| |
Debian: DSA-4742-1: firejail security update (Aug 6) |
| |
Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications. CVE-2020-17367
|
| |
Debian: DSA-4741-1: json-c security update (Aug 5) |
| |
Tobias Stoeckmann discovered an integer overflow in the json-c JSON library, which could result in denial of service or potentially the execution of arbitrary code if large malformed JSON files are processed.
|
| |
Debian: DSA-4739-1: webkit2gtk security update (Aug 3) |
| |
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9862
|
| |
Debian: DSA-4740-1: thunderbird security update (Aug 2) |
| |
Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code.
|
| |
Debian: DSA-4738-1: ark security update (Jul 31) |
| |
Dominik Penner discovered that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives writing outside the extraction directory.
|
| |
Debian: DSA-4735-2: grub2 regression update (Jul 30) |
| |
The update for grub2 released as DSA 4735-1 caused a boot-regression when chainloading another bootlaoder and breaking notably dual-boot with Windows. Updated grub2 packages are now available to correct this issue.
|
| |
Fedora 32: radare2 2020-aa51efe207 (Aug 6) |
| |
- Rebase radare2 to upstream version 4.5.0 - Rebase cutter to upstream version 1.11.0 - Provide cutter translation - Provide -devel sub package of cutter-re
|
| |
Fedora 32: cutter-re 2020-aa51efe207 (Aug 6) |
| |
- Rebase radare2 to upstream version 4.5.0 - Rebase cutter to upstream version 1.11.0 - Provide cutter translation - Provide -devel sub package of cutter-re
|
| |
Fedora 32: postgresql-jdbc 2020-5a31ccfe66 (Aug 6) |
| |
fixed XML external entity (XXE) vulnerability
|
| |
Fedora 31: radare2 2020-d5b33b6e6c (Aug 6) |
| |
- Rebase radare2 to 4.5.0 - Rebase cutter-re to 1.11.0
|
| |
Fedora 31: cutter-re 2020-d5b33b6e6c (Aug 6) |
| |
- Rebase radare2 to 4.5.0 - Rebase cutter-re to 1.11.0
|
| |
Fedora 32: python36 2020-1ddd5273d6 (Aug 6) |
| |
Security fix for CVE-2019-20907, CVE-2020-14422.
|
| |
Fedora 32: python37 2020-87c0a0a52d (Aug 6) |
| |
Security fix for CVE-2019-20907, CVE-2020-14422. Provide a versioned pathfix3.7.py command.
|
| |
Fedora 31: python2 2020-826b24c329 (Aug 5) |
| |
Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
|
| |
Fedora 32: mingw-curl 2020-ad05132742 (Aug 4) |
| |
Major update includes security fixes.
|
| |
Fedora 32: claws-mail 2020-2def860ce7 (Aug 1) |
| |
Security fix for CVE-2020-15917 (STARTTLS protocol violation).
|
| |
Fedora 32: java-latest-openjdk 2020-9a5b36306c (Aug 1) |
| |
OpenJDK 14 July security update
|
| |
Fedora 31: claws-mail 2020-fe6c1a9c16 (Aug 1) |
| |
Security fix for CVE-2020-15917 (STARTTLS protocol violation).
|
| |
Fedora 31: chromium 2020-84d87cbd50 (Aug 1) |
| |
Just enough time for one more update. Chromium 84. Fixes CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530
|
| |
Fedora 31: java-latest-openjdk 2020-f6edb9843b (Aug 1) |
| |
OpenJDK 14 July security update
|
| |
Fedora 31: glibc 2020-4e92a61688 (Aug 1) |
| |
This update incorporates fixes from the upstream glibc 2.30 stable release branch, including a fix for a medium severity security vulnerability. (CVE-2020-6096)
|
| |
Fedora 31: freerdp 2020-a3432485db (Jul 31) |
| |
Bugfix and CVE release.
|
| |
Fedora 31: nss 2020-16741ac7ff (Jul 31) |
| |
Updates the nspr and nss package to upstream NSPR 4.26 and NSS 3.54. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes: -
|
| |
Fedora 31: nspr 2020-16741ac7ff (Jul 31) |
| |
Updates the nspr and nss package to upstream NSPR 4.26 and NSS 3.54. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes: -
|
| |
Fedora 31: evolution-data-server 2020-45041afb19 (Jul 31) |
| |
Security fix for CVE-2020-14928 (Response Injection via STARTTLS in SMTP and POP3)
|
| |
Fedora 32: clamav 2020-6584a641ae (Jul 31) |
| |
ClamAV 0.102.4 is a bug patch release to address the following issues: CVE-2020-3350 Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system
|
| |
Fedora 32: firefox 2020-856ae65766 (Jul 30) |
| |
- New upstream update - 79.0
|
| |
Fedora 32: chromium 2020-bf684961d9 (Jul 30) |
| |
Just enough time for one more update. Chromium 84. Fixes CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530
|
| |
Fedora 32: freerdp 2020-8d5f86e29a (Jul 30) |
| |
Bugfix and CVE release.
|
| |
Gentoo: GLSA-202008-01: Python: Multiple vulnerabilities (Aug 2) |
| |
Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition.
|
| |
Gentoo: GLSA-202007-65: libsndfile: Multiple vulnerabilities (Jul 31) |
| |
Multiple vulnerabilities have been found in libsndfile, the worst of which could result in a Denial of Service condition.
|
| |
Gentoo: GLSA-202007-64: Mozilla Thunderbird: Multiple vulnerabilities (Jul 31) |
| |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202007-62: PyCrypto: Weak key generation (Jul 31) |
| |
A flaw in PyCrypto allow remote attackers to obtain sensitive information.
|
| |
Gentoo: GLSA-202007-63: SNMP Trap Translator: Multiple vulnerabilities (Jul 31) |
| |
Multiple vulnerabilities have been found in SNMP Trap Translator, the worst of which could allow attackers to execute arbitrary shell code.
|
| |
Gentoo: GLSA-202007-61: WebKitGTK+: Multiple vulnerabilities (Jul 31) |
| |
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202007-60: Mozilla Firefox: Multiple vulnerabilities (Jul 30) |
| |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.
|
| |
RedHat: RHSA-2020-3372:01 Moderate: Red Hat OpenShift Service Mesh (Aug 6) |
| |
An update for 3scale-istio-adapter-rhel8-container is now available for OpenShift Service Mesh. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3369:01 Moderate: Red Hat OpenShift Service Mesh security (Aug 6) |
| |
An update is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3370:01 Low: Red Hat OpenShift Jaeger 1.17.6 container (Aug 6) |
| |
An update is now available for Jaeger-1.17. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3358:01 Critical: CloudForms 5.0.7 bug fix and (Aug 6) |
| |
An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3345:01 Important: thunderbird security update (Aug 6) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3344:01 Important: thunderbird security update (Aug 6) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3341:01 Important: thunderbird security update (Aug 6) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3342:01 Important: thunderbird security update (Aug 6) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3343:01 Important: thunderbird security update (Aug 6) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3328:01 Moderate: Red Hat Ansible Tower 3.7.2-1 - RHEL7 (Aug 5) |
| |
Red Hat Ansible Tower 3.7.2-1 - RHEL7 Container 2. Description: * Updated Named URLs to allow for testing the presence or absence of objects (CVE-2020-14337)
|
| |
RedHat: RHSA-2020-3329:01 Moderate: Red Hat Ansible Tower 3.6.5-1 - RHEL7 (Aug 5) |
| |
Red Hat Ansible Tower 3.6.5-1 - RHEL7 Container 2. Description: * Removed reports option for Satellite inventory script * Fixed Tower Server Side Request Forgery on Credentials (CVE-2020-14327)
|
| |
RedHat: RHSA-2020-3184:01 Moderate: OpenShift Container Platform 4.3.31 (Aug 5) |
| |
An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3183:01 Moderate: OpenShift Container Platform 4.3.31 (Aug 5) |
| |
An update for openshift is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3247:01 Important: RHV Manager (ovirt-engine) 4.4 (Aug 4) |
| |
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3308:01 Important: Red Hat JBoss Web Server 5.3.2 (Aug 4) |
| |
Updated Red Hat JBoss Web Server 5.3.2 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and Windows. Red Hat Product Security has rated this release as having a security impact
|
| |
RedHat: RHSA-2020-3306:01 Important: Red Hat JBoss Web Server 5.3.2 (Aug 4) |
| |
Updated Red Hat JBoss Web Server 5.3.2 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact
|
| |
RedHat: RHSA-2020-3305:01 Important: Red Hat JBoss Web Server 3.1 Service (Aug 4) |
| |
An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 6, RHEL 7 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3303:01 Important: Red Hat JBoss Web Server 3.1 Service (Aug 4) |
| |
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3302:01 Important: python-pillow security update (Aug 4) |
| |
An update for python-pillow is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3299:01 Important: python-pillow security update (Aug 4) |
| |
An update for python-pillow is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3298:01 Important: dbus security update (Aug 4) |
| |
An update for dbus is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3297:01 Important: kpatch-patch security update (Aug 4) |
| |
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3285:01 Important: postgresql-jdbc security update (Aug 3) |
| |
An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3284:01 Important: postgresql-jdbc security update (Aug 3) |
| |
An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3286:01 Important: postgresql-jdbc security update (Aug 3) |
| |
An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3283:01 Important: postgresql-jdbc security update (Aug 3) |
| |
An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3281:01 Important: libvncserver security update (Aug 3) |
| |
An update for libvncserver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3280:01 Moderate: nss and nspr security, bug fix, (Aug 3) |
| |
An update for nss and nspr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-3274:01 Moderate: grub2 security and bug fix update (Aug 3) |
| |
An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3276:01 Moderate: grub2 security and bug fix update (Aug 3) |
| |
An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2020-3271:01 Moderate: grub2 security and bug fix update (Aug 3) |
| |
An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3272:01 Important: bind security update (Aug 3) |
| |
An update for bind is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3275:01 Moderate: grub2 security and bug fix update (Aug 3) |
| |
An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2020-3273:01 Moderate: grub2 security and bug fix update (Aug 3) |
| |
An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3267:01 Low: qemu-kvm-rhev security, bug fix, (Aug 3) |
| |
An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3266:01 Important: kernel-rt security and bug fix update (Aug 3) |
| |
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3207:01 Moderate: OpenShift Container Platform 4.5.4 (Jul 31) |
| |
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-3253:01 Important: firefox security update (Jul 30) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-3254:01 Important: firefox security update (Jul 30) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-3248:01 Important: Red Hat build of Quarkus 1.3.4 SP1 (Jul 30) |
| |
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
|
| |
RedHat: RHSA-2020-3241:01 Important: firefox security update (Jul 30) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
Slackware: 2020-213-01: mozilla-thunderbird Security Update (Jul 31) |
| |
New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
SUSE: 2020:2160-1 important: xen (Aug 6) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2157-1 important: python-ipaddress (Aug 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2156-1 important: the Linux Kernel (Aug 6) |
| |
An update that solves 32 vulnerabilities and has 122 fixes is now available.
|
| |
SUSE: 2020:2159-1 important: xen (Aug 6) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2158-1 important: xen (Aug 6) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:2152-1 important: the Linux Kernel (Aug 6) |
| |
An update that solves 11 vulnerabilities and has 12 fixes is now available.
|
| |
SUSE: 2020:2149-1 moderate: postgresql10 and postgresql12 (Aug 6) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2020:2147-1 important: MozillaFirefox (Aug 6) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
SUSE: 2020:2141-1 important: xen (Aug 6) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:2140-1 important: rubygem-actionview-4_2 (Aug 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2142-1 important: xrdp (Aug 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2143-1 important: java-11-openjdk (Aug 6) |
| |
An update that fixes 8 vulnerabilities is now available.
|
| |
SUSE: 2020:2144-1 moderate: wireshark (Aug 6) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:2134-1 important: the Linux Kernel (Aug 5) |
| |
An update that solves 14 vulnerabilities and has four fixes is now available.
|
| |
SUSE: 2020:14445-1 important: xorg-x11-libX11 (Aug 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2122-1 important: the Linux Kernel (Aug 4) |
| |
An update that solves 13 vulnerabilities and has 70 fixes is now available.
|
| |
SUSE: 2020:2122-1 important: the Linux Kernel (Aug 4) |
| |
An update that solves 13 vulnerabilities and has 70 fixes is now available.
|
| |
SUSE: 2020:2118-1 important: MozillaFirefox (Aug 4) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
SUSE: 2020:2117-1 important: libX11 (Aug 4) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14444-1 important: xen (Aug 4) |
| |
An update that fixes 16 vulnerabilities is now available.
|
| |
SUSE: 2020:2121-1 important: the Linux Kernel (Aug 4) |
| |
An update that solves 15 vulnerabilities and has 37 fixes is now available.
|
| |
SUSE: 2020:2121-1 important: the Linux Kernel (Aug 4) |
| |
An update that solves 15 vulnerabilities and has 37 fixes is now available.
|
| |
SUSE: 2020:2119-1 important: the Linux Kernel (Aug 4) |
| |
An update that solves 13 vulnerabilities and has 75 fixes is now available.
|
| |
SUSE: 2020:2116-1 important: libX11 (Aug 4) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2107-1 important: the Linux Kernel (Aug 3) |
| |
An update that solves 16 vulnerabilities and has 82 fixes is now available.
|
| |
SUSE: 2020:2105-1 important: the Linux Kernel (Aug 3) |
| |
An update that solves 22 vulnerabilities and has 193 fixes is now available.
|
| |
SUSE: 2020:2106-1 important: the Linux Kernel (Aug 3) |
| |
An update that solves 14 vulnerabilities and has 15 fixes is now available.
|
| |
SUSE: 2020:2105-1 important: the Linux Kernel (Aug 3) |
| |
An update that solves 22 vulnerabilities and has 193 fixes is now available.
|
| |
SUSE: 2020:2107-1 important: the Linux Kernel (Aug 3) |
| |
An update that solves 16 vulnerabilities and has 82 fixes is now available.
|
| |
SUSE: 2020:2109-1 moderate: python-rtslib-fb (Aug 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14442-1 important: the Linux Kernel (Aug 3) |
| |
An update that solves 9 vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2020:2106-1 important: the Linux Kernel (Aug 3) |
| |
An update that solves 14 vulnerabilities and has 15 fixes is now available.
|
| |
SUSE: 2020:2103-1 important: the Linux Kernel (Aug 3) |
| |
An update that solves 15 vulnerabilities and has 81 fixes is now available.
|
| |
SUSE: 2020:2102-1 important: the Linux Kernel (Jul 31) |
| |
An update that solves four vulnerabilities and has 41 fixes is now available.
|
| |
SUSE: 2020:2100-1 moderate: MozillaFirefox (Jul 31) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
SUSE: 2020:2101-1 moderate: targetcli-fb (Jul 31) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2097-1 important: ghostscript (Jul 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2095-1 important: ghostscript (Jul 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:2086-1 moderate: targetcli-fb (Jul 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
Ubuntu 4451-2: ppp vulnerability (Aug 6) |
| |
ppp could be made to load arbitrary kernel modules and possibly run programs.
|
| |
Ubuntu 4453-1: OpenJDK 8 vulnerabilities (Aug 5) |
| |
Several security issues were fixed in OpenJDK 8.
|
| |
Ubuntu 4441-2: MySQL regression (Aug 5) |
| |
USN-4441-1 introduced a regression in MySQL
|
| |
Ubuntu 4432-2: GRUB2 regression (Aug 4) |
| |
USN-4432-1 introduced a regression in the GRUB2 bootloader.
|
| |
Ubuntu 4452-1: libvirt vulnerability (Aug 4) |
| |
libvirt could be made to run programs as an administrator.
|
| |
Ubuntu 4451-1: ppp vulnerability (Aug 4) |
| |
ppp could be made to load arbitrary kernel modules and possibly run programs.
|
| |
Ubuntu 4450-1: Whoopsie vulnerabilities (Aug 4) |
| |
Several security issues were fixed in whoopsie.
|
| |
Ubuntu 4449-1: Apport vulnerabilities (Aug 4) |
| |
Several security issues were fixed in Apport.
|
| |
Ubuntu 4448-1: Tomcat vulnerabilities (Aug 4) |
| |
Several security issues were fixed in Tomcat.
|
| |
Ubuntu 4447-1: libssh vulnerability (Aug 4) |
| |
libssh could be made to crash if it received a specially crafted request.
|
| |
Ubuntu 4298-2: SQLite vulnerabilities (Aug 3) |
| |
Several security issues were fixed in SQLite.
|
| |
Ubuntu 4446-1: Squid vulnerabilities (Aug 3) |
| |
Several security issues were fixed in Squid.
|
| |
Ubuntu 4445-1: Ghostscript vulnerability (Aug 3) |
| |
Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file.
|
| |
Ubuntu 4444-1: WebKitGTK vulnerabilities (Aug 3) |
| |
Several security issues were fixed in WebKitGTK.
|
| |
Debian LTS: DLA-2315-1: gupnp security update (Aug 6) |
| |
Yunus adrc found an issue in the SUBSCRIBE method of UPnP, a network protocol for devices to automatically discover and communicate with each other. Insuficient checks on this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to bypass
|
| |
Debian LTS: DLA-2314-1: clamav security update (Aug 6) |
| |
Several vulnerabilities have been found in the ClamAV antivirus toolkit: CVE-2020-3327
|
| |
Debian LTS: DLA-2312-1: libx11 security update (Aug 4) |
| |
Todd Carson discovered some integer overflows in libX11, which could lead to heap corruption when processing crafted messages from an input method.
|
| |
Debian LTS: DLA-2309-1: evolution-data-server security update (Aug 2) |
| |
In Evolution Data Server a vulnerability was discovered that allowed a malicious server to crash the mail client. For Debian 9 stretch, this problem has been fixed in version
|
| |
Debian LTS: DLA-2310-1: thunderbird security update (Aug 2) |
| |
Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code.
|
| |
Debian LTS: DLA-2306-1: libphp-phpmailer security update (Aug 2) |
| |
It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language.
|
| |
Debian LTS: DLA-2308-1: libopenmpt security update (Aug 2) |
| |
In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in
|
| |
Debian LTS: DLA-2307-1: ruby-zip security update (Aug 1) |
| |
rubyzip gem version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem.
|
| |
Debian LTS: DLA-2305-1: transmission security update (Aug 1) |
| |
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
|
| |
Debian LTS: DLA-2304-1: libpam-radius-auth security update (Aug 1) |
| |
`add_password` in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could
|
| |
Debian LTS: DLA-2303-1: libssh security update (Jul 31) |
| |
The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service.
|
| |
Debian LTS: DLA-2302-1: libjpeg-turbo security update (Jul 31) |
| |
Several vulnerabilities were fixed in libjpeg-turbo, a widely used library for handling JPEG files. CVE-2018-1152
|
| |
Debian LTS: DLA-2293-1: mercurial security update (Jul 31) |
| |
Several vulnerabilities were discovered in mercurial, an easy-to-use, scalable distributed version control system. CVE-2017-17458
|
| |
Debian LTS: DLA-2301-1: json-c security update (Jul 30) |
| |
Tobias Stoeckmann found an integer overflow issue in JSON-C, a C library to manipulate JSON objects, when reading maliciously crafted large files. The issue could be exploited to cause denial of service or possibly execute arbitrary code.
|
| |
Debian LTS: DLA-2300-1: kdepim-runtime security update (Jul 30) |
| |
It was discovered that there was an issue where kdepim-runtime would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use.
|
| |
Debian LTS: DLA-2299-1: net-snmp security update (Jul 30) |
| |
A privilege escalation vulnerability vulnerability was discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks.
|
| |
ArchLinux: 202007-6: libjcat: insufficient validation (Jul 31) |
| |
The package libjcat before version 0.1.3-1 is vulnerable to insufficient validation.
|
| |
ArchLinux: 202007-5: mbedtls: private key recovery (Jul 31) |
| |
The package mbedtls before version 2.16.7-1 is vulnerable to private key recovery.
|
| |
ArchLinux: 202007-4: ffmpeg: arbitrary code execution (Jul 31) |
| |
The package ffmpeg before version 2:4.3.1-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202007-3: tcpreplay: information disclosure (Jul 31) |
| |
The package tcpreplay before version 4.3.3-1 is vulnerable to information disclosure.
|
| |
ArchLinux: 202007-2: wireshark-cli: denial of service (Jul 31) |
| |
The package wireshark-cli before version 3.2.5-1 is vulnerable to denial of service.
|
| |
SciLinux: SLSA-2020-3345-1 Important: thunderbird on SL6.x i386/x86_64 (Aug 6) |
| |
chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) SL6 x86_64 thunderbird-68.11.0-1.el6_10.x86_64.rpm thunderbird-d [More...]
|
| |
SciLinux: SLSA-2020-3344-1 Important: thunderbird on SL7.x x86_64 (Aug 6) |
| |
chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) SL7 x86_64 thunderbird-68.11.0-1.el7_8.x86_64.rpm thunderbird-de [More...]
|
| |
SciLinux: SLSA-2020-3284-1 Important: postgresql-jdbc on SL6.x (noarch) (Aug 4) |
| |
postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) SL6 noarch postgresql-jdbc-8.4.704-4.el6_10.noarch.rpm - Scientific Linux Development Team
|
| |
SciLinux: SLSA-2020-3285-1 Important: postgresql-jdbc on SL7.x (noarch) (Aug 4) |
| |
postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) SL7 noarch postgresql-jdbc-9.2.1002-8.el7_8.noarch.rpm postgresql-jdbc-javadoc-9.2.1002-8.el7_8.noarch.rpm - Scientific Linux Development Team
|
| |
SciLinux: SLSA-2020-3281-1 Important: libvncserver on SL7.x x86_64 (Aug 3) |
| |
libvncserver: websocket decoding buffer overflow (CVE-2017-18922) SL7 x86_64 libvncserver-0.9.9-14.el7_8.1.i686.rpm libvncserver-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-devel-0.9.9-14.el7_8.1.i686.rpm libvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm - Scientific Linux [More...]
|
| |
SciLinux: SLSA-2020-3253-1 Important: firefox on SL7.x x86_64 (Aug 3) |
| |
chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) SL7 x86_64 firefox-68.11.0-1.el7_8.x86_64.rpm firefox-debuginfo- [More...]
|
| |
SciLinux: SLSA-2020-3220-1 Important: kernel on SL7.x x86_64 (Jul 31) |
| |
kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757) * kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653) * kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654) * kernel: use-after-free caused by a malicious U [More...]
|
| |
SciLinux: SLSA-2020-3217-1 Moderate: grub2 on SL7.x x86_64 (Jul 31) |
| |
grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713) * grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308) * grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309) * grub2: Integer overflow read_se [More...]
|
| |
SciLinux: SLSA-2020-3233-1 Important: firefox on SL6.x i386/x86_64 (Jul 30) |
| |
chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) SL6 x86_64 firefox-68.11.0-1.el6_10.x86_64.rpm firefox-debuginfo [More...]
|
| |
openSUSE: 2020:1156-1: moderate: python-rtslib-fb (Aug 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1155-1: important: MozillaFirefox (Aug 6) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
openSUSE: 2020:1154-1: Security update of chromium (Aug 6) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2020:1153-1: important: the Linux Kernel (Aug 6) |
| |
An update that solves 19 vulnerabilities and has 92 fixes is now available.
|
| |
openSUSE: 2020:1147-1: important: MozillaFirefox (Aug 5) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
openSUSE: 2020:1148-1: moderate: opera (Aug 5) |
| |
An update that fixes 26 vulnerabilities is now available.
|
| |
openSUSE: 2020:1146-1: important: ghostscript (Aug 4) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1144-1: moderate: targetcli-fb (Aug 4) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1142-1: important: ghostscript (Aug 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1141-1: moderate: targetcli-fb (Aug 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1139-1: moderate: claws-mail (Aug 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1128-1: moderate: libraw (Aug 2) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1121-1: moderate: ldb (Aug 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:1116-1: moderate: claws-mail (Jul 31) |
| |
An update that fixes one vulnerability is now available.
|
| |
Mageia 2020-0313: php-phpmailer security update (Aug 1) |
| |
Fix insufficient output escaping bug in file attachment names (CVE-2020-13625). References: - https://bugs.mageia.org/show_bug.cgi?id=26760
|
| |
Mageia 2020-0312: redis security update (Jul 31) |
| |
An integer overflow in the getnum function in lua_struct.c CVE-2020-14147 References: - https://bugs.mageia.org/show_bug.cgi?id=26978
|
| |
Mageia 2020-0311: virtualbox security update (Jul 31) |
| |
Multiple security vulnerabilites in virtualbox allow unauthorized access to critical data or takeover of Oracle VM VirtualBox. See CVE references for details. References:
|
| |
Mageia 2020-0310: dnsmasq security update (Jul 31) |
| |
Updated dnsmasq package fix insecure default configuration potentially making it an open resolver (CVE-2020-14312). In its default configuration, dnsmasq listen and answer query from any address even outside of the local subnet. Thus, it may inadvertently
|
| |
Mageia 2020-0309: java-1.8.0-openjdk security update (Jul 31) |
| |
Bypass of boundary checks in nio.Buffer via concurrent access. (CVE-2020-14583) Incomplete bounds checks in Affine Transformations. (CVE-2020-14593)
|
| |
Mageia 2020-0308: botan2 security update (Jul 31) |
| |
The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length alone might be used to make inferences about the contents. This issue affects TLS CBC
|
| |
Mageia 2020-0307: openjpeg2 security update (Jul 31) |
| |
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice (CVE-2020-15389).
|
| |
Mageia 2020-0306: ruby-rack security update (Jul 31) |
| |
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3 that makes it is possible for an attacker to forge a secure or host-only cookie prefix (CVE-2020-8184). References:
|
| |
Mageia 2020-0305: pcre2 security update (Jul 31) |
| |
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. (CVE-2019-20454)
|
| |
Mageia 2020-0304: gssdp/gupnp security update (Jul 31) |
| |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. (CVE-2020-12695).
|
| |
Mageia 2020-0303: nasm security update (Jul 31) |
| |
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file (CVE-2018-10254).
|
| |
Mageia 2020-0302: chocolate-doom security update (Jul 31) |
| |
The server in Chocolate Doom 3.0.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack (CVE-2020-14983). References:
|
| |
Mageia 2020-0301: roundcubemail security update (Jul 31) |
| |
This update fixes a recently reported cross-site scripting (XSS) vulnerability via HTML messages with malicious svg/namespace. References: - https://bugs.mageia.org/show_bug.cgi?id=26905
|
| |
Mageia 2020-0300: thunderbird security update (Jul 31) |
| |
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection (CVE-2020-12398). When browsing a malicious page, a race condition in our SharedWorkerService
|
| |
Mageia 2020-0299: matio security update (Jul 31) |
| |
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. (CVE-2019-17533) References:
|
| |
Mageia 2020-0298: microcode security update (Jul 31) |
| |
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543) Cleanup errors in some Intel(R) Processors may allow an authenticated user
|
| |
Mageia 2020-0297: freerdp/remmina security update (Jul 31) |
| |
It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code.
|
| |
Mageia 2020-0296: xerces-c security update (Jul 31) |
| |
A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition (DTD) may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted XML file that would crash the application or
|
| |
Mageia 2020-0295: cloud-init security update (Jul 31) |
| |
In cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function (CVE-2020-8631). In cloud-init, rand_user_password in cloudinit/config/cc_set_passwords.py
|
| |
Mageia 2020-0294: podofo security update (Jul 30) |
| |
The updated packages fix security vulnerabilities: A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. (CVE-2018-12983)
|
