| |
Debian: DSA-4770-1: thunderbird security update (Oct 6) |
| |
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 68.x
|
| |
Debian: DSA-4769-1: xen security update (Oct 2) |
| |
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.
|
| |
Fedora 31: php 2020-94763cb98b (Oct 7) |
| |
**PHP version 7.3.23** (01 Oct 2020) **Core:** * Fixed bug php#80048 (Bug php#69100 has not been fixed for Windows). (cmb) * Fixed bug php#80049 (Memleak when coercing integers to string via variadic argument). (Nikita) * Fixed bug php#79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (**CVE-2020-7070**) (Stas) **Calendar:** * Fixed bug php#80007
|
| |
Fedora 31: xen 2020-d46fe34349 (Oct 7) |
| |
x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333, CVE-2020-25602] (#1881619) Missing unlock in XENMEM_acquire_resource error path [XSA-334, CVE-2020-25598] (#1881616) race when migrating timers between x86 HVM vCPU-s [XSA-336, CVE-2020-25604] (#1881618) PCI passthrough code reading back hardware registers [XSA-337, CVE-2020-25595] (#1881587) once valid event
|
| |
Fedora 32: php 2020-4fe6b116e5 (Oct 7) |
| |
**PHP version 7.4.11** (01 Oct 2020) **Core:** * Fixed bug php#79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (**CVE-2020-7070**) (Stas) * Fixed bug php#79979 (passing value to by-ref param via CUFA crashes). (cmb, Nikita) * Fixed bug php#80037 (Typed property must not be accessed before initialization when __get() declared). (Nikita) * Fixed bug
|
| |
Fedora 31: ghc-cmark-gfm 2020-fe299b3fa3 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 31: ghc-hakyll 2020-fe299b3fa3 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 31: pandoc 2020-fe299b3fa3 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 31: gitit 2020-fe299b3fa3 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 31: patat 2020-fe299b3fa3 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 31: pandoc-citeproc 2020-fe299b3fa3 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 32: pandoc-citeproc 2020-1eaffe0013 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 32: pandoc 2020-1eaffe0013 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 32: ghc-hakyll 2020-1eaffe0013 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 32: patat 2020-1eaffe0013 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 32: gitit 2020-1eaffe0013 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 32: ghc-cmark-gfm 2020-1eaffe0013 (Oct 6) |
| |
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
|
| |
Fedora 33: thunderbird 2020-f5ba8be492 (Oct 6) |
| |
Rebase to latest upstream version.
|
| |
Fedora 33: oniguruma 2020-bc758654d1 (Oct 6) |
| |
Backport fix for CVE-2020-26159
|
| |
Fedora 32: thunderbird 2020-8b14250809 (Oct 5) |
| |
Rebase to latest upstream version.
|
| |
Fedora 33: skopeo 2020-7b6058fec9 (Oct 5) |
| |
autobuilt v2.1.0, Security fix for CVE-2020-14370 ---- correct release tag on account of prior faulty build_tag macro ---- Add back in capability SYS_CHROOT. ---- Remove fchmodat2 from seccomp filters, since it is not in upstream kernel yet. ---- Remove dangerous capabilities by default. ---- Autobuilt v1.1.1
|
| |
Fedora 33: podman 2020-7b6058fec9 (Oct 5) |
| |
autobuilt v2.1.0, Security fix for CVE-2020-14370 ---- correct release tag on account of prior faulty build_tag macro ---- Add back in capability SYS_CHROOT. ---- Remove fchmodat2 from seccomp filters, since it is not in upstream kernel yet. ---- Remove dangerous capabilities by default. ---- Autobuilt v1.1.1
|
| |
Fedora 33: crun 2020-7b6058fec9 (Oct 5) |
| |
autobuilt v2.1.0, Security fix for CVE-2020-14370 ---- correct release tag on account of prior faulty build_tag macro ---- Add back in capability SYS_CHROOT. ---- Remove fchmodat2 from seccomp filters, since it is not in upstream kernel yet. ---- Remove dangerous capabilities by default. ---- Autobuilt v1.1.1
|
| |
Fedora 32: libproxy 2020-941b563a80 (Oct 5) |
| |
Fix PAC buffer overflow
|
| |
Fedora 32: chromium 2020-214865ce21 (Oct 5) |
| |
Update to 85.0.4183.121. Why? Because security, that's why. It fixes these CVEs: CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 It also has a fix for an issue where networking... uh... didn't.
|
| |
Fedora 32: mumble 2020-8372f6bae4 (Oct 5) |
| |
Mumble 1.3.2. === Client * Fixed: Overlay not starting (#4282) Server * Fixed: keychain-error on macOS for custom certificates (#4345) Known issues * Overlay blocked by BattleEye. A request to whitelist it has been made. * Overlay blocked by CS:GO Trusted Mode
|
| |
Fedora 33: python2.7 2020-221823ebdd (Oct 5) |
| |
CVE-2020-26116: prevent HTTP request method CRLF injection in httplib
|
| |
Fedora 31: xawtv 2020-93db553bb7 (Oct 4) |
| |
Update to 3.107
|
| |
Fedora 33: rubygem-activemodel 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-activerecord 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-activesupport 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-image_processing 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-rails 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-activestorage 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-railties 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-actionmailbox 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-actioncable 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-actiontext 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-actionpack 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-actionview 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-activejob 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 33: rubygem-actionmailer 2020-4dd34860a3 (Oct 4) |
| |
Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381
|
| |
Fedora 31: samba 2020-a1d139381a (Oct 3) |
| |
Security fixes for CVE-2020-1472
|
| |
Fedora 31: libproxy 2020-7e1e9abf77 (Oct 3) |
| |
Fix CVE-2020-25219
|
| |
Fedora 33: php 2020-4573f0e03a (Oct 3) |
| |
**PHP version 7.4.11** (01 Oct 2020) **Core:** * Fixed bug php#79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (**CVE-2020-7070**) (Stas) * Fixed bug php#79979 (passing value to by-ref param via CUFA crashes). (cmb, Nikita) * Fixed bug php#80037 (Typed property must not be accessed before initialization when __get() declared). (Nikita) * Fixed bug
|
| |
Fedora 31: chromium 2020-aea86f913e (Oct 2) |
| |
Update to 85.0.4183.121. Why? Because security, that's why. It fixes these CVEs: CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 It also has a fix for an issue where networking... uh... didn't. ---- Update Chromium to 85.0.4183.102. Fix issue where unpackaged components prevented hardware accelerated rendering from
|
| |
Fedora 31: mumble 2020-ca26a3f832 (Oct 2) |
| |
Mumble 1.3.2. === Client * Fixed: Overlay not starting (#4282) Server * Fixed: keychain-error on macOS for custom certificates (#4345) Known issues * Overlay blocked by BattleEye. A request to whitelist it has been made. * Overlay blocked by CS:GO Trusted Mode
|
| |
Fedora 32: pdns 2020-7e9234058f (Oct 1) |
| |
- Update to 4.3.1 - PowerDNS Security Advisory 2020-05 (CVE-2020-17482) Release notes: https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.3.1 Security Advisory: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
|
| |
Fedora 32: podman 2020-76fcd0ba34 (Oct 1) |
| |
autobuilt v2.1.0, Security fix for CVE-2020-14370
|
| |
Fedora 32: crun 2020-76fcd0ba34 (Oct 1) |
| |
autobuilt v2.1.0, Security fix for CVE-2020-14370
|
| |
Fedora 33: libproxy 2020-15b775b07e (Oct 1) |
| |
Add fix for PAC buffer overflow
|
| |
Fedora 33: dotnet3.1 2020-48fa1ad65c (Oct 1) |
| |
This update updates .NET Core 3.1 to SDK 3.1.108 and Runtime 3.1.8. This update includes a fix for CVE-2020-1045 Release Notes: https://github.com/dotnet/core/blob/master/release-notes/3.1/3.1.8/3.1.8.md
|
| |
Fedora 33: nodejs 2020-006c7217c4 (Oct 1) |
| |
Update to Node.js 14.11.0 September 2020 Security Release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ ---- Node.js 14.10.0 - Fixes an issue preventing compilation against v8-devel
|
| |
Fedora 33: libuv 2020-006c7217c4 (Oct 1) |
| |
Update to Node.js 14.11.0 September 2020 Security Release - https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ ---- Node.js 14.10.0 - Fixes an issue preventing compilation against v8-devel
|
| |
RedHat: RHSA-2020-4214:01 Moderate: go-toolset-1.13-golang security and bug (Oct 8) |
| |
An update for go-toolset-1.13 and go-toolset-1.13-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4213:01 Low: Red Hat support for Spring Boot 2.2.10 (Oct 8) |
| |
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-4211:01 Moderate: Red Hat AMQ Interconnect 1.9.0 release (Oct 8) |
| |
Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4183:01 Moderate: bind security update (Oct 7) |
| |
An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-4182:01 Important: kernel security and bug fix update (Oct 7) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4056:01 Important: qemu-kvm security update (Oct 7) |
| |
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4206:01 Important: chromium-browser security update (Oct 7) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4201:01 Low: OpenShift Virtualization 2.4.2 Images (Oct 6) |
| |
Red Hat OpenShift Virtualization release 2.4.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4187:01 Important: spice and spice-gtk security update (Oct 6) |
| |
An update for spice and spice-gtk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4186:01 Important: spice and spice-gtk security update (Oct 6) |
| |
An update for spice and spice-gtk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4185:01 Important: spice and spice-gtk security update (Oct 6) |
| |
An update for spice and spice-gtk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4181:01 Important: unbound security update (Oct 6) |
| |
An update for unbound is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4184:01 Important: spice and spice-gtk security update (Oct 6) |
| |
An update for spice and spice-gtk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4176:01 Important: qemu-kvm-rhev security update (Oct 5) |
| |
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4174:01 Moderate: rh-mariadb102-mariadb and (Oct 5) |
| |
An update for rh-mariadb102-mariadb and rh-mariadb102-galera is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-4172:01 Important: Red Hat Virtualization security, (Oct 5) |
| |
An update for cockpit-ovirt, imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2020-4167:01 Important: qemu-kvm-rhev security update (Oct 5) |
| |
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4162:01 Important: qemu-kvm-ma security update (Oct 1) |
| |
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4163:01 Important: thunderbird security update (Oct 1) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4158:01 Important: thunderbird security update (Oct 1) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4155:01 Important: thunderbird security update (Oct 1) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-4157:01 Important: thunderbird security update (Oct 1) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4156:01 Important: thunderbird security update (Oct 1) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-4154:01 Moderate: Red Hat AMQ Broker 7.4.5 release and (Oct 1) |
| |
Red Hat AMQ Broker 7.4.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
SUSE: 2020:2879-1 important: the Linux Kernel (Oct 8) |
| |
An update that solves 9 vulnerabilities and has 105 fixes is now available.
|
| |
SUSE: 2020:2879-1 important: the Linux Kernel (Oct 8) |
| |
An update that solves 9 vulnerabilities and has 105 fixes is now available.
|
| |
SUSE: 2020:2877-1 important: qemu (Oct 7) |
| |
An update that solves four vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2020:2876-1 critical: ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installe (Oct 7) |
| |
An update that fixes 9 vulnerabilities, contains 10 features is now available.
|
| |
SUSE: 2020:2870-1 moderate: nodejs8 (Oct 6) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2872-1 moderate: hexchat (Oct 6) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2864-1 moderate: gnutls (Oct 6) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2020:2861-1 important: java-1_7_0-openjdk (Oct 5) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:14511-1 important: openssl1 (Oct 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14510-1 important: perl-DBI (Oct 5) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2856-1 important: perl-DBI (Oct 5) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2832-1 moderate: SUSE Manager Server 4.1 (Oct 2) |
| |
An update that solves one vulnerability and has 25 fixes is now available.
|
| |
SUSE: 2020:2827-1 important: perl-DBI (Oct 2) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2828-1 important: perl-DBI (Oct 2) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2829-1 important: nodejs10 (Oct 2) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:2830-1 moderate: permissions (Oct 2) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2823-1 important: nodejs10 (Oct 1) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:2822-1 important: xen (Oct 1) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
SUSE: 2020:2814-1 moderate: permissions (Oct 1) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2812-1 important: nodejs12 (Oct 1) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:2813-1 important: nodejs12 (Oct 1) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
Ubuntu 4574-1: libseccomp-golang vulnerability (Oct 7) |
| |
A system hardening measure could be bypassed.
|
| |
Ubuntu 4572-2: Spice vulnerability (Oct 7) |
| |
Spice could be made to crash or run programs if it received specially crafted network traffic.
|
| |
Ubuntu 4573-1: Vino vulnerabilities (Oct 7) |
| |
Several security issues were fixed in Vino.
|
| |
Ubuntu 4572-1: Spice vulnerability (Oct 6) |
| |
Spice could be made to crash or run programs if it received specially crafted network traffic.
|
| |
Ubuntu 4567-1: OpenDMARC vulnerability (Oct 6) |
| |
OpenDMARC could allow signature bypass under certain conditions.
|
| |
Ubuntu 4566-1: Cyrus IMAP Server vulnerabilities (Oct 6) |
| |
Cyrus IMAP Server could be made to overwrite files as the administrator.
|
| |
Ubuntu 4565-1: OpenConnect vulnerability (Oct 6) |
| |
OpenConnect could be made to crash if it received specially crafted input.
|
| |
Ubuntu 4564-1: Apache Tika vulnerabilities (Oct 6) |
| |
Apache Tika could be made to crash if it opened a specially crafted file.
|
| |
Ubuntu 4570-1: urllib3 vulnerability (Oct 5) |
| |
urllib3 could be used to perform a CRLF injection if it received a specially crafted request.
|
| |
Ubuntu 4571-1: rack-cors vulnerability (Oct 5) |
| |
rack-cors would allow unintended access to files over the network.
|
| |
Ubuntu 4568-1: Brotli vulnerability (Oct 5) |
| |
Brotli could be made to crash if it received a specially crafted input.
|
| |
Ubuntu 4569-1: Yaws vulnerabilities (Oct 5) |
| |
Several security issues were fixed in Yaws.
|
| |
Ubuntu 4563-1: NTP vulnerability (Oct 1) |
| |
NTP could be made to crash.
|
| |
Debian LTS: DLA-2402-1: golang-go.crypto security update (Oct 8) |
| |
CVE-2019-11840 An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto. If more than 256 GiB of keystream is
|
| |
Debian LTS: DLA-2400-1: activemq security update (Oct 7) |
| |
Apache ActiveMQ, a Java message broker, uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind
|
| |
Debian LTS: DLA-2401-1: sympa security update (Oct 7) |
| |
Sympa, a modern mailing list manager, allows privilege escalation through setuid wrappers. A local attacker can obtain root access. For Debian 9 stretch, this problem has been fixed in version
|
| |
Debian LTS: DLA-2398-1: puma security update (Oct 7) |
| |
Several security vulnerabilities have been discovered in puma, highly concurrent HTTP server for Ruby/Rack applications. CVE-2020-11076
|
| |
Debian LTS: DLA-2332-2: sane-backends regression update (Oct 7) |
| |
A regression was introduced in DLA-2332-1, where changes in the Debian package building process triggered a bug in the sane-backends packages, causing missing files.
|
| |
Debian LTS: DLA-2393-1: snmptt security update (Oct 2) |
| |
It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. A remote attacker, by sending a malicious crafted SNMP trap, could possibly execute arbitrary shell code with the privileges of the
|
| |
Debian LTS: DLA-2394-1: squid3 security update (Oct 2) |
| |
Several security vulnerabilities have been discovered in Squid, a high- performance proxy caching server for web clients. CVE-2020-15049
|
| |
Debian LTS: DLA-2392-1: jruby security update (Oct 1) |
| |
A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick (bundled along with jruby) was too tolerant against
|
| |
Debian LTS: DLA-2391-1: ruby2.3 security update (Oct 1) |
| |
A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick (bundled along with ruby2.3) was too tolerant against
|
| |
Debian LTS: DLA-2390-1: ruby-json-jwt security update (Oct 1) |
| |
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. Therefore, there was a need to explicitly specify the number
|
| |
Debian LTS: DLA-2389-1: ruby-rack-cors security update (Oct 1) |
| |
This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format.
|
| |
ArchLinux: 202009-17: samba: access restriction bypass (Oct 6) |
| |
The package samba before version 4.13.0-1 is vulnerable to access restriction bypass.
|
| |
ArchLinux: 202009-16: zeromq: denial of service (Oct 6) |
| |
The package zeromq before version 4.3.3-1 is vulnerable to denial of service.
|
| |
ArchLinux: 202009-15: lib32-zeromq: denial of service (Oct 6) |
| |
The package lib32-zeromq before version 4.3.3-1 is vulnerable to denial of service.
|
| |
ArchLinux: 202009-14: yaws: multiple issues (Oct 6) |
| |
The package yaws before version 2.0.8-1 is vulnerable to multiple issues including arbitrary command execution and information disclosure.
|
| |
ArchLinux: 202009-13: brotli: denial of service (Oct 6) |
| |
The package brotli before version 1.0.9-1 is vulnerable to denial of service.
|
| |
ArchLinux: 202009-12: lib32-brotli: denial of service (Oct 6) |
| |
The package lib32-brotli before version 1.0.9-1 is vulnerable to denial of service.
|
| |
openSUSE: 2020:1631-1: important: kdeconnect-kde (Oct 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1628-1: important: perl-DBI (Oct 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1620-1: important: perl-DBI (Oct 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1616-1: important: nodejs12 (Oct 5) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2020:1613-1: moderate: python-pip (Oct 4) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1611-1: moderate: grafana (Oct 4) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2020:1608-1: important: xen (Oct 4) |
| |
An update that solves 10 vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2020:1604-1: moderate: zabbix (Oct 4) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1599-1: critical: dpdk (Oct 4) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2020:1598-1: moderate: python-pip (Oct 4) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1593-1: critical: dpdk (Oct 3) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2020:1591-1: moderate: bcm43xx-firmware (Oct 3) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2020:1587-1: moderate: go1.14 (Oct 1) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2020:1586-1: important: the Linux Kernel (Oct 1) |
| |
An update that solves 9 vulnerabilities and has 103 fixes is now available.
|
| |
openSUSE: 2020:1584-1: moderate: go1.14 (Oct 1) |
| |
An update that solves one vulnerability and has one errata is now available.
|
