| |
Debian: DSA-4863-1: nodejs security update (Feb 24) |
| |
Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. For the stable distribution (buster), these problems have been fixed in
|
| |
Debian: DSA-4862-1: firefox-esr security update (Feb 24) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
|
| |
Debian: DSA-4861-1: screen security update (Feb 21) |
| |
Felix Weinmann reported a flaw in the handling of combining characters in screen, a terminal multiplexer with VT100/ANSI terminal emulation, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence.
|
| |
Debian: DSA-4860-1: openldap security update (Feb 20) |
| |
A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd daemon crash)
|
| |
Debian: DSA-4859-1: libzstd security update (Feb 20) |
| |
It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions.
|
| |
Debian: DSA-4858-1: chromium security update (Feb 19) |
| |
Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21148
|
| |
Debian: DSA-4857-1: bind9 security update (Feb 18) |
| |
A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, a DNS server implementation, which could result in denial of service (daemon crash), or potentially the execution of arbitrary code.
|
| |
Fedora 33: libpq 2021-3286ac2acc (Feb 25) |
| |
Update postgresql and libpq to the new upstream release.
|
| |
Fedora 33: postgresql 2021-3286ac2acc (Feb 25) |
| |
Update postgresql and libpq to the new upstream release.
|
| |
Fedora 33: xen 2021-47f53a940a (Feb 25) |
| |
Linux: display frontend "be-alloc" mode is unsupported (comment only) [XSA-363, CVE-2021-26934] (#1929549) arm: The cache may not be cleaned for newly allocated scrubbed pages [XSA-364, CVE-2021-26933] (#1929547)
|
| |
Fedora 33: containernetworking-plugins 2021-fb466fb623 (Feb 25) |
| |
bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1
|
| |
Fedora 33: containers-common 2021-fb466fb623 (Feb 25) |
| |
bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1
|
| |
Fedora 33: podman 2021-fb466fb623 (Feb 25) |
| |
bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1
|
| |
Fedora 33: skopeo 2021-fb466fb623 (Feb 25) |
| |
bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1
|
| |
Fedora 33: buildah 2021-fb466fb623 (Feb 25) |
| |
bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1
|
| |
Fedora 32: xen 2021-4c819bf1ad (Feb 25) |
| |
Linux: display frontend "be-alloc" mode is unsupported (comment only) [XSA-363, CVE-2021-26934] (#1929549) arm: The cache may not be cleaned for newly allocated scrubbed pages [XSA-364, CVE-2021-26933] (#1929547)
|
| |
Fedora 33: xterm 2021-e7a8e79fa8 (Feb 25) |
| |
Security fix for CVE-2021-27135
|
| |
Fedora 32: libpq 2021-3db6876545 (Feb 25) |
| |
Update to the latest upstream release.
|
| |
Fedora 32: postgresql 2021-3db6876545 (Feb 25) |
| |
Update to the latest upstream release.
|
| |
Fedora 32: libmysofa 2021-4e40ccb5e6 (Feb 25) |
| |
Fixes various security issues by upgrading to the current 1.2 version.
|
| |
Fedora 32: keylime 2021-11e4ae96a7 (Feb 24) |
| |
Keylime 6.0.0 release. Contains fix CVE-2021-3406
|
| |
Fedora 32: dotnet5.0 2021-56e894d5ca (Feb 24) |
| |
This is the update to .NET 5.0 SDK 5.0.103 and Runtime 5.0.3. This includes fixes for CVE-2021-1721 and CVE-2021-24112
|
| |
Fedora 32: dotnet3.1 2021-48ca39b6ad (Feb 24) |
| |
This is the [February 2021 update for .NET Core](https://github.com/dotnet/core/blob/master/release-notes/3.1/3.1.12/3.1.12.md). It updates the .NET Core SDK to 3.1.112 and the .NET Core Runtime to 3.1.12. This update includes fixes for CVE-2021-1721 and CVE-2021-24112.
|
| |
Fedora 32: wireshark 2021-f22ce64b3b (Feb 24) |
| |
New version 3.4.3 Security fix for CVE-2021-22173, CVE-2021-22174
|
| |
Fedora 32: radare2 2021-e3c95619c1 (Feb 24) |
| |
Update to version 5.1.1. Security fix for CVE-CVE-2020-16269 and CVE-2020-17487
|
| |
Fedora 32: php-horde-Horde-Text-Filter 2021-cbfa969c98 (Feb 24) |
| |
**Horde_Text_Filter 2.3.7** * [mjr] SECURITY: Fix XSS via Text2Html filter (Reported by: Alex Birnberg<This email address is being protected from spambots. You need JavaScript enabled to view it.>, **CVE 2021-26929**)
|
| |
Fedora 33: keylime 2021-5c01339c12 (Feb 24) |
| |
Keylime 6.0.0 release. Contains fix CVE-2021-3406
|
| |
Fedora 33: dotnet3.1 2021-c3d7fc8949 (Feb 24) |
| |
This is the [February 2021 update for .NET Core](https://github.com/dotnet/core/blob/master/release-notes/3.1/3.1.12/3.1.12.md). It updates the .NET Core SDK to 3.1.112 and the .NET Core Runtime to 3.1.12. This update includes fixes for CVE-2021-1721 and CVE-2021-24112.
|
| |
Fedora 33: wireshark 2021-5522a34aa0 (Feb 24) |
| |
New version 3.4.3 Security fix for CVE-2021-22173, CVE-2021-22174
|
| |
Fedora 33: php-horde-Horde-Text-Filter 2021-f8368da9af (Feb 24) |
| |
**Horde_Text_Filter 2.3.7** * [mjr] SECURITY: Fix XSS via Text2Html filter (Reported by: Alex Birnberg<This email address is being protected from spambots. You need JavaScript enabled to view it.>, **CVE 2021-26929**)
|
| |
Fedora 33: gdk-pixbuf2-xlib 2021-2e59756cbe (Feb 22) |
| |
gdk-pixbuf2 2.42.2 release, fixing CVE-2021-20240 and CVE-2020-29385. This update also includes new gdk-pixbuf2-xlib package that was split out from gdk- pixbuf2 to its own source rpm. The gdk-pixbuf2-xlib and gdk-pixbuf2-xlib-devel binary package names are identical to what they were before the split.
|
| |
Fedora 33: gdk-pixbuf2 2021-2e59756cbe (Feb 22) |
| |
gdk-pixbuf2 2.42.2 release, fixing CVE-2021-20240 and CVE-2020-29385. This update also includes new gdk-pixbuf2-xlib package that was split out from gdk- pixbuf2 to its own source rpm. The gdk-pixbuf2-xlib and gdk-pixbuf2-xlib-devel binary package names are identical to what they were before the split.
|
| |
Fedora 33: dotnet5.0 2021-b881ee9839 (Feb 20) |
| |
This is the update to .NET 5.0 SDK 5.0.103 and Runtime 5.0.3. This includes fixes for CVE-2021-1721 and CVE-2021-24112
|
| |
Fedora 32: subversion 2021-16e51e39a6 (Feb 19) |
| |
This update includes the latest stable release of _Apache Subversion_, version **1.14.1**. This release includes the fix for `CVE-2020-17525`, a remote unauthenticated denial-of-service in Subversion mod_authz_svn. The full upstream security advisory for `CVE-2020-17525` is available at: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt ### User-
|
| |
Fedora 32: wpa_supplicant 2021-1a2443baa0 (Feb 19) |
| |
security fix for CVE-2021-0326 see also: https://w1.fi/security/2020-2/
|
| |
Fedora 32: libntlm 2020-1f643c272c (Feb 18) |
| |
Update to security fix 1.6 version. Fixes CVE-2019-17455
|
| |
Fedora 33: kiwix-desktop 2021-aa347d2b99 (Feb 18) |
| |
Always use HTTPS for the catalog downloads.
|
| |
RedHat: RHSA-2021-0100:01 Moderate: OpenShift Container Platform 4.7 (Feb 24) |
| |
The file-integrity-operator image update is now available for OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-5364:01 Moderate: OpenShift Container Platform 4.7 (Feb 24) |
| |
An update for cnf-tests-container, dpdk-base-container, performance-addon-operator-bundle-registry-container, performance-addon-operator-container, and performance-addon-operator-must-gather-rhel8-container is now available for
|
| |
RedHat: RHSA-2021-0663:01 Moderate: Ansible security and bug fix update (Feb 24) |
| |
An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2021-0664:01 Moderate: Ansible security and bug fix update (Feb 24) |
| |
An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-5633:01 Moderate: OpenShift Container Platform 4.7.0 (Feb 24) |
| |
Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2021-0661:01 Important: thunderbird security update (Feb 24) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2021-0662:01 Important: thunderbird security update (Feb 24) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2021-0656:01 Critical: firefox security update (Feb 24) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2021-0660:01 Critical: firefox security update (Feb 24) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2021-0658:01 Important: thunderbird security update (Feb 24) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2021-0657:01 Important: thunderbird security update (Feb 24) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2021-0659:01 Critical: firefox security update (Feb 24) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-5634:01 Moderate: OpenShift Container Platform 4.7.0 (Feb 24) |
| |
Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-5635:01 Moderate: OpenShift Container Platform 4.7.0 (Feb 24) |
| |
Red Hat OpenShift Container Platform release 4.7.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.7.
|
| |
RedHat: RHSA-2021-0655:01 Critical: firefox security update (Feb 24) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2021-0651:01 Important: xterm security update (Feb 24) |
| |
An update for xterm is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2021-0650:01 Important: xterm security update (Feb 24) |
| |
An update for xterm is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2021-0648:01 Low: virt:8.2 and virt-devel:8.2 security update (Feb 23) |
| |
An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2021-0617:01 Important: xterm security update (Feb 22) |
| |
An update for xterm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2021-0619:01 Important: stunnel security update (Feb 22) |
| |
An update for stunnel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2021-0618:01 Important: stunnel security update (Feb 22) |
| |
An update for stunnel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2021-0620:01 Important: stunnel security update (Feb 22) |
| |
An update for stunnel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2021-0611:01 Important: xterm security update (Feb 18) |
| |
An update for xterm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
SUSE: 2021:57-1 suse/sles12sp5 Security Update (Feb 26) |
| |
The container suse/sles12sp5 was updated. The following patches have been included in this update:
|
| |
Debian LTS: DLA-2577-1: python-pysaml2 security update (Feb 26) |
| |
Several issues have been found in python-pysaml2, a pure python implementation of SAML Version 2 Standard. CVE-2017-1000433
|
| |
Debian LTS: DLA-2575-1: firefox-esr security update (Feb 25) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
|
| |
Debian LTS: DLA-2574-1: openldap security update (Feb 20) |
| |
A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd
|
| |
Debian LTS: DLA-2573-1: libzstd security update (Feb 20) |
| |
It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions.
|
| |
Debian LTS: DLA-2572-1: wpa security update (Feb 20) |
| |
An issue has been found in wpa, a set of tools to support WPA and WPA2 (IEEE 802.11i). Missing validation of data can result in a buffer over-write, which might
|
| |
Debian LTS: DLA-2570-1: screen security update (Feb 19) |
| |
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
|
| |
Debian LTS: DLA-2571-1: openvswitch security update (Feb 19) |
| |
Several issues have been found in openvswitch, a production quality, multilayer, software-based, Ethernet virtual switch.
|
| |
Debian LTS: DLA-2564-1: php-horde-text-filter security update (Feb 19) |
| |
Alex Birnberg discovered a cross-site scripting (XSS) vulnerability in the Horde Application Framework, more precisely its Text Filter API. An attacker could take control of a user's mailbox by sending a crafted e-mail.
|
| |
Debian LTS: DLA-2567-1: unrar-free security update (Feb 18) |
| |
Several issues have been found in unrar-free, an unarchiver for .rar files. CVE-2017-14120
|
| |
Debian LTS: DLA-2566-1: libbsd security update (Feb 18) |
| |
An issue has been found in libbsd, a library with utility functions from BSD systems. A non-NUL terminated symbol name in the string table might result in an
|
| |
Debian LTS: DLA-2560-1: qemu security update (Feb 18) |
| |
Several vulnerabilities were discovered in QEMU, a fast processor emulator (notably used in KVM and Xen HVM virtualization). An attacker could trigger a denial-of-service (DoS), information leak, and possibly execute arbitrary code with the privileges of the QEMU
|
| |
ArchLinux: 202102-32: mumble: arbitrary code execution (Feb 25) |
| |
The package mumble before version 1.3.4-1 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202102-31: postgresql: information disclosure (Feb 25) |
| |
The package postgresql before version 13.2-1 is vulnerable to information disclosure.
|
| |
ArchLinux: 202102-30: ansible-base: information disclosure (Feb 25) |
| |
The package ansible-base before version 2.10.6-1 is vulnerable to information disclosure.
|
| |
ArchLinux: 202102-29: keycloak: cross-site scripting (Feb 25) |
| |
The package keycloak before version 12.0.3-1 is vulnerable to cross- site scripting.
|
| |
ArchLinux: 202102-28: python-django: url request injection (Feb 22) |
| |
The package python-django before version 3.1.7-1 is vulnerable to url request injection.
|
| |
ArchLinux: 202102-27: roundcubemail: cross-site scripting (Feb 22) |
| |
The package roundcubemail before version 1.4.11-1 is vulnerable to cross-site scripting.
|
| |
ArchLinux: 202102-26: firejail: privilege escalation (Feb 22) |
| |
The package firejail before version 0.9.64.4-1 is vulnerable to privilege escalation.
|
| |
ArchLinux: 202102-25: wpa_supplicant: arbitrary code execution (Feb 22) |
| |
The package wpa_supplicant before version 2:2.9-8 is vulnerable to arbitrary code execution.
|
| |
ArchLinux: 202102-24: connman: multiple issues (Feb 22) |
| |
The package connman before version 1.39-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.
|
| |
ArchLinux: 202102-23: linux: arbitrary code execution (Feb 22) |
| |
The package linux before version 5.10.12.arch1-1 is vulnerable to arbitrary code execution.
|
| |
SciLinux: SLSA-2021-0661-1 Important: thunderbird on SL7.x x86_64 (Feb 24) |
| |
This update upgrades Thunderbird to version 78.8.0. * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: Med [More...]
|
| |
SciLinux: SLSA-2021-0656-1 Important: firefox on SL7.x x86_64 (Feb 24) |
| |
This update upgrades Firefox to version 78.8.0 ESR. * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: Med [More...]
|
| |
SciLinux: SLSA-2021-0617-1 Important: xterm on SL7.x x86_64 (Feb 22) |
| |
xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 xterm-295-3.el7_9.1.x86_64.rpm xterm-debuginfo-295-3.el7_9.1.x86_64.rpm - Scientific Linux Development Team
|
| |
openSUSE: 2021:0341-1 moderate: nghttp2 (Feb 25) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2021:0338-1 important: python-djangorestframework (Feb 25) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2021:0337-1 moderate: postgresql, postgresql13 (Feb 24) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2021:0335-1: MozillaFirefox (Feb 24) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2021:0334-1 moderate: tor (Feb 23) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2021:0331-1 moderate: python3 (Feb 22) |
| |
An update that solves two vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2021:0330-1 moderate: tomcat (Feb 22) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2021:0322-1 important: python-djangorestframework (Feb 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2021:0316-1 moderate: tor (Feb 20) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2021:0312-1 moderate: mumble (Feb 19) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2021:0310-1 moderate: buildah, libcontainers-common, podman (Feb 19) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2021:0304-1 important: screen (Feb 18) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2021:0305-1 important: php7 (Feb 18) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2021:0303-1 important: jasper (Feb 18) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
Mageia 2021-0089: privoxy security update (Feb 19) |
| |
Fixed a memory leak when decompression fails "unexpectedly". (CVE-2021-20216) Prevent an assertion from getting triggered by a crafted CGI request. (CVE-2021-20217) References:
|
| |
Mageia 2021-0088: veracrypt security update (Feb 19) |
| |
IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by a Buffer Overflow that can lead to information disclosure of kernel stack through a locally executed code with IOCTL request to driver (CVE-2019-1010208).
|
| |
Mageia 2021-0087: coturn security update (Feb 19) |
| |
When sending a CONNECT request with the XOR-PEER-ADDRESS value of 0.0.0.0, a malicious user would be able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either [::1] or [::] as the peer address (CVE-2020-26262).
|
| |
Mageia 2021-0086: mediawiki security update (Feb 19) |
| |
In MediaWiki before 1.31.11, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right column with the changeable groups is not affected and is escaped correctly
|
