Advisories

Linux Advisory Watch

Don't want to miss that crucial security notice?. The editorial staff at Guardian Digital will bring you complete coverage and in-depth
descriptions of all security bulletins, vulnerabilities and updated packages, all in one convenient weekly newsletter.

Linux Advisory Watch: November 27th, 2020

Linux Advisory Watch: November 27th, 2020

Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.


Significant advisories issued this week include a 5.9.10 stable kernel update issued by Fedora containing multiple fixes across the tree and an important kernel update for Red Hat Enterprise Linux users. Continue reading to learn about other advisories issued this week. Stay healthy, safe and secure - both on and offline!

Yours in Open Source,

Brittany Day Signature


LinuxSecurity.com Feature Extras:

OctopusWAF: A Customizable Open-Source WAF for High Performance Applications - Mainstream web application firewalls (WAFs) can be very difficult to understand, with thousands of lines of code and obscure plugins. But OctopusWAF is different - the open-source WAF is customizable, user-friendly and optimized for a large number of parallel connections - making it ideal for high performance AJAX applications.

WireGuard Brings Speed and Simplicity to VPN Technology - This article will briefly explore VPN protocols and potential concerns when implementing a VPN, and will dive deeper into the unique benefits that Wireguard offers users.


  Debian: DSA-4797-1: webkit2gtk security update (Nov 24)
 

The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9948

  Debian: DSA-4794-1: mupdf security update (Nov 21)
 

A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened.

  Fedora 33: drupal7 2020-7d8f772540 (Nov 26)
 

- https://www.drupal.org/project/drupal/releases/7.74 - https://www.drupal.org/sa-core-2020-012 - https://www.drupal.org/project/drupal/releases/7.73 - https://www.drupal.org/sa-core-2020-007

  Fedora 33: java-1.8.0-openjdk-aarch32 2020-9dc3df49f0 (Nov 26)
 

8u275 update

  Fedora 33: pacemaker 2020-3d0e38b9e7 (Nov 26)
 

** Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 ** - a little more syncing with upstream spec-file ** Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 ** - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or

  Fedora 33: swtpm 2020-00d28cf56b (Nov 26)
 

Another build of v0.5.1 after more fixes

  Fedora 33: slurm 2020-49b97c38e7 (Nov 26)
 

Update to 20.02.6. Closes security issues CVE-2020-27745 and CVE-2020-27746.

  Fedora 32: drupal7 2020-088196d926 (Nov 26)
 

- https://www.drupal.org/project/drupal/releases/7.74 - https://www.drupal.org/sa-core-2020-012 - https://www.drupal.org/project/drupal/releases/7.73 - https://www.drupal.org/sa-core-2020-007

  Fedora 32: java-1.8.0-openjdk-aarch32 2020-8bfc7c49d1 (Nov 26)
 

8u275 update

  Fedora 32: pacemaker 2020-2cbe0089e2 (Nov 26)
 

* Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 - a little more syncing with upstream spec-file * Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or

  Fedora 32: swtpm 2020-c707fcb91f (Nov 26)
 

Another build of v0.5.1 after more fixes

  Fedora 32: slurm 2020-98a5098030 (Nov 26)
 

Update to 19.05.08. Closes security issues CVE-2020-27745 and CVE-2020-27746

  Fedora 32: libxml2 2020-b6aaf25741 (Nov 26)
 

Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot.

  Fedora 32: kernel 2020-4700a73bd5 (Nov 24)
 

The 5.9.10 stable kernel update contains a number of important fixes across the tree.

  Fedora 32: libexif 2020-0aa0fc1b0c (Nov 24)
 

CVE-2020-0181, CVE-2020-0198, and CVE-2020-0452

  Fedora 33: kernel 2020-8c15928d23 (Nov 24)
 

The 5.9.10 stable kernel update contains a number of important fixes across the tree.

  Fedora 31: microcode_ctl 2020-d5941ea479 (Nov 23)
 

- Update to upstream 2.1-31. 20201118 - Removal of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68[1]; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up to 0x34[2]. [1] The microcode has been removed after reports of system hangs: https://github.com/intel/Intel-Linux-Processor- Microcode-Data-Files/issues/44 [2] Addresses CVE-2020-8695 for this platform.

  Fedora 31: seamonkey 2020-fd5918d946 (Nov 23)
 

Additional fixes for AV1 codec and svg icon. ---- Update to 2.53.5 AV1 media codec now supported. Some fixes and improvements.

  Fedora 32: chromium 2020-3e005ce2e0 (Nov 23)
 

Update to 87.0.4280.66. Fixes bugs and security holes. Yay! CVE-2020-16012 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035

  Fedora 33: chromium 2020-10ec8aca61 (Nov 21)
 

Update to 87.0.4280.66. Fixes bugs and security holes. Yay! CVE-2020-16012 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16015 CVE-2020-16014 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035

  Fedora 33: microcode_ctl 2020-2c8824c6b1 (Nov 21)
 

- Update to upstream 2.1-31. 20201118 - Removal of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68[1]; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up to 0x34[2]. [1] The microcode has been removed after reports of system hangs: https://github.com/intel/Intel-Linux-Processor- Microcode-Data-Files/issues/44 [2] Addresses CVE-2020-8695 for this platform.

  Fedora 31: pngcheck 2020-27b168926a (Nov 21)
 

Fix buffer overflow (RHBZ #1897485) A global buffer overflow was discovered in the check_chunk_name function via a crafted png file.

  Fedora 33: pngcheck 2020-4349e95c4f (Nov 21)
 

Fix buffer overflow (RHBZ #1897485) A global buffer overflow was discovered in the check_chunk_name function via a crafted png file.

  Fedora 32: pngcheck 2020-23432b7b72 (Nov 21)
 

Fix buffer overflow (RHBZ #1897485) A global buffer overflow was discovered in the check_chunk_name function via a crafted png file.

  Fedora 31: rpki-client 2020-ce591c8f46 (Nov 20)
 

rpki-client 6.8p1 6.8. It includes the following changes to the previous release: * Incorporate OpenBSD 6.8 errata 006 of November 10, 2020: rpki-client incorrectly checks the manifest validity interval. In the portable version: * Add compat code for the LibreSSL `ASN1_time_parse()` and `ASN1_time_tm_cmp()` functions. Those are

  Fedora 31: krb5 2020-0df38b2843 (Nov 20)
 

- Fix CVE-2020-28196 (DoS in ASN.1 parsing due to missing recursion depth checks) - fc32 + fc33 only: pull-up to rawhide

  Fedora 32: rpki-client 2020-538e0ee110 (Nov 20)
 

rpki-client 6.8p1 6.8. It includes the following changes to the previous release: * Incorporate OpenBSD 6.8 errata 006 of November 10, 2020: rpki-client incorrectly checks the manifest validity interval. In the portable version: * Add compat code for the LibreSSL `ASN1_time_parse()` and `ASN1_time_tm_cmp()` functions. Those are

  Fedora 33: rpki-client 2020-f30b30c2d8 (Nov 20)
 

rpki-client 6.8p1 6.8. It includes the following changes to the previous release: * Incorporate OpenBSD 6.8 errata 006 of November 10, 2020: rpki-client incorrectly checks the manifest validity interval. In the portable version: * Add compat code for the LibreSSL `ASN1_time_parse()` and `ASN1_time_tm_cmp()` functions. Those are

  Fedora 33: chromium 2020-2d0c0ee838 (Nov 19)
 

Update to 86.0.4240.198. Fixes the following security issues: CVE-2020-16013 CVE-2020-16016 CVE-2020-16017

  Fedora 33: mingw-libxml2 2020-ff317550e4 (Nov 19)
 

Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot.

  Fedora 31: microcode_ctl 2020-14fda1bf85 (Nov 19)
 

- Update to upstream 2.1-30. 20201110 - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at

  Fedora 31: xen 2020-6dd36a716c (Nov 19)
 

revised patch for XSA-286 (mitigating performance impact) ---- x86 PV guest INVLPG-like flushes may leave stale TLB entries [XSA-286, CVE-2020-27674] (#1891092) ---- x86: Race condition in Xen mapping code [XSA-345] undue deferral of IOMMU TLB flushes [XSA-346] unsafe AMD IOMMU page table updates [XSA-347]

  Fedora 32: seamonkey 2020-396a3dfb1f (Nov 19)
 

Additional fixes for AV1 codec and svg icon. ---- Update to 2.53.5 AV1 media codec now supported. Some fixes and improvements.

  Fedora 32: xen 2020-2684e0fadd (Nov 19)
 

Information leak via power sidechannel [XSA-351]

  Fedora 32: mingw-libxml2 2020-7773c53bc8 (Nov 19)
 

Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot.

  RedHat: RHSA-2020-5179:01 Low: Red Hat Virtualization security, bug fix, (Nov 24)
 

An update is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5218:01 Moderate: Red Hat Virtualization security, bug fix, (Nov 24)
 

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact

  RedHat: RHSA-2020-5118:01 Moderate: OpenShift Container Platform 4.5.20 bug (Nov 24)
 

Red Hat OpenShift Container Platform release 4.5.20 is now available with updates to packages and images that fix several bugs. This release includes a security update for golang for Red Hat OpenShift Container Platform 4.5.

  RedHat: RHSA-2020-5119:01 Moderate: OpenShift Container Platform 4.5.20 (Nov 24)
 

Red Hat OpenShift Container Platform release 4.5.20 is now available with updates to packages and images that fix several bugs. This release also includes a security update for golang for Red Hat OpenShift Container Platform 4.5.20.

  RedHat: RHSA-2020-5203:01 Moderate: bind security update (Nov 24)
 

An update for bind is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5206:01 Moderate: kernel security and bug fix update (Nov 24)
 

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5199:01 Important: kernel security update (Nov 24)
 

An update for kernel is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5201:01 Important: net-snmp security and bug fix update (Nov 24)
 

An update for net-snmp is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5198:01 Moderate: Red Hat OpenShift Jaeger security update (Nov 24)
 

An update is now available for Red Hat OpenShift Jaeger 1.20. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-5190:01 Moderate: microcode_ctl security, bug fix, (Nov 23)
 

An update for microcode_ctl is now available for Red at Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5188:01 Moderate: microcode_ctl security, (Nov 23)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5189:01 Moderate: microcode_ctl security, (Nov 23)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of

  RedHat: RHSA-2020-5185:01 Moderate: microcode_ctl security, (Nov 23)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5181:01 Moderate: microcode_ctl security, (Nov 23)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5186:01 Moderate: microcode_ctl security, (Nov 23)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact

  RedHat: RHSA-2020-5182:01 Moderate: microcode_ctl security, (Nov 23)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.4 Advances Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5183:01 Moderate: microcode_ctl security, (Nov 23)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5184:01 Moderate: microcode_ctl security, (Nov 23)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of

  RedHat: RHSA-2020-5175:01 Important: Red Hat JBoss Enterprise Application (Nov 23)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5174:01 Important: Red Hat JBoss Enterprise Application (Nov 23)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of

  RedHat: RHSA-2020-5170:01 Moderate: Red Hat JBoss Web Server 5.4 security (Nov 23)
 

Updated Red Hat JBoss Web Server 5.4.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact

  RedHat: RHSA-2020-5173:01 Moderate: Red Hat JBoss Web Server 5.4 security (Nov 23)
 

Red Hat JBoss Web Server 5.4.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5163:01 Important: thunderbird security update (Nov 23)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-5168:01 Moderate: rh-eclipse security, (Nov 23)
 

Updated rh-eclipse packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-5164:01 Important: thunderbird security update (Nov 23)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-5162:01 Important: thunderbird security update (Nov 23)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5166:01 Important: thunderbird security update (Nov 23)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5165:01 Important: chromium-browser security update (Nov 23)
 

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-5167:01 Important: thunderbird security update (Nov 23)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  Slackware: 2020-330-01: bind Security Update (Nov 25)
 

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

  Slackware: 2020-329-01: mutt Security Update (Nov 25)
 

New mutt packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

  SUSE: 2020:728-1 ses/7/rook/ceph Security Update (Nov 27)
   
  SUSE: 2020:717-1 ses/7/ceph/ceph Security Update (Nov 27)
   
  SUSE: 2020:715-1 ses/7/ceph/grafana Security Update (Nov 27)
   
  SUSE: 2020:712-1 ses/7/cephcsi/cephcsi Security Update (Nov 27)
   
  SUSE: 2020:3544-1 important: the Linux Kernel (Nov 26)
 

An update that solves 26 vulnerabilities and has 34 fixes is now available.

  SUSE: 2020:3473-2 moderate: ceph (Nov 26)
 

An update that solves one vulnerability, contains two features and has 23 fixes is now available.

  SUSE: 2020:3544-1 important: the Linux Kernel (Nov 26)
 

An update that solves 26 vulnerabilities and has 34 fixes is now available.

  SUSE: 2020:3539-1 important: ceph (Nov 26)
 

An update that solves one vulnerability and has 5 fixes is now available.

  SUSE: 2020:3532-1 important: the Linux Kernel (Nov 26)
 

An update that solves 26 vulnerabilities and has 32 fixes is now available.

  SUSE: 2020:14549-1 important: LibVNCServer (Nov 26)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:14550-1 important: python (Nov 26)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3532-1 important: the Linux Kernel (Nov 26)
 

An update that solves 26 vulnerabilities and has 32 fixes is now available.

  SUSE: 2020:3528-1 important: MozillaThunderbird (Nov 26)
 

An update that fixes 12 vulnerabilities is now available.

  SUSE: 2020:709-1 ses/7/rook/ceph Security Update (Nov 26)
   
  SUSE: 2020:708-1 ses/7/prometheus-webhook-snmp Security Update (Nov 26)
   
  SUSE: 2020:707-1 ses/7/cephcsi/csi-snapshotter Security Update (Nov 26)
   
  SUSE: 2020:706-1 ses/7/cephcsi/csi-resizer Security Update (Nov 26)
   
  SUSE: 2020:705-1 ses/7/cephcsi/csi-provisioner Security Update (Nov 26)
   
  SUSE: 2020:704-1 ses/7/cephcsi/csi-node-driver-registrar Security Update (Nov 26)
   
  SUSE: 2020:703-1 ses/7/cephcsi/csi-livenessprobe Security Update (Nov 26)
   
  SUSE: 2020:702-1 ses/7/cephcsi/csi-attacher Security Update (Nov 26)
   
  SUSE: 2020:699-1 ses/7/ceph/ceph Security Update (Nov 26)
   
  SUSE: 2020:698-1 ses/7/ceph/grafana Security Update (Nov 26)
   
  SUSE: 2020:696-1 ses/7/cephcsi/cephcsi Security Update (Nov 26)
   
  SUSE: 2020:3516-1 important: bluez (Nov 25)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3514-1 moderate: ucode-intel (Nov 25)
 

An update that solves three vulnerabilities and has one errata is now available.

  SUSE: 2020:3522-1 important: the Linux Kernel (Nov 25)
 

An update that solves 12 vulnerabilities and has 103 fixes is now available.

  SUSE: 2020:3515-1 important: LibVNCServer (Nov 25)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3513-1 important: the Linux Kernel (Nov 25)
 

An update that solves 11 vulnerabilities and has 62 fixes is now available.

  SUSE: 2020:3512-1 important: the Linux Kernel (Nov 25)
 

An update that solves 11 vulnerabilities and has 74 fixes is now available.

  SUSE: 2020:694-1 suse/sle15 Security Update (Nov 25)
   
  SUSE: 2020:693-1 suse/sle15 Security Update (Nov 25)
   
  SUSE: 2020:3506-1 important: slurm (Nov 24)
 

An update that solves two vulnerabilities and has one errata is now available.

  SUSE: 2020:3507-1 important: the Linux Kernel (Nov 24)
 

An update that solves three vulnerabilities and has 17 fixes is now available.

  SUSE: 2020:3507-1 important: the Linux Kernel (Nov 24)
 

An update that solves three vulnerabilities and has 17 fixes is now available.

  SUSE: 2020:3505-1 important: slurm (Nov 24)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3503-1 important: the Linux Kernel (Nov 24)
 

An update that solves 21 vulnerabilities and has 21 fixes is now available.

  SUSE: 2020:3501-1 important: the Linux Kernel (Nov 24)
 

An update that solves 17 vulnerabilities and has 15 fixes is now available.

  SUSE: 2020:3500-1 moderate: mariadb (Nov 24)
 

An update that fixes 5 vulnerabilities is now available.

  SUSE: 2020:3497-1 moderate: mariadb (Nov 24)
 

An update that fixes 5 vulnerabilities is now available.

  SUSE: 2020:3491-1 important: the Linux Kernel (Nov 23)
 

An update that solves 14 vulnerabilities and has 90 fixes is now available.

  SUSE: 2020:3484-1 important: the Linux Kernel (Nov 23)
 

An update that solves 15 vulnerabilities and has 75 fixes is now available.

  SUSE: 2020:3478-1 moderate: c-ares (Nov 23)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3480-1 moderate: dash (Nov 23)
 

An update that contains security fixes can now be installed.

  SUSE: 2020:688-1 suse/sle15 Security Update (Nov 23)
   
  SUSE: 2020:687-1 suse/sles12sp5 Security Update (Nov 23)
   
  SUSE: 2020:686-1 suse/sles12sp4 Security Update (Nov 23)
   
  SUSE: 2020:685-1 suse/sles12sp3 Security Update (Nov 23)
   
  SUSE: 2020:3473-1 moderate: ceph (Nov 21)
 

An update that solves one vulnerability, contains two features and has 23 fixes is now available.

  SUSE: 2020:3477-1 important: postgresql96 (Nov 21)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3476-1 important: postgresql10 (Nov 21)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3474-1 important: u-boot (Nov 21)
 

An update that fixes 17 vulnerabilities is now available.

  SUSE: 2020:3463-1 important: postgresql12 (Nov 20)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3460-1 moderate: java-1_8_0-openjdk (Nov 20)
 

An update that fixes 16 vulnerabilities is now available.

  SUSE: 2020:3464-1 important: postgresql10 (Nov 20)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3466-1 moderate: SUSE Manager Server 4.0 (Nov 20)
 

An update that solves two vulnerabilities and has 12 fixes is now available.

  SUSE: 2020:3455-1 important: postgresql10 (Nov 20)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:14548-1 important: MozillaFirefox (Nov 20)
 

An update that fixes 12 vulnerabilities is now available.

  SUSE: 2020:3457-1 moderate: ucode-intel (Nov 20)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3458-1 important: MozillaFirefox (Nov 20)
 

An update that fixes 12 vulnerabilities is now available.

  SUSE: 2020:3459-1 moderate: ceph (Nov 20)
 

An update that solves one vulnerability and has 8 fixes is now available.

  SUSE: 2020:3433-1 important: the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Nov 19)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3423-1 moderate: buildah (Nov 19)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3424-1 moderate: wpa_supplicant (Nov 19)
 

An update that fixes 19 vulnerabilities, contains one feature is now available.

  SUSE: 2020:3425-1 important: postgresql12 (Nov 19)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3441-1 important: the Linux Kernel (Live Patch 19 for SLE 15) (Nov 19)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3449-1 important: the Linux Kernel (Live Patch 16 for SLE 15) (Nov 19)
 

An update that fixes four vulnerabilities is now available.

  SUSE: 2020:3413-1 important: xen (Nov 19)
 

An update that solves one vulnerability and has two fixes is now available.

  SUSE: 2020:3412-1 important: xen (Nov 19)
 

An update that solves one vulnerability and has two fixes is now available.

  SUSE: 2020:3414-1 important: xen (Nov 19)
 

An update that solves one vulnerability, contains one feature and has two fixes is now available.

  SUSE: 2020:3418-1 moderate: MozillaThunderbird (Nov 19)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3416-1 important: xen (Nov 19)
 

An update that solves one vulnerability and has one errata is now available.

  SUSE: 2020:3415-1 important: xen (Nov 19)
 

An update that solves one vulnerability and has one errata is now available.

  SUSE: 2020:3378-1 moderate: podman (Nov 19)
 

An update that solves one vulnerability and has two fixes is now available.

  SUSE: 2020:3374-1 moderate: ucode-intel (Nov 19)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3369-1 moderate: go1.14 (Nov 19)
 

An update that solves three vulnerabilities and has one errata is now available.

  SUSE: 2020:3368-1 moderate: go1.15 (Nov 19)
 

An update that solves three vulnerabilities and has one errata is now available.

  SUSE: 2020:3385-1 moderate: perl-DBI (Nov 19)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:14546-1 moderate: microcode_ctl (Nov 19)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3402-1 important: the Linux Kernel (Live Patch 9 for SLE 15 SP1) (Nov 19)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3400-1 important: the Linux Kernel (Live Patch 7 for SLE 15 SP1) (Nov 19)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3375-1 moderate: krb5 (Nov 19)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3380-1 moderate: wpa_supplicant (Nov 19)
 

An update that fixes 22 vulnerabilities, contains one feature is now available.

  SUSE: 2020:3373-1 moderate: ucode-intel (Nov 19)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3389-1 important: the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Nov 19)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3383-1 important: MozillaFirefox (Nov 19)
 

An update that fixes 12 vulnerabilities is now available.

  SUSE: 2020:3372-1 moderate: ucode-intel (Nov 19)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:3384-1 moderate: perl-DBI (Nov 19)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3376-1 moderate: wireshark (Nov 19)
 

An update that fixes two vulnerabilities is now available.

  SUSE: 2020:3377-1 moderate: krb5 (Nov 19)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3379-1 moderate: krb5 (Nov 19)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:3367-1 moderate: libzypp, zypper (Nov 19)
 

An update that solves one vulnerability and has two fixes is now available.

  SUSE: 2020:683-1 suse/sle15 Security Update (Nov 19)
   
  Debian LTS: DLA-2466-1: drupal7 security update (Nov 27)
 

Two vulnerabilities were found in the Archive_Tar PHP module, used by Drupal, which could result in the execution of arbitrary code if a malicious user is allowed to upload tar archives.

  Debian LTS: DLA-2467-1: lxml security update (Nov 26)
 

CVE-2018-19787 It was discovered that there was a XSS injection vulnerability in

  Debian LTS: DLA-2462-1: cimg security update (Nov 22)
 

Multiple heap buffer overflows have been fixed in CImg, a C++ toolkit to load, save, process and display images. For Debian 9 stretch, this problem has been fixed in version

  Debian LTS: DLA-2461-1: zabbix security update (Nov 21)
 

Multiple vulnerabilities were discovered in Zabbix, a network monitoring solution. An attacker may remotely execute code on the zabbix server, and redirect to external links through the zabbix web frontend.

  Debian LTS: DLA-2460-1: golang-1.8 security update (Nov 21)
 

Three issues have been found in golang-1.8, a Go programming language compiler version 1.8

  Debian LTS: DLA-2459-1: golang-1.7 security update (Nov 21)
 

Two issues have been found in golang-1.7, a Go programming language compiler version 1.7

  Debian LTS: DLA-2458-1: drupal7 security update (Nov 19)
 

Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. CVE-2020-13666

  Debian LTS: DLA-2457-1: firefox-esr security update (Nov 19)
 

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack.

  Debian LTS: DLA-2432-1: jupyter-notebook security update (Nov 19)
 

Several vulnerabilities have been discovered in jupyter-notebook. CVE-2018-8768

  Debian LTS: DLA-2455-1: packer security update (Nov 19)
 

golang-go.crypto was recently updated with a fix for CVE-2020-9283. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.

  Debian LTS: DLA-2454-1: rclone security update (Nov 19)
 

golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.

  ArchLinux: 202011-16: go: multiple issues (Nov 26)
 

The package go before version 2:1.15.5-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

  ArchLinux: 202011-15: libxml2: multiple issues (Nov 26)
 

The package libxml2 before version 2.9.10-6 is vulnerable to multiple issues including denial of service and information disclosure.

  ArchLinux: 202011-14: postgresql: multiple issues (Nov 26)
 

The package postgresql before version 12.5-1 is vulnerable to multiple issues including sandbox escape, arbitrary code execution and silent downgrade.

  ArchLinux: 202011-13: wireshark-cli: denial of service (Nov 26)
 

The package wireshark-cli before version 3.4.0-1 is vulnerable to denial of service.

  CentOS: CESA-2020-5099: Critical CentOS 7 firefox (Nov 19)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5099

  CentOS: CESA-2020-5083: Moderate CentOS 7 microcode_ctl (Nov 19)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:5083

  SciLinux: SLSA-2020-5129-1 Important: net-snmp on SL6.x i386/x86_64 (Nov 24)
 

net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862) SL6 x86_64 net-snmp-5.5-60.el6_10.2.x86_64.rpm net-snmp-debuginfo-5.5-60.el6_10.2.i686.rpm net-snmp-debuginfo-5.5-60.el6_10.2.x86_64.rpm net-snmp-libs-5.5-60.el6_10.2.i686.rpm net-snmp-libs-5.5-60.el6_10.2.x86_64.rpm net-snmp-devel-5.5-60.el6_10.2.i686.rpm [More...]

  SciLinux: SLSA-2020-5164-1 Important: thunderbird on SL6.x i386/x86_64 (Nov 24)
 

This update upgrades Thunderbird to version 78.4.3. * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) SL6 x86_64 thunderbird-78.4.3-1.el6_10.x86_64.rpm thunderbird-debuginfo-78.4.3-1.el6_10.x86_64.rpm i386 thunderbird-78.4.3-1.el6_10.i686.rpm - Scientific Linux Development Team

  openSUSE: 2020:2065-1 moderate: dash (Nov 27)
   
  openSUSE: 2020:2075-1 important: ucode-intel (Nov 27)
   
  openSUSE: 2020:2059-1 moderate: wpa_supplicant (Nov 27)
   
  openSUSE: 2020:2062-1 moderate: krb5 (Nov 27)
   
  openSUSE: 2020:2057-1 moderate: ceph (Nov 27)
   
  openSUSE: 2020:2056-1 important: slurm (Nov 26)
   
  openSUSE: 2020:2055-1 important: chromium (Nov 26)
   
  openSUSE: 2020:2045-1 moderate: c-ares (Nov 26)
   
  openSUSE: 2020:2051-1 moderate: perl-DBI (Nov 26)
   
  openSUSE: 2020:2046-1 moderate: dash (Nov 26)
   
  openSUSE: 2020:2048-1 moderate: java-1_8_0-openjdk (Nov 26)
   
  openSUSE: 2020:2053-1 moderate: wpa_supplicant (Nov 26)
   
  openSUSE: 2020:2039-1 moderate: podman (Nov 26)
   
  openSUSE: 2020:2047-1 moderate: go1.14 (Nov 26)
   
  openSUSE: 2020:2037-1 moderate: krb5 (Nov 26)
   
  openSUSE: 2020:2030-1 important: xen (Nov 26)
   
  openSUSE: 2020:2031-1 important: MozillaFirefox (Nov 26)
   
  openSUSE: 2020:2032-1 important: chromium (Nov 26)
   
  openSUSE: 2020:2033-1 important: slurm (Nov 26)
   
  openSUSE: 2020:2028-1 important: postgresql10 (Nov 26)
   
  openSUSE: 2020:2029-1 important: postgresql12 (Nov 26)
   
  openSUSE: 2020:2034-1 important: the Linux Kernel (Nov 26)
   
  openSUSE: 2020:2026-1 important: chromium (Nov 26)
   
  openSUSE: 2020:2025-1 important: LibVNCServer (Nov 26)
   
  openSUSE: 2020:2024-1 moderate: blueman (Nov 26)
   
  openSUSE: 2020:2020-1 important: MozillaFirefox (Nov 25)
   
  openSUSE: 2020:2022-1 moderate: MozillaThunderbird (Nov 25)
   
  openSUSE: 2020:2021-1 important: chromium (Nov 25)
   
  openSUSE: 2020:2018-1 important: postgresql12 (Nov 25)
   
  openSUSE: 2020:2016-1 important: chromium (Nov 25)
   
  openSUSE: 2020:2017-1 important: xen (Nov 25)
   
  openSUSE: 2020:2019-1 important: postgresql10 (Nov 25)
   
  openSUSE: 2020:2013-1 important: chromium (Nov 25)
   
  openSUSE: 2020:2012-1 important: chromium (Nov 25)
   
  openSUSE: 2020:2010-1 important: chromium (Nov 25)
   
  openSUSE: 2020:2000-1 important: rmt-server (Nov 23)
   
  openSUSE: 2020:1998-1 important: moinmoin-wiki (Nov 23)
   
  openSUSE: 2020:1997-1 moderate: blueman (Nov 22)
   
  openSUSE: 2020:1993-1 important: rmt-server (Nov 21)
   
  openSUSE: 2020:1988-1 moderate: python (Nov 21)
   
  openSUSE: 2020:1990-1 moderate: SDL (Nov 21)
   
  openSUSE: 2020:1986-1 moderate: tcpdump (Nov 21)
   
  openSUSE: 2020:1983-1 moderate: tcpdump (Nov 21)
   
  openSUSE: 2020:1970-1 important: tor (Nov 19)
   
  openSUSE: 2020:1970-1 important: tor (Nov 19)
   
  openSUSE: 2020:1969-1 moderate: slurm_18_08 (Nov 19)
   
  openSUSE: 2020:1961-1 important: gdm (Nov 19)
   
  openSUSE: 2020:1962-1 important: kernel-firmware (Nov 19)
   
  openSUSE: 2020:1966-1 important: moinmoin-wiki (Nov 19)
   
  openSUSE: 2020:1960-1 important: kernel-firmware (Nov 19)
   
  Mageia 2020-0439: vino security update (Nov 23)
 

libvncserver/rfbserver.c from LibVNCServer, which is bundled by vino, has a divide by zero issue which could result in denial of service (CVE-2020-25708). References: - https://bugs.mageia.org/show_bug.cgi?id=27636

  Mageia 2020-0438: python-cryptography security update (Nov 23)
 

Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information (CVE-2020-25659). References:

  Mageia 2020-0437: tcpreplay security update (Nov 23)
 

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service (CVE-2020-24265). An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer

  Mageia 2020-0436: f2fs-tools security update (Nov 23)
 

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability (CVE-2020-6070).

  Mageia 2020-0435: italc security update (Nov 23)
 

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. (CVE-2018-7225)

  Mageia 2020-0434: python-pillow security update (Nov 23)
 

Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c (CVE-2020-10177). In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state->shuffle is

  Mageia 2020-0433: thunderbird security update (Nov 21)
 

Variable time processing of cross-origin images during drawImage calls. (CVE-2020-16012) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code. (CVE-2020-26951)

  Mageia 2020-0432: postgresql security update (Nov 21)
 

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions,

  Mageia 2020-0431: raptor2 security update (Nov 21)
 

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. (CVE-2020-25713) References: - https://bugs.mageia.org/show_bug.cgi?id=27605

  Mageia 2020-0430: tcpdump security update (Nov 21)
 

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. (CVE-2020-8037) References: - https://bugs.mageia.org/show_bug.cgi?id=27595

  Mageia 2020-0429: librepo security update (Nov 21)
 

It was discovered that librepo was subject to a directory traversal vulnerability where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical

  Mageia 2020-0428: python-twisted security update (Nov 21)
 

Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks (CVE-2020-10108, CVE-2020-10109). References:

  Mageia 2020-0427: firefox and nss security update (Nov 19)
 

When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks (CVE-2020-16012).

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.