Linux Advisory Watch: January 10th, 2020

    Date10 Jan 2020
    195
    Posted ByLinuxSecurity Advisories
    Linux Advisory Watch Newsletter
    Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

    LinuxSecurity.com Feature Extras:

    Encryption: An Essential Yet Highly Controversial Component of Digital Security - If youve been keeping up with recent security news, you are most likely aware of the heated worldwide debate about encryption that is currently underway. Strong encryption is imperative to securing sensitive data and protecting individuals privacy online, yet governments around the world refuse to recognize this, and are continually aiming to break encryption in an effort to increase the power of their law enforcement agencies.

    Linux: An OS Capable of Effectively Meeting the US Governments Security Needs Heading into 2020 - As Open Source has become increasingly mainstream and widely accepted for its numerous benefits, the use of Linux as a flexible, transparent and highly secure operating system has also increasingly become a prominent choice among corporations, educational institutions and government sectors alike. With national security concerns at an all time high heading into 2020, it appears that the implementation of Linux could effectively meet the United States governments critical security needs for application development and installations.


     Debian: DSA-4601-1: ldm security update (Jan 9)
     

    It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation.

     Debian: DSA-4600-1: firefox-esr security update (Jan 9)
     

    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.

     Debian: DSA-4599-1: wordpress security update (Jan 8)
     

    Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and

     Debian: DSA-4598-1: python-django security update (Jan 7)
     

    Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this

     Debian: DSA-4597-1: netty security update (Jan 3)
     

    It was reported that Netty, a Java NIO client/server framework, is prone to a HTTP request smuggling vulnerability due to mishandling whitespace before the colon in HTTP headers.


     Fedora 31: firefox FEDORA-2020-732a5913b6 (Jan 8)
     

    Update to latest upstream version.

     Fedora 31: firefox FEDORA-2020-d4b0f42d01 (Jan 8)
     

    Update to latest upstream version.

     Fedora 31: dovecot FEDORA-2019-5898f4f935 (Jan 8)
     

    Security fix for CVE-2019-19722: null pointer dereference in push notification driver

     Fedora 31: nethack FEDORA-2019-1090bd0af2 (Jan 4)
     

    Update to NetHack 3.6.4 - fixes security issue with privilege escalation: http://nethack.org/security/index.html

     Fedora 31: singularity FEDORA-2019-f4eb2a01d1 (Jan 4)
     

    Upgrade to upstream 3.5.2, still using golang-1.11 on epel8 ---- Upgrade to upstream 3.5.1, use golang-1.11 on epel8 ---- Upgrade to upstream 3.5.0

     Fedora 31: htmldoc FEDORA-2019-e90a7032f2 (Jan 4)
     

    Update to latest release and include fix for CVE-2019-19630

     Fedora 31: php FEDORA-2019-a54a622670 (Jan 4)
     

    **PHP version 7.3.13** (18 Dec 2019) **Bcmath:** * Fixed bug php#78878 (Buffer underflow in bc_shift_addsub). (**CVE-2019-11046**). (cmb) **Core:** * Fixed bug php#78862 (link() silently truncates after a null byte on Windows). (**CVE-2019-11044**). (cmb) * Fixed bug php#78863 (DirectoryIterator class silently truncates after a null byte). (**CVE-2019-11045**). (cmb) * Fixed bug

     Fedora 31: cyrus-imapd FEDORA-2019-ad23a4522d (Jan 4)
     

    Update to new upstream version 3.0.13, which includes a fix for CVE-2019-19783 and other minor fixes. Release notes: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html

     Fedora 31: drupal7-webform FEDORA-2019-88d9c30b7d (Jan 4)
     

    - https://www.drupal.org/project/webform/releases/7.x-4.21 - https://www.drupal.org/sa-contrib-2019-096 - https://www.drupal.org/project/webform/releases/7.x-4.20

     Fedora 31: drupal7-l10n_update FEDORA-2019-3b1529362e (Jan 4)
     

    - https://www.drupal.org/project/l10n_update/releases/7.x-2.3 - https://www.drupal.org/sa-contrib-2019-072

     Fedora 30: htmldoc FEDORA-2019-e039dfaa30 (Jan 4)
     

    Update to latest release and include fix for CVE-2019-19630

     Fedora 30: cyrus-imapd FEDORA-2019-7938c21723 (Jan 4)
     

    Update to new upstream version 3.0.13, which includes a fix for CVE-2019-19783 and other minor fixes. Release notes: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html

     Fedora 30: drupal7-webform FEDORA-2019-6abe00cae1 (Jan 4)
     

    - https://www.drupal.org/project/webform/releases/7.x-4.21 - https://www.drupal.org/sa-contrib-2019-096 - https://www.drupal.org/project/webform/releases/7.x-4.20

     Fedora 30: drupal7-l10n_update FEDORA-2019-c4177f74f5 (Jan 4)
     

    - https://www.drupal.org/project/l10n_update/releases/7.x-2.3 - https://www.drupal.org/sa-contrib-2019-072

     Fedora 31: chromium FEDORA-2019-5fdceffcb9 (Jan 4)
     

    Security fix for CVE-2019-13767.

     Fedora 30: nethack FEDORA-2019-79b80b66d9 (Jan 3)
     

    Update to NetHack 3.6.4 - fixes security issue with privilege escalation: http://nethack.org/security/index.html

     Fedora 30: php FEDORA-2019-437d94e271 (Jan 3)
     

    **PHP version 7.3.13** (18 Dec 2019) **Bcmath:** * Fixed bug php#78878 (Buffer underflow in bc_shift_addsub). (**CVE-2019-11046**). (cmb) **Core:** * Fixed bug php#78862 (link() silently truncates after a null byte on Windows). (**CVE-2019-11044**). (cmb) * Fixed bug php#78863 (DirectoryIterator class silently truncates after a null byte). (**CVE-2019-11045**). (cmb) * Fixed bug

     Fedora 30: xen FEDORA-2019-2e12bd3a9a (Jan 3)
     

    denial of service in find_next_bit() [XSA-307, CVE-2019-19581, CVE-2019-19582] (#1782211) denial of service in HVM/PVH guest userspace code [XSA-308, CVE-2019-19583] (#1782206) privilege escalation due to malicious PV guest [XSA-309, CVE-2019-19578] (#1782210) Further issues with restartable PV type change operations [XSA-310, CVE-2019-19580] (#1782207) vulnerability in dynamic

     Fedora 30: libssh FEDORA-2019-46b6bd2459 (Jan 3)
     

    Update to version 0.9.3 to address CVE-2019-14889

     Fedora 30: samba FEDORA-2019-11dddb785b (Jan 3)
     

    Update to Samba 4.10.11, Security fixes for CVE-2019-14861 and CVE-2019-14870


     RedHat: RHSA-2020-0057:01 Important: (Jan 8)
     

    An update for rh-java-common-apache-commons-beanutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

     RedHat: RHSA-2020-0046:01 Moderate: java-1.8.0-ibm security update (Jan 7)
     

    An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

     RedHat: RHSA-2020-0036:01 Moderate: kernel security and bug fix update (Jan 7)
     

    An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

     RedHat: RHSA-2020-0027:01 Important: kpatch-patch security update (Jan 6)
     

    An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2020-0028:01 Important: kpatch-patch security update (Jan 6)
     

    An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2020-0026:01 Important: kpatch-patch security update (Jan 6)
     

    An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

     RedHat: RHSA-2020-0006:01 Moderate: java-1.8.0-ibm security update (Jan 2)
     

    An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

     RedHat: RHSA-2020-0005:01 Important: chromium-browser security update (Jan 2)
     

    An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

     RedHat: RHSA-2020-0002:01 Important: rh-git218-git security update (Jan 2)
     

    An update for rh-git218-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,


     Slackware: 2020-009-01: mozilla-firefox Security Update (Jan 9)
     

    New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.

     Slackware: 2020-008-01: Slackware 14.2 kernel Security Update (Jan 8)
     

    New kernel packages are available for Slackware 14.2 to fix security issues.

     Slackware: 2020-006-01: mozilla-firefox Security Update (Jan 6)
     

    New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.


     SUSE: 2020:0068-1 important: MozillaFirefox (Jan 10)
     

    An update that fixes 7 vulnerabilities is now available.

     SUSE: 2020:0064-1 moderate: openssl-1_0_0 (Jan 10)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2020:0063-1 important: nodejs10 (Jan 10)
     

    An update that fixes three vulnerabilities is now available.

     SUSE: 2020:14267-1 important: log4j (Jan 9)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2020:0059-1 moderate: nodejs12 (Jan 9)
     

    An update that solves 9 vulnerabilities and has one errata is now available.

     SUSE: 2020:14266-1 moderate: apache2-mod_perl (Jan 9)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2020:0051-1 moderate: java-1_7_1-ibm (Jan 9)
     

    An update that fixes 11 vulnerabilities is now available.

     SUSE: 2020:0050-1 moderate: mariadb (Jan 9)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2020:0054-1 important: log4j (Jan 9)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2020:0053-1 important: log4j (Jan 9)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2020:14265-1 moderate: java-1_7_0-ibm (Jan 8)
     

    An update that fixes 13 vulnerabilities is now available.

     SUSE: 2020:0045-1 important: git (Jan 8)
     

    An update that solves 9 vulnerabilities and has two fixes is now available.

     SUSE: 2020:0043-1 important: nodejs8 (Jan 8)
     

    An update that fixes three vulnerabilities is now available.

     SUSE: 2020:14263-1 moderate: java-1_7_1-ibm (Jan 8)
     

    An update that fixes 11 vulnerabilities is now available.

     SUSE: 2020:0035-1 moderate: containerd, docker, docker-runc, golang-github-docker-libnetwork (Jan 8)
     

    An update that solves one vulnerability and has 5 fixes is now available.

     SUSE: 2020:0029-1 important: tomcat (Jan 7)
     

    An update that fixes three vulnerabilities is now available.

     SUSE: 2020:0028-1 moderate: openssl-1_0_0 (Jan 7)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2020:0023-1 moderate: libzypp (Jan 7)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2020:0025-1 moderate: java-1_8_0-openjdk (Jan 7)
     

    An update that fixes 17 vulnerabilities is now available.

     SUSE: 2020:0024-1 moderate: java-1_8_0-ibm (Jan 7)
     

    An update that fixes 16 vulnerabilities is now available.

     SUSE: 2020:0026-1 moderate: sysstat (Jan 7)
     

    An update that solves one vulnerability and has one errata is now available.

     SUSE: 2020:0017-1 important: virglrenderer (Jan 7)
     

    An update that fixes four vulnerabilities is now available.

     SUSE: 2020:0016-1 important: virglrenderer (Jan 7)
     

    An update that fixes four vulnerabilities is now available.

     SUSE: 2020:0001-1 moderate: java-1_8_0-ibm (Jan 2)
     

    An update that fixes 16 vulnerabilities is now available.

     SUSE: 2020:0002-1 moderate: openssl-1_1 (Jan 2)
     

    An update that solves one vulnerability and has three fixes is now available.


     Ubuntu: Ubuntu 19.04 (Disco Dingo) reaches End of Life on January 23 2020 (Jan 9)
     

     Ubuntu 4233-1: GnuTLS update (Jan 9)
     

    SHA1 has been marked as untrusted in GnuTLS.

     Ubuntu 4231-1: NSS vulnerability (Jan 8)
     

    NSS could be made to execute arbitrary code if it received a specially crafted input.

     Ubuntu 4232-1: GraphicsMagick vulnerabilities (Jan 8)
     

    Several security issues were fixed in GraphicsMagick.

     Ubuntu 4230-1: ClamAV vulnerability (Jan 8)
     

    ClamAV could be made to crash if it opened a specially crafted file.

     Ubuntu 0061-1: Linux kernel vulnerability (Jan 8)
     

    Several security issues were fixed in the kernel.

     Ubuntu 4228-2: Linux kernel (Xenial HWE) vulnerabilities (Jan 7)
     

    Several security issues were fixed in the Linux kernel.

     Ubuntu 4227-2: Linux kernel (Azure) vulnerabilities (Jan 7)
     

    Several security issues were fixed in the Linux kernel.

     Ubuntu 4228-1: Linux kernel vulnerabilities (Jan 6)
     

    Several security issues were fixed in the Linux kernel.

     Ubuntu 4227-1: Linux kernel vulnerabilities (Jan 6)
     

    Several security issues were fixed in the Linux kernel.

     Ubuntu 4226-1: Linux kernel vulnerabilities (Jan 6)
     

    Several security issues were fixed in the Linux kernel.

     Ubuntu 4225-1: Linux kernel vulnerabilities (Jan 6)
     

    Several security issues were fixed in the Linux kernel.


     Debian LTS: DLA-2062-1: sa-exim security update (Jan 9)
     

    It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, which caused a functional regression in sa-exim. This update restores the

     Debian LTS: DLA-2061-1: firefox-esr security update (Jan 9)
     

    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.

     Debian LTS: DLA-2058-1: nss security update (Jan 6)
     

    It was found that certain cryptographic primitives in nss, the Network Security Service libraries, did not check the length of the input text. This could result in a potential heap-based buffer overflow.

     Debian LTS: DLA-2057-1: pillow security update (Jan 6)
     

    It was discovered that there were three vulnerabilities in Pillow, an imaging library for the Python programming language: * CVE-2019-19911: Prevent a denial-of-service vulnerability caused


     ArchLinux: 202001-1: firefox: multiple issues (Jan 8)
     

    The package firefox before version 72.0-1 is vulnerable to multiple issues including arbitrary code execution, insufficient validation, access restriction bypass and denial of service.


     openSUSE: 2020:0004-1: important: chromium (Jan 10)
     

    An update that fixes four vulnerabilities is now available.

     openSUSE: 2020:0004-1: important: chromium (Jan 10)
     

    An update that fixes four vulnerabilities is now available.

     openSUSE: 2020:0002-1: important: MozillaFirefox (Jan 9)
     

    An update that fixes 8 vulnerabilities is now available.

     openSUSE: 2020:0003-1: important: MozillaThunderbird (Jan 9)
     

    An update that contains security fixes can now be installed.


     Mageia 2020-0027: firefox security update (Jan 9)
     

    When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration (CVE-2019-17016).

     Mageia 2020-0026: opensc security update (Jan 7)
     

    Updated opensc packages fix security vulnerabilities: sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv (CVE-2019-6502).

     Mageia 2020-0025: varnish security update (Jan 7)
     

    Updated varnish packages fix security vulnerability: A bug has been discovered in Varnish Cache where we fail to clear a pointer between the handling of one client requests and the next on the same connection. This can under specific circumstances lead to

     Mageia 2020-0024: radare2 security update (Jan 7)
     

    Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have

     Mageia 2020-0023: openssl security update (Jan 5)
     

    Updated compat-openssl10 and openssl packages fix security vulnerability: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536,

     Mageia 2020-0022: dia security update (Jan 5)
     

    Updated dia package fixes security vulnerability: An endless loop on filenames with invalid encoding (CVE-2019-19451). References:

     Mageia 2020-0021: mediawiki security update (Jan 5)
     

    Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1

     Mageia 2020-0020: libxml2 security update (Jan 5)
     

    The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)

     Mageia 2020-0019: freeimage security update (Jan 5)
     

    The updated packages fix security vulnerabilities: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered,

     Mageia 2020-0018: jss security update (Jan 5)
     

    Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly

     Mageia 2020-0017: libdwarf security update (Jan 5)
     

    Updated libdwarf packages fix security vulnerability: dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump

     Mageia 2020-0016: memcached security update (Jan 5)
     

    Updated memcached packages fix security vulnerability: memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. (CVE-2019-15026)

     Mageia 2020-0015: libextractor security update (Jan 5)
     

    Updated libextractor packages fix security vulnerability: GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c (CVE-2019-15531).

     Mageia 2020-0014: jhead security update (Jan 5)
     

    Updated jhead package fixes security vulnerabilities: jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file

     Mageia 2020-0013: igraph security update (Jan 5)
     

    Updated igraph packages fix security vulnerability: The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object (CVE-2018-20349).

     Mageia 2020-0012: upx security update (Jan 5)
     

    The updated package fixes security vulnerabilities: An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed

     Mageia 2020-0011: cyrus-sasl security update (Jan 5)
     

    Updated cyrus-sasl packages fix security vulnerability: Stephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take

     Mageia 2020-0010: cyrus-imapd security update (Jan 5)
     

    Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks (CVE-2019-19783).

     Mageia 2020-0009: mozjs60 security update (Jan 5)
     

    The updated packages fix security vulnerabilities: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

     Mageia 2020-0008: advancecomp security update (Jan 5)
     

    Updated advancecomp package fixes security vulnerability: An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of

     Mageia 2020-0007: freeradius security update (Jan 5)
     

    Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a

     Mageia 2020-0006: shadowsocks-libev security update (Jan 5)
     

    Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality (CVE-2019-5163).

     Mageia 2020-0005: openconnect security update (Jan 5)
     

    Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes (CVE-2019-16239).

     Mageia 2020-0004: python-werkzeug security update (Jan 5)
     

    Updated python-werkzeug packages fix security vulnerability: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id (CVE-2019-14806).

     Mageia 2020-0003: putty security update (Jan 5)
     

    Updated putty package fixes security vulnerabilities: Two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking.

     Mageia 2020-0002: python-ecdsa security update (Jan 5)
     

    Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service

     Mageia 2020-0001: apache-commons-compress- security update (Jan 5)
     

    pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"81","type":"x","order":"1","pct":56.25,"resources":[]},{"id":"88","title":"Should be more technical","votes":"21","type":"x","order":"2","pct":14.58,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"42","type":"x","order":"3","pct":29.17,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.