Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.
| |
Debian: DSA-4623-1: postgresql-11 security update (Feb 13) |
| |
Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For the stable distribution (buster), this problem has been fixed in
|
| |
Debian: DSA-4622-1: postgresql-9.6 security update (Feb 13) |
| |
Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For the oldstable distribution (stretch), this problem has been fixed
|
| |
Debian: DSA-4621-1: openjdk-8 security update (Feb 12) |
| |
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
|
| |
Debian: DSA-4620-1: firefox-esr security update (Feb 12) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
|
| |
Debian: DSA-4619-1: libxmlrpc3-java security update (Feb 6) |
| |
Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of
|
| |
Debian: DSA-4618-1: libexif security update (Feb 6) |
| |
An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.
|
|
|
| |
Fedora 31: firefox FEDORA-2020-8123a8fa34 (Feb 13) |
| |
- Update to 73.0
|
| |
Fedora 31: cutter-re FEDORA-2020-acd8cdb08d (Feb 13) |
| |
Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland.
|
| |
Fedora 31: radare2 FEDORA-2020-acd8cdb08d (Feb 13) |
| |
Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland.
|
| |
Fedora 31: php-horde-Horde-Data FEDORA-2020-1e7cc91d55 (Feb 13) |
| |
**Horde_Data 2.1.5** * [jan] Fix Remote Code Execution vulnerability (CVE-2020-8518, Reported by: Andrea Cardaci/SSD).
|
| |
Fedora 30: texlive-base FEDORA-2020-fa1956e637 (Feb 13) |
| |
Resolve buffer overflow in TexOpen() function, CVE-2019-19601
|
| |
Fedora 30: cutter-re FEDORA-2020-4a3ff78ba5 (Feb 13) |
| |
Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland.
|
| |
Fedora 30: radare2 FEDORA-2020-4a3ff78ba5 (Feb 13) |
| |
Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland.
|
| |
Fedora 30: php-horde-Horde-Data FEDORA-2020-0248ad925e (Feb 13) |
| |
**Horde_Data 2.1.5** * [jan] Fix Remote Code Execution vulnerability (CVE-2020-8518, Reported by: Andrea Cardaci/SSD).
|
| |
Fedora 31: poppler FEDORA-2020-24ded2cd52 (Feb 10) |
| |
Security fix for CVE-2019-14494.
|
| |
Fedora 31: glib2 FEDORA-2020-339d413324 (Feb 9) |
| |
Add patch for CVE-2020-6750 and related issues.
|
| |
Fedora 31: nghttp2 FEDORA-2020-3838c8ea98 (Feb 8) |
| |
Update to Node.js 12.15.0
|
| |
Fedora 31: nodejs FEDORA-2020-3838c8ea98 (Feb 8) |
| |
Update to Node.js 12.15.0
|
| |
Fedora 31: libuv FEDORA-2020-3838c8ea98 (Feb 8) |
| |
Update to Node.js 12.15.0
|
| |
Fedora 31: opensmtpd FEDORA-2020-a861033a4d (Feb 8) |
| |
libasr-1.0.4, opensmtpd-6.6.2p1 update
|
| |
Fedora 31: libasr FEDORA-2020-a861033a4d (Feb 8) |
| |
libasr-1.0.4, opensmtpd-6.6.2p1 update
|
| |
Fedora 30: opensmtpd FEDORA-2020-270ef80e9e (Feb 8) |
| |
libasr-1.0.4, opensmtpd-6.6.2p1 update
|
| |
Fedora 30: libasr FEDORA-2020-270ef80e9e (Feb 8) |
| |
libasr-1.0.4, opensmtpd-6.6.2p1 update
|
| |
Fedora 31: texlive-base FEDORA-2020-bb5c663b83 (Feb 7) |
| |
Resolve buffer overflow in TexOpen() function, CVE-2019-19601
|
| |
Fedora 31: runc FEDORA-2020-46ecc60897 (Feb 7) |
| |
Resolves: #1796107, #1796109 - Security fix for CVE-2019-19921
|
| |
Fedora 31: nodejs-set-value FEDORA-2020-582515fa8a (Feb 7) |
| |
Update to upstream 2.0.1 release for CVE-2019-10747
|
| |
Fedora 31: nodejs-mixin-deep FEDORA-2020-f80e5c0d65 (Feb 7) |
| |
Update to upstream 1.3.2 release for CVE-2019-10746
|
| |
Fedora 31: mingw-SDL2 FEDORA-2020-ff2fe47ba4 (Feb 7) |
| |
MinGW cross compiled SDL 2.0.10, fixing a number of CVE issues.
|
| |
Fedora 31: mingw-gdk-pixbuf FEDORA-2020-418ce730df (Feb 7) |
| |
Update to 2.40.0. ---- MinGW cross compiled gdk-pixbuf 2.36.12 release, fixing various CVE's.
|
| |
Fedora 31: python-feedgen FEDORA-2020-8493201e90 (Feb 7) |
| |
New upstream version 0.9.0 (fixes CVE-2020-5227)
|
| |
Fedora 31: nethack FEDORA-2020-517b2845a1 (Feb 7) |
| |
Update to NetHack 3.6.5
|
| |
Fedora 31: nodejs-yarn FEDORA-2020-766ce5adae (Feb 7) |
| |
- Update to 1.21.1 - Provides /usr/bin/yarn - Resolves CVE-2019-10773 - Rename nodejs-yarn binary package to yarnpkg (similar to other distros) - Use nodejs macros consistently throughout spec - Make the tests fail the build if the tests fail
|
| |
Fedora 30: runc FEDORA-2020-b2c1f6cc75 (Feb 7) |
| |
Resolves: #1796107, #1796109 - Security fix for CVE-2019-19921
|
| |
Fedora 30: sox FEDORA-2020-cb7b7181a0 (Feb 7) |
| |
Fixes **CVE-2017-18189**.
|
| |
Fedora 30: nodejs-set-value FEDORA-2020-1f1c94907b (Feb 7) |
| |
Update to upstream 2.0.1 release for CVE-2019-10747
|
| |
Fedora 30: nodejs-mixin-deep FEDORA-2020-4a8f110332 (Feb 7) |
| |
Update to upstream 1.3.2 release for CVE-2019-10746
|
| |
Fedora 30: java-1.8.0-openjdk FEDORA-2020-0a2dd63bf0 (Feb 7) |
| |
January 2020 CPU security update. See https://mail.openjdk.org/pipermail/jdk8u-dev/2020-January/010979.html https://openjdk.org/groups/vulnerability/advisories/2020-01-14
|
| |
Fedora 30: nethack FEDORA-2020-659277b3b8 (Feb 7) |
| |
Update to NetHack 3.6.5
|
| |
Fedora 30: mingw-gdk-pixbuf FEDORA-2020-a718b79006 (Feb 7) |
| |
MinGW cross compiled gdk-pixbuf 2.36.12 release, fixing various CVE's.
|
| |
Fedora 30: java-11-openjdk FEDORA-2020-d735a887d1 (Feb 7) |
| |
Update to the January 2020 CPU release 11.0.6. See: https://mail.openjdk.org/pipermail/jdk-updates-dev/2020-January/002374.html https://openjdk.org/groups/vulnerability/advisories/2020-01-14
|
| |
Fedora 30: samba FEDORA-2020-f92cd0e72b (Feb 7) |
| |
Update to Samba 4.10.13 ---- Update to Samba 4.10.12 - Security fixes for CVE-2019-14902, CVE-2019-14907 and CVE-2019-19344
|
| |
Fedora 31: xar FEDORA-2020-edf53cd770 (Feb 6) |
| |
- Use Apple upstream instead of non-fresh Github one - New upstream in 1.8 dev branch with 417.1 subversion - Close CVE-2018-17093 - Close CVE-2018-17094 - Close CVE-2017-11124 - Close CVE-2017-11125 - Close CVE-2010-3798 - Use license macro - Add OpenSSL To Configuration
|
| |
Fedora 31: upx FEDORA-2020-67590fbf08 (Feb 6) |
| |
3.96, multiple security fixes. ---- Patch for CVE-2019-20021
|
|
|
| |
RedHat: RHSA-2020-0509:01 Important: sudo security update (Feb 13) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0498:01 Moderate: Red Hat Virtualization Engine security, (Feb 13) |
| |
An update is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-0497:01 Important: AMQ Online security update (Feb 13) |
| |
An update of the Red Hat OpenShift Container Platform 3.11 and 4.1 container images is now available for Red Hat AMQ Online. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0487:01 Important: sudo security update (Feb 13) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0481:01 Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 (Feb 12) |
| |
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0476:01 Low: OpenShift Container Platform 4.2.18 (Feb 12) |
| |
An update for ose-baremetal-installer-container and ose-cli-artifacts-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2020-0463:01 Low: OpenShift Container Platform 4.2.18 (Feb 12) |
| |
An update for ose-installer-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-0477:01 Important: Red Hat OpenShift Service Mesh 1.0.7 (Feb 11) |
| |
Red Hat OpenShift Service Mesh 1.0.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0475:01 Important: Red Hat Quay v3.2.1 security update (Feb 11) |
| |
An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0471:01 Moderate: spice-gtk security update (Feb 11) |
| |
An update for spice-gtk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-0466:01 Important: nss-softokn security update (Feb 11) |
| |
An update for nss-softokn is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0470:01 Important: java-1.8.0-ibm security update (Feb 11) |
| |
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0468:01 Important: java-1.7.1-ibm security update (Feb 11) |
| |
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0469:01 Important: java-1.8.0-ibm security update (Feb 11) |
| |
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0467:01 Important: java-1.7.1-ibm security update (Feb 11) |
| |
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0465:01 Important: java-1.8.0-ibm security update (Feb 10) |
| |
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0464:01 Important: 389-ds:1.4 security update (Feb 10) |
| |
An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0445:01 Important: Red Hat Single Sign-On 7.3.6 security (Feb 6) |
| |
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
|
| |
Slackware: 2020-043-01: libarchive Security Update (Feb 12) |
| |
New libarchive packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
|
| |
Slackware: 2020-042-02: mozilla-thunderbird Security Update (Feb 12) |
| |
New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
Slackware: 2020-042-01: mozilla-firefox Security Update (Feb 12) |
| |
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
|
|
|
| |
SUSE: 2020:0376-1 moderate: docker-runc (Feb 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0375-1 moderate: docker-runc (Feb 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0370-1 important: wicked (Feb 7) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:0372-1 moderate: LibreOffice (Feb 7) |
| |
An update that solves one vulnerability and has three fixes is now available.
|
| |
SUSE: 2020:0369-1 important: wicked (Feb 7) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:0358-1 important: wicked (Feb 7) |
| |
An update that solves four vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0360-1 moderate: e2fsprogs (Feb 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0357-1 important: pcp (Feb 7) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0356-1 important: pcp (Feb 7) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0359-1 moderate: rubygem-rack (Feb 7) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0355-1 important: pcp (Feb 7) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0351-1 important: wicked (Feb 6) |
| |
An update that solves four vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0353-1 important: systemd (Feb 6) |
| |
An update that solves one vulnerability and has 13 fixes is now available.
|
| |
SUSE: 2020:0352-1 moderate: php7 (Feb 6) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2020:0348-1 moderate: nginx (Feb 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0347-1 important: wicked (Feb 6) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:0346-1 important: libqt5-qtbase (Feb 6) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:0349-1 important: libqt5-qtbase (Feb 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0334-1 important: xen (Feb 6) |
| |
An update that fixes 13 vulnerabilities is now available.
|
| |
SUSE: 2020:0335-1 important: systemd (Feb 6) |
| |
An update that solves two vulnerabilities and has 12 fixes is now available.
|
|
|
| |
Ubuntu 4278-1: Firefox vulnerabilities (Feb 13) |
| |
Firefox could be made to crash or run programs as your login if it opened a malicious website.
|
| |
Ubuntu 4277-1: libexif vulnerabilities (Feb 11) |
| |
Several security issues were fixed in libexif.
|
| |
Ubuntu 4276-1: Yubico PIV Tool vulnerabilities (Feb 11) |
| |
Yubico PIV Tool could be made to crash or run programs as an administrator if it received specially crafted input.
|
| |
Ubuntu 4274-1: libxml2 vulnerabilities (Feb 10) |
| |
Several security issues were fixed in libxml2.
|
| |
Ubuntu 4275-1: Qt vulnerabilities (Feb 10) |
| |
Several security issues were fixed in Qt.
|
| |
Ubuntu 4250-2: MariaDB vulnerability (Feb 6) |
| |
MariaDB clients could be made to crash if they received specially crafted input.
|
| |
Ubuntu 4273-1: ReportLab vulnerability (Feb 6) |
| |
ReportLab could be made to run programs as your login if it opened a specially crafted file.
|
| |
Ubuntu 4272-1: Pillow vulnerabilities (Feb 6) |
| |
Several security issues were fixed in Pillow.
|
| |
Ubuntu 4271-1: Mesa vulnerability (Feb 6) |
| |
Mesa could be made to expose sensitive information.
|
|
|
| |
Debian LTS: DLA-2103-1: debian-security-support update: libqb and mysql-5.5 end (Feb 13) |
| |
debian-security-support, the Debian security support coverage checker, has been updated in jessie-security. This marks the end of life of the libqb package in jessie. A recently
|
| |
Debian LTS: DLA-2101-1: libemail-address-list-perl security update (Feb 12) |
| |
An denial of service via an algorithmic complexity attack on email address parsing have been identified in libemail-address-list-perl.
|
| |
Debian LTS: DLA-2099-1: checkstyle security update (Feb 10) |
| |
Security researchers from Snyk discovered that the fix for CVE-2019-9658 was incomplete. Checkstyle, a development tool to help programmers write Java code that adheres to a coding standard, was still vulnerable to XML External Entity (XXE) injection.
|
| |
Debian LTS: DLA-2100-1: libexif security update (Feb 10) |
| |
an out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse exif files. This flaw might be leveraged by remote attackers to cause denial of service, or potentially execute arbitrary code via crafted image files.
|
| |
Debian LTS: DLA-2098-1: ipmitool security update (Feb 9) |
| |
Christopher Ertl found that multiple functions in ipmitool neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side.
|
| |
Debian LTS: DLA-2097-1: ppp security update (Feb 9) |
| |
Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp, the Point-to-Point Protocol daemon. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name. This issue is also mitigated by
|
| |
Debian LTS: DLA-2096-1: ruby-rack-cors security update (Feb 6) |
| |
This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format.
|
|
|
| |
ArchLinux: 202002-7: webkit2gtk: arbitrary code execution (Feb 13) |
| |
The package webkit2gtk before version 2.26.3-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202002-6: dovecot: denial of service (Feb 13) |
| |
The package dovecot before version 2.3.9.3-1 is vulnerable to denial of service.
|
| |
ArchLinux: 202002-5: firefox: multiple issues (Feb 13) |
| |
The package firefox before version 73.0-1 is vulnerable to multiple issues including arbitrary code execution and cross-site scripting.
|
| |
ArchLinux: 202002-4: ksh: arbitrary command execution (Feb 12) |
| |
The package ksh before version 2020.0.0-2 is vulnerable to arbitrary command execution.
|
| |
ArchLinux: 202002-3: chromium: multiple issues (Feb 7) |
| |
The package chromium before version 80.0.3987.87-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, information disclosure, insufficient validation and content spoofing.
|
| |
ArchLinux: 202002-2: sudo: privilege escalation (Feb 6) |
| |
The package sudo before version 1.8.31-1 is vulnerable to privilege escalation.
|
| |
ArchLinux: 202002-2: sudo: privilege escalation (Feb 6) |
| |
The package sudo before version 1.8.31-1 is vulnerable to privilege escalation.
|
| |
ArchLinux: 202002-1: python-django: sql injection (Feb 6) |
| |
The package python-django before version 3.0.3-1 is vulnerable to sql injection.
|
|
|
| |
CentOS: CESA-2020-0471: Moderate CentOS 6 spice-gtk (Feb 11) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0471
|
|
|
| |
SciLinux: SLSA-2020-0471-1 Moderate: spice-gtk on SL6.x i386/x86_64 (Feb 11) |
| |
spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893) SL6 x86_64 spice-glib-0.26-8.el6_10.2.i686.rpm spice-glib-0.26-8.el6_10.2.x86_64.rpm spice-gtk-0.26-8.el6_10.2.i686.rpm spice-gtk-0.26-8.el6_10.2.x86_64.rpm spice-gtk-debuginfo-0.26-8.el6_10.2.i686.rpm spice-gtk-debuginfo-0.26-8.el6_10.2.x86_64.rpm spic [More...]
|
| |
SciLinux: SLSA-2020-0374-1 Important: kernel on SL7.x x86_64 (Feb 6) |
| |
kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c [More...]
|
|
|
| |
openSUSE: 2020:0219-1: moderate: docker-runc (Feb 13) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0213-1: important: pcp (Feb 12) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2020:0214-1: moderate: rubygem-rack (Feb 12) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2020:0210-1: important: chromium (Feb 12) |
| |
An update that fixes 38 vulnerabilities is now available.
|
| |
openSUSE: 2020:0208-1: important: systemd (Feb 11) |
| |
An update that solves two vulnerabilities and has 12 fixes is now available.
|
| |
openSUSE: 2020:0204-1: moderate: nginx (Feb 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0209-1: important: libqt5-qtbase (Feb 11) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2020:0207-1: important: wicked (Feb 11) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:0189-1: important: chromium (Feb 9) |
| |
An update that fixes 38 vulnerabilities is now available.
|
| |
openSUSE: 2020:0187-1: moderate: ceph (Feb 8) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:0179-1: moderate: ucl (Feb 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0180-1: moderate: upx (Feb 6) |
| |
An update that fixes 5 vulnerabilities is now available.
|
|
|
| |
Mageia 2020-0085: flash-player-plugin security update (Feb 13) |
| |
Updated flash-player-plugin package fixes a security vulnerability: Type confusion that leads to arbitrary code executionin the context of the current user. (CVE-2020-3757)
|
| |
Mageia 2020-0084: exiv2 security update (Feb 13) |
| |
The updated packages fix a security vulnerability: In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service
|
| |
Mageia 2020-0083: python-waitress security update (Feb 13) |
| |
Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways.
|
| |
Mageia 2020-0082: vim and neovim security update (Feb 13) |
| |
Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the `:source!` command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to
|
| |
Mageia 2020-0081: sudo security update (Feb 9) |
| |
The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however,
|
| |
Mageia 2020-0080: qtbase5 security update (Feb 9) |
| |
Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence
|
| |
Mageia 2020-0079: spamassassin security update (Feb 9) |
| |
The updated packages fix security vulnerabilities: Nefarious rule configuration (.cf) files can be configured to run system commands with sa-compile. (CVE-2020-1930)
|
| |
Mageia 2020-0078: chromium-browser-stable security update (Feb 9) |
| |
Multiple flaws were found in the way Chromium 78.0.3904.108 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2019-13725, CVE-2019-13726, CVE-2019-13727, CVE-2019-13728, CVE-2019-13729, CVE-2019-13730,
|
| |
Mageia 2020-0077: xmlrpc security update (Feb 9) |
| |
A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC
|
| |
Mageia 2020-0076: mgetty security update (Feb 9) |
| |
Updated mgetty package fixes security vulnerability: mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file
|
| |
Mageia 2020-0075: openslp security update (Feb 9) |
| |
A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code with the privileges of the slpd
|
