| |
Debian: DSA-4772-1: httpcomponents-client security update (Oct 14) |
| |
Priyank Nigam discovered that HttpComponents Client, a Java HTTP agent implementation, could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution.
|
| |
Debian: DSA-4771-1: spice security update (Oct 11) |
| |
Frediano Ziglio discovered multiple buffer overflow vulnerabilities in the QUIC image decoding process of spice, a SPICE protocol client and server library, which could result in denial of service, or possibly, execution of arbitrary code.
|
| |
Fedora 33: kernel 2020-ce117eff51 (Oct 15) |
| |
This update contains patches for the BleedingTooth CVEs. ---- The 5.8.15 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 32: dnf 2020-47a7fbf50d (Oct 15) |
| |
libdnf 0.54.2-2 - Increase needed conflicting dnf version dnf 4.4.0-2 - Increase required libdnf version
|
| |
Fedora 32: libdnf 2020-47a7fbf50d (Oct 15) |
| |
libdnf 0.54.2-2 - Increase needed conflicting dnf version dnf 4.4.0-2 - Increase required libdnf version
|
| |
Fedora 32: claws-mail 2020-67d9661fe2 (Oct 15) |
| |
Update to 3.17.7 -- https://www.claws-mail.org/news.php
|
| |
Fedora 32: dovecot 2020-d737c57172 (Oct 13) |
| |
CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-10967: lmtp/submission:
|
| |
Fedora 31: oniguruma 2020-d53469eceb (Oct 9) |
| |
Backport fix for CVE-2020-26159
|
| |
Fedora 32: oniguruma 2020-952c499e9d (Oct 9) |
| |
Backport fix for CVE-2020-26159
|
| |
Fedora 31: podman 2020-3a4b8fca5e (Oct 9) |
| |
autobuilt v2.1.0,Security fix for CVE-2020-14370
|
| |
Fedora 31: crun 2020-3a4b8fca5e (Oct 9) |
| |
autobuilt v2.1.0,Security fix for CVE-2020-14370
|
| |
RedHat: RHSA-2020-4255:01 Moderate: security update - Red Hat Ansible Tower (Oct 14) |
| |
Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874) 2. Description: * Updated python-psutil version to 5.6.6 inside ansible-runner container (CVE-2019-18874)
|
| |
RedHat: RHSA-2020-4254:01 Moderate: security update - Red Hat Ansible Tower (Oct 14) |
| |
Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874) 2. Description: * Updated python-psutil version to 5.6.6 inside ansible-runner container (CVE-2019-18874)
|
| |
RedHat: RHSA-2020-4252:01 Important: Red Hat build of Quarkus 1.7.5 release (Oct 14) |
| |
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
|
| |
RedHat: RHSA-2020-4251:01 Critical: flash-plugin security update (Oct 14) |
| |
An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4246:01 Moderate: Red Hat JBoss Enterprise Application (Oct 13) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4247:01 Moderate: Red Hat JBoss Enterprise Application (Oct 13) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4244:01 Moderate: Red Hat JBoss Enterprise Application (Oct 13) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4245:01 Moderate: Red Hat JBoss Enterprise Application (Oct 13) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4236:01 Moderate: kernel security and bug fix update (Oct 13) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4235:01 Critical: chromium-browser security update (Oct 13) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4220:01 Important: OpenShift Container Platform 4.4.27 (Oct 13) |
| |
An update for openshift-jenkins-2-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4214:01 Moderate: go-toolset-1.13-golang security and bug (Oct 8) |
| |
An update for go-toolset-1.13 and go-toolset-1.13-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4213:01 Low: Red Hat support for Spring Boot 2.2.10 (Oct 8) |
| |
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-4211:01 Moderate: Red Hat AMQ Interconnect 1.9.0 release (Oct 8) |
| |
Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
SUSE: 2020:2931-1 moderate: bcm43xx-firmware (Oct 15) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2930-1 moderate: crmsh (Oct 15) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2924-1 moderate: libqt5-qtsvg (Oct 14) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2920-1 important: php7 (Oct 14) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2906-1 important: the Linux Kernel (Oct 13) |
| |
An update that solves 11 vulnerabilities and has 55 fixes is now available.
|
| |
SUSE: 2020:2914-1 moderate: bind (Oct 13) |
| |
An update that solves 12 vulnerabilities, contains one feature and has 8 fixes is now available.
|
| |
SUSE: 2020:2908-1 important: the Linux Kernel (Oct 13) |
| |
An update that solves 9 vulnerabilities and has 75 fixes is now available.
|
| |
SUSE: 2020:2913-1 moderate: crmsh (Oct 13) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2907-1 important: the Linux Kernel (Oct 13) |
| |
An update that solves 11 vulnerabilities and has 61 fixes is now available.
|
| |
SUSE: 2020:2904-1 important: the Linux Kernel (Oct 13) |
| |
An update that solves 11 vulnerabilities and has 62 fixes is now available.
|
| |
SUSE: 2020:2905-1 important: the Linux Kernel (Oct 13) |
| |
An update that solves 11 vulnerabilities and has 61 fixes is now available.
|
| |
SUSE: 2020:2905-1 important: the Linux Kernel (Oct 13) |
| |
An update that solves 11 vulnerabilities and has 61 fixes is now available.
|
| |
SUSE: 2020:2904-1 important: the Linux Kernel (Oct 13) |
| |
An update that solves 11 vulnerabilities and has 62 fixes is now available.
|
| |
SUSE: 2020:2900-1 important: libproxy (Oct 13) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2898-1 critical: tigervnc (Oct 13) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2896-1 important: php74 (Oct 13) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:2901-1 important: libproxy (Oct 13) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2899-1 critical: rubygem-activesupport-5_1 (Oct 13) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2894-1 important: php5 (Oct 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2880-1 critical: tigervnc (Oct 9) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2882-1 critical: tigervnc (Oct 9) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2881-1 critical: tigervnc (Oct 9) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2879-1 important: the Linux Kernel (Oct 8) |
| |
An update that solves 9 vulnerabilities and has 105 fixes is now available.
|
| |
Ubuntu 4546-2: Firefox regressions (Oct 16) |
| |
USN-4546-1 caused some minor regressions in Firefox.
|
| |
Ubuntu 4584-1: HtmlUnit vulnerability (Oct 15) |
| |
HtmlUnit could be made to crash or run programs as an administrator if it opened a specially crafted file.
|
| |
Ubuntu 4585-1: Newsbeuter vulnerabilities (Oct 15) |
| |
Newsbeuter could be made to crash or run programs as your login if it opened a malicious file.
|
| |
Ubuntu 4582-1: Vim vulnerabilities (Oct 14) |
| |
Several security issues were fixed in Vim.
|
| |
Ubuntu 0072-1: linux kernel vulnerability (Oct 14) |
| |
|
| |
Ubuntu 4580-1: Linux kernel vulnerability (Oct 13) |
| |
The system could be made to crash or possibly run programs as an administrator.
|
| |
Ubuntu 4579-1: Linux kernel vulnerabilities (Oct 13) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4578-1: Linux kernel vulnerabilities (Oct 13) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4577-1: Linux kernel vulnerabilities (Oct 13) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4576-1: Linux kernel vulnerabilities (Oct 13) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4575-1: dom4j vulnerability (Oct 13) |
| |
dom4j could be made to expose sensitive information or run programs if it received specially crafted input.
|
| |
Debian LTS: DLA-2407-1: tomcat8 security update (Oct 14) |
| |
It was discovered that there was an issue in Apache Tomcat 8, the Java application server. An excessive number of concurrent streams could have resulted in users seeing responses for unexpected resources.
|
| |
Debian LTS: DLA-2405-1: httpcomponents-client security update (Oct 10) |
| |
Oleg Kalnichevski discovered that httpcomponents-client, a Java library for building HTTP-aware applications, can misinterpret a malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request
|
| |
Debian LTS: DLA-2404-1: eclipse-wtp security update (Oct 9) |
| |
In Eclipse Web Tools Platform, a component of the Eclipse IDE, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user
|
| |
Debian LTS: DLA-2403-1: rails security update (Oct 9) |
| |
A potential Cross-Site Scripting (XSS) vulnerability was found in rails, a ruby based MVC framework. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the
|
| |
Debian LTS: DLA-2402-1: golang-go.crypto security update (Oct 8) |
| |
CVE-2019-11840 An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto. If more than 256 GiB of keystream is
|
| |
ArchLinux: 202010-1: chromium: multiple issues (Oct 14) |
| |
The package chromium before version 86.0.4240.75-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, information disclosure and insufficient validation.
|
| |
openSUSE: 2020:1666-1: critical: tigervnc (Oct 13) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1664-1: important: qemu (Oct 13) |
| |
An update that solves four vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2020:1660-1: important: nodejs10 (Oct 12) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2020:1658-1: moderate: permissions (Oct 11) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2020:1655-1: important: the Linux Kernel (Oct 11) |
| |
An update that solves 12 vulnerabilities and has 59 fixes is now available.
|
| |
openSUSE: 2020:1652-1: moderate: nextcloud (Oct 10) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2020:1650-1: important: kdeconnect-kde (Oct 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1646-1: moderate: grafana (Oct 10) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1647-1: important: kdeconnect-kde (Oct 10) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1644-1: moderate: nodejs8 (Oct 10) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
Mageia 2020-0382: mariadb security update (Oct 13) |
| |
This update fixes CVE-2020-15180 References: - https://bugs.mageia.org/show_bug.cgi?id=27375 - https://mariadb.com/kb/en/mariadb-10325-release-notes/
|
