Advisories

Linux Advisory Watch

Don't want to miss that crucial security notice?. The editorial staff at Guardian Digital will bring you complete coverage and in-depth
descriptions of all security bulletins, vulnerabilities and updated packages, all in one convenient weekly newsletter.

Linux Advisory Watch: November 13th, 2020

Linux Advisory Watch: November 13th, 2020

Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.

Important advisories issued this week include a critical Firefox update for Red Hat Enterprise Linux 6, 7 and 8, Thunderbird and Firefox updates for CentOS 6 and warnings from Gentoo of multiple vulnerabilities in Wireshark and QEMU. Continue reading to learn about other significant advisories issued this week. Stay healthy, safe and secure - both on and offline!

Yours in Open Source,

Brittany Day Signature


LinuxSecurity.com Feature Extras:

WireGuard Brings Speed and Simplicity to VPN Technology - This article briefly explores VPN protocols and potential concerns when implementing a VPN, and dives deeper into the unique benefits that Wireguard offers users.

Open Source is Revolutionizing Careers in Cybersecurity - What You Need to Know - As technology companies are scrambling to meet businesses and consumers evolving needs, one trend has become clearly apparent - open-source is at the forefront of modern technological innovation, revolutionizing careers available in the field of cybersecurity in the process. 


  Debian: DSA-4791-1: pacemaker security update (Nov 13)
 

Ken Gaillot discovered a vulnerability in the Pacemaker cluster resource manager: If ACLs were configured for users in the "haclient" group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with

  Debian: DSA-4789-1: codemirror-js security update (Nov 12)
 

It was discovered that codemirror, a browser-based text editor implemented in JavaScript, was vulnerable to regular expression denial-of-service.

  Debian: DSA-4788-1: firefox-esr security update (Nov 10)
 

A use-after-free was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For the stable distribution (buster), this problem has been fixed in

  Debian: DSA-4787-1: moin security update (Nov 9)
 

Two vulnerabilities were discovered in moin, a Python clone of WikiWiki. CVE-2020-15275

  Debian: DSA-4786-1: libexif security update (Nov 8)
 

It was discovered that a boundary check in libexif, a library to parse EXIF files, could be optimised away by the compiler, resulting in a potential buffer overflow.

  Debian: DSA-4785-1: raptor2 security update (Nov 7)
 

It was discovered that raptor2, an RDF parser library, is prone to heap-based buffer overflow flaws, which could result in denial of service, or potentially the execution of arbitrary code, if a specially crafted file is processed.

  Debian: DSA-4784-1: wordpress security update (Nov 6)
 

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to run insecure deserialization, embed spam, perform various Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks, escalate privileges, run arbitrary

  Debian: DSA-4783-1: sddm security update (Nov 5)
 

Fabian Vogt discovered a flaw in sddm, a modern display manager for X11. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges.

  Fedora 31: nss 2020-a857113c7a (Nov 12)
 

Updates the nss package to upstream NSS 3.58 respectively. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes - https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes

  Fedora 32: nss 2020-bb91bf9b8e (Nov 12)
 

Updates the nss package to upstream NSS 3.58 respectively. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes - https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes

  Fedora 31: java-latest-openjdk 2020-84137f197e (Nov 11)
 

java-latest-openjdk October 2020 CPU update

  Fedora 32: firefox 2020-fc9085727a (Nov 11)
 

- New upstream release (82.0.3) ---- - Built with mozilla-openh264 weak dependency ---- - Require mozilla-openh264 package - Add firefox testing scripts

  Fedora 32: xen 2020-5398bfb466 (Nov 11)
 

update to xen-4.13.2 ---- x86 PV guest INVLPG-like flushes may leave stale TLB entries [XSA-286, CVE-2020-27674] (#1891092)

  Fedora 33: xen 2020-ec84c1565b (Nov 11)
 

revised patch for XSA-286 (mitigating performance impact) ---- x86 PV guest INVLPG-like flushes may leave stale TLB entries [XSA-286, CVE-2020-27674] (#1891092) simplify grub scripts (patches from Thierry Vignaud ) some fixes for gcc 11

  Fedora 31: mariadb-connector-c 2020-ac2d47d89a (Nov 10)
 

**MariaDB 10.3.26** **MariaDB connector C/C++ 3.1.11** **Galera 25.3.26** Release notes: https://mariadb.com/kb/en/mariadb-10326-release-notes/ https://mariadb.com/kb/en/mariadb-connector-c-3111-release-notes/ ---- **MariaDB 10.3.25** Release notes: https://mariadb.com/kb/en/mariadb-10325-release-notes/

  Fedora 31: galera 2020-ac2d47d89a (Nov 10)
 

**MariaDB 10.3.26** **MariaDB connector C/C++ 3.1.11** **Galera 25.3.26** Release notes: https://mariadb.com/kb/en/mariadb-10326-release-notes/ https://mariadb.com/kb/en/mariadb-connector-c-3111-release-notes/ ---- **MariaDB 10.3.25** Release notes: https://mariadb.com/kb/en/mariadb-10325-release-notes/

  Fedora 31: mariadb 2020-ac2d47d89a (Nov 10)
 

**MariaDB 10.3.26** **MariaDB connector C/C++ 3.1.11** **Galera 25.3.26** Release notes: https://mariadb.com/kb/en/mariadb-10326-release-notes/ https://mariadb.com/kb/en/mariadb-connector-c-3111-release-notes/ ---- **MariaDB 10.3.25** Release notes: https://mariadb.com/kb/en/mariadb-10325-release-notes/

  Fedora 31: wordpress 2020-15e15c35da (Nov 10)
 

**WordPress 5.5.3 Maintenance Release** This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. ---- **WordPress 5.5.2 Security and Maintenance Release** **Security Updates** * Props to Alex Concha of the WordPress Security Team for their work in hardening

  Fedora 33: firefox 2020-cb886fd1b3 (Nov 10)
 

- New upstream release (82.0.3)

  Fedora 32: java-latest-openjdk 2020-d1b8d3f94a (Nov 10)
 

java-latest-openjdk October CPU update

  Fedora 32: cifs-utils 2020-cfdd73f1b4 (Nov 10)
 

New upstream release: - fixes CVE-2020-14342 cifs-utils: shell command injection in mount.cifs - adds `smb2-quota` tool - adds `mount.smb3` as a symlink to `mount.cifs`

  Fedora 32: wordpress 2020-b386fac43a (Nov 10)
 

**WordPress 5.5.3 Maintenance Release** This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. ---- **WordPress 5.5.2 Security and Maintenance Release** **Security Updates** * Props to Alex Concha of the WordPress Security Team for their work in hardening

  Fedora 33: java-latest-openjdk 2020-81e511d0d8 (Nov 10)
 

java-latest-openjdk October CPU update

  Fedora 33: cifs-utils 2020-ea0b9caac3 (Nov 10)
 

New upstream release: - fixes CVE-2020-14342 cifs-utils: shell command injection in mount.cifs - adds `smb2-quota` tool - adds `mount.smb3` as a symlink to `mount.cifs`

  Fedora 33: wordpress 2020-a764b11b52 (Nov 10)
 

**WordPress 5.5.3 Maintenance Release** This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. ---- **WordPress 5.5.2 Security and Maintenance Release** **Security Updates** * Props to Alex Concha of the WordPress Security Team for their work in hardening

  Fedora 32: samba 2020-2e1a1489be (Nov 9)
 

Update to Samba 4.12.10 ---- Update to Samba 4.12.9 - Security fixes for CVE-2020-14318, CVE-2020-14323 and CVE-2020-14383

  Fedora 32: mariadb 2020-b995eb2973 (Nov 8)
 

**MariaDB 10.4.16** **MariaDB Connector C/C++ 3.1.11** **Galera 26.4.6** Release notes: https://mariadb.com/kb/en/mariadb-10416-release-notes/ https://mariadb.com/kb/en/mariadb-connector-c-3111-release-notes/

  Fedora 32: mariadb-connector-c 2020-b995eb2973 (Nov 8)
 

**MariaDB 10.4.16** **MariaDB Connector C/C++ 3.1.11** **Galera 26.4.6** Release notes: https://mariadb.com/kb/en/mariadb-10416-release-notes/ https://mariadb.com/kb/en/mariadb-connector-c-3111-release-notes/

  Fedora 32: galera 2020-b995eb2973 (Nov 8)
 

**MariaDB 10.4.16** **MariaDB Connector C/C++ 3.1.11** **Galera 26.4.6** Release notes: https://mariadb.com/kb/en/mariadb-10416-release-notes/ https://mariadb.com/kb/en/mariadb-connector-c-3111-release-notes/

  Fedora 32: libtpms 2020-95f6a3250a (Nov 8)
 

Follow stable-0.7.0 branch to v0.7.4 with security-related fixes

  Fedora 33: krb5 2020-32193cbbe6 (Nov 8)
 

- Fix CVE-2020-28196 (DoS in ASN.1 parsing due to missing recursion depth checks) - fc32 + fc33 only: pull-up to rawhide

  Fedora 33: mariadb 2020-561eed63ef (Nov 8)
 

**MariaDB 10.4.16** **MariaDB Connector C/C++ 3.1.11** **Galera 26.4.6** Release notes: https://mariadb.com/kb/en/mariadb-10416-release-notes/ https://mariadb.com/kb/en/mariadb-connector-c-3111-release-notes/

  Fedora 33: mariadb-connector-c 2020-561eed63ef (Nov 8)
 

**MariaDB 10.4.16** **MariaDB Connector C/C++ 3.1.11** **Galera 26.4.6** Release notes: https://mariadb.com/kb/en/mariadb-10416-release-notes/ https://mariadb.com/kb/en/mariadb-connector-c-3111-release-notes/

  Fedora 33: galera 2020-561eed63ef (Nov 8)
 

**MariaDB 10.4.16** **MariaDB Connector C/C++ 3.1.11** **Galera 26.4.6** Release notes: https://mariadb.com/kb/en/mariadb-10416-release-notes/ https://mariadb.com/kb/en/mariadb-connector-c-3111-release-notes/

  Fedora 33: libtpms 2020-4b07f91101 (Nov 8)
 

Follow stable-0.7.0 branch to v0.7.4 with security-related fixes

  Fedora 31: libtpms 2020-477b00a4d8 (Nov 8)
 

Follow stable-0.7.0 branch to v0.7.4 with security-related fixes

  Fedora 31: freetype 2020-6b35849edd (Nov 6)
 

Security fix for CVE-2020-15999.

  Fedora 31: salt 2020-9e040bd6dd (Nov 6)
 

Update to CVE release 3001.3-1 for Python3 Includes fixes for CVE-2020-16846, CVE-2020-17490, CVE-2020-25592

  Fedora 31: pngcheck 2020-d1ce381889 (Nov 6)
 

Fix executable hardening (PIC/PIE)

  Fedora 31: blueman 2020-e083225fa1 (Nov 6)
 

Update to v2.1.4. Contains security fix for CVE-2020-15238.

  Fedora 31: chromium 2020-8aca25b5c8 (Nov 6)
 

Update to Chromium 86. A few big things here: 1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium: chrome://flags/#enable-

  Fedora 32: salt 2020-f9fa7892f2 (Nov 5)
 

Update to CVE release 3001.3-1 for Python3 Includes fixes for CVE-2020-16846, CVE-2020-17490, CVE-2020-25592

  Fedora 32: pngcheck 2020-d67cc48dce (Nov 5)
 

Fix executable hardening (PIC/PIE)

  Fedora 32: blueman 2020-ebabb6bf76 (Nov 5)
 

Update to v2.1.4. Contains security fix for CVE-2020-15238.

  Fedora 32: chromium 2020-127d40f1ab (Nov 5)
 

Update to Chromium 86. A few big things here: 1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium: chrome://flags/#enable-

  Fedora 33: salt 2020-5f08623da1 (Nov 5)
 

Update to CVE release 3002.1-1 for Python3 Includes fixes for CVE-2020-16846, CVE-2020-17490, CVE-2020-25592

  Fedora 33: pngcheck 2020-337dd39e3e (Nov 5)
 

Fix executable hardening (PIC/PIE)

  Fedora 33: blueman 2020-7c22b25a07 (Nov 5)
 

Update to v2.1.4. Contains security fix for CVE-2020-15238.

  Gentoo: GLSA-202011-14: MariaDB: Remote code execution (Nov 10)
 

A vulnerability has been discovered in MariaDB which could result in the arbitrary execution of code.

  Gentoo: GLSA-202011-12: Chromium, Google Chrome: Multiple vulnerabilities (Nov 10)
 

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.

  Gentoo: GLSA-202011-13: Salt: Multiple vulnerabilities (Nov 10)
 

Multiple vulnerabilities have been found in Salt, the worst of which could result in the arbitrary execution of code.

  Gentoo: GLSA-202011-11: Blueman: Local privilege escalation (Nov 10)
 

A privilege escalation vulnerability has been discovered in Blueman.

  Gentoo: GLSA-202011-10: tmux: Buffer overflow (Nov 10)
 

A buffer overflow in tmux might allow remote attacker(s) to execute arbitrary code.

  Gentoo: GLSA-202011-09: QEMU: Multiple vulnerabilities (Nov 10)
 

Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code.

  Gentoo: GLSA-202011-08: Wireshark: Multiple vulnerabilities (Nov 10)
 

Multiple vulnerabilities have been found in Wireshark, the worst of which could result in a Denial of Service condition.

  Gentoo: GLSA-202011-07: Mozilla Firefox: Remote code execution (Nov 10)
 

A use-after-free in Mozilla Firefox might allow remote attacker(s) to execute arbitrary code.

  RedHat: RHSA-2020-5104:01 Critical: firefox security update (Nov 12)
 

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5099:01 Critical: firefox security update (Nov 12)
 

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5100:01 Critical: firefox security update (Nov 12)
 

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5086:01 Moderate: rh-nodejs12-nodejs security update (Nov 11)
 

An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5083:01 Moderate: microcode_ctl security, bug fix, (Nov 11)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5084:01 Moderate: microcode_ctl security, bug fix, (Nov 11)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5085:01 Moderate: microcode_ctl security, (Nov 11)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5079:01 Moderate: kernel-alt security and bug fix update (Nov 10)
 

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5054:01 Moderate: skopeo security update (Nov 10)
 

An update for skopeo is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5056:01 Moderate: podman security and bug fix update (Nov 10)
 

An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5040:01 Moderate: libvirt security and bug fix update (Nov 10)
 

An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5026:01 Moderate: kernel-rt security and bug fix update (Nov 10)
 

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5050:01 Important: kpatch-patch security update (Nov 10)
 

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-5012:01 Moderate: librepo security update (Nov 10)
 

An update for librepo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5011:01 Moderate: bind security and bug fix update (Nov 10)
 

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5004:01 Low: resource-agents security and bug fix update (Nov 10)
 

An update for resource-agents is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5023:01 Moderate: kernel security and bug fix update (Nov 10)
 

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5009:01 Moderate: python security update (Nov 10)
 

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-4992:01 Moderate: bind security update (Nov 10)
 

An update for bind is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-4999:01 Moderate: unixODBC security update (Nov 10)
 

An update for unixODBC is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-4991:01 Moderate: kernel security and bug fix update (Nov 10)
 

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.

  RedHat: RHSA-2020-4379:01 Important: Red Hat build of Eclipse Vert.x 3.9.4 (Nov 9)
 

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each

  RedHat: RHSA-2020-4978:01 Important: Red Hat Single Sign-On 7.4.3 one-off (Nov 9)
 

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-4974:01 Important: chromium-browser security update (Nov 9)
 

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-4961:01 Moderate: Red Hat Process Automation Manager (Nov 5)
 

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-4960:01 Moderate: Red Hat Decision Manager 7.9.0 security (Nov 5)
 

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-4953:01 Important: xorg-x11-server security update (Nov 5)
 

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-4946:01 Important: libX11 security update (Nov 5)
 

An update for libX11 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-4947:01 Important: thunderbird security update (Nov 5)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-4945:01 Important: thunderbird security update (Nov 5)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-4951:01 Important: freetype security update (Nov 5)
 

An update for freetype is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-4944:01 Important: thunderbird security update (Nov 5)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-4948:01 Important: thunderbird security update (Nov 5)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-4952:01 Important: freetype security update (Nov 5)
 

An update for freetype is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-4950:01 Important: freetype security update (Nov 5)
 

An update for freetype is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-4949:01 Important: freetype security update (Nov 5)
 

An update for freetype is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  SUSE: 2020:3314-1 important: openldap2 (Nov 12)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3311-1 important: MozillaFirefox (Nov 12)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3315-1 important: openldap2 (Nov 12)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3309-1 important: ansible, ardana-ansible, ardana-cinder, ardana-glance, ardana (Nov 12)
 

An update that solves 53 vulnerabilities, contains 14 features and has 5 fixes is now available.

  SUSE: 2020:14542-1 important: MozillaFirefox (Nov 11)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3292-1 moderate: python-waitress (Nov 11)
 

An update that fixes four vulnerabilities is now available.

  SUSE: 2020:3283-1 important: u-boot (Nov 11)
 

An update that solves 18 vulnerabilities and has two fixes is now available.

  SUSE: 2020:14541-1 important: openldap2 (Nov 11)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3282-1 important: u-boot (Nov 11)
 

An update that fixes 18 vulnerabilities is now available.

  SUSE: 2020:3279-1 moderate: ucode-intel (Nov 11)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3281-1 important: the Linux Kernel (Nov 11)
 

An update that solves 11 vulnerabilities and has 58 fixes is now available.

  SUSE: 2020:14540-1 moderate: microcode_ctl (Nov 11)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3272-1 important: the Linux Kernel (Nov 10)
 

An update that solves 8 vulnerabilities and has 38 fixes is now available.

  SUSE: 2020:3271-1 moderate: ucode-intel (Nov 10)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3274-1 moderate: ucode-intel (Nov 10)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3272-1 important: the Linux Kernel (Nov 10)
 

An update that solves 8 vulnerabilities and has 38 fixes is now available.

  SUSE: 2020:3273-1 important: the Linux Kernel (Nov 10)
 

An update that solves two vulnerabilities and has 25 fixes is now available.

  SUSE: 2020:3275-1 moderate: ucode-intel (Nov 10)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3273-1 important: the Linux Kernel (Nov 10)
 

An update that solves two vulnerabilities and has 25 fixes is now available.

  SUSE: 2020:3276-1 moderate: ucode-intel (Nov 10)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3269-1 moderate: python-waitress (Nov 10)
 

An update that fixes four vulnerabilities is now available.

  SUSE: 2020:3268-1 important: spice-vdagent (Nov 10)
 

An update that solves four vulnerabilities and has one errata is now available.

  SUSE: 2020:3255-1 important: u-boot (Nov 9)
 

An update that solves 18 vulnerabilities and has one errata is now available.

  SUSE: 2020:3257-1 moderate: ceph, deepsea (Nov 9)
 

An update that solves one vulnerability and has 35 fixes is now available.

  SUSE: 2020:3256-1 important: u-boot (Nov 9)
 

An update that fixes 20 vulnerabilities is now available.

  SUSE: 2020:3230-1 important: the Linux Kernel (Nov 6)
 

An update that solves four vulnerabilities and has 20 fixes is now available.

  SUSE: 2020:3251-1 critical: SUSE Manager 3.2 (Nov 6)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3219-1 important: the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Nov 6)
 

An update that fixes 6 vulnerabilities is now available.

  SUSE: 2020:3235-1 moderate: SUSE Manager Server 4.1 (Nov 6)
 

An update that solves four vulnerabilities and has 22 fixes is now available.

  SUSE: 2020:3210-1 important: the Linux Kernel (Live Patch 6 for SLE 12 SP5) (Nov 6)
 

An update that fixes four vulnerabilities is now available.

  SUSE: 2020:3231-1 moderate: yast2-multipath (Nov 6)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3243-1 critical: salt (Nov 6)
 

An update that solves three vulnerabilities and has 7 fixes is now available.

  SUSE: 2020:14537-1 critical: SUSE Manager Client Tools (Nov 6)
 

An update that solves three vulnerabilities and has 8 fixes is now available.

  SUSE: 2020:3204-1 important: the Linux Kernel (Live Patch 4 for SLE 12 SP5) (Nov 6)
 

An update that fixes 5 vulnerabilities is now available.

  SUSE: 2020:3222-1 important: the Linux Kernel (Live Patch 9 for SLE 12 SP5) (Nov 6)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3225-1 important: the Linux Kernel (Live Patch 29 for SLE 12 SP3) (Nov 6)
 

An update that fixes 5 vulnerabilities is now available.

  SUSE: 2020:3244-1 critical: Salt (Nov 6)
 

An update that solves three vulnerabilities and has 7 fixes is now available.

  SUSE: 2020:14535-1 critical: SUSE Manager Client Tools (Nov 6)
 

An update that solves three vulnerabilities and has 8 fixes is now available.

  SUSE: 2020:3235-1 important: SUSE Manager Server 4.1 (Nov 6)
 

An update that solves four vulnerabilities and has 22 fixes is now available.

  SUSE: 2020:3245-1 critical: Salt (Nov 6)
 

An update that solves three vulnerabilities and has 7 fixes is now available.

  SUSE: 2020:14538-1 critical: SUSE Manager Client Tools (Nov 6)
 

An update that solves three vulnerabilities and has three fixes is now available.

  SUSE: 2020:3250-1 critical: SUSE Manager 4.0 (Nov 6)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3191-1 important: java-1_8_0-openjdk (Nov 5)
 

An update that fixes 16 vulnerabilities is now available.

  SUSE: 2020:3180-1 important: the Linux Kernel (Live Patch 18 for SLE 15) (Nov 5)
 

An update that fixes 5 vulnerabilities is now available.

  SUSE: 2020:3181-1 important: the Linux Kernel (Live Patch 4 for SLE 15 SP2) (Nov 5)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3186-1 important: the Linux Kernel (Live Patch 2 for SLE 15 SP2) (Nov 5)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3187-1 important: the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Nov 5)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3190-1 important: the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Nov 5)
 

An update that fixes four vulnerabilities is now available.

  SUSE: 2020:3188-1 important: the Linux Kernel (Live Patch 15 for SLE 15 SP1) (Nov 5)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3178-1 important: the Linux Kernel (Live Patch 20 for SLE 15) (Nov 5)
 

An update that fixes four vulnerabilities is now available.

  SUSE: 2020:3171-1 critical: salt (Nov 5)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3161-1 important: u-boot (Nov 5)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3163-1 moderate: ImageMagick (Nov 5)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3160-1 important: rmt-server (Nov 5)
 

An update that fixes 16 vulnerabilities is now available.

  SUSE: 2020:3165-1 moderate: bluez (Nov 5)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3166-1 moderate: wireshark (Nov 5)
 

An update that fixes four vulnerabilities is now available.

  SUSE: 2020:3164-1 moderate: ImageMagick (Nov 5)
 

An update that solves one vulnerability and has one errata is now available.

  SUSE: 2020:3162-1 moderate: ImageMagick (Nov 5)
 

An update that fixes one vulnerability is now available.

  Ubuntu 4607-2: OpenJDK regressions (Nov 12)
 

USN-4607-1 introduced a regression in OpenJDK.

  Ubuntu 4631-1: libmaxminddb vulnerability (Nov 12)
 

libmaxminddb could be made to crash if it received specially crafted data.

  Ubuntu 4171-6: Apport regression (Nov 12)
 

USN-4171-1 introduced a regression in Apport.

  Ubuntu 4628-2: Intel Microcode regression (Nov 12)
 

USN-4628-1 introduced a regression in the Intel Microcode for some processors.

  Ubuntu 4622-2: OpenLDAP vulnerability (Nov 11)
 

OpenLDAP could be made to crash or run programs if it received specially crafted network traffic.

  Ubuntu 4628-1: Intel Microcode vulnerabilities (Nov 11)
 

Several security issues were fixed in Intel Microcode.

  Ubuntu 4630-1: Raptor vulnerability (Nov 11)
 

raptor2 could be made to crash or run programs as your login if it opened a specially crafted file.

  Ubuntu 4629-1: MoinMoin vulnerabilities (Nov 11)
 

Several security issues were fixed in MoinMoin.

  Ubuntu 4627-1: Linux kernel vulnerability (Nov 10)
 

The system could be made to expose sensitive information.

  Ubuntu 4626-1: Linux kernel vulnerabilities (Nov 10)
 

Several security issues were fixed in the Linux kernel.

  Ubuntu 4625-1: Firefox vulnerability (Nov 10)
 

Firefox could be made to crash or run programs as your login if it opened a malicious website.

  Ubuntu 4624-1: libexif vulnerability (Nov 10)
 

libexif could be made to execute arbitrary code if it received a specially crafted input.

  Ubuntu 4623-1: Pacemaker vulnerability (Nov 9)
 

Pacemaker could be made to run programs as an administrator.

  Ubuntu 4622-1: OpenLDAP vulnerability (Nov 9)
 

OpenLDAP could be made to crash or run programs if it received specially crafted network traffic.

  Ubuntu 4621-1: netqmail vulnerabilities (Nov 6)
 

netqmail could be made to crash if it received specially crafted input.

  Ubuntu 4599-3: Firefox regressions (Nov 5)
 

USN-4599-1 and USN-4599-2 caused some minor regressions in Firefox.

  Ubuntu 4619-1: dom4j vulnerability (Nov 5)
 

dom4j could be made to crash or run programs if it received a specially crafted file.

  Ubuntu 4618-1: tmux vulnerability (Nov 5)
 

tmux could be made to crash or execute arbitrary code if it received a specially crafted input.

  Debian LTS: DLA-2450-1: libproxy security update (Nov 13)
 

Li Fei found that libproxy, a library for automatic proxy configuration management, was vulnerable to a buffer overflow vulnerability when receiving a large PAC file from a server without a Content-Length header in the response.

  Debian LTS: DLA-2449-1: thunderbird security update (Nov 13)
 

A use-after-free was found in Thunderbird, which could potentially result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version

  Debian LTS: DLA-2447-1: pacemaker security update (Nov 11)
 

An ACL bypass flaw was found in pacemaker, a cluster resource manager. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.

  Debian LTS: DLA-2446-1: moin security update (Nov 10)
 

Two vulnerabilities were discovered in moin, a Python clone of WikiWiki. CVE-2020-15275

  Debian LTS: DLA-2444-1: tcpdump security update (Nov 10)
 

The ppp de-capsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. The buffer should be big enough to hold the captured data, but it

  Debian LTS: DLA-2443-1: zeromq3 security update (Nov 10)
 

It was discovered that ZeroMQ, a lightweight messaging kernel library does not properly handle connecting peers before a handshake is completed. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket

  Debian LTS: DLA-2445-1: libmaxminddb security update (Nov 10)
 

A heap-based buffer over-read has been found in libmaxminddb, an IP geolocation database library. This could be exploited when the mmdblookup tool is used to open a specially crafted database file.

  Debian LTS: DLA-2442-1: obfs4proxy security update (Nov 10)
 

golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.

  Debian LTS: DLA-2441-1: sympa security update (Nov 9)
 

A privilege escalation was discovered in Sympa, a modern mailing list manager. It is fixed when Sympa is used in conjunction with common MTAs (such as Exim or Postfix) by disabling a setuid executable, although no fix is currently available for all environments (such as

  Debian LTS: DLA-2440-1: poppler security update (Nov 8)
 

For Debian 9 stretch, these problems have been fixed in version 0.48.0-2+deb9u4. We recommend that you upgrade your poppler packages.

  Debian LTS: DLA-2439-1: libexif security update (Nov 7)
 

In libexif/exif-entry.c, through libexif 0.6.21-2+deb9u4, compiler optimization could remove a buffer overflow check, making a buffer overflow possible with some EXIF tags.

  Debian LTS: DLA-2435-1: guacamole-server security update (Nov 6)
 

The server component of Apache Guacamole, a remote desktop gateway, did not properly validate data received from RDP servers. This could result in information disclosure or even the execution of arbitrary code.

  ArchLinux: 202011-10: linux-hardened: multiple issues (Nov 10)
 

The package linux-hardened before version 5.9.8.a-1 is vulnerable to multiple issues including denial of service and information disclosure.

  ArchLinux: 202011-9: chromium: arbitrary code execution (Nov 10)
 

The package chromium before version 86.0.4240.193-1 is vulnerable to arbitrary code execution.

  ArchLinux: 202011-8: sddm: privilege escalation (Nov 10)
 

The package sddm before version 0.19.0-1 is vulnerable to privilege escalation.

  ArchLinux: 202011-7: salt: multiple issues (Nov 10)
 

The package salt before version 2019.2.7-1 is vulnerable to multiple issues including arbitrary command execution and access restriction bypass.

  ArchLinux: 202011-6: firefox: arbitrary code execution (Nov 10)
 

The package firefox before version 82.0.3-1 is vulnerable to arbitrary code execution.

  ArchLinux: 202011-5: gdm: privilege escalation (Nov 10)
 

The package gdm before version 3.38.2-1 is vulnerable to privilege escalation.

  ArchLinux: 202011-4: matrix-synapse: cross-site scripting (Nov 10)
 

The package matrix-synapse before version 1.21.0-1 is vulnerable to cross-site scripting.

  ArchLinux: 202011-3: wordpress: multiple issues (Nov 10)
 

The package wordpress before version 5.5.3-1 is vulnerable to multiple issues including arbitrary code execution, cross-site request forgery, cross-site scripting, insufficient validation and privilege escalation.

  CentOS: CESA-2020-4947: Important CentOS 6 thunderbird (Nov 9)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:4947

  CentOS: CESA-2020-4330: Important CentOS 6 firefox (Nov 9)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:4330

  CentOS: CESA-2020-4946: Important CentOS 6 libX11 (Nov 9)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:4946

  CentOS: CESA-2020-4183: Moderate CentOS 6 bind (Nov 9)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:4183

  CentOS: CESA-2020-4056: Important CentOS 6 qemu-kvm (Nov 9)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:4056

  CentOS: CESA-2020-4953: Important CentOS 6 xorg-x11-server (Nov 9)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:4953

  CentOS: CESA-2020-4182: Important CentOS 6 kernel (Nov 9)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:4182

  CentOS: CESA-2020-4348: Moderate CentOS 6 java-1.8.0-openjdk (Nov 9)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:4348

  openSUSE: 2020:1888-1: moderate: otrs (Nov 9)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:1882-1: moderate: wireshark (Nov 9)
 

An update that fixes four vulnerabilities is now available.

  openSUSE: 2020:1884-1: moderate: ImageMagick (Nov 9)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1880-1: moderate: bluez (Nov 9)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1878-1: moderate: wireshark (Nov 8)
 

An update that fixes four vulnerabilities is now available.

  openSUSE: 2020:1876-1: moderate: bluez (Nov 8)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1875-1: important: apache-commons-httpclient (Nov 8)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:1873-1: important: apache-commons-httpclient (Nov 7)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:1870-1: moderate: sddm (Nov 7)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1869-1: important: u-boot (Nov 7)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:1868-1: critical: salt (Nov 7)
 

An update that solves three vulnerabilities and has 7 fixes is now available.

  openSUSE: 2020:1861-1: moderate: gnome-settings-daemon, gnome-shell (Nov 7)
 

An update that solves one vulnerability and has one errata is now available.

  openSUSE: 2020:1859-1: moderate: python (Nov 7)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1856-1: moderate: virt-bootstrap (Nov 6)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1844-1: important: xen (Nov 5)
 

An update that fixes four vulnerabilities is now available.

  openSUSE: 2020:1841-1: critical: tigervnc (Nov 5)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1840-1: moderate: tiff (Nov 5)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1834-1: moderate: tmux (Nov 5)
 

An update that solves two vulnerabilities and has two fixes is now available.

  openSUSE: 2020:1842-1: moderate: tomcat (Nov 5)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1834-1: moderate: tmux (Nov 5)
 

An update that solves two vulnerabilities and has two fixes is now available.

  openSUSE: 2020:1843-1: moderate: transfig (Nov 5)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1833-1: critical: salt (Nov 5)
 

An update that solves three vulnerabilities and has 6 fixes is now available.

  openSUSE: 2020:1831-1: important: chromium (Nov 5)
 

An update that fixes 7 vulnerabilities is now available.

  openSUSE: 2020:1829-1: important: chromium, gn (Nov 5)
 

An update that fixes 39 vulnerabilities is now available.

  Mageia 2020-0412: sddm security update (Nov 10)
 

Fabian Vogt discovered a flaw in sddm before 0.19.0. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges (CVE-2020-28049). References:

  Mageia 2020-0411: lout security update (Nov 10)
 

Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. (CVE-2019-19917) Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. (CVE-2019-19918)

  Mageia 2020-0409: pacemaker security update (Nov 10)
 

ACL restrictions bypass. (CVE-2020-25654) References: - https://bugs.mageia.org/show_bug.cgi?id=27472 - https://www.openwall.com/lists/oss-security/2020/10/27/1

  Mageia 2020-0408: spice and spice-gtk security update (Nov 10)
 

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process

  Mageia 2020-0407: openldap security update (Nov 10)
 

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet (CVE-2020-25692).

  Mageia 2020-0406: docker security update (Nov 9)
 

It was discovered that Docker could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials (CVE-2020-15157).

  Mageia 2020-0405: fontforge security update (Nov 8)
 

SFD_GetFontMetaData() insufficient CVE-2020-5395 backport. (CVE-2020-25690) References: - https://bugs.mageia.org/show_bug.cgi?id=27563 - https://access.redhat.com/errata/RHSA-2020:4844

  Mageia 2020-0404: mariadb security update (Nov 8)
 

The latest release of mariadb fixes some undisclosed easily exploitable vulnerabilities. (CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 and CVE-2020-14812). Additionally some bugs are fixed:

  Mageia 2020-0403: junit security update (Nov 8)
 

It was discovered that junit contained a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users

  Mageia 2020-0402: blueman security update (Nov 8)
 

Vaisha Bernard discovered that blueman did not properly sanitize input on the D-Bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service (CVE-2020-15238).

  Mageia 2020-0401: suricata security update (Nov 8)
 

The suricata package has been updated to version 4.1.9, which fixes security issues and other bugs. See the upstream announcements for details. References: - https://bugs.mageia.org/show_bug.cgi?id=27475

  Mageia 2020-0400: webmin security update (Nov 8)
 

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. (CVE-2020-8820)

  Mageia 2020-0399: libproxy security update (Nov 8)
 

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. (CVE-2020-26154) References:

  Mageia 2020-0398: libuv security update (Nov 8)
 

The implementation of realpath in libuv before 1.39 incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes (CVE-2020-8252). References:

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.