Thank you for subscribing to the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.


Important advisories issued this week include warnings from CentOS, Scientific Linux and Slackware of vulnerabilities in Mozilla Thunderbird and critical dovecot updates released by CentOS and Scientific Linux. Continue reading to learn about other significant advisories issued this week. Stay healthy, safe and secure - both on and offline!

LinuxSecurity.com Feature Extras:

RavenDB: Pioneering Data Management with an Innovative Open-Source Approach - When it comes to using a NoSQL document database to store, manage and retrieve documents, reliability, privacy, efficiency and ease-of-use are essential in optimizing productivity and ensuring data security. However, the unfortunate reality is that many NoSQL document databases fail to embody these important characteristics, leaving users frustrated - and often at risk. 

How To Identify Libraries that are Still Vulnerable to Attacks After Updates - Patch management can be a complex and time-consuming process, and because of this, patches to fix vulnerabilities may not be applied before a hacker is able to breach an organization's security. The majority of organizations are not aware of these vulnerabilities until they have experienced a breach, at which point it is frustrating to learn that deploying a simple patch could have prevented the breach altogether.

  Debian: DSA-4770-1: thunderbird security update (Oct 6)
 

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 68.x
  Debian: DSA-4769-1: xen security update (Oct 2)
 

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.
  Fedora 31: php 2020-94763cb98b (Oct 7)
 

**PHP version 7.3.23** (01 Oct 2020) **Core:** * Fixed bug php#80048 (Bug php#69100 has not been fixed for Windows). (cmb) * Fixed bug php#80049 (Memleak when coercing integers to string via variadic argument). (Nikita) * Fixed bug php#79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (**CVE-2020-7070**) (Stas) **Calendar:** * Fixed bug php#80007
  Fedora 31: xen 2020-d46fe34349 (Oct 7)
 

x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333, CVE-2020-25602] (#1881619) Missing unlock in XENMEM_acquire_resource error path [XSA-334, CVE-2020-25598] (#1881616) race when migrating timers between x86 HVM vCPU-s [XSA-336, CVE-2020-25604] (#1881618) PCI passthrough code reading back hardware registers [XSA-337, CVE-2020-25595] (#1881587) once valid event
  Fedora 32: php 2020-4fe6b116e5 (Oct 7)
 

**PHP version 7.4.11** (01 Oct 2020) **Core:** * Fixed bug php#79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (**CVE-2020-7070**) (Stas) * Fixed bug php#79979 (passing value to by-ref param via CUFA crashes). (cmb, Nikita) * Fixed bug php#80037 (Typed property must not be accessed before initialization when __get() declared). (Nikita) * Fixed bug
  Fedora 31: ghc-cmark-gfm 2020-fe299b3fa3 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 31: ghc-hakyll 2020-fe299b3fa3 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 31: pandoc 2020-fe299b3fa3 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 31: gitit 2020-fe299b3fa3 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 31: patat 2020-fe299b3fa3 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 31: pandoc-citeproc 2020-fe299b3fa3 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 32: pandoc-citeproc 2020-1eaffe0013 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 32: pandoc 2020-1eaffe0013 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 32: ghc-hakyll 2020-1eaffe0013 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 32: patat 2020-1eaffe0013 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 32: gitit 2020-1eaffe0013 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 32: ghc-cmark-gfm 2020-1eaffe0013 (Oct 6)
 

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
  Fedora 33: thunderbird 2020-f5ba8be492 (Oct 6)
 

Rebase to latest upstream version.
  Fedora 33: oniguruma 2020-bc758654d1 (Oct 6)
 

Backport fix for CVE-2020-26159
  Fedora 32: thunderbird 2020-8b14250809 (Oct 5)
 

Rebase to latest upstream version.
  Fedora 33: skopeo 2020-7b6058fec9 (Oct 5)
 

autobuilt v2.1.0, Security fix for CVE-2020-14370 ---- correct release tag on account of prior faulty build_tag macro ---- Add back in capability SYS_CHROOT. ---- Remove fchmodat2 from seccomp filters, since it is not in upstream kernel yet. ---- Remove dangerous capabilities by default. ---- Autobuilt v1.1.1
  Fedora 33: podman 2020-7b6058fec9 (Oct 5)
 

autobuilt v2.1.0, Security fix for CVE-2020-14370 ---- correct release tag on account of prior faulty build_tag macro ---- Add back in capability SYS_CHROOT. ---- Remove fchmodat2 from seccomp filters, since it is not in upstream kernel yet. ---- Remove dangerous capabilities by default. ---- Autobuilt v1.1.1
  Fedora 33: crun 2020-7b6058fec9 (Oct 5)
 

autobuilt v2.1.0, Security fix for CVE-2020-14370 ---- correct release tag on account of prior faulty build_tag macro ---- Add back in capability SYS_CHROOT. ---- Remove fchmodat2 from seccomp filters, since it is not in upstream kernel yet. ---- Remove dangerous capabilities by default. ---- Autobuilt v1.1.1
  Fedora 32: libproxy 2020-941b563a80 (Oct 5)
 

Fix PAC buffer overflow
  Fedora 32: chromium 2020-214865ce21 (Oct 5)
 

Update to 85.0.4183.121. Why? Because security, that's why. It fixes these CVEs: CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 It also has a fix for an issue where networking... uh... didn't.
  Fedora 32: mumble 2020-8372f6bae4 (Oct 5)
 

Mumble 1.3.2. === Client * Fixed: Overlay not starting (#4282) Server * Fixed: keychain-error on macOS for custom certificates (#4345) Known issues * Overlay blocked by BattleEye. A request to whitelist it has been made. * Overlay blocked by CS:GO Trusted Mode
  Fedora 33: python2.7 2020-221823ebdd (Oct 5)
 

CVE-2020-26116: prevent HTTP request method CRLF injection in httplib
  Fedora 31: xawtv 2020-93db553bb7 (Oct 4)
 

Update to 3.107
  Fedora 33: rubygem-activemodel 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-activerecord 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-activesupport 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-image_processing 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-rails 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-activestorage 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-railties 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-actionmailbox 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-actioncable 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-actiontext 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-actionpack 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-actionview 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-activejob 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 33: rubygem-actionmailer 2020-4dd34860a3 (Oct 4)
 

Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
  Fedora 31: samba 2020-a1d139381a (Oct 3)
 

Security fixes for CVE-2020-1472
  Fedora 31: libproxy 2020-7e1e9abf77 (Oct 3)
 

Fix CVE-2020-25219
  Fedora 33: php 2020-4573f0e03a (Oct 3)
 

**PHP version 7.4.11** (01 Oct 2020) **Core:** * Fixed bug php#79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (**CVE-2020-7070**) (Stas) * Fixed bug php#79979 (passing value to by-ref param via CUFA crashes). (cmb, Nikita) * Fixed bug php#80037 (Typed property must not be accessed before initialization when __get() declared). (Nikita) * Fixed bug
  Fedora 31: chromium 2020-aea86f913e (Oct 2)
 

Update to 85.0.4183.121. Why? Because security, that's why. It fixes these CVEs: CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 It also has a fix for an issue where networking... uh... didn't. ---- Update Chromium to 85.0.4183.102. Fix issue where unpackaged components prevented hardware accelerated rendering from
  Fedora 31: mumble 2020-ca26a3f832 (Oct 2)
 

Mumble 1.3.2. === Client * Fixed: Overlay not starting (#4282) Server * Fixed: keychain-error on macOS for custom certificates (#4345) Known issues * Overlay blocked by BattleEye. A request to whitelist it has been made. * Overlay blocked by CS:GO Trusted Mode
  Fedora 32: pdns 2020-7e9234058f (Oct 1)
 

- Update to 4.3.1 - PowerDNS Security Advisory 2020-05 (CVE-2020-17482) Release notes: https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.3.1 Security Advisory: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
  Fedora 32: podman 2020-76fcd0ba34 (Oct 1)
 

autobuilt v2.1.0, Security fix for CVE-2020-14370
  Fedora 32: crun 2020-76fcd0ba34 (Oct 1)
 

autobuilt v2.1.0, Security fix for CVE-2020-14370
  Fedora 33: libproxy 2020-15b775b07e (Oct 1)
 

Add fix for PAC buffer overflow
  Fedora 33: dotnet3.1 2020-48fa1ad65c (Oct 1)
 

This update updates .NET Core 3.1 to SDK 3.1.108 and Runtime 3.1.8. This update includes a fix for CVE-2020-1045 Release Notes: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md
  Fedora 33: nodejs 2020-006c7217c4 (Oct 1)
 

Update to Node.js 14.11.0 September 2020 Security Release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ ---- Node.js 14.10.0 - Fixes an issue preventing compilation against v8-devel
  Fedora 33: libuv 2020-006c7217c4 (Oct 1)
 

Update to Node.js 14.11.0 September 2020 Security Release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ ---- Node.js 14.10.0 - Fixes an issue preventing compilation against v8-devel
  RedHat: RHSA-2020-4214:01 Moderate: go-toolset-1.13-golang security and bug (Oct 8)
 

An update for go-toolset-1.13 and go-toolset-1.13-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-4213:01 Low: Red Hat support for Spring Boot 2.2.10 (Oct 8)
 

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  RedHat: RHSA-2020-4211:01 Moderate: Red Hat AMQ Interconnect 1.9.0 release (Oct 8)
 

Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-4183:01 Moderate: bind security update (Oct 7)
 

An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  RedHat: RHSA-2020-4182:01 Important: kernel security and bug fix update (Oct 7)
 

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-4056:01 Important: qemu-kvm security update (Oct 7)
 

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-4206:01 Important: chromium-browser security update (Oct 7)
 

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4201:01 Low: OpenShift Virtualization 2.4.2 Images (Oct 6)
 

Red Hat OpenShift Virtualization release 2.4.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-4187:01 Important: spice and spice-gtk security update (Oct 6)
 

An update for spice and spice-gtk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4186:01 Important: spice and spice-gtk security update (Oct 6)
 

An update for spice and spice-gtk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4185:01 Important: spice and spice-gtk security update (Oct 6)
 

An update for spice and spice-gtk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4181:01 Important: unbound security update (Oct 6)
 

An update for unbound is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4184:01 Important: spice and spice-gtk security update (Oct 6)
 

An update for spice and spice-gtk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4176:01 Important: qemu-kvm-rhev security update (Oct 5)
 

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4174:01 Moderate: rh-mariadb102-mariadb and (Oct 5)
 

An update for rh-mariadb102-mariadb and rh-mariadb102-galera is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-4172:01 Important: Red Hat Virtualization security, (Oct 5)
 

An update for cockpit-ovirt, imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact
  RedHat: RHSA-2020-4167:01 Important: qemu-kvm-rhev security update (Oct 5)
 

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4162:01 Important: qemu-kvm-ma security update (Oct 1)
 

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4163:01 Important: thunderbird security update (Oct 1)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-4158:01 Important: thunderbird security update (Oct 1)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-4155:01 Important: thunderbird security update (Oct 1)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-4157:01 Important: thunderbird security update (Oct 1)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4156:01 Important: thunderbird security update (Oct 1)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-4154:01 Moderate: Red Hat AMQ Broker 7.4.5 release and (Oct 1)
 

Red Hat AMQ Broker 7.4.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  SUSE: 2020:2879-1 important: the Linux Kernel (Oct 8)
 

An update that solves 9 vulnerabilities and has 105 fixes is now available.
  SUSE: 2020:2879-1 important: the Linux Kernel (Oct 8)
 

An update that solves 9 vulnerabilities and has 105 fixes is now available.
  SUSE: 2020:2877-1 important: qemu (Oct 7)
 

An update that solves four vulnerabilities and has two fixes is now available.
  SUSE: 2020:2876-1 critical: ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installe (Oct 7)
 

An update that fixes 9 vulnerabilities, contains 10 features is now available.
  SUSE: 2020:2870-1 moderate: nodejs8 (Oct 6)
 

An update that solves one vulnerability and has one errata is now available.
  SUSE: 2020:2872-1 moderate: hexchat (Oct 6)
 

An update that solves one vulnerability and has one errata is now available.
  SUSE: 2020:2864-1 moderate: gnutls (Oct 6)
 

An update that solves one vulnerability and has two fixes is now available.
  SUSE: 2020:2861-1 important: java-1_7_0-openjdk (Oct 5)
 

An update that fixes 7 vulnerabilities is now available.
  SUSE: 2020:14511-1 important: openssl1 (Oct 5)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:14510-1 important: perl-DBI (Oct 5)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:2856-1 important: perl-DBI (Oct 5)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:2832-1 moderate: SUSE Manager Server 4.1 (Oct 2)
 

An update that solves one vulnerability and has 25 fixes is now available.
  SUSE: 2020:2827-1 important: perl-DBI (Oct 2)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:2828-1 important: perl-DBI (Oct 2)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:2829-1 important: nodejs10 (Oct 2)
 

An update that solves two vulnerabilities and has one errata is now available.
  SUSE: 2020:2830-1 moderate: permissions (Oct 2)
 

An update that contains security fixes can now be installed.
  SUSE: 2020:2823-1 important: nodejs10 (Oct 1)
 

An update that solves two vulnerabilities and has one errata is now available.
  SUSE: 2020:2822-1 important: xen (Oct 1)
 

An update that fixes 12 vulnerabilities is now available.
  SUSE: 2020:2814-1 moderate: permissions (Oct 1)
 

An update that contains security fixes can now be installed.
  SUSE: 2020:2812-1 important: nodejs12 (Oct 1)
 

An update that solves three vulnerabilities and has one errata is now available.
  SUSE: 2020:2813-1 important: nodejs12 (Oct 1)
 

An update that solves three vulnerabilities and has one errata is now available.
  Ubuntu 4574-1: libseccomp-golang vulnerability (Oct 7)
 

A system hardening measure could be bypassed.
  Ubuntu 4572-2: Spice vulnerability (Oct 7)
 

Spice could be made to crash or run programs if it received specially crafted network traffic.
  Ubuntu 4573-1: Vino vulnerabilities (Oct 7)
 

Several security issues were fixed in Vino.
  Ubuntu 4572-1: Spice vulnerability (Oct 6)
 

Spice could be made to crash or run programs if it received specially crafted network traffic.
  Ubuntu 4567-1: OpenDMARC vulnerability (Oct 6)
 

OpenDMARC could allow signature bypass under certain conditions.
  Ubuntu 4566-1: Cyrus IMAP Server vulnerabilities (Oct 6)
 

Cyrus IMAP Server could be made to overwrite files as the administrator.
  Ubuntu 4565-1: OpenConnect vulnerability (Oct 6)
 

OpenConnect could be made to crash if it received specially crafted input.
  Ubuntu 4564-1: Apache Tika vulnerabilities (Oct 6)
 

Apache Tika could be made to crash if it opened a specially crafted file.
  Ubuntu 4570-1: urllib3 vulnerability (Oct 5)
 

urllib3 could be used to perform a CRLF injection if it received a specially crafted request.
  Ubuntu 4571-1: rack-cors vulnerability (Oct 5)
 

rack-cors would allow unintended access to files over the network.
  Ubuntu 4568-1: Brotli vulnerability (Oct 5)
 

Brotli could be made to crash if it received a specially crafted input.
  Ubuntu 4569-1: Yaws vulnerabilities (Oct 5)
 

Several security issues were fixed in Yaws.
  Ubuntu 4563-1: NTP vulnerability (Oct 1)
 

NTP could be made to crash.
  Debian LTS: DLA-2402-1: golang-go.crypto security update (Oct 8)
 

CVE-2019-11840 An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto. If more than 256 GiB of keystream is
  Debian LTS: DLA-2400-1: activemq security update (Oct 7)
 

Apache ActiveMQ, a Java message broker, uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind
  Debian LTS: DLA-2401-1: sympa security update (Oct 7)
 

Sympa, a modern mailing list manager, allows privilege escalation through setuid wrappers. A local attacker can obtain root access. For Debian 9 stretch, this problem has been fixed in version
  Debian LTS: DLA-2398-1: puma security update (Oct 7)
 

Several security vulnerabilities have been discovered in puma, highly concurrent HTTP server for Ruby/Rack applications. CVE-2020-11076
  Debian LTS: DLA-2332-2: sane-backends regression update (Oct 7)
 

A regression was introduced in DLA-2332-1, where changes in the Debian package building process triggered a bug in the sane-backends packages, causing missing files.
  Debian LTS: DLA-2393-1: snmptt security update (Oct 2)
 

It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. A remote attacker, by sending a malicious crafted SNMP trap, could possibly execute arbitrary shell code with the privileges of the
  Debian LTS: DLA-2394-1: squid3 security update (Oct 2)
 

Several security vulnerabilities have been discovered in Squid, a high- performance proxy caching server for web clients. CVE-2020-15049
  Debian LTS: DLA-2392-1: jruby security update (Oct 1)
 

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick (bundled along with jruby) was too tolerant against
  Debian LTS: DLA-2391-1: ruby2.3 security update (Oct 1)
 

A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick (bundled along with ruby2.3) was too tolerant against
  Debian LTS: DLA-2390-1: ruby-json-jwt security update (Oct 1)
 

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. Therefore, there was a need to explicitly specify the number
  Debian LTS: DLA-2389-1: ruby-rack-cors security update (Oct 1)
 

This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format.
  ArchLinux: 202009-17: samba: access restriction bypass (Oct 6)
 

The package samba before version 4.13.0-1 is vulnerable to access restriction bypass.
  ArchLinux: 202009-16: zeromq: denial of service (Oct 6)
 

The package zeromq before version 4.3.3-1 is vulnerable to denial of service.
  ArchLinux: 202009-15: lib32-zeromq: denial of service (Oct 6)
 

The package lib32-zeromq before version 4.3.3-1 is vulnerable to denial of service.
  ArchLinux: 202009-14: yaws: multiple issues (Oct 6)
 

The package yaws before version 2.0.8-1 is vulnerable to multiple issues including arbitrary command execution and information disclosure.
  ArchLinux: 202009-13: brotli: denial of service (Oct 6)
 

The package brotli before version 1.0.9-1 is vulnerable to denial of service.
  ArchLinux: 202009-12: lib32-brotli: denial of service (Oct 6)
 

The package lib32-brotli before version 1.0.9-1 is vulnerable to denial of service.
  openSUSE: 2020:1631-1: important: kdeconnect-kde (Oct 7)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:1628-1: important: perl-DBI (Oct 6)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:1620-1: important: perl-DBI (Oct 5)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:1616-1: important: nodejs12 (Oct 5)
 

An update that solves three vulnerabilities and has one errata is now available.
  openSUSE: 2020:1613-1: moderate: python-pip (Oct 4)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:1611-1: moderate: grafana (Oct 4)
 

An update that fixes four vulnerabilities is now available.
  openSUSE: 2020:1608-1: important: xen (Oct 4)
 

An update that solves 10 vulnerabilities and has one errata is now available.
  openSUSE: 2020:1604-1: moderate: zabbix (Oct 4)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2020:1599-1: critical: dpdk (Oct 4)
 

An update that fixes 5 vulnerabilities is now available.
  openSUSE: 2020:1598-1: moderate: python-pip (Oct 4)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:1593-1: critical: dpdk (Oct 3)
 

An update that fixes 5 vulnerabilities is now available.
  openSUSE: 2020:1591-1: moderate: bcm43xx-firmware (Oct 3)
 

An update that contains security fixes can now be installed.
  openSUSE: 2020:1587-1: moderate: go1.14 (Oct 1)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2020:1586-1: important: the Linux Kernel (Oct 1)
 

An update that solves 9 vulnerabilities and has 103 fixes is now available.
  openSUSE: 2020:1584-1: moderate: go1.14 (Oct 1)
 

An update that solves one vulnerability and has one errata is now available.