Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.
|
Debian: DSA-4602-1: xen security update (Jan 13) |
|
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.
|
|
Debian: DSA-4601-1: ldm security update (Jan 9) |
|
It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation.
|
|
Debian: DSA-4600-1: firefox-esr security update (Jan 9) |
|
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.
|
|
|
|
Fedora 31: ImageMagick FEDORA-2020-f006145643 (Jan 17) |
|
Security and bug fixes.
|
|
Fedora 31: rubygem-rmagick FEDORA-2020-f006145643 (Jan 17) |
|
Security and bug fixes.
|
|
Fedora 31: xar FEDORA-2020-6490123c7c (Jan 17) |
|
- Update to 1.6.1 - Change upstream - Exclude CVE-2010-0055 patch, includes in upstream - Exclude norpath patch, using sed - Pass FTBFS state #1676224 - General clean of the spec - Use Fedora guide lines in Source URL
|
|
Fedora 31: gnulib FEDORA-2020-663f619e9c (Jan 17) |
|
Security fix for [CVE-2018-17942] - Update on 2020-01-07 - CVE-2018-17942
|
|
Fedora 31: python-django FEDORA-2020-adb4f0143a (Jan 17) |
|
fix CVE-2019-19844 (rhbz#1788426)
|
|
Fedora 31: jetty FEDORA-2020-4913d43d77 (Jan 17) |
|
Security fix for CVE-2019-17632
|
|
Fedora 30: phpMyAdmin FEDORA-2020-cb89758335 (Jan 16) |
|
**Version 4.9.4** (2020-01-07) - issue #15724 Fix 2FA was disabled by a bug - issue [security] Fix SQL injection vulnerability on the user accounts page (PMASA-2020-1) ---- **Version 4.9.3** (2019-12-26) - issue #15570 Fix page contents go underneath of floating menubar in some cases - issue #15591 Fix php notice 'Undefined index: foreign_keys_data' on relations view when the user
|
|
Fedora 30: gnulib FEDORA-2020-acac61cfd0 (Jan 16) |
|
Security fix for [CVE-2018-17942] - Update on 2020-01-07 - CVE-2018-17942
|
|
Fedora 31: thunderbird FEDORA-2020-01411d96d5 (Jan 16) |
|
Update to latest upstream version
|
|
Fedora 31: ocsinventory-agent FEDORA-2020-4c8a066b83 (Jan 16) |
|
Per Upstream, a malicious CA could result in unexpected inventory access with the System CA patch. The risk is very low. That patch is now dropped.
|
|
Fedora 31: chromium FEDORA-2020-581537c8aa (Jan 12) |
|
Update to 79.0.3945.117. Fixes CVE-2020-6377.
|
|
Fedora 31: libvpx FEDORA-2020-65eac1b48b (Jan 12) |
|
Update to 1.8.2
|
|
Fedora 31: makepasswd FEDORA-2020-a5b60d0c2b (Jan 11) |
|
Fixes bugzilla 1126076
|
|
Fedora 31: kubernetes FEDORA-2020-943f4b03d2 (Jan 11) |
|
Update to v1.15.7 (CVE-2018-1002102 kubernetes: improper validation of URL redirection in the Kubernetes API server allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints)
|
|
Fedora 31: GraphicsMagick FEDORA-2019-210b0a6e4f (Jan 11) |
|
New bugfix and security upstream release, see http://www.graphicsmagick.org/NEWS.html#december-24-2019
|
|
Fedora 31: matio FEDORA-2019-a1a2f55fcf (Jan 11) |
|
1.5.7, fix for CVE-2019-13107
|
|
Fedora 31: slurm FEDORA-2019-f5fe4e10d7 (Jan 11) |
|
Release of 19.05.5. Closes security issues CVE-2019-19727, CVE-2019-19728.
|
|
Fedora 30: makepasswd FEDORA-2020-1db19e75db (Jan 11) |
|
Fixes bugzilla 1126076
|
|
Fedora 30: GraphicsMagick FEDORA-2019-f12cb1ddab (Jan 11) |
|
New bugfix and security upstream release, see http://www.graphicsmagick.org/NEWS.html#december-24-2019
|
|
Fedora 30: dovecot FEDORA-2019-72e5ac943a (Jan 11) |
|
Security fix for CVE-2019-19722: null pointer dereference in push notification driver
|
|
|
|
RedHat: RHSA-2020-0134:01 Critical: .NET Core on Red Hat Enterprise Linux (Jan 16) |
|
An update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0132:01 Moderate: Red Hat Process Automation Manager (Jan 16) |
|
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0133:01 Moderate: Red Hat Decision Manager 7.6.0 Security (Jan 16) |
|
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0130:01 Critical: .NET Core on Red Hat Enterprise Linux (Jan 16) |
|
An update for dotnet3.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0124:01 Important: git security update (Jan 16) |
|
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0122:01 Important: java-11-openjdk security update (Jan 16) |
|
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0128:01 Important: java-11-openjdk security update (Jan 16) |
|
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0127:01 Important: thunderbird security update (Jan 16) |
|
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0120:01 Important: thunderbird security update (Jan 16) |
|
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0123:01 Important: thunderbird security update (Jan 16) |
|
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0111:01 Critical: firefox security update (Jan 14) |
|
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0103:01 Important: kernel security and bug fix update (Jan 14) |
|
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
|
RedHat: RHSA-2020-0101:01 Moderate: go-toolset-1.12-golang security update (Jan 14) |
|
An update for go-toolset-1.12 and go-toolset-1.12-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0100:01 Important: kernel-rt security and bug fix update (Jan 14) |
|
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0020:01 Low: OpenShift Container Platform 3.11 (Jan 14) |
|
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0085:01 Critical: firefox security update (Jan 13) |
|
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0086:01 Critical: firefox security update (Jan 13) |
|
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0084:01 Important: chromium-browser security update (Jan 13) |
|
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0078:01 Important: rabbitmq-server security update (Jan 13) |
|
An update for rabbitmq-server is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
|
|
Slackware: 2020-010-01: mozilla-thunderbird Security Update (Jan 10) |
|
New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
|
|
Slackware: 2020-009-01: mozilla-firefox Security Update (Jan 9) |
|
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.
|
|
|
|
SUSE: 2020:0121-1 moderate: LibreOffice (Jan 17) |
|
An update that solves one vulnerability and has two fixes is now available.
|
|
SUSE: 2020:0118-1 moderate: fontforge (Jan 16) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0110-1 important: slurm (Jan 16) |
|
An update that solves three vulnerabilities and has three fixes is now available.
|
|
SUSE: 2020:0111-1 moderate: Mesa (Jan 16) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0112-1 important: tigervnc (Jan 16) |
|
An update that fixes 5 vulnerabilities is now available.
|
|
SUSE: 2020:0113-1 important: tigervnc (Jan 16) |
|
An update that fixes 5 vulnerabilities is now available.
|
|
SUSE: 2020:0114-1 important: python3 (Jan 16) |
|
An update that solves 26 vulnerabilities and has 30 fixes is now available.
|
|
SUSE: 2020:0115-1 moderate: shibboleth-sp (Jan 16) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0104-1 important: nodejs10 (Jan 15) |
|
An update that fixes three vulnerabilities is now available.
|
|
SUSE: 2020:0101-1 moderate: php7 (Jan 14) |
|
An update that fixes four vulnerabilities is now available.
|
|
SUSE: 2020:0099-1 moderate: openssl-1_1 (Jan 14) |
|
An update that solves four vulnerabilities and has two fixes is now available.
|
|
SUSE: 2020:0102-1 moderate: man (Jan 14) |
|
An update that contains security fixes can now be installed.
|
|
SUSE: 2020:0087-1 moderate: libsolv, libzypp, zypper (Jan 13) |
|
An update that solves one vulnerability and has 10 fixes is now available.
|
|
SUSE: 2020:0086-1 moderate: e2fsprogs (Jan 13) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0078-1 important: MozillaFirefox (Jan 13) |
|
An update that fixes 7 vulnerabilities is now available.
|
|
SUSE: 2020:0081-1 moderate: crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client (Jan 13) |
|
An update that solves three vulnerabilities and has one errata is now available.
|
|
SUSE: 2020:0079-1 moderate: libzypp (Jan 13) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:14268-1 important: MozillaFirefox (Jan 10) |
|
An update that fixes 7 vulnerabilities is now available.
|
|
SUSE: 2020:0069-1 moderate: openssl-1_1 (Jan 10) |
|
An update that solves one vulnerability and has three fixes is now available.
|
|
SUSE: 2020:0065-1 moderate: containerd, docker, docker-runc, golang-github-docker-libnetwork (Jan 10) |
|
An update that solves one vulnerability and has 5 fixes is now available.
|
|
SUSE: 2020:0068-1 important: MozillaFirefox (Jan 10) |
|
An update that fixes 7 vulnerabilities is now available.
|
|
SUSE: 2020:0064-1 moderate: openssl-1_0_0 (Jan 10) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0063-1 important: nodejs10 (Jan 10) |
|
An update that fixes three vulnerabilities is now available.
|
|
SUSE: 2020:14267-1 important: log4j (Jan 9) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0059-1 moderate: nodejs12 (Jan 9) |
|
An update that solves 9 vulnerabilities and has one errata is now available.
|
|
SUSE: 2020:14266-1 moderate: apache2-mod_perl (Jan 9) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0051-1 moderate: java-1_7_1-ibm (Jan 9) |
|
An update that fixes 11 vulnerabilities is now available.
|
|
SUSE: 2020:0050-1 moderate: mariadb (Jan 9) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0054-1 important: log4j (Jan 9) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0053-1 important: log4j (Jan 9) |
|
An update that fixes one vulnerability is now available.
|
|
|
|
Ubuntu 4241-1: Thunderbird vulnerabilities (Jan 16) |
|
Several security issues were fixed in Thunderbird.
|
|
Ubuntu 4240-1: Kamailio vulnerability (Jan 16) |
|
kamailio could be made to crash if it opened a specially crafted file.
|
|
Ubuntu 4235-2: nginx vulnerability (Jan 15) |
|
nginx could be made to expose sensitive information over the network.
|
|
Ubuntu 4221-2: libpcap vulnerability (Jan 15) |
|
Applications using libpcap could be made to crash if given specially crafted data.
|
|
Ubuntu 4239-1: PHP vulnerabilities (Jan 15) |
|
Several security issues were fixed in PHP.
|
|
Ubuntu 4237-2: SpamAssassin vulnerabilities (Jan 15) |
|
Several security issues were fixed in SpamAssassin.
|
|
Ubuntu 4238-1: SDL_image vulnerabilities (Jan 14) |
|
Several security issues were fixed in SDL_image.
|
|
Ubuntu 4236-2: Libgcrypt vulnerability (Jan 14) |
|
Libgcrypt could be made to expose sensitive information.
|
|
Ubuntu 4237-1: SpamAssassin vulnerabilities (Jan 13) |
|
Several security issues were fixed in SpamAssassin.
|
|
Ubuntu 4236-1: Libgcrypt vulnerability (Jan 13) |
|
Libgcrypt could be made to expose sensitive information.
|
|
Ubuntu 4235-1: nginx vulnerability (Jan 13) |
|
nginx could be made to expose sensitive information over the network.
|
|
Ubuntu 4047-2: libvirt update vulnerability (Jan 13) |
|
Several security issues were fixed in libvirt.
|
|
Ubuntu 4234-1: Firefox vulnerabilities (Jan 10) |
|
Firefox could be made to crash or run programs as your login if it opened a malicious website.
|
|
Ubuntu: Ubuntu 19.04 (Disco Dingo) reaches End of Life on January 23 2020 (Jan 9) |
|
|
|
Ubuntu 4233-1: GnuTLS update (Jan 9) |
|
SHA1 has been marked as untrusted in GnuTLS.
|
|
|
|
Debian LTS: DLA-2063-1: debian-lan-config security update (Jan 15) |
|
In debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server allowed password changes for other Kerberos user principals.
|
|
Debian LTS: DLA-2060-1: phpmyadmin security update (Jan 15) |
|
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid
|
|
[SECURITY] DLA-2066-1 gthumb security update (Jan 14) |
|
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix
|
|
Debian LTS: DLA-2067-1: wordpress security update (Jan 14) |
|
An input sanitization bypass was discovered in Wordpress, a popular content management framework. An attacker can use this flaw to send malicious scripts to an unsuspecting user.
|
|
Debian LTS: DLA-2065-1: apache-log4j1.2 security update (Jan 12) |
|
Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for
|
|
Debian LTS: DLA-2064-1: ldm security update (Jan 10) |
|
It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation.
|
|
Debian LTS: DLA-2062-1: sa-exim security update (Jan 9) |
|
It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, which caused a functional regression in sa-exim. This update restores the
|
|
Debian LTS: DLA-2061-1: firefox-esr security update (Jan 9) |
|
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.
|
|
|
|
ArchLinux: 202001-5: chromium: multiple issues (Jan 17) |
|
The package chromium before version 79.0.3945.130-1 is vulnerable to multiple issues including arbitrary code execution and insufficient validation.
|
|
ArchLinux: 202001-4: thunderbird: multiple issues (Jan 14) |
|
The package thunderbird before version 68.4.1-1 is vulnerable to multiple issues including arbitrary code execution and insufficient validation.
|
|
ArchLinux: 202001-3: firefox: arbitrary code execution (Jan 13) |
|
The package firefox before version 72.0.1-1 is vulnerable to arbitrary code execution.
|
|
ArchLinux: 202001-2: file: arbitrary code execution (Jan 13) |
|
The package file before version 5.38-1 is vulnerable to arbitrary code execution.
|
|
|
|
CentOS: CESA-2020-0085: Critical CentOS 7 firefox (Jan 15) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0085
|
|
CentOS: CESA-2020-0086: Critical CentOS 6 firefox (Jan 14) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0086
|
|
|
|
SciLinux: SLSA-2020-0123-1 Important: thunderbird on SL6.x i386/x86_64 (Jan 17) |
|
Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019- [More...]
|
|
SciLinux: SLSA-2020-0120-1 Important: thunderbird on SL7.x x86_64 (Jan 17) |
|
Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019- [More...]
|
|
SciLinux: SLSA-2020-0124-1 Important: git on SL7.x x86_64 (Jan 16) |
|
git: Remote code execution in recursive clones with nested submodules (CVE-2019-1387) SL7 x86_64 git-1.8.3.1-21.el7_7.x86_64.rpm git-daemon-1.8.3.1-21.el7_7.x86_64.rpm git-debuginfo-1.8.3.1-21.el7_7.x86_64.rpm git-gnome-keyring-1.8.3.1-21.el7_7.x86_64.rpm git-svn-1.8.3.1-21.el7_7.x86_64.rpm noarch emacs-git-1.8.3.1-21.el7_7.noarch.rpm emacs-git-el-1.8.3.1-21.el [More...]
|
|
SciLinux: SLSA-2020-0122-1 Important: java-11-openjdk on SL7.x x86_64 (Jan 16) |
|
OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization iss [More...]
|
|
SciLinux: SLSA-2020-0085-1 Critical: firefox on SL7.x x86_64 (Jan 13) |
|
This update upgrades Firefox to version 68.4.1 ESR. * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: [More...]
|
|
SciLinux: SLSA-2020-0086-1 Critical: firefox on SL6.x i386/x86_64 (Jan 13) |
|
This update upgrades Firefox to version 68.4.1 ESR. * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: [More...]
|
|
|
|
openSUSE: 2020:0067-1: moderate: icingaweb2 (Jan 16) |
|
An update that solves 5 vulnerabilities and has one errata is now available.
|
|
openSUSE: 2020:0067-1: moderate: icingaweb2 (Jan 16) |
|
An update that solves 5 vulnerabilities and has one errata is now available.
|
|
openSUSE: 2020:0062-1: moderate: openssl-1_1 (Jan 15) |
|
An update that solves one vulnerability and has three fixes is now available.
|
|
openSUSE: 2020:0060-1: important: MozillaFirefox (Jan 15) |
|
An update that fixes 7 vulnerabilities is now available.
|
|
openSUSE: 2020:0058-1: important: virglrenderer (Jan 15) |
|
An update that fixes four vulnerabilities is now available.
|
|
openSUSE: 2020:0059-1: important: nodejs8 (Jan 15) |
|
An update that fixes three vulnerabilities is now available.
|
|
openSUSE: 2020:0055-1: moderate: GraphicsMagick (Jan 14) |
|
An update that fixes three vulnerabilities is now available.
|
|
openSUSE: 2020:0057-1: moderate: singularity (Jan 14) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0056-1: important: phpMyAdmin (Jan 14) |
|
An update that fixes three vulnerabilities is now available.
|
|
openSUSE: 2020:0053-1: important: chromium (Jan 14) |
|
An update that fixes four vulnerabilities is now available.
|
|
openSUSE: 2020:0051-1: important: log4j (Jan 14) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0036-1: moderate: rubygem-excon (Jan 13) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0014-1: moderate: php7-imagick (Jan 13) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0021-1: moderate: dia (Jan 13) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0022-1: moderate: libgcrypt (Jan 13) |
|
An update that solves one vulnerability and has two fixes is now available.
|
|
openSUSE: 2020:0020-1: moderate: shibboleth-sp (Jan 13) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0014-1: moderate: php7-imagick (Jan 13) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0015-1: moderate: trousers (Jan 13) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0024-1: moderate: ffmpeg-4 (Jan 13) |
|
An update that fixes 5 vulnerabilities is now available.
|
|
openSUSE: 2020:0038-1: important: tomcat (Jan 13) |
|
An update that fixes three vulnerabilities is now available.
|
|
openSUSE: 2020:0024-1: moderate: ffmpeg-4 (Jan 13) |
|
An update that fixes 5 vulnerabilities is now available.
|
|
openSUSE: 2020:0011-1: important: xen (Jan 13) |
|
An update that contains security fixes can now be installed.
|
|
openSUSE: 2020:0045-1: moderate: containerd, docker, docker-runc, golang-github-docker-libnetwork (Jan 13) |
|
An update that solves one vulnerability and has 5 fixes is now available.
|
|
openSUSE: 2020:0031-1: moderate: proftpd (Jan 13) |
|
An update that solves 5 vulnerabilities and has two fixes is now available.
|
|
openSUSE: 2020:0010-1: important: chromium, re2 (Jan 13) |
|
An update that fixes 21 vulnerabilities is now available.
|
|
openSUSE: 2020:0009-1: important: chromium (Jan 12) |
|
An update that fixes four vulnerabilities is now available.
|
|
openSUSE: 2020:0008-1: moderate: mozilla-nspr, mozilla-nss (Jan 11) |
|
An update that fixes three vulnerabilities is now available.
|
|
openSUSE: 2020:0007-1: important: chromium (Jan 11) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0006-1: important: chromium (Jan 11) |
|
An update that fixes four vulnerabilities is now available.
|
|
openSUSE: 2020:0004-1: important: chromium (Jan 10) |
|
An update that fixes four vulnerabilities is now available.
|
|
openSUSE: 2020:0004-1: important: chromium (Jan 10) |
|
An update that fixes four vulnerabilities is now available.
|
|
openSUSE: 2020:0002-1: important: MozillaFirefox (Jan 9) |
|
An update that fixes 8 vulnerabilities is now available.
|
|
openSUSE: 2020:0003-1: important: MozillaThunderbird (Jan 9) |
|
An update that contains security fixes can now be installed.
|
|
|
|
Mageia 2020-0041: kernel security update (Jan 17) |
|
This update is based on upstream 5.4.12 and fixes atleast the following security vulnerabilities: Intel GPU Hardware prior to Gen11 does not clear EU state during a context switch. This can result in information leakage between
|
|
Mageia 2020-0040: libjpeg security update (Jan 17) |
|
The updated packages fix security vulnerabilities: A signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench.
|
|
Mageia 2020-0039: e2fsprogs security update (Jan 17) |
|
Updated e2fsprogs packages fix security vulnerability: A code execution vulnerability in the directory rehashing functionality (CVE-2019-5188).
|
|
[updates-announce] MGASA-2020-0038: Updated makepasswd fix insecure default length of password (Jan 13) |
|
Updated makepasswd fix insecure default length of password By default, makepasswd generates password with a length between 6 to 8 characters (48 to 64bits). This update raise the default to 16 characters (128 bits).
|
|
Mageia 2020-0037: graphicsmagick security update (Jan 13) |
|
GraphicsMagick has been updated to fix security issues. References: - https://bugs.mageia.org/show_bug.cgi?id=26056 - http://www.graphicsmagick.org/NEWS.html#december-24-2019
|
|
Mageia 2020-0036: kernel security update (Jan 13) |
|
This update is based on upstream 5.4.10 and fixes atleast the following security issues: ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE)
|
|
Mageia 2020-0035: unbound security update (Jan 13) |
|
Updated unbound package to version 1.9.6 to fix various potential security vulnerabilities. References: - https://bugs.mageia.org/show_bug.cgi?id=25974
|
|
Mageia 2020-0034: thunderbird security update (Jan 11) |
|
Updated thunderbird packages fix security vulnerabilities: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) Type Confusion in XPCVariant.cpp (CVE-2019-17017)
|
|
Mageia 2020-0033: phpmyadmin security update (Jan 11) |
|
Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL
|
|
Mageia 2020-0032: ming security update (Jan 11) |
|
The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7866)
|
|
Mageia 2020-0031: pcsc-lite security update (Jan 11) |
|
The pcsc-lite package has been updated to version 1.8.26, which fixes a memory leak and other bugs. See the ChangeLog for details. References: - https://bugs.mageia.org/show_bug.cgi?id=25869
|
|
Mageia 2020-0030: opencv security update (Jan 11) |
|
The updated packages fix security vulnerabilities: An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which
|
|
Mageia 2020-0029: oniguruma security update (Jan 11) |
|
Updated oniguruma packages fix security vulnerabilities: A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular
|
|
Mageia 2020-0028: libtomcrypt security update (Jan 11) |
|
Updated libtomcrypt packages fix security vulnerability: Improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data (CVE-2019-17362).
|
|
Mageia 2020-0027: firefox security update (Jan 9) |
|
When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration (CVE-2019-17016).
|
