Advisories

Linux Advisory Watch

Don't want to miss that crucial security notice?. The editorial staff at Guardian Digital will bring you complete coverage and in-depth
descriptions of all security bulletins, vulnerabilities and updated packages, all in one convenient weekly newsletter.

Linux Advisory Watch: May 7th, 2021

Linux Advisory Watch: May 7th, 2021

Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.

Important advisories issued this week include a warning from Debian regarding several vulnerabilities in the Exim mail transport agent (dubbed 21Nails), which could result in local privilege escalation and remote code execution, and advisories from multiple distros regarding several vulnerabilities discovered in the chromium web browser (CVE-2021-21227). Continue reading to learn about other significant advisories issued this week. 

As part of our website redesign that is now in its final stages, we will be updating the format of our Linux Advisory Watch newsletter, and adding the ability for you to create a User Profile and customize it to include the latest advisories for the distros you are tracking. The new site will be live this coming week - stay tuned! Have a happy, healthy and secure weekend!

Yours in Open Source,

Brittany Day Signature


LinuxSecurity.com Feature Extras:

21Nails: Multiple Critical Vulnerabilities Discovered in Exim Mail Server - Patch Now! - The Qualys Research Team has  discovered multiple critical vulnerabilities in the popular Exim mail server , which they have named 21Nails. Some of these flaws can be chained together to obtain full remote unauthenticated code execution and gain root privileges.

Protect Your WordPress Sites with CrowdSec - The CrowdSec team is expanding the capabilities of their open-source and free security solution by finalizing the release of its brand new application bouncer on the WordPress marketplace.


  Debian: DSA-4912-1: exim4 security update (May 4)
 

The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution.

  Debian: DSA-4911-1: chromium security update (May 3)
 

Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21227

  Debian: DSA-4910-1: libimage-exiftool-perl security update (May 2)
 

A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.

  Debian: DSA-4909-1: bind9 security update (May 1)
 

Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2021-25214

  Debian: DSA-4908-1: libhibernate3-java security update (Apr 29)
 

It was discovered that libhibernate3-java, a powerful, high performance object/relational persistence and query service, is prone to an SQL injection vulnerability allowing an attacker to access unauthorized information or possibly conduct further attacks.

  Debian: DSA-4907-1: composer security update (Apr 29)
 

It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution.

  Fedora 34: djvulibre 2021-d781fa9f44 (May 6)
 

This update fixes several issues in djvulibre. These are mostly related to opening of corrupted files.

  Fedora 33: samba 2021-1d0807008b (May 6)
 

Update to Samba 4.13.8 - Security fixes for CVE-2021-20254

  Fedora 34: thunderbird 2021-8ef98a68b9 (May 5)
 

Update to latest upstream version.

  Fedora 34: libopenmpt 2021-9d4ea81052 (May 5)
 

Update to latest bug-fix release including security fixes: https://lib.openmpt.org/libopenmpt/2021/04/11/security- updates-0.5.8-0.4.20-0.3.29/

  Fedora 32: java-latest-openjdk 2021-3bf9ba59ef (May 5)
 

April 2021 CPU update

  Fedora 33: python-yara 2021-dd62918333 (May 5)
 

Update to bugfix release 4.1.0 Security fix for CVE-2017-9438, CVE-2021-3402, CVE-2019-19648, CVE-2017-9438

  Fedora 33: yara 2021-dd62918333 (May 5)
 

Update to bugfix release 4.1.0 Security fix for CVE-2017-9438, CVE-2021-3402, CVE-2019-19648, CVE-2017-9438

  Fedora 33: java-latest-openjdk 2021-b9093bc6c6 (May 5)
 

April 2021 CPU update

  Fedora 33: skopeo 2021-c56a213327 (May 5)
 

Autobuilt v1.2.3

  Fedora 34: python-yara 2021-f41d5fc954 (May 4)
 

Update to bugfix release 4.1.0 Security fix for CVE-2017-9438, CVE-2021-3402, CVE-2019-19648, CVE-2017-9438

  Fedora 34: yara 2021-f41d5fc954 (May 4)
 

Update to bugfix release 4.1.0 Security fix for CVE-2017-9438, CVE-2021-3402, CVE-2019-19648, CVE-2017-9438

  Fedora 34: axel 2021-5214bd8f14 (May 4)
 

Update to new release. 2.17.8+ include the security fix for CVE-2020-13614 axel: TLS implementation lacks hostname verification leading to possible confidentiality breach

  Fedora 34: perl-Image-ExifTool 2021-de850ed71e (May 4)
 

Fix CVE-2021-22204.

  Fedora 34: pngcheck 2021-3f001ba18b (May 4)
 

New upstream release 3.0.3. Fixes #1949800, in which certain invalid PNG data could cause an integer division-by-zero, invoking undefined behavior.

  Fedora 34: libmicrohttpd 2021-5e10ad8c19 (May 4)
 

Update to 0.9.73-1

  Fedora 32: pngcheck 2021-eb5d6cf9f6 (May 4)
 

Backported fix for #1949800, in which certain invalid PNG data could cause an integer division-by-zero, invoking undefined behavior, from upstream release 3.0.3.

  Fedora 32: perl-Image-ExifTool 2021-e3d8833d36 (May 4)
 

Fix CVE-2021-22204.

  Fedora 32: libmicrohttpd 2021-6d5578e756 (May 4)
 

Update to 0.9.73-1

  Fedora 33: axel 2021-90b4716992 (May 4)
 

Update to new release. 2.17.8+ include the security fix for CVE-2020-13614 axel: TLS implementation lacks hostname verification leading to possible confidentiality breach

  Fedora 33: perl-Image-ExifTool 2021-88d24aa32b (May 4)
 

Fix CVE-2021-22204. ---- Update to latest stable (12.16). ---- add arg_files as doc

  Fedora 33: libtpms 2021-cfdc434610 (May 4)
 

Security fix for CVE-2021-3505

  Fedora 33: pngcheck 2021-f925ef1e2a (May 4)
 

Backported fix for #1949800, in which certain invalid PNG data could cause an integer division-by-zero, invoking undefined behavior, from upstream release 3.0.3.

  Fedora 33: libmicrohttpd 2021-d4149ff7fb (May 4)
 

Update to 0.9.73-1

  Fedora 34: exiv2 2021-10d7331a31 (May 3)
 

Exiv2 update fixing security issues.

  Fedora 34: skopeo 2021-a3703b9dc8 (May 3)
 

Security fix for CVE-2021-20291

  Fedora 32: ansible 2021-c1116fb75e (May 2)
 

Upgrade to 2.9.20 bugfix and security update.

  Fedora 34: babel 2021-3fb798ea36 (May 2)
 

update to 2.9.1 (fixes a potential directory traversal issue)

  Fedora 34: java-latest-openjdk 2021-ba275e4102 (May 2)
 

April CPU update, perform static library build on a separate source tree with bundled image libraries

  Fedora 34: ansible 2021-0414eb891b (May 2)
 

Upgrade to 2.9.20 bugfix and security update.

  Fedora 33: ansible 2021-4a17f0225d (May 2)
 

Upgrade to 2.9.20 bugfix and security update.

  Fedora 32: java-11-openjdk 2021-b88e86b753 (Apr 30)
 

# New in release OpenJDK 11.0.11 (2021-04-20) Live versions of these release notes can be found at: * https://bitly.com/openjdk11011 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt ## Security fixes * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of abstract classes * JDK-8249906,

  Fedora 32: java-1.8.0-openjdk 2021-f71b592e07 (Apr 29)
 

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release notes can be found at: * https://bitly.com/openjdk8u292 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ## Security fixes - JDK-8227467: Better class method invocations * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of

  Fedora 34: samba 2021-7de0418ec8 (Apr 29)
 

Update to Samba 4.14.4 - security fixes for CVE-2021-20254 ---- Fix wrong conditional build check of AD DC

  Fedora 34: jetty 2021-fd66b2bd53 (Apr 29)
 

Update to Jetty 9.4.40 (fixes multiple CVEs)

  Fedora 33: java-1.8.0-openjdk 2021-8b80ef64f1 (Apr 29)
 

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release notes can be found at: * https://bitly.com/openjdk8u292 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ## Security fixes - JDK-8227467: Better class method invocations * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of

  Gentoo: GLSA-202105-01: Exim: Multiple vulnerabilities (May 4)
 

Multiple vulnerabilities have been found in Exim, the worst of which allows remote attackers to execute arbitrary code.

  Gentoo: GLSA-202104-10: Mozilla Firefox: Multiple vulnerabilities (Apr 30)
 

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

  Gentoo: GLSA-202104-09: Mozilla Thunderbird: Multiple vulnerabilities (Apr 30)
 

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

  Gentoo: GLSA-202104-08: Chromium, Google Chrome: Multiple vulnerabilities (Apr 30)
 

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.

  Gentoo: GLSA-202104-07: ClamAV: Denial of Service (Apr 30)
 

A vulnerability in ClamAV could lead to a Denial of Service condition.

  Gentoo: GLSA-202104-06: libTIFF: Multiple vulnerabilities (Apr 30)
 

Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in the execution of arbitrary code.

  Gentoo: GLSA-202104-05: GRUB: Multiple vulnerabilities (Apr 30)
 

Multiple vulnerabilities have been found in GRUB, the worst might allow for circumvention of UEFI Secure Boot.

  Gentoo: GLSA-202104-04: Python: Multiple vulnerabilities (Apr 30)
 

Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information.

  Gentoo: GLSA-202104-03: WebkitGTK+: Multiple vulnerabilities (Apr 30)
 

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

  Gentoo: GLSA-202104-02: X.Org X Server: Privilege escalation (Apr 30)
 

A vulnerability in X.Org X Server may allow users to escalate privileges.

  Gentoo: GLSA-202104-01: Git: User-assisted execution of arbitrary code (Apr 30)
 

A vulnerability has been found in Git that could allow a remote attacker to execute arbitrary code.

  RedHat: RHSA-2021-1518:01 Important: Red Hat Ceph Storage 3.3 Security and (May 6)
 

An update is now available for Red Hat Ceph Storage 3.3 - Extended Life Support on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1515:01 Important: Openshift Logging Bug Fix Release (May 6)
 

Openshift Logging Bug Fix Release (5.0.3) This release includes a security update. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1512:01 Important: postgresql security update (May 6)
 

An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-1511:01 Moderate: AMQ Clients 2.9.1 release and security (May 6)
 

An update is now available for Red Hat AMQ Clients 2.9.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2021-1509:01 Moderate: rh-eclipse-jetty security update (May 5)
 

An update for rh-eclipse-jetty is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-1429:01 Low: OpenShift Container Platform 4.6.27 security (May 5)
 

Red Hat OpenShift Container Platform release 4.6.27 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2021-1499:01 Moderate: Red Hat Advanced Cluster Management (May 4)
 

Red Hat Advanced Cluster Management for Kubernetes 2.2.3 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact

  RedHat: RHSA-2021-1366:01 Moderate: OpenShift Container Platform 4.7.9 (May 4)
 

Red Hat OpenShift Container Platform release 4.7.9 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.7.9.

  RedHat: RHSA-2021-1478:01 Important: bind security update (May 3)
 

An update for bind is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1477:01 Important: bind security update (May 3)
 

An update for bind is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1479:01 Important: bind security update (May 3)
 

An update for bind is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  RedHat: RHSA-2021-1475:01 Important: bind security update (May 3)
 

An update for bind is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1476:01 Important: bind security update (May 3)
 

An update for bind is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2021-1469:01 Important: bind security update (Apr 29)
 

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2021-1468:01 Important: bind security update (Apr 29)
 

An update for bind is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  SUSE: 2021:143-1 suse/sle15 Security Update (May 6)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:142-1 suse/sle15 Security Update (May 6)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:141-1 suse/sle15 Security Update (May 6)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:140-1 ses/7/rook/ceph Security Update (May 6)
 

The container ses/7/rook/ceph was updated. The following patches have been included in this update:

  SUSE: 2021:139-1 ses/7/ceph/ceph Security Update (May 6)
 

The container ses/7/ceph/ceph was updated. The following patches have been included in this update:

  SUSE: 2021:138-1 suse/sle15 Security Update (May 5)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:137-1 suse/sle15 Security Update (May 5)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:130-1 suse/sles12sp5 Security Update (Apr 30)
 

The container suse/sles12sp5 was updated. The following patches have been included in this update:

  SUSE: 2021:129-1 suse/sles12sp4 Security Update (Apr 30)
 

The container suse/sles12sp4 was updated. The following patches have been included in this update:

  SUSE: 2021:128-1 suse/sle15 Security Update (Apr 29)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:127-1 suse/sle15 Security Update (Apr 29)
 

The container suse/sle15 was updated. The following patches have been included in this update:

  SUSE: 2021:125-1 suse/sles12sp5 Security Update (Apr 29)
 

The container suse/sles12sp5 was updated. The following patches have been included in this update:

  SUSE: 2021:124-1 suse/sles12sp3 Security Update (Apr 29)
 

The container suse/sles12sp3 was updated. The following patches have been included in this update:

  Debian LTS: DLA-2648-2: mediawiki regression update (May 6)
 

The patch from latest upstream release to address CVE-2021-30152 was not portable to stretch-security version causing MediaWiki APIs to fail. This update includes a patch from upstream REL_31 release which fix the issue.

  Debian LTS: DLA-2652-1: unbound1.9 security update (May 6)
 

Several security vulnerabilities have been discovered in Unbound, a validating, recursive, caching DNS resolver, by security researchers of X41 D-SEC located in Aachen, Germany. Integer overflows, assertion failures, an out-of-bound write and an infinite loop vulnerability may lead to a denial-of-service or

  Debian LTS: DLA-2651-1: python-django security update (May 6)
 

It was discovered that there was potential directory-traversal vulnerability in Django, a popular Python-based web development framework.

  Debian LTS: DLA-2648-1: mediawiki security update (May 5)
 

Several vulnerabilities were discovered in mediawiki, a wiki website engine for collaborative work. CVE-2021-20270

  Debian LTS: DLA-2650-1: exim4 security update (May 5)
 

The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution.

  Debian LTS: DLA-2649-1: cgal security update (May 5)
 

Four security issues have been discovered in cgal. A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL. CVE-2020-28601

  Debian LTS: DLA-2647-1: bind9 security update (May 4)
 

Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2021-25214

  Debian LTS: DLA-2646-1: subversion security update (May 4)
 

One security issue has been discovered in subversion: CVE-2020-17525:

  Debian LTS: DLA-2645-1: edk2 security update (Apr 29)
 

For Debian 9 stretch, these problems have been fixed in version 0~20161202.7bbe0b3e-1+deb9u2. We recommend that you upgrade your edk2 packages.

  ArchLinux: 202104-10: bind: multiple issues (Apr 29)
 

The package bind before version 9.16.15-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

  ArchLinux: 202104-9: virtualbox: multiple issues (Apr 29)
 

The package virtualbox before version 6.1.20-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary filesystem access and information disclosure.

  ArchLinux: 202104-8: libupnp: content spoofing (Apr 29)
 

The package libupnp before version 1.14.6-1 is vulnerable to content spoofing.

  ArchLinux: 202104-7: chromium: multiple issues (Apr 29)
 

The package chromium before version 90.0.4430.85-1 is vulnerable to multiple issues including arbitrary code execution and sandbox escape.

  ArchLinux: 202104-6: nimble: multiple issues (Apr 29)
 

The package nimble before version 1:0.13.1-1 is vulnerable to multiple issues including arbitrary command execution and man-in-the-middle.

  ArchLinux: 202104-5: opera: multiple issues (Apr 29)
 

The package opera before version 76.0.4017.94-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, sandbox escape and content spoofing.

  ArchLinux: 202104-4: thunderbird: multiple issues (Apr 29)
 

The package thunderbird before version 78.10.0-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary command execution, content spoofing, information disclosure, sandbox escape, access restriction bypass and signature forgery.

  ArchLinux: 202104-3: firefox: multiple issues (Apr 29)
 

The package firefox before version 88.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, arbitrary command execution, sandbox escape and access restriction bypass.

  ArchLinux: 202104-2: vivaldi: multiple issues (Apr 29)
 

The package vivaldi before version 3.8.2259.37-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, insufficient validation, sandbox escape, access restriction bypass, content spoofing and incorrect calculation.

  ArchLinux: 202104-1: gitlab: multiple issues (Apr 29)
 

The package gitlab before version 13.10.3-1 is vulnerable to multiple issues including arbitrary code execution and incorrect calculation.

  CentOS: CESA-2021-0617: Important CentOS 7 xterm (Apr 30)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2021:0617

  CentOS: CESA-2021-1469: Important CentOS 7 bind (Apr 29)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2021:1469

  CentOS: CESA-2020-4076: Moderate CentOS 7 nss (Apr 29)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:4076

  CentOS: CESA-2018-3140: Moderate CentOS 7 libgweather (Apr 29)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2018:3140

  CentOS: CESA-2021-1354: Important CentOS 7 xstream (Apr 29)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2021:1354

  CentOS: CESA-2021-1298: Moderate CentOS 7 java-1.8.0-openjdk (Apr 29)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2021:1298

  CentOS: CESA-2021-1297: Moderate CentOS 7 java-11-openjdk (Apr 29)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2021:1297

  SciLinux: SLSA-2021-1512-1 Important: postgresql on SL7.x x86_64 (May 6)
 

postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695) * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other [More...]

  SciLinux: SLSA-2021-1469-1 Important: bind on SL7.x x86_64 (Apr 30)
 

bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - bind-9.11.4-26.P2.el7_9.5.x86_64.rpm - bind-chroot-9.11.4-26.P2.el7_9.5.x86_ [More...]

  openSUSE: 2021:0675-1 moderate: alpine (May 6)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0672-1 important: ceph (May 6)
 

An update that solves one vulnerability and has two fixes is now available.

  openSUSE: 2021:0670-1 important: openexr (May 5)
 

An update that fixes 5 vulnerabilities is now available.

  openSUSE: 2021:0669-1 moderate: postsrsd (May 4)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0668-1 important: bind (May 4)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2021:0664-1 important: gsoap (May 4)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0650-1: giflib (May 1)
 

An update that contains security fixes can now be installed.

  openSUSE: 2021:0647-1 moderate: netdata (May 1)
 

An update that fixes four vulnerabilities is now available.

  openSUSE: 2021:0646-1 moderate: postsrsd (May 1)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0644-1 important: MozillaThunderbird (May 1)
 

An update that fixes 9 vulnerabilities is now available.

  openSUSE: 2021:0636-1 important: samba (Apr 30)
 

An update that solves three vulnerabilities and has three fixes is now available.

  openSUSE: 2021:0639-1 important: cifs-utils (Apr 30)
 

An update that solves two vulnerabilities and has two fixes is now available.

  openSUSE: 2021:0629-1 critical: Chromium (Apr 30)
 

An update that fixes 25 vulnerabilities is now available.

  openSUSE: 2021:0637-1 important: webkit2gtk3 (Apr 30)
 

An update that fixes 10 vulnerabilities is now available.

  openSUSE: 2021:0630-1 important: virtualbox (Apr 30)
 

An update that solves three vulnerabilities and has two fixes is now available.

  openSUSE: 2021:0635-1 important: libnettle (Apr 30)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0634-1 important: librsvg (Apr 30)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0632-1 important: gsoap (Apr 30)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0638-1 important: cups (Apr 30)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2021:0628-1 moderate: nim (Apr 29)
 

An update that fixes three vulnerabilities is now available.

  Mageia 2021-0208: messagelib security update (May 7)
 

Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g. an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. This is not easily noticeable by the user because KMail does not display the decrypted content.

  Mageia 2021-0207: ceph security update (May 7)
 

An authentication flaw was found in ceph. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new

  Mageia 2021-0206: pagure security update (May 7)
 

Pagure before 5.6 allows XSS via the templates/blame.html blame view. References: - https://bugs.mageia.org/show_bug.cgi?id=27487 - https://bugzilla.suse.com/show_bug.cgi?id=1176987

  Mageia 2021-0205: kernel-linus security update (May 4)
 

This kernel-linus update is based on upstream 5.10.33 and fixes atleast the following security issues: A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a

  Mageia 2021-0204: kernel security update (May 2)
 

This kernel update is based on upstream 5.10.33 and fixes atleast the following security issues: A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a

  Mageia 2021-0203: nvidia-current security update (May 2)
 

Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption (CVE-2021-1076).

  Mageia 2021-0202: nvidia390 security update (May 2)
 

Updated nvidia390 packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption (CVE-2021-1076).

  Mageia 2021-0201: sdl2 security update (Apr 30)
 

This update fixes two security vulnerabilities which could result in heap corruption or over-read with crafted .BMP files (CVE-2020-14409, CVE-2020-14410). References:

  Mageia 2021-0200: qtbase5 security update (Apr 30)
 

QSslSocket incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications (CVE-2020-13962) This update provides additionals fixes: - Check that the sizes are even representable when checking if clipping is

  Mageia 2021-0199: firefox security update (Apr 29)
 

More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine (CVE-2021-23961).

  Mageia 2021-0198: thunderbird security update (Apr 29)
 

More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine (CVE-2021-23961).

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.