| |
Debian: DSA-4752-1: bind9 security update (Aug 27) |
| |
Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2020-8619
|
| |
Debian: DSA-4751-1: squid security update (Aug 27) |
| |
Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in request splitting, request smuggling (leading to cache poisoning) and denial of service when processing crafted cache digest responses messages.
|
| |
Debian: DSA-4750-1: nginx security update (Aug 26) |
| |
It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability.
|
| |
Debian: DSA-4749-1: firefox-esr security update (Aug 26) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.
|
| |
Debian: DSA-4748-1: ghostscript security update (Aug 25) |
| |
Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.
|
| |
Debian: DSA-4747-1: icingaweb2 security update (Aug 23) |
| |
A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process.
|
| |
Fedora 32: libX11 2020-eba554b9d5 (Aug 27) |
| |
libX11 1.6.12 (CVE-2020-14363, CVE 2020-14344)
|
| |
Fedora 32: wireshark 2020-7f91f10f2b (Aug 27) |
| |
New version 3.2.6, Security fix for CVE-2020-17498
|
| |
Fedora 31: wireshark 2020-2981a0224d (Aug 27) |
| |
New version 3.2.6, Security fix for CVE-2020-17498
|
| |
Fedora 32: firefox 2020-314dd0abde (Aug 26) |
| |
- New upstream version (80.0)
|
| |
Fedora 32: lua 2020-d7ed9f18ff (Aug 26) |
| |
Fix CVE-2020-24370 .
|
| |
Fedora 32: firejail 2020-45fc8559d5 (Aug 26) |
| |
Rebase to version 0.9.62.4 ---- Rebase to version 0.9.62.2
|
| |
Fedora 31: firejail 2020-80a6d7e7e0 (Aug 26) |
| |
Rebase to version 0.9.62.4 ---- Rebase to version 0.9.62.2
|
| |
Fedora 31: mod_http2 2020-b58dc5df38 (Aug 26) |
| |
This update includes the latest stable release of `mod_http2`, fixing various bugs. Two security vulnerabilities are addressed in this update: * **CVE-2020-11993**: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 * **CVE-2020-9490**:
|
| |
Fedora 31: thunderbird 2020-03fc9afe6a (Aug 26) |
| |
Update to latest upstream stable version.
|
| |
Fedora 31: nss 2020-426fd04fd0 (Aug 24) |
| |
Updates the nss package to upstream NSS 3.55. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes -
|
| |
Fedora 32: chrony 2020-7aa962c55e (Aug 22) |
| |
Security fix for CVE-2020-14367
|
| |
Fedora 32: curl 2020-da832cb434 (Aug 20) |
| |
- fix expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set (CVE-2020-8231)
|
| |
Fedora 32: mod_http2 2020-8122a8daa2 (Aug 20) |
| |
This update includes the latest stable release of `mod_http2`, fixing various bugs. Two security vulnerabilities are addressed in this update: * **CVE-2020-11993**: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 * **CVE-2020-9490**:
|
| |
Gentoo: GLSA-202008-18: X.Org X11 library: Multiple vulnerabilities (Aug 27) |
| |
Multiple vulnerabilities have been found in X.org X11 library, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202008-17: Redis: Multiple vulnerabilities (Aug 27) |
| |
Multiple vulnerabilities have been found in Redis, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202008-16: Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities (Aug 26) |
| |
Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. [More...]
|
| |
Gentoo: GLSA-202008-15: Docker: Information disclosure (Aug 26) |
| |
A flaw in Docker allowed possible information leakage.
|
| |
Gentoo: GLSA-202008-14: Wireshark: Denial of service (Aug 26) |
| |
A vulnerability in Wireshark could lead to a Denial of Service condition.
|
| |
Gentoo: GLSA-202008-13: PostgreSQL: Multiple vulnerabilities (Aug 26) |
| |
Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in privilege escalation.
|
| |
Gentoo: GLSA-202008-12: Net-SNMP: Multiple vulnerabilities (Aug 26) |
| |
Multiple vulnerabilities have been found in Net-SNMP, the worst of which could result in privilege escalation.
|
| |
Gentoo: GLSA-202008-11: Chromium, Google Chrome: Multiple vulnerabilities (Aug 26) |
| |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202008-10: Chromium, Google Chrome: Heap buffer overflow (Aug 25) |
| |
A vulnerablity has been found in Chromium and Google Chrome that could allow a remote attacker to execute arbitrary code. [More...]
|
| |
Gentoo: GLSA-202008-09: Shadow: Privilege escalation (Aug 25) |
| |
Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation.
|
| |
RedHat: RHSA-2020-3574:01 Critical: CloudForms 4.7.16 security, (Aug 27) |
| |
An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3541:01 Important: OpenShift Container Platform 3.11 (Aug 26) |
| |
An update for jenkins, jenkins-2-plugins, openshift-ansible, and python-rsa is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3560:01 Important: chromium-browser security update (Aug 26) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3559:01 Important: firefox security update (Aug 26) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3557:01 Important: firefox security update (Aug 26) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3556:01 Important: firefox security update (Aug 26) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3555:01 Important: firefox security update (Aug 26) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3558:01 Important: firefox security update (Aug 26) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3548:01 Important: kernel security and bug fix update (Aug 25) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3545:01 Moderate: kernel-alt security and bug fix update (Aug 25) |
| |
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3520:01 Moderate: OpenShift Container Platform 4.5.7 (Aug 24) |
| |
An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3519:01 Important: OpenShift Container Platform 4.5.7 (Aug 24) |
| |
An update for jenkins and openshift is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
Slackware: 2020-237-01: mozilla-firefox Security Update (Aug 24) |
| |
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2020-234-01: bind Security Update (Aug 21) |
| |
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
|
| |
SUSE: 2020:2355-1 important: postgresql10 (Aug 27) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2359-1 moderate: openvpn (Aug 27) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:14468-1 moderate: openvpn-openssl1 (Aug 27) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2357-1 moderate: libqt5-qtbase (Aug 27) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2344-1 moderate: apache2 (Aug 26) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:0920-2 moderate: libxslt (Aug 26) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2346-1 graphviz (Aug 26) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2331-1 moderate: xorg-x11-server (Aug 26) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2241-1 important: xorg-x11-server (Aug 25) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2326-1 important: xorg-x11-server (Aug 25) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:2240-1 important: xorg-x11-server (Aug 25) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2325-1 important: xorg-x11-server (Aug 25) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:14463-1 important: xorg-x11-server (Aug 25) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:2242-1 important: xorg-x11-server (Aug 25) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2305-1 important: grub2 (Aug 25) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:14461-1 important: grub2 (Aug 25) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2312-1 moderate: samba (Aug 25) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2306-1 important: grub2 (Aug 25) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2303-1 important: grub2 (Aug 25) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2307-1 important: grub2 (Aug 25) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2308-1 important: grub2 (Aug 25) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2311-1 moderate: apache2 (Aug 25) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:2304-1 important: grub2 (Aug 25) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:14460-1 important: squid3 (Aug 24) |
| |
An update that fixes 21 vulnerabilities is now available.
|
| |
SUSE: 2020:2296-1 moderate: gettext-runtime (Aug 24) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2020:2292-1 moderate: SUSE Manager Server 3.2 (Aug 21) |
| |
An update that solves one vulnerability and has 22 fixes is now available.
|
| |
SUSE: 2020:2292-1 moderate: SUSE Manager Server 3.2 (Aug 21) |
| |
An update that solves one vulnerability and has 19 fixes is now available.
|
| |
SUSE: 2020:2283-1 moderate: libreoffice (Aug 20) |
| |
An update that solves two vulnerabilities and has 6 fixes is now available.
|
| |
Ubuntu 4477-1: Squid vulnerabilities (Aug 27) |
| |
Several security issues were fixed in Squid.
|
| |
Ubuntu 4476-1: NSS vulnerability (Aug 27) |
| |
NSS could be made to expose sensitive information if it received a specially crafted input.
|
| |
Ubuntu 4475-1: Chrony vulnerability (Aug 27) |
| |
Chrony could be made to crash or expose sensitive information.
|
| |
Ubuntu 4446-2: Squid regression (Aug 27) |
| |
USN-4446-1 introduced a regression in Squid.
|
| |
Ubuntu 4474-1: Firefox vulnerabilities (Aug 26) |
| |
Firefox could be made to crash or run programs as your login if it opened a malicious website.
|
| |
Ubuntu 4473-1: libmysofa vulnerabilities (Aug 26) |
| |
Several security issues were fixed in libmysofa.
|
| |
Ubuntu 4472-1: PostgreSQL vulnerabilities (Aug 25) |
| |
Several security issues were fixed in PostgreSQL.
|
| |
Ubuntu 4470-1: sane-backends vulnerabilities (Aug 24) |
| |
Several security issues were fixed in sane-backends.
|
| |
Ubuntu 4469-1: Ghostscript vulnerabilities (Aug 24) |
| |
Several security issues were fixed in Ghostscript.
|
| |
Ubuntu 4471-1: Net-SNMP vulnerabilities (Aug 24) |
| |
Several security issues were fixed in Net-SNMP.
|
| |
Ubuntu 4468-2: Bind vulnerability (Aug 24) |
| |
Bind could be made to crash if it received a specially crafted request.
|
| |
Ubuntu 4468-1: Bind vulnerabilities (Aug 21) |
| |
Several security issues were fixed in Bind.
|
| |
Ubuntu 4466-2: curl vulnerability (Aug 20) |
| |
curl could be made to expose sensitive information over the network.
|
| |
Debian LTS: DLA-2346-1: firefox-esr security update (Aug 27) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.
|
| |
Debian LTS: DLA-2345-1: php7.0 security update (Aug 26) |
| |
It was discovered that there was a use-after-free vulnerability when parsing PHAR files, a method of putting entire PHP applications into a single file.
|
| |
Debian LTS: DLA-2338-2: proftpd-dfsg regression update (Aug 25) |
| |
The update of proftpd-dfsg released as DLA-2338-1 incorrectly destroyed the memory pool in function sftp_kex_handle in contrib/mod_sftp/kex.c which may cause a segmentation fault and thus prevent sftp connections.
|
| |
Debian LTS: DLA-2344-1: mongodb security update (Aug 24) |
| |
A denial of service vulnerability was discovered in mongodb, an object/document-oriented database, whereby a user authorized to perform database queries may issue specially crafted queries, which violate an invariant in the query subsystem's support for geoNear.
|
| |
Debian LTS: DLA-2343-1: icingaweb2 security update (Aug 24) |
| |
A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process.
|
| |
Debian LTS: DLA-2342-1: libjackson-json-java security update (Aug 24) |
| |
Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525
|
| |
Debian LTS: DLA-2341-1: inetutils security update (Aug 24) |
| |
In inetutils-telnetd, an implementation of a telnet daemon, arbitrary remote code execution might have been possible via short writes or urgent data.
|
| |
Debian LTS: DLA-2340-1: sqlite3 security update (Aug 22) |
| |
Several vulnerabilities have been discovered in sqlite3, a C library that implements an SQL database engine. CVE-2018-8740
|
| |
Debian LTS: DLA-2338-1: proftpd-dfsg security update (Aug 22) |
| |
Several memory leaks were discovered in proftpd-dfsg, a versatile, virtual-hosting FTP daemon, when mod_facl or mod_sftp is used which could lead to memory exhaustion and a denial-of-service.
|
| |
Debian LTS: DLA-2339-1: software-properties security update (Aug 22) |
| |
Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository (PPA).
|
| |
Debian LTS: DLA-2337-1: python2.7 security update (Aug 22) |
| |
Multiple vulnerabilities were discovered in Python2.7, an interactive high-level object-oriented language.
|
| |
Debian LTS: DLA-2336-1: firejail security update (Aug 22) |
| |
Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications.
|
| |
Debian LTS: DLA-2335-1: ghostscript security update (Aug 20) |
| |
Multiple vulnerabilities were found in ghostscript, an interpreter for the PostScript language and for PDF, allowing an attacker to escalate privileges and cause denial of service via crafted PS/EPS/PDF files.
|
| |
SciLinux: SLSA-2020-3558-1 Important: firefox on SL6.x i386/x86_64 (Aug 26) |
| |
Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669) SL6 x86_64 firefox-68.12.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.12.0-1.el6_10.x86_64.rpm firefox-68.12.0-1.el6_10.i686.rpm firefox-debuginfo-68.12.0-1.el6_10.i686.rpm i386 firefox-68.12.0-1.el6_10.i686.rpm firefox-d [More...]
|
| |
openSUSE: 2020:1278-1: moderate: gettext-runtime (Aug 28) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2020:1271-1: moderate: inn (Aug 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1272-1: moderate: inn (Aug 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1275-1: important: webkit2gtk3 (Aug 27) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2020:1270-1: moderate: gettext-runtime (Aug 27) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2020:1269-1: moderate: claws-mail (Aug 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1262-1: important: dovecot23 (Aug 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1261-1: moderate: libreoffice (Aug 26) |
| |
An update that solves two vulnerabilities and has 6 fixes is now available.
|
| |
openSUSE: 2020:1263-1: moderate: chromium (Aug 26) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1265-1: moderate: python3 (Aug 26) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1260-1: moderate: chromium (Aug 26) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1256-1: important: webkit2gtk3 (Aug 24) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2020:1258-1: moderate: python3 (Aug 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1257-1: moderate: python (Aug 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1254-1: moderate: python (Aug 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1243-1: important: postgresql12 (Aug 22) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1244-1: important: postgresql12 (Aug 22) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1241-1: important: dovecot23 (Aug 21) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:1236-1: important: the Linux Kernel (Aug 21) |
| |
An update that solves 7 vulnerabilities and has 109 fixes is now available.
|
| |
Mageia 2020-0350: x11-server security update (Aug 27) |
| |
The handler for the XkbSetNames request does not validate the request length before accessing its contents (CVE-2020-14345). An integer underflow exists in the handler for the XIChangeHierarchy request (CVE-2020-14346).
|
| |
Mageia 2020-0349: libx11 security update (Aug 27) |
| |
There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free (CVE-2020-14363). References:
|
| |
Mageia 2020-0348: firefox security update (Aug 27) |
| |
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed (CVE-2020-15664).
|
| |
Mageia 2020-0347: qt4 and qt5base security update (Aug 27) |
| |
The read_xbm_body function in gui/image/qxbmhandler.cpp has a buffer over-read (CVE-2020-17507). References: - https://bugs.mageia.org/show_bug.cgi?id=27173
|
| |
Mageia 2020-0346: kdepim-runtime and kmail-account-wizard security update (Aug 25) |
| |
It was discovered that there was an issue where kmail would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use (CVE-2020-15954). References:
|
| |
Mageia 2020-0345: mysql-connector-python security update (Aug 25) |
| |
Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as
|
| |
Mageia 2020-0344: ghostscript security update (Aug 25) |
| |
The updated packages fix security vulnerabilities: A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16287)
|
| |
Mageia 2020-0343: python-ipaddress security update (Aug 25) |
| |
Hash collisions in IPv4Interface and IPv6Interface could lead to DOS (CVE-2020-14422). References: - https://bugs.mageia.org/show_bug.cgi?id=27056
|
| |
Mageia 2020-0342: luajit security update (Aug 25) |
| |
An issue has been found in luajit, a just in time compiler for Lua. An out-of-bounds read could happen because __gc handler frame traversal is mishandled (CVE-2020-15890). References:
|
| |
Mageia 2020-0341: chrony security update (Aug 22) |
| |
Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack (CVE-2020-14367). References:
|
| |
Mageia 2020-0340: ngircd security update (Aug 20) |
| |
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. (CVE-2020-14148) References:
|
