Advisories

Linux Advisory Watch

Don't want to miss that crucial security notice?. The editorial staff at Guardian Digital will bring you complete coverage and in-depth
descriptions of all security bulletins, vulnerabilities and updated packages, all in one convenient weekly newsletter.

Linux Advisory Watch: March 26th, 2021

Linux Advisory Watch: March 26th, 2021

Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.

Important advisories issued this week include a warnings from Debian of multiple security issues discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure, and a Fedora 5.11.8 stable kernel update which contains a number of important fixes across the tree. Continue reading to learn about other significant advisories issued this week. Stay healthy, safe and secure - both on and offline!

 

Yours in Open Source,

Brittany Day Signature


LinuxSecurity.com Feature Extras:

LinuxSecurity User Survey Results: How Do You Compare? - Wondering how you compare to other LinuxSecurity users? Want to get to know your fellow community members better? If so, be sure to check out this summary of our User Survey results.

How Secure Is Linux? - This article will examine the key factors that contribute to the robust security of Linux, and evaluate the level of protection  against vulnerabilities and attacks that Linux offers administrators and users.


  Debian: DSA-4876-1: thunderbird security update (Mar 25)
 

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For the stable distribution (buster), these problems have been fixed in

  Debian: DSA-4875-1: openssl security update (Mar 25)
 

A NULL pointer dereference was found in the signature_algorithms processing in OpenSSL, a Secure Sockets Layer toolkit, which could result in denial of service.

  Debian: DSA-4874-1: firefox-esr security update (Mar 24)
 

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing attacks.

  Debian: DSA-4873-1: squid security update (Mar 23)
 

Jianjun Chen discovered that the Squid proxy caching server was susceptible to HTTP request smuggling. For the stable distribution (buster), this problem has been fixed in

  Debian: DSA-4872-1: shibboleth-sp security update (Mar 18)
 

Toni Huttunen discovered that the Shibboleth service provider's template engine used to render error pages could be abused for phishing attacks. For additional information please refer to the upstream advisory at

  Fedora 32: jasper 2021-26cb56b3cb (Mar 24)
 

Security update for CVE-2021-3443 ---- New upstream release 2.0.26

  Fedora 34: qt 2021-613052e94d (Mar 24)
 

An out of bounds read in function QRadialFetchSimd from crafted svg file may lead to information disclosure or other potential consequences. This update includes the backported upstream fix and should resolve the security issue.

  Fedora 34: qt5-qtsvg 2021-a95a40b78b (Mar 24)
 

An out of bounds read in function QRadialFetchSimd from crafted svg file may lead to information disclosure or other potential consequences. This update includes the backported upstream fix and should resolve the security issue.

  Fedora 33: kernel 2021-e49da8a226 (Mar 23)
 

The 5.11.8 stable kernel update contains a number of important fixes across the tree.

  Fedora 33: jasper 2021-51b2657092 (Mar 23)
 

Security update for CVE-2021-3443 ---- New upstream release 2.0.26

  Fedora 34: kernel 2021-f0181b8085 (Mar 23)
 

The 5.11.8 stable kernel update contains a number of important fixes across the tree.

  Fedora 34: nettle 2021-dc225f3f65 (Mar 23)
 

This updates nettle to the upstream 3.7.2 release, with a security fix in ECDSA signature verification: https://lists.lysator.liu.se/pipermail/nettle- bugs/2021/009458.html

  Fedora 34: gnutls 2021-18bef34f05 (Mar 23)
 

Update to the upstream 3.7.1 release, which includes fixes for CVE-2021-20231 and CVE-2021-20232, fipscheck build-dep removal, and TLS 1.3 middlebox compatibility mode fixes. ---- Fix cert chain verification if it contains duplicate certs.

  Fedora 33: dotnet5.0 2021-1b22f31541 (Mar 22)
 

This is the monthly .NET update for March 2021. Release notes: https://github.com/dotnet/core/blob/main/release-notes/5.0/5.0.4/5.0.4.md This update also contains fixes for CVE-2021-26701.

  Fedora 33: moodle 2021-431b232659 (Mar 22)
 

Fixes for multiple CVEs

  Fedora 33: radare2 2021-f3ebd7554c (Mar 22)
 

Update to version 5.1.1. Security fix for CVE-CVE-2020-16269 and CVE-2020-17487

  Fedora 32: moodle 2021-50f63a0161 (Mar 22)
 

Fixes for multiple CVEs

  Fedora 34: CGAL 2021-0d42c7cb33 (Mar 22)
 

New upstream release CGAL-5.2.1. Security fix for CVE-2020-28601, CVE-2020-28636, CVE-2020-35628, CVE-2020-35636.

  Fedora 34: kde-settings 2021-f68a5a75ba (Mar 22)
 

New upstream release (#1934336), include user ssh-agent.service (#1761817)

  Fedora 34: dotnet3.1 2021-e2d218afe6 (Mar 21)
 

This is the monthly .NET Core 3.1 update for March 2021. Release notes: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.13/3.1.13.md This update includes a fix for CVE-2021-26701: .NET Core Remote Code Execution Vulnerability

  Fedora 34: dotnet5.0 2021-904d0bd496 (Mar 21)
 

This is the monthly .NET update for March 2021. Release notes: https://github.com/dotnet/core/blob/main/release-notes/5.0/5.0.4/5.0.4.md This update also contains fixes for CVE-2021-26701.

  Fedora 34: varnish-modules 2021-2ad352ec70 (Mar 21)
 

- New upstream release - Switched back to original varnish github upstream, as it has catched up - Includes fix for CVE-2021-28543 denial of service attack, VSV00006, bz#1939669

  Fedora 33: glib2 2021-a1f51fc418 (Mar 21)
 

glib 2.66.8 release, fixing a security issue when using `g_file_replace()` with `G_FILE_CREATE_REPLACE_DESTINATION`.

  Fedora 32: kernel 2021-14f6642aa6 (Mar 20)
 

The 5.11.7 stable kernel update contains a number if important fixes across the tree. ---- The 5.10.23 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: kernel-headers 2021-14f6642aa6 (Mar 20)
 

The 5.11.7 stable kernel update contains a number if important fixes across the tree. ---- The 5.10.23 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: kernel-tools 2021-14f6642aa6 (Mar 20)
 

The 5.11.7 stable kernel update contains a number if important fixes across the tree. ---- The 5.10.23 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: pki-core 2021-344dd24c84 (Mar 19)
 

Fix CVE-2021-20179: Unprivileged users can renew any certificate

  Fedora 33: kernel 2021-bb755ed5e3 (Mar 19)
 

The 5.11.7 stable kernel update contains a number if important fixes across the tree.

  Fedora 33: kernel-headers 2021-bb755ed5e3 (Mar 19)
 

The 5.11.7 stable kernel update contains a number if important fixes across the tree.

  Fedora 33: kernel-tools 2021-bb755ed5e3 (Mar 19)
 

The 5.11.7 stable kernel update contains a number if important fixes across the tree.

  Fedora 33: pki-core 2021-6c412a4601 (Mar 19)
 

Fix CVE-2021-20179: unprivileged users can renew any certificate

  Fedora 34: kernel-tools 2021-90083c9c0f (Mar 19)
 

The 5.11.7 stable kernel update contains a number if important fixes across the tree.

  Fedora 34: kernel 2021-90083c9c0f (Mar 19)
 

The 5.11.7 stable kernel update contains a number if important fixes across the tree.

  Fedora 34: kernel-headers 2021-90083c9c0f (Mar 19)
 

The 5.11.7 stable kernel update contains a number if important fixes across the tree.

  Fedora 34: tali 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: tracker3 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: tracker3-miners 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: yelp-xsl 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: yelp-tools 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: pyatspi 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: orca 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: nautilus 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: lightsoff 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: swell-foop 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: sysprof 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnote 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-user-docs 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gvfs 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gobject-introspection 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gsettings-desktop-schemas 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gtk4 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-screenshot 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-settings-daemon 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-software 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-system-monitor 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-maps 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-mines 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-music 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-online-accounts 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-online-miners 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-disk-utility 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-initial-setup 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-calculator 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-calendar 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-control-center 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-desktop3 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-devel-docs 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: glib2 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: glib-networking 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-builder 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gdm 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-autoar 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-backgrounds 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: gnome-boxes 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: dconf 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: epiphany 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: eog 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: evolution 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: evolution-ews 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: evolution-data-server 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: evolution-mapi 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: at-spi2-core 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: almanah 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: adwaita-icon-theme 2021-303f6623fa (Mar 19)
 

GNOME 40.rc

  Fedora 34: powerdevil 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: polkit-kde 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: xdg-desktop-portal-kde 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: sddm-kcm 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: qqc2-breeze-style 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-systemmonitor 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plymouth-theme-breeze 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-thunderbolt 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-workspace-wallpapers 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-vault 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-sdk 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-systemsettings 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-pa 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-workspace 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plymouth-kcm 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-desktop 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-firewall 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-integration 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-nm 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-oxygen 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-drkonqi 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-milou 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-disks 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: libksysguard 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: pam-kwallet 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-browser-integration 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: plasma-breeze 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kwayland-server 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kwrited 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kwayland-integration 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: libkscreen-qt5 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kwin 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kde-gtk-config 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kinfocenter 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kgamma 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kscreenlocker 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: khotkeys 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kscreen 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: ksysguard 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kmenuedit 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: ksshaskpass 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kdeplasma-addons 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: bluedevil 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kdecoration 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: grub2-breeze-theme 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: breeze-gtk 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kactivitymanagerd 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: kde-cli-tools 2021-85c9774673 (Mar 19)
 

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117

  Fedora 34: jasper 2021-9dd5090469 (Mar 19)
 

Security update for CVE-2021-3443

  Fedora 34: upx 2021-acfb7be76e (Mar 19)
 

Fix for CVE-2021-20285

  Fedora 34: dogtag-pki 2021-c0d6637ca5 (Mar 19)
 

- Use tomcat instead of pki-servlet-engine in ELN and RHEL 9 - Drop dependency on esc for s390(x) architectures - build pki-core properly for ELN and RHEL 9 - Fix CVE-2021-20179: Unprivileged users can renew any certificate - Drop i686 architecture going forward

  Fedora 34: pki-core 2021-c0d6637ca5 (Mar 19)
 

- Use tomcat instead of pki-servlet-engine in ELN and RHEL 9 - Drop dependency on esc for s390(x) architectures - build pki-core properly for ELN and RHEL 9 - Fix CVE-2021-20179: Unprivileged users can renew any certificate - Drop i686 architecture going forward

  Fedora 34: switchboard-plug-bluetooth 2021-6210be0100 (Mar 19)
 

Update to version 2.3.5, which addresses CVE-2021-21367. Release notes: https://github.com/elementary/switchboard-plug-bluetooth/releases/tag/2.3.5

  Fedora 34: gsoap 2021-1da151722e (Mar 19)
 

Backporting upstream fixes - Fixes CVE: CVE-2020-13574 CVE-2020-13575 CVE-2020-13577 CVE-2020-13578 - Fixes CVE: CVE-2020-13576

  Fedora 34: batik 2021-65ff5f10e2 (Mar 19)
 

Updates to latest upstream release and fixes CVE-2020-11987

  Fedora 34: golang-github-containerd-cri 2021-f049305892 (Mar 19)
 

Update to upstream aa2d5a97cdc4 for CVE-2021-21334

  Fedora 34: mingw-python-pillow 2021-9016a9b7bd (Mar 19)
 

This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Update to pillow-8.1.1, see https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html for details.

  Fedora 34: python-pillow 2021-9016a9b7bd (Mar 19)
 

This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Update to pillow-8.1.1, see https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html for details.

  Fedora 34: mingw-gdk-pixbuf 2021-c918632e13 (Mar 19)
 

Update to gdk-pixbuf-2.42.2, see https://gitlab.gnome.org/GNOME/gdk- pixbuf/-/tags/2.42.2 for details.

  Fedora 34: mingw-python3 2021-e525e48886 (Mar 19)
 

Update to python3-3.9.2, see https://docs.python.org/3/whatsnew/3.9.html for details.

  Fedora 34: mingw-jasper 2021-5a34dd3f2d (Mar 19)
 

Update to jasper-2.0.26, see https://github.com/jasper- software/jasper/releases/tag/version-2.0.26 for details.

  Fedora 34: mingw-glib2 2021-7b5e2e6844 (Mar 19)
 

Update to glib2-2.66.7, see https://gitlab.gnome.org/GNOME/glib/-/blob/2.66.7/NEWS for details.

  Fedora 34: python-django 2021-e22bb0e548 (Mar 19)
 

update to 3.1.7, fix CVE-2021-23336 (rhbz#1931542)

  Fedora 34: glibc 2021-6749bfcfd9 (Mar 19)
 

This update adds a `--list-diagnostics` argument to the dynamic loader. It also contains the following bug fixes: * NSS modules are loaded again after `chroot `([swbz#27389](https://sourceware.org/bugzilla/show_bug.cgi?id=27389)). * CVE-2021-27645: Use-after-free in `addgetnetgrentX` function in `netgroupcache.c` (RHBZ#1932590) * `ldconfig` crash with dynamic tokens in

  Fedora 34: python3.10 2021-5a09621ebb (Mar 19)
 

Python 3.10.0a6. Security fix for CVE-2021-23336.

  Fedora 34: nodejs 2021-6aaba80ba2 (Mar 19)
 

https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/

  Fedora 34: arm-none-eabi-newlib 2021-0fa2f42d3c (Mar 19)
 

- updated to 4.1.0

  Fedora 34: nagios 2021-01a2f76cc3 (Mar 19)
 

Fix for CVE-2020-13977 BZ1849087 Add missing require for nagios-plugins-ping Update to 4.4.6

  Fedora 34: libtpms 2021-8b584e5ebb (Mar 19)
 

tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue ---- Fixed a context save and suspend/resume problem when public keys are loaded

  Fedora 34: privoxy 2021-250d2ca9e6 (Mar 19)
 

3.0.32

  Fedora 34: x11vnc 2021-069c0c3950 (Mar 19)
 

This release fixes an insecure permissins of shared memory semgentes created by an x11vnc server. Previously the segments were readable and writable for any local user. Now they are accessible only to the user who executed the x11vnc server.

  Fedora 34: wpa_supplicant 2021-9b00febe54 (Mar 19)
 

Security fix for CVE-2021-27803

  Fedora 34: libebml 2021-e283997bb9 (Mar 19)
 

Fixed several heap overflow bugs in the `ReadData` functions of various data type classes. This fixes CVE-2021-3405.

  Fedora 34: salt 2021-43eb5584ad (Mar 19)
 

Update to CVE release 3002.5-1 for Python 3 Fixed on this release: CVE-2021-25283 Fixed in 3002.3: CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-25284 CVE-2021-3197

  Fedora 34: python-aiohttp 2021-902c1b07c9 (Mar 19)
 

Update to latest upstream release 3.7.4

  Fedora 34: mupdf 2021-baeaa7bccb (Mar 19)
 

CVE-2021-3407

  Fedora 34: zathura-pdf-mupdf 2021-baeaa7bccb (Mar 19)
 

CVE-2021-3407

  Fedora 34: python-PyMuPDF 2021-baeaa7bccb (Mar 19)
 

CVE-2021-3407

  Fedora 34: keylime 2021-b7854ccfe4 (Mar 19)
 

Keylime 6.0.0 release. Contains fix CVE-2021-3406

  Fedora 34: wpa_supplicant 2021-defe51d282 (Mar 19)
 

security fix for CVE-2021-0326 see also: https://w1.fi/security/2020-2/

  Fedora 32: upx 2021-dff7e97510 (Mar 19)
 

Fix for CVE-2021-20285

  Fedora 33: upx 2021-4b43992608 (Mar 19)
 

Fix for CVE-2021-20285

  Fedora 33: flatpak 2021-26ad138ffa (Mar 19)
 

flatpak 1.10.2 release. This is a security update which fixes a potential attack where a flatpak application could use custom formated .desktop files to gain access to files on the host system. Other changes: * Fix memory leaks * Some test fixes * Documentation updates * G_BEGIN/END_DECLS added to library headders for c++ use * Fix for X11 cookies on OpenSUSE * Spawn portal better

  Fedora 32: switchboard-plug-bluetooth 2021-7d55c00267 (Mar 18)
 

Update to version 2.3.5, which addresses CVE-2021-21367. Release notes: https://github.com/elementary/switchboard-plug-bluetooth/releases/tag/2.3.5

  RedHat: RHSA-2021-0992:01 Important: firefox security update (Mar 25)
 

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-0996:01 Important: thunderbird security update (Mar 25)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-0991:01 Important: firefox security update (Mar 25)
 

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0994:01 Important: thunderbird security update (Mar 25)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0989:01 Important: firefox security update (Mar 25)
 

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0993:01 Important: thunderbird security update (Mar 25)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-0995:01 Important: thunderbird security update (Mar 25)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0990:01 Important: firefox security update (Mar 25)
 

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-0988:01 Moderate: rhvm-appliance security, bug fix, (Mar 25)
 

An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0833:01 Moderate: OpenShift Container Platform 3.11.404 (Mar 25)
 

Red Hat OpenShift Container Platform release 3.11.404 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0986:01 Low: AMQ Online 1.7.0 release and security update (Mar 25)
 

An update of the Red Hat OpenShift Container Platform 3.11 and 4.6/4.7 container images is now available for Red Hat AMQ Online. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0976:01 Moderate: Red Hat Virtualization Host security, (Mar 23)
 

An update for imgbased, redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact

  RedHat: RHSA-2021-0975:01 Important: pki-core security update (Mar 23)
 

An update for pki-core is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0974:01 Moderate: Red Hat Single Sign-On 7.4.6 security (Mar 23)
 

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0969:01 Low: Red Hat Single Sign-On 7.4.6 security update (Mar 23)
 

New Red Hat Single Sign-On 7.4.6 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0968:01 Low: Red Hat Single Sign-On 7.4.6 security update (Mar 23)
 

New Red Hat Single Sign-On 7.4.6 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0967:01 Low: Red Hat Single Sign-On 7.4.6 security update (Mar 23)
 

New Red Hat Single Sign-On 7.4.6 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0949:01 Low: Red Hat OpenShift Do (Mar 22)
 

Updated openshift/odo-init-image container image is now available for Red Hat Openshift Do 1.0. 2. Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create,

  RedHat: RHSA-2021-0948:01 Moderate: Red Hat Certificate System security and (Mar 22)
 

An update for pki-console, pki-core, and redhat-pki-theme is now available for Red Hat Certificate System 9.4 EUS. Red Hat Certificate System 9.4 EUS is a special channel for the delivery of Red Hat Certificate System updates. Downgrading the installed packages is

  RedHat: RHSA-2021-0947:01 Moderate: pki-core and redhat-pki-theme security (Mar 22)
 

An update for pki-core and redhat-pki-theme is now available for Red Hat Certificate System 9.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0946:01 Moderate: Red Hat Build of OpenJDK 1.8 (container (Mar 19)
 

The Red Hat Build of OpenJDK 8 (container images) is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0945:01 Moderate: Red Hat Build of OpenJDK 11 (container (Mar 19)
 

The Red Hat Build of OpenJDK 11 (container images) is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0940:01 Important: kpatch-patch security update (Mar 18)
 

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0933:01 Moderate: python-django security update (Mar 18)
 

An update for python-django is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0931:01 Important: openvswitch2.11 and ovn2.11 security (Mar 18)
 

An update for openvswitch2.11 and ovn2.11 is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-0934:01 Moderate: qemu-kvm-rhev security update (Mar 18)
 

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-0937:01 Important: rubygem-em-http-request security update (Mar 18)
 

An update for rubygem-em-http-request is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  SUSE: 2021:83-1 ses/7/cephcsi/csi-snapshotter Security Update (Mar 23)
 

The container ses/7/cephcsi/csi-snapshotter was updated. The following patches have been included in this update:

  SUSE: 2021:82-1 ses/7/cephcsi/csi-resizer Security Update (Mar 23)
 

The container ses/7/cephcsi/csi-resizer was updated. The following patches have been included in this update:

  SUSE: 2021:81-1 ses/7/cephcsi/csi-provisioner Security Update (Mar 23)
 

The container ses/7/cephcsi/csi-provisioner was updated. The following patches have been included in this update:

  SUSE: 2021:80-1 ses/7/cephcsi/csi-attacher Security Update (Mar 23)
 

The container ses/7/cephcsi/csi-attacher was updated. The following patches have been included in this update:

  SUSE: 2021:79-1 suse/sle15 Security Update (Mar 19)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:78-1 suse/sle-micro/5.0/toolbox Security Update (Mar 18)
 

The container suse/sle-micro/5.0/toolbox was updated. The following patches have been included in this update:

  Debian LTS: DLA-2606-1: lxml security update (Mar 24)
 

An issue has been found in lxml, a pythonic binding for the libxml2 and libxslt libraries.

  Debian LTS: DLA-2602-1: imagemagick security update (Mar 23)
 

Multiple security vulnerabilities were found in Imagemagick. Missing or incomplete input sanitizing may lead to undefined behavior which can result in denial of service (application crash) or other unspecified impact.

  Debian LTS: DLA-2605-1: mariadb-10.1 security update (Mar 23)
 

A remote code execution issue was discovered in MariaDB. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd.

  Debian LTS: DLA-2604-1: dnsmasq security update (Mar 22)
 

Moshe Kol and Shlomi Oberman of JSOF discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server. They could result in denial of service, cache poisoning or the execution of arbitrary code.

  Debian LTS: DLA-2558-2: xterm regression update (Mar 21)
 

DLA 2558-2 backported a part of the upstream patch which fails to deal with the realloc failures in Debian stretch. This update reverts that part of the patch since it's not really needed and just focuses on fixing CVE-2021-27135.

  Debian LTS: DLA-2601-1: cloud-init security update (Mar 20)
 

cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as:

  Debian LTS: DLA-2599-1: shibboleth-sp2 security update (Mar 19)
 

Toni Huttunen discovered that the Shibboleth service provider's template engine used to render error pages could be abused for phishing attacks. For additional information please refer to the upstream advisory at

  Debian LTS: DLA-2598-1: squid3 security update (Mar 18)
 

Due to improper input validation, Squid is vulnerable to an HTTP Request Smuggling attack. This problem allows a trusted client to perform HTTP Request

  ArchLinux: 202103-9: chromium: arbitrary code execution (Mar 20)
 

The package chromium before version 89.0.4389.90-1 is vulnerable to arbitrary code execution.

  ArchLinux: 202103-8: opera: arbitrary code execution (Mar 20)
 

The package opera before version 74.0.3911.203-1 is vulnerable to arbitrary code execution.

  ArchLinux: 202103-7: ffmpeg: arbitrary code execution (Mar 20)
 

The package ffmpeg before version 2:4.3.2-1 is vulnerable to arbitrary code execution.

  ArchLinux: 202103-6: openssh: arbitrary code execution (Mar 20)
 

The package openssh before version 8.5p1-1 is vulnerable to arbitrary code execution.

  ArchLinux: 202103-5: minio: access restriction bypass (Mar 20)
 

The package minio before version 2021.03.04-1 is vulnerable to access restriction bypass.

  ArchLinux: 202103-4: flatpak: sandbox escape (Mar 20)
 

The package flatpak before version 1.10.2-1 is vulnerable to sandbox escape.

  ArchLinux: 202103-3: git: arbitrary code execution (Mar 20)
 

The package git before version 2.30.2-1 is vulnerable to arbitrary code execution.

  ArchLinux: 202103-2: wireshark-qt: arbitrary code execution (Mar 20)
 

The package wireshark-qt before version 3.4.4-1 is vulnerable to arbitrary code execution.

  ArchLinux: 202103-1: gnutls: arbitrary code execution (Mar 20)
 

The package gnutls before version 3.7.1-1 is vulnerable to arbitrary code execution.

  CentOS: CESA-2021-0856: Important CentOS 7 kernel (Mar 18)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2021:0856

  CentOS: CESA-2021-0808: Important CentOS 7 wpa_supplicant (Mar 18)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2021:0808

  CentOS: CESA-2021-0851: Important CentOS 7 pki-core (Mar 18)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2021:0851

  SciLinux: SLSA-2021-0992-1 Important: firefox on x86_64 (Mar 25)
 

This update upgrades Firefox to version 78.9.0 ESR. * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed [More...]

  SciLinux: SLSA-2021-0996-1 Important: thunderbird on x86_64 (Mar 25)
 

This update upgrades Thunderbird to version 78.9.0. * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed [More...]

  openSUSE: 2021:0476-1 important: openssl-1_1 (Mar 25)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0474-1 moderate: tor (Mar 25)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2021:0471-1 important: ruby2.5 (Mar 25)
 

An update that solves one vulnerability and has one errata is now available.

  openSUSE: 2021:0472-1 important: libass (Mar 25)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0473-1 important: hawk2 (Mar 25)
 

An update that solves two vulnerabilities and has one errata is now available.

  openSUSE: 2021:0468-1 important: nghttp2 (Mar 25)
 

An update that solves one vulnerability and has one errata is now available.

  openSUSE: 2021:0470-1 important: gnutls (Mar 25)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2021:0469-1 important: ldb (Mar 25)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2021:0462-1 important: grub2 (Mar 22)
 

An update that solves 7 vulnerabilities and has two fixes is now available.

  openSUSE: 2021:0460-1 moderate: privoxy (Mar 21)
 

An update that fixes 5 vulnerabilities is now available.

  openSUSE: 2021:0459-1 moderate: libmysofa (Mar 21)
 

An update that fixes 13 vulnerabilities is now available.

  openSUSE: 2021:0461-1 moderate: tor (Mar 21)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2021:0452-1 moderate: connman (Mar 20)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2021:0451-1 moderate: python-markdown2 (Mar 19)
 

An update that solves one vulnerability and has two fixes is now available.

  openSUSE: 2021:0450-1 moderate: froxlor (Mar 19)
 

An update that solves one vulnerability and has three fixes is now available.

  openSUSE: 2021:0448-1 moderate: netty (Mar 19)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0446-1 important: chromium (Mar 19)
 

An update that fixes three vulnerabilities is now available.

  openSUSE: 2021:0447-1 important: velocity (Mar 19)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0444-1 moderate: libmysofa (Mar 18)
 

An update that fixes 13 vulnerabilities is now available.

  openSUSE: 2021:0443-1 moderate: privoxy (Mar 18)
 

An update that fixes 5 vulnerabilities is now available.

  Mageia 2021-0152: kernel-linus security update (Mar 22)
 

This kernel-linus update is based on upstream 5.10.25 and fixes atleast the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls

  Mageia 2021-0151: kernel security update (Mar 22)
 

This kernel update is based on upstream 5.10.25 and fixes atleast the following security issues: Unprivileged BPF programs running on affected systems can bypass the protection and execute speculatively out-of-bounds loads from any location

  Mageia 2021-0150: glibc security update (Mar 21)
 

Updated glibc packages fix a security vulnerabilities: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the

  Mageia 2021-0149: python-cairosvg security update (Mar 21)
 

When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time (CVE-2021-21236).

  Mageia 2021-0148: htmlunit security update (Mar 21)
 

It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code (CVE-2020-5529). References:

  Mageia 2021-0147: koji security update (Mar 21)
 

Koji through 1.17.0 allows remote Directory Traversal, with resulting Privilege Escalation. References: - https://bugs.mageia.org/show_bug.cgi?id=25959

  Mageia 2021-0146: discover security update (Mar 18)
 

Discover fetches the description and related texts of some applications/plugins from store.kde.org. That text is displayed to the user, after turning into a clickable link any part of the text that looks like a link. This is done for any kind of link, be it smb:// nfs:// etc. when in fact it only makes sense for http/https links. Opening links that the user has clicked on is not very

  Mageia 2021-0145: flatpak security update (Mar 18)
 

A potential attack where a flatpak application could use custom formatted .desktop files to gain access to files on the host system (CVE-2021-21381). References: - https://bugs.mageia.org/show_bug.cgi?id=28575

  Mageia 2021-0144: xmlgraphics-commons security update (Mar 18)
 

The Apache XML Graphics Commons library is vulnerable to SSRF via the XMPParser that allow an attacker to cause the underlying server to make arbitrary GET requests (CVE-2020-11988). References:

  Mageia 2021-0143: flatpak security update (Mar 18)
 

Sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox (CVE-2021-21261). A potential attack where a flatpak application could use custom formatted

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.