Linux Advisory Watch: April 3rd, 2020

Miguel Onoro reported that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed

It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped. The oldstable distribution (stretch) is not affected.

Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential arbitrary code

Russ Allbery discovered a buffer overflow in the PAM module for MIT Kerberos, which could result in denial of service or potentially the execution of arbitrary code.

It was reported that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause

This update includes a rebase from 9.0.30 up to 9.0.31 which resolves one CVE along with various other bugs/features: * rhbz#1806805 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability * rhbz#1801729 tomcat-9.0.31 is available **WARNING** - This update does *not* enforce the change in defaults for the AJP Connector like the upstream fix does. This is

This update includes a rebase from 9.0.30 up to 9.0.31 which resolves one CVE along with various other bugs/features: * rhbz#1806805 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability * rhbz#1801729 tomcat-9.0.31 is available **WARNING** - This update does *not* enforce the change in defaults for the AJP Connector like the upstream fix does. This is

Security fix for CVE-2020-10188

* An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. * An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of

The **phpMyAdmin** team announces the release of both **4.9.5** and **5.0.2**. Both versions contain several security fixes: * PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password * PMASA-2020-3 SQL injection vulnerability relating to the search feature * PMASA-2020-4 SQL injection and XSS having to do with displaying results *

Security fix for CVE-2019-19906

* An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. * An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of

The **phpMyAdmin** team announces the release of both **4.9.5** and **5.0.2**. Both versions contain several security fixes: * PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password * PMASA-2020-3 SQL injection vulnerability relating to the search feature * PMASA-2020-4 SQL injection and XSS having to do with displaying results *

Security fix for CVE-2019-18408 RAR reader: fix use after free If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed to continue with next archive headers. We need to set rar->start_new_table after the ppmd7_context got freed, otherwise it won't be allocated again.

* An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. * An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of

The **phpMyAdmin** team announces the release of both **4.9.5** and **5.0.2**. Both versions contain several security fixes: * PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password * PMASA-2020-3 SQL injection vulnerability relating to the search feature * PMASA-2020-4 SQL injection and XSS having to do with displaying results *

Security fix for CVE-2020-9359

This update incorporates fixes from the upstream glibc 2.31 stable release branch, including 2 fixes for medium severity security vulnerabilities. (CVE-2020-10029, CVE-2020-1752)

Security fix for CVE-2020-9359

Update to January 2020 CPU. See: http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-January/002374.html

This update includes a rebase from 9.0.30 up to 9.0.31 which resolves one CVE along with various other bugs/features: * rhbz#1806805 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability * rhbz#1801729 tomcat-9.0.31 is available **WARNING** - This update does *not* enforce the change in defaults for the AJP Connector like the upstream fix does. This is

Fix DoS vulnerability (CVE-2019-19886, RHBZ #1801720 / #1801719)

Fix DoS vulnerability (CVE-2019-19886, RHBZ #1801720 / #1801719)

Fix DoS vulnerability (CVE-2019-19886, RHBZ #1801720 / #1801719)

New version, fixes a lot of bugs (some of them security). In the same update, fixed up epel7 build to latest version as well.

Fix CVE-2018-19655

Fix CVE-2018-19655

Fix CVE-2018-19655

* New upstream release 5.3.1 (rhbz#1814882) * Fixes CVE-2020-1747 (rhbz#1807367,1809011)

The 5.5.11 stable kernel update contains a number of important fixes across the tree.

* New upstream release 5.3.1 (rhbz#1814882) * Fixes CVE-2020-1747 (rhbz#1807367,1809011)

Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio

* New upstream release 5.3.1 (rhbz#1814882) * Fixes CVE-2020-1747 (rhbz#1807367,1809011)

Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio

**PHP version 7.3.16** (19 Mar 2020) **Core:** * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **DOM:** * Fixed bug php#77569: (Write Access Violation in DomImplementation). (Nikita, cmb) * Fixed bug php#79271 (DOMDocumentType::$childNodes is NULL). (cmb) **Enchant:** * Fixed bug php#79311 (enchant_dict_suggest() fails on big

Security and performance fixes.

A regression in GnuTLS breaks the security guarantees of the DTLS protocol.

Multiple vulnerabilities have been found in ledger, the worst of which could result in the arbitrary execution of code.

A heap use-after-free flaw in Qt WebEngine at worst might allow an attacker to execute arbitrary code.

Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in the execution of arbitrary code.

Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox.

A vulnerability in HAProxy might lead to remote execution of arbitrary code.

Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code.

Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code.

Multiple vulnerabilities have been found in libxls, the worst of which could result in the arbitrary execution of code.

Multiple vulnerabilities have been found in GNU IDN Library 2, the worst of which could result in the remote execution of arbitrary code.

A buffer overflow in GNU Screen might allow remote attackers to corrupt memory.

A vulnerability in Adobe Flash Player might allow remote attackers to execute arbitrary code.

Multiple vulnerabilities have been found in QtCore, the worst of which could result in the execution of arbitrary code.

Multiple vulnerabilities have been found in libvpx, the worst of which could result in the execution of arbitrary code.

Multiple vulnerabilities have been found in UnZip, the worst of which could result in the execution of arbitrary code.

Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands.

An update is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for haproxy is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for haproxy is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat Virtualization for Red Hat Virtualization Host 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for ose-openshift-apiserver-container is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for ose-openshift-controller-manager-container is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for nss-softokn is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for systemd is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for python is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for procps-ng is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for the virt:8.1 module is now available for Advanced Virtualization for RHEL 8.1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for dpdk is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for buildah is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for skopeo is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for python-twisted-web is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for ImageMagick, autotrace, emacs, and inkscape is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for python3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for bash is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for polkit is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for poppler and evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for avahi is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for bluez is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for nbdkit is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for zziplib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for wireshark is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for texlive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libosinfo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for okular is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for unzip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for libqb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for qt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for mailman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for taglib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for advancecomp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for libreoffice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for gettext is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for mutt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for lftp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for net-snmp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for libsndfile is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for evolution, evolution-data-server, evolution-ews, and atk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for doxygen is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for GNOME is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for expat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for mod_auth_mellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for file is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for rsyslog is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for ipmitool is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

A minor version update (from 7.5 to 7.6) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact

An update for ipmitool is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for ipmitool is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for zsh is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for openshift-enterprise-mediawiki-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

New gnutls packages are available for Slackware 14.2 and -current to fix a security issue.

New kernel packages are available for Slackware 14.2 to fix security issues.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 6 vulnerabilities is now available.

An update that solves two vulnerabilities and has 15 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves three vulnerabilities and has two fixes is now available.

An update that fixes one vulnerability is now available.

An update that solves 6 vulnerabilities and has 6 fixes is now available.

An update that fixes two vulnerabilities is now available.

An update that solves 6 vulnerabilities and has two fixes is now available.

An update that solves 5 vulnerabilities and has 58 fixes is now available.

An update that solves 5 vulnerabilities and has 58 fixes is now available.

An update that solves three vulnerabilities and has two fixes is now available.

An update that fixes 9 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that solves three vulnerabilities and has one errata is now available.

An update that solves three vulnerabilities and has one errata is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

Several security issues were fixed in GD Graphics Library.

Several security issues were fixed in GD Graphics Library.

Several security issues were fixed in Apport.

pam-krb5 could be made to execute arbitrary code if it received a specially crafted response.

Several security issues were fixed in BlueZ.

The system could be made to expose sensitive information or run programs as an administrator.

Timeshift could be made to run programs as an administrator.

Several security issues were fixed in WebKitGTK+.

Several security issues were fixed in Twisted.

libplist is a library for reading and writing the Apple binary and XML property lists format. It's part of the libimobiledevice stack, providing access to iDevices (iPod, iPhone, iPad ...).

The krb5 PAM module (pam_krb5.so) had a buffer overflow that might have caused remote code execution in situations involving supplemental prompting by a Kerberos library.

A vulnerability was discovered in python-bleach, a whitelist-based HTML-sanitizing library. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to a regular expression denial

An issue has been found in apng2gif, a tool for converting APNG images to animated GIF format.

Several issues have been found in gst-plugins-bad0.10, a package containing GStreamer plugins from the "bad" set.

A minor security issue and a severe packaging bug have been fixed in tinyproxy, a lightweight http proxy daemon.

A remote code execution vulnerability was discovered in the Form API component of the Horde Application Framework. An authenticated remote attacker could use this flaw to upload arbitrary content to an arbitrary

Two security issues have been detected in tika and fixed. CVE-2020-1950:

Two security issues have been identified and fixed in php5, a server-side, HTML-embedded scripting language.

The package pam-krb5 before version 4.9-1 is vulnerable to arbitrary code execution.

The package linux before version 5.5.13.arch2-1 is vulnerable to privilege escalation.

The package linux-lts before version 5.4.28-2 is vulnerable to privilege escalation.

The package linux-hardened before version 5.5.13.b-1 is vulnerable to privilege escalation.

The package chromium before version 80.0.3987.162-1 is vulnerable to arbitrary code execution.

ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208) SL7 x86_64 ipmitool-1.8.18-9.el7_7.x86_64.rpm ipmitool-debuginfo-1.8.18-9.el7_7.x86_64.rpm noarch bmc-snmp-proxy-1.8.18-9.el7_7.noarch.rpm exchange-bmc-os-info-1.8.18-9.el7_7.noarch.rpm - Scientific Linux Development Team

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that contains security fixes can now be installed.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes 7 vulnerabilities is now available.

An update that solves one vulnerability and has two fixes is now available.

An update that solves four vulnerabilities and has 37 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes 9 vulnerabilities is now available.

This update is based on upstream 5.5.14 and fixes atleast the following security vulnerabilities: In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h)

Updated python-yaml packages fix security vulnerability: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.

Updated varnish packages fix security vulnerability: An assert can be triggered in Varnish Cache when using Varnish with a TLS termination proxy, and the proxy and Varnish use the PROXY version 2. The assert will cause Varnish to restart, and the cache will be empty after the

Updated weechat packages fix security vulnerabilities: An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash

The updated packages fix security vulnerabilities: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth

It was discovered that the autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory (CVE-2019-20079). References: - https://bugs.mageia.org/show_bug.cgi?id=26380

Some SQL injections via table names and parameters were fixed. References: - https://bugs.mageia.org/show_bug.cgi?id=26372 - https://www.phpmyadmin.net/news/2020/3/21/phpmyadmin-495-and-502-are-released/

Multiple flaws were found in the way Chromium 80.0.3987.122 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2020-6420, CVE-2020-6422, CVE-2020-6424, CVE-2020-6425, CVE-2020-6426, CVE-2020-6427,

Critical bugs closed: - Use-of-uninitialized-value in exif [1] - mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full [2] - get_headers() silently truncates after a null byte [3]

Malformed request header may cause route matchers or access controls to be bypassed, resulting in escalation of privileges or information disclosure (CVE-2019-18802). References:

Updated sympa packages fix security vulnerability: Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed