| |
Debian: DSA-4778-1: firefox-esr security update (Oct 21) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
|
| |
Debian: DSA-4777-1: freetype security update (Oct 21) |
| |
Sergei Glazunov discovered a heap-based buffer overflow vulnerability in the handling of embedded PNG bitmaps in FreeType. Opening malformed fonts may result in denial of service or the execution of arbitrary code.
|
| |
Debian: DSA-4776-1: mariadb-10.3 security update (Oct 20) |
| |
A security issue was discovered in the MariaDB database server. For the stable distribution (buster), this problem has been fixed in version 1:10.3.25-0+deb10u1.
|
| |
Debian: DSA-4775-1: python-flask-cors security update (Oct 19) |
| |
A directory traversal vulnerability was discovered in python-flask-cors, a Flask extension for handling Cross Origin Resource Sharing (CORS), allowing to access private resources.
|
| |
Debian: DSA-4774-1: linux security update (Oct 19) |
| |
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.
|
| |
Debian: DSA-4773-1: yaws security update (Oct 16) |
| |
Two vulnerabilities were discovered in yaws, a high performance HTTP 1.1 webserver written in Erlang. CVE-2020-24379
|
| |
Fedora 32: firefox 2020-aba1d14e9e (Oct 21) |
| |
- New upstream version (82.0) - Updated SELinux relabel setup (rhbz#1731371) - Fixed seeking in OpenH264 stream (rhbz#1886722) ---- - New Firefox upstream release (82.0) - Wayland and OpenH264 fixes
|
| |
Fedora 31: thunderbird 2020-07c5770aa1 (Oct 20) |
| |
Rebase to latest upstream version.
|
| |
Fedora 31: phpMyAdmin 2020-eadda524a8 (Oct 19) |
| |
**Version 5.0.3** (2020-10-09) - issue #15983 Require twig ^2.9 - issue Fix option to import files locally appearing as not available - issue #16048 Fix to allow NULL as a default bit value - issue #16062 Fix "htmlspecialchars() expects parameter 1 to be string, null given" on Export xml - issue #16078 Fix no charts in monitor when using a decimal separator "," - issue #16041 Fix
|
| |
Fedora 32: kleopatra 2020-9b441d3153 (Oct 19) |
| |
Security fix for CVE-2020-24972
|
| |
Fedora 32: phpMyAdmin 2020-4e78c86902 (Oct 19) |
| |
**Version 5.0.3** (2020-10-09) - issue #15983 Require twig ^2.9 - issue Fix option to import files locally appearing as not available - issue #16048 Fix to allow NULL as a default bit value - issue #16062 Fix "htmlspecialchars() expects parameter 1 to be string, null given" on Export xml - issue #16078 Fix no charts in monitor when using a decimal separator "," - issue #16041 Fix
|
| |
Fedora 32: nextcloud 2020-c9863904de (Oct 19) |
| |
Update to Nextcloud 18.0.9, fixes CVE-2020-81-39, CVE-2020-8173, CVE-2020-8183, CVE-2020-8223, CVE-2020-8154, CVE-2020-8155. Updating the Mail & Groupfolders apps from within Nextcloud also fixes CVE-2020-8153, CVE-2020-8156
|
| |
Fedora 32: librepo 2020-5d9f0ce2b3 (Oct 18) |
| |
createrepo_c 0.16.1 - Update to 0.16.1 - Add the section number to the manual pages - Parse xml snippet in smaller parts (RhBug:1859689) - Add module metadata support to createrepo_c (RhBug:1795936) librepo 1.12.1 - Update to 1.12.1 - Validate path read from repomd.xml (RhBug:1868639) libdnf 0.54.2 - Update to 0.54.2 - history: Fix dnf history rollback when a package was removed
|
| |
Fedora 32: dnf-plugins-extras 2020-5d9f0ce2b3 (Oct 18) |
| |
createrepo_c 0.16.1 - Update to 0.16.1 - Add the section number to the manual pages - Parse xml snippet in smaller parts (RhBug:1859689) - Add module metadata support to createrepo_c (RhBug:1795936) librepo 1.12.1 - Update to 1.12.1 - Validate path read from repomd.xml (RhBug:1868639) libdnf 0.54.2 - Update to 0.54.2 - history: Fix dnf history rollback when a package was removed
|
| |
Fedora 32: libdnf 2020-5d9f0ce2b3 (Oct 18) |
| |
createrepo_c 0.16.1 - Update to 0.16.1 - Add the section number to the manual pages - Parse xml snippet in smaller parts (RhBug:1859689) - Add module metadata support to createrepo_c (RhBug:1795936) librepo 1.12.1 - Update to 1.12.1 - Validate path read from repomd.xml (RhBug:1868639) libdnf 0.54.2 - Update to 0.54.2 - history: Fix dnf history rollback when a package was removed
|
| |
Fedora 32: dnf 2020-5d9f0ce2b3 (Oct 18) |
| |
createrepo_c 0.16.1 - Update to 0.16.1 - Add the section number to the manual pages - Parse xml snippet in smaller parts (RhBug:1859689) - Add module metadata support to createrepo_c (RhBug:1795936) librepo 1.12.1 - Update to 1.12.1 - Validate path read from repomd.xml (RhBug:1868639) libdnf 0.54.2 - Update to 0.54.2 - history: Fix dnf history rollback when a package was removed
|
| |
Fedora 32: dnf-plugins-core 2020-5d9f0ce2b3 (Oct 18) |
| |
createrepo_c 0.16.1 - Update to 0.16.1 - Add the section number to the manual pages - Parse xml snippet in smaller parts (RhBug:1859689) - Add module metadata support to createrepo_c (RhBug:1795936) librepo 1.12.1 - Update to 1.12.1 - Validate path read from repomd.xml (RhBug:1868639) libdnf 0.54.2 - Update to 0.54.2 - history: Fix dnf history rollback when a package was removed
|
| |
Fedora 32: createrepo_c 2020-5d9f0ce2b3 (Oct 18) |
| |
createrepo_c 0.16.1 - Update to 0.16.1 - Add the section number to the manual pages - Parse xml snippet in smaller parts (RhBug:1859689) - Add module metadata support to createrepo_c (RhBug:1795936) librepo 1.12.1 - Update to 1.12.1 - Validate path read from repomd.xml (RhBug:1868639) libdnf 0.54.2 - Update to 0.54.2 - history: Fix dnf history rollback when a package was removed
|
| |
Fedora 31: librepo 2020-7906a64449 (Oct 18) |
| |
- Update to 1.12.1 - Validate path read from repomd.xml (RhBug:1868639)
|
| |
Fedora 31: kata-agent 2020-c33083813d (Oct 18) |
| |
Security fix for CVE-2020-2026
|
| |
Fedora 31: wireshark 2020-1b390bec14 (Oct 17) |
| |
New version 3.2.7 Security fix for CVE-2020-25862, CVE-2020-25863, CVE-2020-25866
|
| |
Fedora 32: wireshark 2020-1bf4b97c16 (Oct 17) |
| |
New version 3.2.7 Security fix for CVE-2020-25862, CVE-2020-25863, CVE-2020-25866
|
| |
Fedora 32: python27 2020-887d3fa26f (Oct 16) |
| |
CVE-2020-26116: HTTP request method CRLF injection in httplib
|
| |
Fedora 32: python34 2020-d30881c970 (Oct 16) |
| |
* CVE-2019-20907: Avoid infinite loop in the tarfile module * CVE-2020-14422: Resolve hash collisions for IPv4Interface and IPv6Interface * CVE-2020-26116: HTTP request method CRLF injection in httplib This update brings Fedora 32's python34 in sync with the EPEL7 package.
|
| |
Fedora 31: kernel 2020-ad980d282f (Oct 15) |
| |
This update contains patches for the BleedingTooth CVEs. ---- The 5.8.15 stable kernel update contains a number of important fixes across the tree. ---- The 5.8.14 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 33: kernel 2020-ce117eff51 (Oct 15) |
| |
This update contains patches for the BleedingTooth CVEs. ---- The 5.8.15 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 32: kernel 2020-e288acda9a (Oct 15) |
| |
This update contains patches for the BleedingTooth CVEs. ---- The 5.8.15 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 32: dnf 2020-47a7fbf50d (Oct 15) |
| |
libdnf 0.54.2-2 - Increase needed conflicting dnf version dnf 4.4.0-2 - Increase required libdnf version
|
| |
Fedora 32: libdnf 2020-47a7fbf50d (Oct 15) |
| |
libdnf 0.54.2-2 - Increase needed conflicting dnf version dnf 4.4.0-2 - Increase required libdnf version
|
| |
Fedora 31: claws-mail 2020-90e2b01f4a (Oct 15) |
| |
Update to 3.17.7 -- https://www.claws-mail.org/news.php
|
| |
Fedora 32: claws-mail 2020-67d9661fe2 (Oct 15) |
| |
Update to 3.17.7 -- https://www.claws-mail.org/news.php
|
| |
Gentoo: GLSA-202010-07: FreeType: Arbitrary code execution (Oct 23) |
| |
A buffer overflow in FreeType might allow remote attacker(s) to execute arbitrary code.
|
| |
Gentoo: GLSA-202010-06: Ark: Arbitrary code execution (Oct 20) |
| |
Ark was found to allow arbitrary file overwrite, possibly allowing arbitrary code execution.
|
| |
Gentoo: GLSA-202010-05: LibRaw: Multiple vulnerabilities (Oct 20) |
| |
Multiple vulnerabilities have been found in LibRaw, the worst of which may allow attackers to execute arbitrary code.
|
| |
Gentoo: GLSA-202010-04: libxml2: Multiple vulnerabilities (Oct 20) |
| |
Multiple vulnerabilities have been found in libxml2, the worst of which could result in a Denial of Service condition.
|
| |
Gentoo: GLSA-202010-03: libjpeg-turbo: Information disclosure (Oct 20) |
| |
An information disclosure vulnerability in libjpeg-turbo allow remote attackers to obtain sensitive information.
|
| |
Gentoo: GLSA-202010-02: Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities (Oct 17) |
| |
Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. [More...]
|
| |
Gentoo: GLSA-202010-01: Chromium, Google Chrome: Multiple vulnerabilities (Oct 17) |
| |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
|
| |
RedHat: RHSA-2020-4317:01 Important: firefox security update (Oct 22) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4316:01 Moderate: java-11-openjdk security and bug fix (Oct 22) |
| |
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4315:01 Important: firefox security update (Oct 22) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4310:01 Important: firefox security update (Oct 22) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4312:01 Important: rh-maven35-jackson-databind security (Oct 22) |
| |
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4311:01 Important: firefox security update (Oct 22) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4307:01 Moderate: java-11-openjdk security update (Oct 22) |
| |
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4304:01 Moderate: Red Hat Advanced Cluster Management for (Oct 22) |
| |
Red Hat Advanced Cluster Management for Kubernetes 2.0.4 General Availability release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4305:01 Moderate: java-11-openjdk security and bug fix (Oct 22) |
| |
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4306:01 Moderate: java-11-openjdk security and bug fix (Oct 22) |
| |
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4223:01 Important: OpenShift Container Platform 3.11.306 (Oct 22) |
| |
An update for jenkins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4295:01 Moderate: rh-postgresql96-postgresql security (Oct 21) |
| |
An update for rh-postgresql96-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4264:01 Low: OpenShift Container Platform 4.3.40 security (Oct 20) |
| |
An update is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-4299:01 Moderate: rh-python38 security, bug fix, (Oct 20) |
| |
An update for rh-python38-python, rh-python38-python-psutil, and rh-python38-python-urllib3 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2020-4273:01 Moderate: python27 security, bug fix, (Oct 20) |
| |
An update for python27-python, python27-python-pip, and python27-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2020-4265:01 Important: OpenShift Container Platform 4.3.40 (Oct 20) |
| |
Red Hat OpenShift Container Platform release 4.3.40 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4276:01 Important: kernel security update (Oct 20) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4290:01 Important: virt:8.1 and virt-devel:8.1 security (Oct 20) |
| |
An update for the virt:8.1 and virt-devel:8.1 modules is now available for Advanced Virtualization for RHEL 8.1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4291:01 Important: virt:8.2 and virt-devel:8.2 security (Oct 20) |
| |
An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4289:01 Important: kernel-rt security and bug fix update (Oct 20) |
| |
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4286:01 Important: kernel security and bug fix update (Oct 20) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4287:01 Important: kernel security and bug fix update (Oct 20) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4288:01 Important: kernel security update (Oct 20) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4285:01 Moderate: rh-python36 security, bug fix, (Oct 19) |
| |
An update for rh-python36-python, rh-python36-python-pip, and rh-python36-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2020-4277:01 Important: kernel security update (Oct 19) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4279:01 Important: kernel-alt security update (Oct 19) |
| |
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4281:01 Important: kernel security update (Oct 19) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4278:01 Important: kernel security update (Oct 19) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2020-4280:01 Important: kernel-rt security update (Oct 19) |
| |
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4274:01 Important: rh-maven35-apache-commons-collections4 (Oct 19) |
| |
An update for rh-maven35-apache-commons-collections4 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4272:01 Moderate: nodejs:12 security and bug fix update (Oct 19) |
| |
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
Slackware: 2020-295-01: Slackware 14.2 kernel Security Update (Oct 21) |
| |
New kernel packages are available for Slackware 14.2 to fix security issues.
|
| |
Slackware: 2020-294-01: freetype Security Update (Oct 20) |
| |
New freetype packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
|
| |
SUSE: 2020:3003-1 mercurial (Oct 22) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2712-2 moderate: openldap2 (Oct 22) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14521-1 important: xen (Oct 22) |
| |
An update that fixes 11 vulnerabilities is now available.
|
| |
SUSE: 2020:2997-1 important: php7 (Oct 22) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:2998-1 important: freetype2 (Oct 22) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2999-1 important: the Linux Kernel (Oct 22) |
| |
An update that solves 15 vulnerabilities and has 84 fixes is now available.
|
| |
SUSE: 2020:2995-1 important: freetype2 (Oct 22) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2996-1 moderate: tomcat (Oct 22) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2988-1 moderate: gnutls (Oct 21) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2020:2981-1 critical: the Linux Kernel (Oct 21) |
| |
An update that solves four vulnerabilities and has 15 fixes is now available.
|
| |
SUSE: 2020:2980-1 critical: the Linux Kernel (Oct 21) |
| |
An update that solves 6 vulnerabilities and has 36 fixes is now available.
|
| |
SUSE: 2020:2980-1 critical: the Linux Kernel (Oct 21) |
| |
An update that solves 6 vulnerabilities and has 36 fixes is now available.
|
| |
SUSE: 2020:2981-1 critical: the Linux Kernel (Oct 21) |
| |
An update that solves four vulnerabilities and has 15 fixes is now available.
|
| |
SUSE: 2020:2966-1 hunspell (Oct 20) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2968-1 taglib (Oct 20) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2972-1 critical: the Linux Kernel (Oct 20) |
| |
An update that solves three vulnerabilities and has 10 fixes is now available.
|
| |
SUSE: 2020:2970-1 important: libvirt (Oct 20) |
| |
An update that solves two vulnerabilities and has four fixes is now available.
|
| |
SUSE: 2020:2969-1 important: libvirt (Oct 20) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:2972-1 critical: the Linux Kernel (Oct 20) |
| |
An update that solves three vulnerabilities and has 10 fixes is now available.
|
| |
SUSE: 2020:2967-1 hunspell (Oct 20) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2951-1 moderate: transfig (Oct 16) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2947-1 moderate: gcc10, nvptx-tools (Oct 16) |
| |
An update that solves one vulnerability, contains two features and has 5 fixes is now available.
|
| |
SUSE: 2020:2942-1 blktrace (Oct 16) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2943-1 important: php72 (Oct 16) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:2941-1 important: php7 (Oct 16) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2939-1 moderate: crmsh (Oct 15) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2929-1 critical: rubygem-activesupport-4_2 (Oct 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2931-1 moderate: bcm43xx-firmware (Oct 15) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2930-1 moderate: crmsh (Oct 15) |
| |
An update that contains security fixes can now be installed.
|
| |
Ubuntu 4599-1: Firefox vulnerabilities (Oct 23) |
| |
Firefox could be made to crash or run programs as your login if it opened a malicious website.
|
| |
Ubuntu 4601-1: pip vulnerability (Oct 22) |
| |
pip could be made to overwrite files as the administrator.
|
| |
Ubuntu 4598-1: LibEtPan vulnerability (Oct 22) |
| |
LibEtPan could be made to expose sensitive information over the network.
|
| |
Ubuntu 4597-1: mod_auth_mellon vulnerabilities (Oct 22) |
| |
Several security issues were fixed in mod_auth_mellon.
|
| |
Ubuntu 4588-1: FlightGear vulnerability (Oct 21) |
| |
FlightGear could be made to crash if it received specially crafted input.
|
| |
Ubuntu 4587-1: iTALC vulnerabilities (Oct 21) |
| |
Several security issues were fixed in iTALC.
|
| |
Ubuntu 4596-1: Tomcat vulnerabilities (Oct 21) |
| |
Several security issues were fixed in Tomcat.
|
| |
Ubuntu 4593-1: FreeType vulnerability (Oct 20) |
| |
FreeType could be made to crash or run programs as your login if it opened a specially crafted file.
|
| |
Ubuntu 4595-1: Grunt vulnerability (Oct 20) |
| |
Grunt could be made to run programs if it received specially crafted input.
|
| |
Ubuntu 4594-1: Quassel vulnerabilities (Oct 20) |
| |
Quassel could be made to crash or run programs if it received specially crafted network traffic.
|
| |
Ubuntu 4586-1: PHP ImageMagick vulnerability (Oct 20) |
| |
PHP ImageMagick could be made to crash if it received specially crafted input.
|
| |
Ubuntu 4592-1: Linux kernel vulnerabilities (Oct 19) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4591-1: Linux kernel vulnerabilities (Oct 19) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4590-1: Collabtive vulnerability (Oct 19) |
| |
Collabtive could be made to run programs if it received specially crafted network traffic from an authenticated user.
|
| |
Ubuntu 4546-2: Firefox regressions (Oct 16) |
| |
USN-4546-1 caused some minor regressions in Firefox.
|
| |
Ubuntu 4584-1: HtmlUnit vulnerability (Oct 15) |
| |
HtmlUnit could be made to crash or run programs as an administrator if it opened a specially crafted file.
|
| |
Ubuntu 4585-1: Newsbeuter vulnerabilities (Oct 15) |
| |
Newsbeuter could be made to crash or run programs as your login if it opened a malicious file.
|
| |
Ubuntu 4589-2: Docker vulnerability (Oct 15) |
| |
Docker could be made to expose sensitive information over the network.
|
| |
Ubuntu 4589-1: containerd vulnerability (Oct 15) |
| |
containerd could be made to expose sensitive information over the network.
|
| |
Debian LTS: DLA-2411-1: firefox-esr security update (Oct 21) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
|
| |
Debian LTS: DLA-2409-1: mariadb-10.1 security update (Oct 21) |
| |
A security issue was discovered in the MariaDB database server. For Debian 9 stretch, this problem has been fixed in version 10.1.47-0+deb9u1.
|
| |
Debian LTS: DLA-2408-1: thunderbird security update (Oct 16) |
| |
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 68.x
|
| |
ArchLinux: 202010-11: lib32-freetype2: arbitrary code execution (Oct 21) |
| |
The package lib32-freetype2 before version 2.10.4-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202010-10: freetype2: arbitrary code execution (Oct 21) |
| |
The package freetype2 before version 2.10.4-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202010-9: linux-hardened: multiple issues (Oct 21) |
| |
The package linux-hardened before version 5.8.16.a-1 is vulnerable to multiple issues including information disclosure, privilege escalation and denial of service.
|
| |
ArchLinux: 202010-8: kpmcore: privilege escalation (Oct 21) |
| |
The package kpmcore before version 4.2.0-1 is vulnerable to privilege escalation.
|
| |
ArchLinux: 202010-7: kdeconnect: arbitrary code execution (Oct 21) |
| |
The package kdeconnect before version 20.08.2-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202010-6: powerdns-recursor: denial of service (Oct 21) |
| |
The package powerdns-recursor before version 4.3.5-1 is vulnerable to denial of service.
|
| |
ArchLinux: 202010-5: lua: arbitrary code execution (Oct 21) |
| |
The package lua before version 5.4.1-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202010-4: linux-lts: multiple issues (Oct 21) |
| |
The package linux-lts before version 5.4.72-1 is vulnerable to multiple issues including information disclosure, privilege escalation and denial of service.
|
| |
ArchLinux: 202010-3: linux-zen: multiple issues (Oct 21) |
| |
The package linux-zen before version 5.9.1.zen2-1 is vulnerable to multiple issues including information disclosure, privilege escalation and denial of service.
|
| |
ArchLinux: 202010-2: linux: multiple issues (Oct 21) |
| |
The package linux before version 5.9.1.arch1-1 is vulnerable to multiple issues including information disclosure, privilege escalation and denial of service.
|
| |
openSUSE: 2020:1707-1: moderate: Recommended mailman (Oct 22) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:1705-1: critical: chromium (Oct 22) |
| |
An update that fixes 27 vulnerabilities is now available.
|
| |
openSUSE: 2020:1703-1: important: php7 (Oct 20) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1701-1: moderate: bind (Oct 20) |
| |
An update that solves 12 vulnerabilities and has 8 fixes is now available.
|
| |
openSUSE: 2020:1702-1: moderate: transfig (Oct 20) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1698-1: important: the Linux Kernel (Oct 19) |
| |
An update that solves 7 vulnerabilities and has 39 fixes is now available.
|
| |
openSUSE: 2020:1699-1: moderate: bind (Oct 19) |
| |
An update that solves 12 vulnerabilities and has 8 fixes is now available.
|
| |
openSUSE: 2020:1692-1: moderate: gcc10, nvptx-tools (Oct 18) |
| |
An update that solves one vulnerability and has 5 fixes is now available.
|
| |
openSUSE: 2020:1693-1: moderate: gcc10, nvptx-tools (Oct 18) |
| |
An update that solves one vulnerability and has 5 fixes is now available.
|
| |
openSUSE: 2020:1688-1: moderate: crmsh (Oct 17) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2020:1687-1: important: pdns-recursor (Oct 17) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1687-1: important: pdns-recursor (Oct 17) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1682-1: important: the Linux Kernel (Oct 17) |
| |
An update that solves four vulnerabilities and has 9 fixes is now available.
|
| |
openSUSE: 2020:1679-1: critical: rubygem-activesupport-5_1 (Oct 17) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1680-1: important: libproxy (Oct 17) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1678-1: moderate: crmsh (Oct 17) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2020:1677-1: critical: rubygem-activesupport-5_1 (Oct 16) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1676-1: important: libproxy (Oct 16) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1675-1: important: phpMyAdmin (Oct 16) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1674-1: important: icingaweb2 (Oct 16) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1675-1: important: phpMyAdmin (Oct 16) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1674-1: important: icingaweb2 (Oct 16) |
| |
An update that fixes one vulnerability is now available.
|
| |
Mageia 2020-0392: kernel security update (Oct 21) |
| |
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and
|
| |
Mageia 2020-0391: claw-mail security update (Oct 21) |
| |
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree (CVE-2020-16094). References:
|
| |
Mageia 2020-0390: geary security update (Oct 21) |
| |
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. (CVE-2020-24661)
|
| |
Mageia 2020-0389: freetype2 security update (Oct 20) |
| |
A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in Load_SBit_Png as libpng uses the original 32-bit values, which are saved in png_struct. If the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the
|
| |
Mageia 2020-0388: tigervnc security update (Oct 20) |
| |
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. (CVE-2020-26117)
|
| |
Mageia 2020-0387: php security update (Oct 16) |
| |
In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. (CVE-2020-7070)
|
| |
Mageia 2020-0375: pdns security update (Oct 16) |
| |
An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify
|
| |
Mageia 2020-0386: flash-player-plugin security update (Oct 16) |
| |
NULL Pointer Dereference that leads to arbitrary code executionin the context of the current user. (CVE-2020-9746) References: - https://bugs.mageia.org/show_bug.cgi?id=27432
|
| |
Mageia 2020-0385: brotli security update (Oct 16) |
| |
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB (CVE-2020-8927).
|
| |
Mageia 2020-0384: wireshark security update (Oct 16) |
| |
The TCP dissector could crash (CVE-2020-25862). The MIME Multipart dissector could crash (CVE-2020-25863). The BLIP dissector could crash (CVE-2020-25866).
|
| |
Mageia 2020-0383: phpmyadmin security update (Oct 16) |
| |
A vulnerability was discovered where an attacker can cause an XSS attack through the transformation feature. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker. (CVE-2020-26934)
|
