| |
Debian: DSA-4578-1: libvpx security update (Nov 28) |
| |
Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if malformed WebM files are processed.
|
| |
Debian: DSA-4577-1: haproxy security update (Nov 28) |
| |
Tim Dsterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections.
|
|
|
|
| |
Fedora 31: kernel FEDORA-2019-b86a7bdba0 (Dec 6) |
| |
The 5.3.14 update contains a number of important fixes across the tree
|
| |
Fedora 31: libuv FEDORA-2019-7443ebda4b (Dec 6) |
| |
Update to Node.js upstream release 12.13.1 https://nodejs.org/en/blog/release/v12.13.1/ Also fixes an issue where running `npm -g` was risky on RPM-installed systems. Fedora's packaged NPM will now install global content in /usr/local instead of /usr where it could conflict with RPM-provided versions.
|
| |
Fedora 31: nodejs FEDORA-2019-7443ebda4b (Dec 6) |
| |
Update to Node.js upstream release 12.13.1 https://nodejs.org/en/blog/release/v12.13.1/ Also fixes an issue where running `npm -g` was risky on RPM-installed systems. Fedora's packaged NPM will now install global content in /usr/local instead of /usr where it could conflict with RPM-provided versions.
|
| |
Fedora 31: tnef FEDORA-2019-815807c020 (Dec 4) |
| |
tnef release 1.4.18. [CVE-2019-18849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18849) in which it may be possible to attack via a crafted email message extracted via tnef.
|
| |
Fedora 31: freeipa FEDORA-2019-c64e1612f5 (Dec 4) |
| |
FreeIPA 4.8.3 is a security update release that includes fixes for two issues: * CVE-2019-10195: Don't log passwords embedded in commands in calls using batch A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is
|
| |
Fedora 31: cyrus-imapd FEDORA-2019-03be160f9c (Dec 4) |
| |
Update to version 3.0.12 of cyrus-imapd, which includes (among other fixes) a fix for CVE-2019-18928. https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html
|
| |
Fedora 31: haproxy FEDORA-2019-b4d6be9176 (Dec 4) |
| |
Update to 2.0.10 (#1772961)
|
| |
Fedora 31: squid FEDORA-2019-9538783033 (Dec 4) |
| |
New version update - squid 4.9
|
| |
Fedora 30: ImageMagick FEDORA-2019-4504010099 (Dec 4) |
| |
Numerous security and bug fixes.
|
| |
Fedora 30: rubygem-rmagick FEDORA-2019-4504010099 (Dec 4) |
| |
Numerous security and bug fixes.
|
| |
Fedora 30: tnef FEDORA-2019-5f14b810f8 (Dec 4) |
| |
tnef release 1.4.18. [CVE-2019-18849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18849) in which it may be possible to attack via a crafted email message extracted via tnef.
|
| |
Fedora 30: freeipa FEDORA-2019-8e9093da55 (Dec 4) |
| |
FreeIPA 4.8.3 is a security update release that includes fixes for two issues: * CVE-2019-10195: Don't log passwords embedded in commands in calls using batch A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is
|
| |
Fedora 30: python-pillow FEDORA-2019-19a161d540 (Dec 4) |
| |
This update backports fixes for CVE-2019-16865.
|
| |
Fedora 30: cyrus-imapd FEDORA-2019-393e1cef4d (Dec 4) |
| |
Update to version 3.0.12 of cyrus-imapd, which includes (among other fixes) a fix for CVE-2019-18928. https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html
|
| |
Fedora 30: haproxy FEDORA-2019-ce146978e6 (Dec 4) |
| |
Update to 1.8.23
|
| |
Fedora 30: sqlite FEDORA-2019-b1636e0b70 (Dec 4) |
| |
fixed CVE-2019-16168 (rhbz#1768987)
|
| |
Fedora 31: firefox FEDORA-2019-492e5a2d98 (Dec 3) |
| |
- New upstream version (Firefox 71.0) - Added gnome shell search provider
|
| |
Fedora 31: oniguruma FEDORA-2019-d942abd0d4 (Dec 3) |
| |
6.9.4 final is released. This new version addresses CVE-2019-19246 (this one is already fixed in previous rpm), CVE-2019-19204 CVE-2019-19203 CVE-2019-19012. ---- Update to 6.9.4 rc3
|
| |
Fedora 31: clamav FEDORA-2019-1543eae191 (Dec 3) |
| |
- Drop This email address is being protected from spambots. You need JavaScript enabled to view it. file (bz#1725810) ClamAV 0.101.5 is a security patch release that addresses the following issues. - CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by
|
| |
Fedora 30: kernel FEDORA-2019-8846a1a5a2 (Dec 1) |
| |
The 5.3.13 update contains a number of important fixes across the tree
|
| |
Fedora 31: kernel FEDORA-2019-91f6e7bb71 (Dec 1) |
| |
The 5.3.13 update contains a number of important fixes across the tree
|
| |
Fedora 30: jhead FEDORA-2019-7efb86afdc (Nov 30) |
| |
updated to 3.04 (CVE-2019-19035)
|
| |
Fedora 30: freeradius FEDORA-2019-17ed521527 (Nov 30) |
| |
Security fix for CVE-2019-13456
|
| |
Fedora 30: djvulibre FEDORA-2019-7fac263417 (Nov 30) |
| |
Security fix for CVE-2019-18804.
|
| |
Fedora 30: phpMyAdmin FEDORA-2019-8f55b515f1 (Nov 30) |
| |
Upstream announcement: **phpMyAdmin 4.9.2 is released** 2019-11-22 Welcome to phpMyAdmin 4.9.2, a bugfix release that also contains a security fix. This security fix is part of an ongoing effort to improve the security of the Designer feature and is designated **PMASA-2019-5**. There is also an improvement for how we sanitize Git version information shown on the home page,
|
| |
Fedora 31: freeradius FEDORA-2019-ca0f5e835d (Nov 30) |
| |
Security fix for CVE-2019-13456
|
| |
Fedora 31: jhead FEDORA-2019-948e6ebaeb (Nov 30) |
| |
updated to 3.04 (CVE-2019-19035)
|
| |
Fedora 31: phpMyAdmin FEDORA-2019-db68ae1fca (Nov 30) |
| |
Upstream announcement: **phpMyAdmin 4.9.2 is released** 2019-11-22 Welcome to phpMyAdmin 4.9.2, a bugfix release that also contains a security fix. This security fix is part of an ongoing effort to improve the security of the Designer feature and is designated **PMASA-2019-5**. There is also an improvement for how we sanitize Git version information shown on the home page,
|
| |
Fedora 31: chromium FEDORA-2019-3e46b182ff (Nov 29) |
| |
Fixes CVE-2019-13723 & CVE-2019-13724
|
| |
Fedora 31: ImageMagick FEDORA-2019-ba7247edcf (Nov 29) |
| |
Numerous security and bug fixes.
|
| |
Fedora 31: rubygem-rmagick FEDORA-2019-ba7247edcf (Nov 29) |
| |
Numerous security and bug fixes.
|
| |
Fedora 31: python-pillow FEDORA-2019-e7c83bdf19 (Nov 29) |
| |
This update backports fixes for CVE-2019-16865.
|
| |
Fedora 31: djvulibre FEDORA-2019-18cf104b5d (Nov 29) |
| |
Security fix for CVE-2019-18804.
|
| |
Fedora 31: grub2 FEDORA-2019-e99ebf23c8 (Nov 28) |
| |
Fix a grub hidden-menu regression and a bug in blscfg variable expansion ---- Security fix for CVE-2019-14865
|
| |
Fedora 31: nss FEDORA-2019-3f6ab3b846 (Nov 28) |
| |
Updates the nss package to upstream NSS 3.47.1. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes -
|
|
|
|
| |
RedHat: RHSA-2019-4111:01 Critical: firefox security update (Dec 5) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-4107:01 Critical: firefox security update (Dec 5) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-4108:01 Critical: firefox security update (Dec 5) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-4110:01 Moderate: java-1.7.1-ibm security update (Dec 5) |
| |
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-4109:01 Moderate: java-1.7.1-ibm security update (Dec 5) |
| |
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-4082:01 Moderate: OpenShift Container Platform 4.1 (Dec 4) |
| |
An update for ose-cluster-authentication-operator-container, ose-cluster-config-operator-container, and ose-cluster-kube-apiserver-operator-container is now available for Red Hat OpenShift Container Platform 4.1.
|
| |
RedHat: RHSA-2019-4081:01 Moderate: OpenShift Container Platform 4.1 (Dec 4) |
| |
An update for ose-cluster-kube-apiserver-operator-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-4075:01 Moderate: OpenShift Container Platform 4.2 (Dec 3) |
| |
An update for ose-cluster-kube-apiserver-operator-container and ose-cluster-kube-scheduler-operator-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-4074:01 Moderate: OpenShift Container Platform 4.2 runc (Dec 3) |
| |
An update for runc is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-4071:01 Important: Red Hat Process Automation Manager (Dec 3) |
| |
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-4069:01 Important: Red Hat Decision Manager 7.5.1 (Dec 3) |
| |
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-4062:01 Important: python-jinja2 security update (Dec 3) |
| |
An update for python-jinja2 is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-4061:01 Important: patch security update (Dec 3) |
| |
An update for patch is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-4058:01 Important: kernel security and bug fix update (Dec 3) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-4056:01 Important: kernel security update (Dec 3) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-4057:01 Important: kernel-rt security and bug fix update (Dec 3) |
| |
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-4045:01 Important: Red Hat Single Sign-On 7.3.5 security (Dec 2) |
| |
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-4042:01 Important: Red Hat Single Sign-On 7.3.5 security (Dec 2) |
| |
New Red Hat Single Sign-On 7.3.5 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-4041:01 Important: Red Hat Single Sign-On 7.3.5 security (Dec 2) |
| |
New Red Hat Single Sign-On 7.3.5 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-4040:01 Important: Red Hat Single Sign-On 7.3.5 security (Dec 2) |
| |
New Red Hat Single Sign-On 7.3.5 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-4037:01 Important: Red Hat Data Grid 7.3.2 security update (Dec 2) |
| |
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-4024:01 Important: SDL security update (Dec 2) |
| |
An update for SDL is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-4023:01 Moderate: samba security and bug fix update (Dec 2) |
| |
An update for samba is now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
|
|
| |
Slackware: 2019-337-01: mozilla-firefox Security Update (Dec 3) |
| |
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
|
|
|
|
| |
SUSE: 2019:14237-1 moderate: permissions (Dec 5) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:3188-1 moderate: dnsmasq (Dec 5) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2019:3183-1 moderate: permissions (Dec 5) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2019:3182-1 moderate: permissions (Dec 5) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:3190-1 moderate: munge (Dec 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:3179-1 moderate: dpdk (Dec 5) |
| |
An update that solves one vulnerability and has four fixes is now available.
|
| |
SUSE: 2019:3192-1 moderate: opencv (Dec 5) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:3176-1 important: clamav (Dec 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:3191-1 moderate: cloud-init (Dec 5) |
| |
An update that solves one vulnerability and has 6 fixes is now available.
|
| |
SUSE: 2019:3180-1 moderate: permissions (Dec 5) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:3177-1 important: clamav (Dec 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:14236-1 important: clamav (Dec 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:3189-1 moderate: dnsmasq (Dec 5) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2019:3184-1 important: ffmpeg (Dec 5) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:3125-1 important: haproxy (Nov 29) |
| |
An update that solves one vulnerability and has three fixes is now available.
|
| |
SUSE: 2019:3126-1 important: haproxy (Nov 29) |
| |
An update that solves one vulnerability and has three fixes is now available.
|
| |
SUSE: 2019:3127-1 moderate: python-Django (Nov 29) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:14235-1 important: tightvnc (Nov 29) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:3092-1 moderate: libarchive (Nov 28) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
SUSE: 2019:3095-1 moderate: libtomcrypt (Nov 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:3094-1 moderate: ncurses (Nov 28) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:3090-1 important: ucode-intel (Nov 28) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2019:3091-1 important: ucode-intel (Nov 28) |
| |
An update that solves two vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2019:3097-1 moderate: cloud-init (Nov 28) |
| |
An update that solves one vulnerability and has 6 fixes is now available.
|
| |
SUSE: 2019:3089-1 important: ucode-intel (Nov 28) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2019:3086-1 moderate: libidn2 (Nov 28) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:3085-1 libxml2 (Nov 28) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2019:3087-1 libxml2 (Nov 28) |
| |
An update that contains security fixes can now be installed.
|
|
|
|
| |
Ubuntu 4214-1: RabbitMQ vulnerability (Dec 5) |
| |
RabbitMQ could be made to execute arbitrary code if it received a specially crafted input.
|
| |
Ubuntu 4213-1: Squid vulnerabilities (Dec 4) |
| |
Several security issues were fixed in Squid.
|
| |
Ubuntu 4212-1: HAProxy vulnerability (Dec 4) |
| |
HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 header.
|
| |
Ubuntu 4182-4: Intel Microcode regression (Dec 4) |
| |
USN-4182-2 introduced a regression in the Intel Microcode for some Skylake processors.
|
| |
Ubuntu 4182-3: Intel Microcode regression (Dec 4) |
| |
USN-4182-1 introduced a regression in the Intel Microcode for some Skylake processors.
|
| |
Ubuntu 4194-2: postgresql-common vulnerability (Dec 3) |
| |
postgresql-common could be made to create arbitrary directories.
|
| |
Ubuntu 4207-1: GraphicsMagick vulnerabilities (Dec 3) |
| |
Several security issues were fixed in GraphicsMagick.
|
| |
Ubuntu 4206-1: GraphicsMagick vulnerabilities (Dec 3) |
| |
Several security issues were fixed in GraphicsMagick.
|
| |
Ubuntu 4211-2: Linux kernel (Xenial HWE) vulnerabilities (Dec 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4211-1: Linux kernel vulnerabilities (Dec 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4210-1: Linux kernel vulnerabilities (Dec 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4209-1: Linux kernel vulnerabilities (Dec 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4208-1: Linux kernel vulnerabilities (Dec 2) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 4205-1: SQLite vulnerabilities (Dec 2) |
| |
Several security issues were fixed in SQLite.
|
| |
Ubuntu 4204-1: psutil vulnerability (Nov 28) |
| |
psutil could be made to crash or run programs.
|
|
|
|
| |
Debian LTS: DLA-2021-1: libav security update (Dec 5) |
| |
Several security issues were fixed in libav, a multimedia library for processing audio and video files.
|
| |
Debian LTS: DLA-2020-1: libonig security update (Dec 4) |
| |
Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring.
|
| |
Debian LTS: DLA-2019-1: exiv2 security update (Dec 2) |
| |
A corrupted or specially crafted CRW images might exceed the overall buffersize to cause a denial of service.
|
| |
Debian LTS: DLA-2017-2: asterisk regression update (Dec 1) |
| |
The backport of the CVE-2019-13161 fix caused a regression and has been reverted. For Debian 8 "Jessie", this problem has been fixed in version
|
| |
Debian LTS: DLA-2018-1: proftpd-dfsg security update (Nov 30) |
| |
In mod_tls a crash with empty CRL was fixed. For Debian 8 "Jessie", this problem has been fixed in version 1.3.5e+r1.3.5-2+deb8u5.
|
| |
Debian LTS: DLA-2017-1: asterisk security update (Nov 30) |
| |
Several vulnerabilites are fixed in Asterisk, an Open Source PBX and telephony toolkit. CVE-2019-13161
|
| |
Debian LTS: DLA-1698-2: file regression update (Nov 30) |
| |
This update fixes a regression in introduced in 1:5.22+15-2+deb8u5 causing truncated output of the interpreter name, thanks to Christoph Biedl for reporting the problem and cause.
|
| |
Debian LTS: DLA-2005-1: tnef security update (Nov 29) |
| |
In tnef, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based
|
| |
Debian LTS: DLA-2004-1: 389-ds-base security update (Nov 29) |
| |
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values.
|
| |
Debian LTS: DLA-2016-1: ssvnc security update (Nov 29) |
| |
Several vulnerabilities have been identified in the VNC code of ssvnc, an encryption-capable VNC client..
|
| |
Debian LTS: DLA-2015-1: nss security update (Nov 29) |
| |
Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may haved crash with a NULL deref leading to a Denial-of-Service.
|
| |
Debian LTS: DLA-2014-1: vino security update (Nov 29) |
| |
Several vulnerabilities have been identified in the VNC code of vino, a desktop sharing utility for the GNOME desktop environment.
|
|
|
|
| |
ArchLinux: 201912-1: firefox: multiple issues (Dec 5) |
| |
The package firefox before version 71.0-1 is vulnerable to multiple issues including arbitrary code execution, denial of service, information disclosure and privilege escalation.
|
| |
ArchLinux: 201911-14: intel-ucode: multiple issues (Dec 3) |
| |
The package intel-ucode before version 20191112-1 is vulnerable to multiple issues including information disclosure, private key recovery and denial of service.
|
| |
ArchLinux: 201911-13: libtiff: denial of service (Dec 3) |
| |
The package libtiff before version 4.1.0-1 is vulnerable to denial of service.
|
|
|
|
| |
CentOS: CESA-2019-3979: Important CentOS 7 kernel (Dec 3) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3979
|
| |
CentOS: CESA-2019-3976: Low CentOS 7 tcpdump (Dec 3) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3976
|
| |
CentOS: CESA-2019-3981: Important CentOS 7 389-ds-base (Dec 3) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3981
|
| |
CentOS: CESA-2019-3888: Important CentOS 7 ghostscript (Dec 3) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3888
|
|
|
|
| |
SciLinux: SLSA-2019-4024-1 Important: SDL on SL7.x x86_64 (Dec 3) |
| |
SDL: CVE-2019-13616 not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950 (CVE-2019-14906) SL7 x86_64 SDL-1.2.15-15.el7_7.i686.rpm SDL-1.2.15-15.el7_7.x86_64.rpm SDL-debuginfo-1.2.15-15.el7_7.i686.rpm SDL-debuginfo-1.2.15-15.el7_7.x86_64.rpm SDL-devel-1.2.15-15.el7_7.i686.rpm SDL-devel-1.2.15-15.el7_7.x86_64.rpm SDL-static-1.2.15-15.el7_7.i686.rpm SD [More...]
|
| |
SciLinux: SLSA-2019-3976-1 Low: tcpdump on SL7.x x86_64 (Dec 3) |
| |
tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519) SL7 x86_64 tcpdump-4.9.2-4.el7_7.1.x86_64.rpm tcpdump-debuginfo-4.9.2-4.el7_7.1.x86_64.rpm - Scientific Linux Development Team
|
| |
SciLinux: SLSA-2019-3981-1 Important: 389-ds-base on SL7.x x86_64 (Dec 2) |
| |
389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824) SL7 x86_64 389-ds-base-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-debuginfo-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-libs-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm - Scientific Linux Development Team
|
|
|
|
| |
openSUSE: 2019:2645-1: important: haproxy (Dec 4) |
| |
An update that solves one vulnerability and has three fixes is now available.
|
| |
openSUSE: 2019:2633-1: moderate: cloud-init (Dec 4) |
| |
An update that solves one vulnerability and has 6 fixes is now available.
|
| |
openSUSE: 2019:2628-1: moderate: calamares (Dec 3) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:2626-1: important: haproxy (Dec 3) |
| |
An update that solves one vulnerability and has three fixes is now available.
|
| |
openSUSE: 2019:2632-1: moderate: libarchive (Dec 3) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2019:2631-1: important: ucode-intel (Dec 3) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2019:2629-1: libxml2 (Dec 3) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2019:2615-1: moderate: libarchive (Dec 3) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2019:2620-1: important: ucode-intel (Dec 3) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2019:2612-1: libxml2 (Dec 3) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2019:2611-1: moderate: libidn2 (Dec 3) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2613-1: moderate: libidn2 (Dec 3) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: openSUSE Leap 15.0 has reached end of SUSE support (Dec 3) |
| |
openSUSE: openSUSE Leap 15.0 has reached end of SUSE support
|
| |
openSUSE: 2019:2607-1: moderate: Recommended openafs (Dec 2) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2019:2608-1: moderate: freerdp (Dec 2) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2604-1: moderate: freerdp (Dec 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:2599-1: moderate: phpMyAdmin (Dec 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2599-1: moderate: phpMyAdmin (Dec 1) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2598-1: important: strongswan (Dec 1) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2019:2597-1: moderate: clamav (Dec 1) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:2595-1: moderate: clamav (Nov 30) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:2594-1: important: strongswan (Nov 30) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2019:2596-1: moderate: cpio (Nov 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2593-1: moderate: cpio (Nov 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2591-1: important: webkit2gtk3 (Nov 30) |
| |
An update that fixes 42 vulnerabilities is now available.
|
| |
openSUSE: 2019:2587-1: important: webkit2gtk3 (Nov 30) |
| |
An update that fixes 42 vulnerabilities is now available.
|
| |
openSUSE: 2019:2588-1: moderate: bluez (Nov 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2585-1: moderate: bluez (Nov 30) |
| |
An update that fixes one vulnerability is now available.
|
|
|
|
| |
Mageia 2019-0352: glib2.0 security update (Nov 30) |
| |
The updated packages fix a security vulnerability: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-2019-12450)
|
| |
Mageia 2019-0351: httpie security update (Nov 30) |
| |
Updated httpie packages fix security vulnerability: HTTPie is vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing
|
| |
Mageia 2019-0350: python-sqlalchemy security update (Nov 30) |
| |
Updated python-sqlalchemy packages fix security vulnerabilities: SQL Injection via the order_by parameter (CVE-2019-7164). SQL Injection via the group_by parameter (CVE-2019-7548).
|
| |
Mageia 2019-0349: glibc security update (Nov 30) |
| |
Updated glibc packages fixes the following security issue: On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local
|
| |
Mageia 2019-0348: gnupg2 security update (Nov 30) |
| |
gnupg2 is updated to 2.2.18 and fix security vulnerability: Web of Trust forgeries using collisions in SHA-1 signatures (CVE-2019-14855) * Note that this change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. This includes all key signature created
|
| |
Mageia 2019-0347: chromium-browser-stable security update (Nov 30) |
| |
Chromium-browser 78.0.3904.108 fixes security issues: Multiple flaws were found in the way Chromium 78.0.3904.87 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose
|
| |
Mageia 2019-0346: djvulibre security update (Nov 30) |
| |
The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer
|
| |
Mageia 2019-0345: mosquitto security update (Nov 30) |
| |
Updated mosquitto packages fix security vulnerability: A vulnerability was discovered in mosquitto, allowing a malicious MQTT client to cause a denial of service (stack overflow and daemon crash), by sending a specially crafted SUBSCRIBE packet containing a topic with
|
| |
Mageia 2019-0344: unbound security update (Nov 30) |
| |
Updated unbound package to version 1.9.5 to fix a potential security vulnerability. In case users recompiled the Mageia package with `--enable-ipsecmod`, and ipsecmod is enabled and used in the configuration, shell code execution would end up being possible after receiving a specially crafted answer (CVE-2019-18934).
|
| |
Mageia 2019-0343: libssh2 security update (Nov 30) |
| |
The updated packages fix a security vulnerability: In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory
|
| |
Mageia 2019-0342: nginx security update (Nov 30) |
| |
Updated nginx packages fix security vulnerabilities: When using HTTP/2 a client might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).
|
| |
Mageia 2019-0341: zipios++ security update (Nov 30) |
| |
Updated zipios++ packages fix security vulnerability: Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources (CVE-2019-13453).
|
| |
Mageia 2019-0340: libreoffice security update (Nov 30) |
| |
Updated libreoffice packages fix security vulnerabilities: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle
|
| |
Mageia 2019-0339: dbus security update (Nov 30) |
| |
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication
|
| |
Mageia 2019-0338: bzip2 security update (Nov 30) |
| |
The updated packages fix a security vulnerability: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. (CVE-2019-12900)
|
| |
Mageia 2019-0337: curl security update (Nov 30) |
| |
The updated packages fix security vulnerabilities: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. (CVE-2019-5435)
|
