Linux Advisory Watch: January 22nd, 2021

Andrew Wesie discovered a buffer overflow in the H264 support of the GStreamer multimedia framework, which could potentially result in the execution of arbitrary code.

Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure.

Johan Smits discovered that ruby-redcarpet, a markdown parser, did not properly validate its input. This would allow an attacker to mount a cross-site scripting attack.

Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape).

This is the January 2021 security update for .NET Core 3.1: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.11/3.1.11.md This update includes a fix for CVE-2021-1723.

This is the January 2021 security update for .NET Core 3.1: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.11/3.1.11.md This update includes a fix for CVE-2021-1723.

Backport fixes for CVE-2020-35653, CVE-2020-35654, CVE-2020-35655.

Backport fixes for CVE-2020-35653, CVE-2020-35654, CVE-2020-35655.

Update to security fix 1.6 version. Fixes CVE-2019-17455

Rebase to 1.9.5p1 - updated sudo url Resolves: rhbz#1902758 - enabled python plugin as a subpackage Resolves: rhbz#1909299 - fixed double free in sss_to_sudoers Resolves: rhbz#1885874 - fixed CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit Resolves: rhbz#1915055 - fixed CVE-2021-23240 sudo: symbolic link attack in SELinux-

Rebase to 1.9.5p1 - updated sudo url Resolves: rhbz#1902758 - enabled python plugin as a subpackage Resolves: rhbz#1909299 - fixed double free in sss_to_sudoers Resolves: rhbz#1885874 - fixed CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit Resolves: rhbz#1915055 - fixed CVE-2021-23240 sudo: symbolic link attack in SELinux-

Coturn 4.5.2 memory - Add prometheus metrics - Delete trailing whitespace in example configuration files - Add architecture ppc64le to travis build - Fix misleading option in doc (prometheus) - Allow RFC6062 TCP relay data to look like TLS - Add support for proxy protocol V1 - Print full date and time in

- x86: Check IFUNC definition in unrelocated executable [BZ #20019] - x86: Set header.feature_1 in TCB for always-on CET [BZ #27177] - x86-64: Avoid rep movsb with short distance [BZ #27130] - Fix for CVE-2019-25013 buffer overrun in EUC-KR conversion module (bz #24973) - Add NEWS entry for CVE-2020-29562 (BZ #26923) - iconv: Fix incorrect UCS4 inner loop bounds

Coturn 4.5.2 memory - Add prometheus metrics - Delete trailing whitespace in example configuration files - Add architecture ppc64le to travis build - Fix misleading option in doc (prometheus) - Allow RFC6062 TCP relay data to look like TLS - Add support for proxy protocol V1 - Print full date and time in

fix rundir location ---- - dovecot updated to 2.3.13, pigeonhole to 0.5.13 - CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. - Metric filter and global event filter variable syntax changed to a SQL-like format. - auth: Added new aliases for %{variables}. Usage of the old ones is

This is a security update that fixes a sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox. See the advisory for details: fxf6-vxg2

- x86: Check IFUNC definition in unrelocated executable [BZ #20019] - x86: Set header.feature_1 in TCB for always-on CET [BZ #27177] - Update for [BZ #27130] fix - x86-64: Avoid rep movsb with short distance [BZ #27130] - Fix for CVE-2019-25013 buffer overrun in EUC-KR conversion module (bz #24973) - tests-mcheck: New variable to run tests with MALLOC_CHECK_=3 - iconv:

Update to 87.0.4280.141. Fixes: CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115 CVE-2021-21116

This updates flatpak from 1.8 to new 1.10 stable series. The major new feature in this series compared to 1.8 is the support for the new repo format which should make updates faster and download less data. For details what's new in 1.10, see https://github.com/flatpak/flatpak/releases/tag/1.10.0 This also includes a security update that fixes a sandbox escape where a malicious

The 5.10.7 stable kernel update contains a number of important fixes across the tree.

The 5.10.7 stable kernel update contains a number of important fixes across the tree.

security fix for GHSA-hq37-853p-g5cf: "Regular Expression Denial of Service (REDoS)", rated as "moderate severity" published 17 hours ago by liZe

The 5.10.7 stable kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.

The 5.10.7 stable kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.

security fix for GHSA-hq37-853p-g5cf: "Regular Expression Denial of Service (REDoS)", rated as "moderate severity" published 17 hours ago by liZe

Update to 12.20.1 security release

**PHP version 7.4.14** (07 Jan 2021) **Core:** * Fixed bug php#74558 (Can't rebind closure returned by Closure::fromCallable()). (cmb) * Fixed bug php#80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION). (cmb) * Fixed bug php#72964 (White space not unfolded for CC/Bcc headers). (cmb) * Fixed bug php#80362 (Running dtrace scripts can cause php to crash). (al at coralnet dot

- Added upstream patch to avoid infinite loop on filenames with invalid encoding (CVE-2019-19451, #1778767)

This update backports patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845. ---- This update backports patches for CVE-2020-27824 and CVE-2020-27823. ---- Backport patch for CVE-2020-27814.

This update backports patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845. ---- This update backports patches for CVE-2020-27824 and CVE-2020-27823. ---- Backport patch for CVE-2020-27814.

Multiple vulnerabilities were discovered in Gentoo's ebuild for Zabbix which could lead to root privilege escalation.

Red Hat OpenShift Container Platform release 3.11.374 is now available with updates to packages and images that fix several bugs. This release also includes a security update for Red Hat OpenShift Container Platform 3.11.

Red Hat OpenShift Container Platform release 4.5.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.5.

An update for dnsmasq is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for dnsmasq is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container is now available for Red Hat OpenShift Container Platform 4.6.

An update for dnsmasq is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for dnsmasq is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for dnsmasq is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

Red Hat OpenShift Virtualization release 2.5.3 is now available with updates to packages and images that fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for linux-firmware is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Red Hat OpenShift Container Platform release 4.6.12 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.6.

Red Hat OpenShift Container Platform release 4.6.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,

An update for the postgresql:9.6 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libpq is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

Red Hat OpenShift Container Platform release 4.6.12 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.6.

An update for xstream is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for the postgresql:9.6 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Release of OpenShift Serverless 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each

Red Hat OpenShift Serverless Client kn 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

The container suse/sles12sp5 was updated. The following patches have been included in this update:

The container suse/sle15 was updated. The following patches have been included in this update:

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).

Andrew Wesie discovered a buffer overflow in the H264 support of the GStreamer multimedia framework, which could potentially result in the execution of arbitrary code.

golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix.

In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions, no HTML escaping was being performed when

Multiple vulnerabilites in wavpack were found, like OOB read (which could potentially lead to a DOS attack), unexpected control flow, crashes, integer overflow, and segfaults.

The package atftp before version 0.7.2-3 is vulnerable to denial of service.

The package wavpack before version 5.3.0-2 is vulnerable to arbitrary code execution.

The package mediawiki before version 1.35.1-1 is vulnerable to multiple issues including cross-site scripting and information disclosure.

The package coturn before version 4.5.2-1 is vulnerable to insufficient validation.

The package vivaldi before version 3.5.2115.87-1 is vulnerable to multiple issues including access restriction bypass, arbitrary code execution and insufficient validation.

The package nvidia-utils before version 460.32.03-1 is vulnerable to multiple issues including privilege escalation, denial of service and information disclosure.

The package opensmtpd before version 6.8.0p2-1 is vulnerable to multiple issues including information disclosure and denial of service.

The package thunderbird before version 78.6.1-1 is vulnerable to arbitrary code execution.

The package nodejs before version 15.5.1-1 is vulnerable to multiple issues including arbitrary code execution and url request injection.

The package nodejs-lts-fermium before version 14.15.4-1 is vulnerable to multiple issues including arbitrary code execution and url request injection.

The package nodejs-lts-erbium before version 12.20.1-1 is vulnerable to multiple issues including arbitrary code execution and url request injection.

The package nodejs-lts-dubnium before version 10.23.1-1 is vulnerable to multiple issues including arbitrary code execution and url request injection.

The package python-cairosvg before version 2.5.1-1 is vulnerable to denial of service.

The package python-pillow before version 8.1.0-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service.

The package gitlab before version 13.7.2-1 is vulnerable to multiple issues including authentication bypass, denial of service and information disclosure.

The package php before version 7.4.14-1 is vulnerable to insufficient validation.

The package mdbook before version 0.4.5-1 is vulnerable to cross-site scripting.

Upstream details at : https://access.redhat.com/errata/RHSA-2021:0087

Upstream details at : https://access.redhat.com/errata/RHSA-2021:0053

This update upgrades Thunderbird to version 78.6.1. * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044) SL7 x86_64 thunderbird-78.6.1-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.6.1-1.el7_9.x86_64.rpm - Scientific Linux Development Team

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 7 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 7 vulnerabilities is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that contains security fixes can now be installed.

An update that fixes one vulnerability is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has 5 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves 17 vulnerabilities and has 62 fixes is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes four vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 17 vulnerabilities and has 99 fixes is now available.

An update that solves 6 vulnerabilities and has 58 fixes is now available.

An update that solves one vulnerability and has 11 fixes is now available.

This kernel update is based on upstream 5.10.8 and fixes atleast the following security issue: SCSI EXTENDED COPY (XCOPY) requests sent to a Linux SCSI target (LIO) allow an attacker to read or write anywhere on any LIO backstore configured

It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2020-25709, CVE-2020-25710). References:

Multiple vulnerabilities related to unsafe tempfile usage (bsc#1146690, bsc#1146691, bsc#1146692, bsc#1146766, bsc#1146776, bsc#1146784, bsc#1146785, bsc#1146787). Issues where the ocfmon user was created with a default password (bsc#1021689,

The updated packages fix security vulnerabilities. See upstream releasenotes. References:

An issue in caribou, that was exposed by a CVE fix in X.org server, permits a screensaver-lock bypass. It is possible to crash the screensaver and unlock the desktop via the virtual keyboard. References:

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. (CVE-2021-23239).

Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc (CVE-2020-29361). A heap-based buffer over-read has been discovered in the RPC protocol used by

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB (CVE-2020-15117).

A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed (CVE-2020-1695).

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. (CVE-2020-27783).

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file (CVE-2020-26570). The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init (CVE-2020-26571).

A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability (CVE-2020-8622). A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain"

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12179). Insufficient memory write check in SMM service for EDK II may allow an

A flaw was found in the dom4j library. By using the default SaxReader() provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE (CVE-2020-10683). References:

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue (CVE-2019-13232). References:

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing) (CVE-2018-1063).

This update provides an upgrade to the new upstream 5.10 longterm branch, currently based on 5.10.6, adding new features and new and improved hardware support. This update also fixes atleast the following security issues:

This update provides an upgrade to the new upstream 5.10 longterm branch, currently based on 5.10.6, adding new features and new and improved hardware support. This update also fixes atleast the following security issues:

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer (nvidia.ko) IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure (CVE20211052).

LibreOffice slideshow aborts with stack smashing in cairos composite_boxes (CVE-2020-35492). References: - https://bugs.mageia.org/show_bug.cgi?id=28084

Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk. (CVE-2020-16044) See upstream releasenotes for other changes. References:

NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer (nvidia.ko) IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure (CVE20211052).

FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071). stream_get_contents() fails with maxlength=-1 or default. See upstream releasenotes for other changes.

It was discovered that Awstats was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default /etc/awstats/awstats.conf is not present (CVE-2020-29600).

It was discovered that GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash) (CVE-2020-14150). References: - https://bugs.mageia.org/show_bug.cgi?id=27730

MIT Kerberos 5 (aka krb5) before 1.17.2 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit (CVE-2020-28196). References: