result in denial of service (daemon crash), or potentially the execution of arbitrary code (CVE-2020-8625).

  Mageia 2021-0109: screen security update (Mar 4)
 

Felix Weinmann reported a flaw in the handling of combining characters in screen, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence (CVE-2021-26937).

  Mageia 2021-0108: openssl and compat-openssl10 security update (Mar 4)
 

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service (CVE-2021-23840). Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer

  Mageia 2021-0107: webkit2 security update (Mar 4)
 

The webkit2 package has been updated to version 2.30.5, fixing several security issues and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=28370

  Mageia 2021-0106: chromium-browser-stable security update (Mar 4)
 

The updated packages fix security vulnerabilities. References: - https://bugs.mageia.org/show_bug.cgi?id=28369 - https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html

  Mageia 2021-0105: openldap security update (Mar 4)
 

It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2020-36221). It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A

  Mageia 2021-0104: nonfree firmware security update (Mar 4)
 

Updated nonfree firmwares fixees various issues, adds new / improved hardware support and fixes atleast the following security issue: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to

  Mageia 2021-0103: nonfree firmware security update (Mar 4)
 

Updated nonfree firmwares fixees various issues, adds new / improved hardware support and fixes atleast the following security issue: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to

  Mageia 2021-0102: kernel-linus security update (Mar 4)
 

This kernel-linus update is based on upstream 5.10.19 and fixes atleast the following security issues: An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant

  Mageia 2021-0101: kernel security update (Mar 4)
 

This kernel update is based on upstream 5.10.19 and fixes atleast the following security issues: An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant

  Mageia 2021-0100: kernel-linus security update (Mar 4)
 

This kernel-linus update is based on upstream 5.10.19 and fixes atleast the following security issues: There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y, CONFIG_BPF=y,

  Mageia 2021-0099: kernel security update (Mar 4)
 

This kernel update is based on upstream 5.10.19 and fixes atleast the following security issues: There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y, CONFIG_BPF=y,

  Mageia 2021-0098: libtiff security update (Mar 4)
 

The updated libtiff packages fix security vulnerabilities: - Integer overflow in tif_getimage.c (CVE-2020-35523). - Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524). References:

  Mageia 2021-0097: firefox security update (Mar 4)
 

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs (CVE-2021-23968).

  Mageia 2021-0096: thunderbird security update (Mar 4)
 

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs (CVE-2021-23968).

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.