LinuxSecurity.com Feature Extras:
IBM Closes its $34 Billion Acquisition of Red Hat: A Monumental Moment for Open Source - In the tech giants largest deal ever and one of the biggest deals in US history, IBM closed its $34 billion acquisition of Red Hat on Tuesday July 9, 2019. Red Hat will now be a unit of IBMs hybrid cloud division and Red Hat CEO Jim Whitehurst will join IBMs senior management team. This event has significant meaning that extends beyond is monetary value: it is a testament to the power of Open Source and the opportunity it offers businesses of all sizes across all industries.
Guardian Digital Celebrates 20 Years of Revolutionizing Digital Security, Securing Email with Open Source - Pioneers of business email security for the past 20 years, Guardian Digital draws on the merits of Open Source coupled with expert engineering and unparalleled customer support.
| Debian: DSA-4480-1: redis security update (Jul 11) | ||
|
Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code. |
||
| Debian: DSA-4479-1: firefox-esr security update (Jul 11) | ||
|
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery. |
||
| Debian: DSA-4478-1: dosbox security update (Jul 10) | ||
|
Two vulnerabilities were discovered in the DOSBox emulator, which could result in the execution of arbitrary code on the host running DOSBox when running a malicious executable in the emulator. |
||
| Debian: DSA-4477-1: zeromq3 security update (Jul 8) | ||
|
Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a lightweight messaging kernel library. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE encryption/authentication enabled, can take |
||
| Debian: DSA-4476-1: python-django security update (Jul 5) | ||
|
Three security issues were found in Django, a Python web development framework, which could result in denial of service, incomplete sanitisation of clickable links or missing redirects of HTTP requests to HTTPS. |
||
| Fedora 30: expat FEDORA-2019-18868e1715 (Jul 9) | ||
|
This update includes a fix for a security vulnerability, CVE_2018-20843: > Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks For more information on the changes in 2.2.7, see the upstream release |
||
| Fedora 29: libfilezilla FEDORA-2019-6e77507660 (Jul 6) | ||
|
Bugfixes, and a security fix: Fixed vulnerabilities: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. |
||
| Fedora 29: filezilla FEDORA-2019-6e77507660 (Jul 6) | ||
|
Bugfixes, and a security fix: Fixed vulnerabilities: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. |
||
| Fedora 30: filezilla FEDORA-2019-7b9af09b17 (Jul 6) | ||
|
Bugfixes, and a security fix: Fixed vulnerabilities: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. |
||
| Fedora 30: libfilezilla FEDORA-2019-7b9af09b17 (Jul 6) | ||
|
Bugfixes, and a security fix: Fixed vulnerabilities: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. |
||
| Fedora 30: samba FEDORA-2019-8015e5dc40 (Jul 6) | ||
|
Fix vfs_fruit, vfs_glusterfs and smbspool ---- Update to Samba 4.10.5 Security fixes for CVE-2019-12435 and CVE-2019-12436 |
||
| RedHat: RHSA-2019-1763:01 Critical: firefox security update (Jul 11) | ||
|
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |
||
| RedHat: RHSA-2019-1765:01 Critical: firefox security update (Jul 11) | ||
|
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |
||
| RedHat: RHSA-2019-1764:01 Critical: firefox security update (Jul 11) | ||
|
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |
||
| RedHat: RHSA-2019-1762:01 Important: virt:8.0.0 security update (Jul 11) | ||
|
An update for the virt:8.0.0 module is now available for Red Hat Enterprise Linux 8 Advanced Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
||
| RedHat: RHSA-2019-1734:01 Important: openstack-ironic-inspector security (Jul 10) | ||
|
An update for openstack-ironic-inspector is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
||
| RedHat: RHSA-2019-1743:01 Important: qemu-kvm-rhev security update (Jul 10) | ||
|
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
||
| RedHat: RHSA-2019-1742:01 Moderate: openstack-tripleo-common security and (Jul 10) | ||
|
An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which |
||
| RedHat: RHSA-2019-1728:01 Moderate: python-novajoin security and bug fix (Jul 10) | ||
|
An update for python-novajoin is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which |
||
| RedHat: RHSA-2019-1726:01 Important: dbus security update (Jul 10) | ||
|
An update for dbus is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
||
| RedHat: RHSA-2019-1722:01 Important: openstack-ironic-inspector security (Jul 10) | ||
|
An update for openstack-ironic-inspector is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
||
| RedHat: RHSA-2019-1723:01 Important: qemu-kvm-rhev security update (Jul 10) | ||
|
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
||
| RedHat: RHSA-2019-1714:01 Important: bind security update (Jul 10) | ||
|
An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
||
| RedHat: RHSA-2019-1712:01 Important: Red Hat JBoss Web Server 3.1 Service (Jul 9) | ||
|
An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
||
| RedHat: RHSA-2019-1711:01 Moderate: Red Hat JBoss Web Server 3.1 Service (Jul 9) | ||
|
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, |
||
| RedHat: RHSA-2019-1707:01 Moderate: ansible security and bug fix update (Jul 9) | ||
|
An update for ansible is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |
||
| RedHat: RHSA-2019-1708:01 Moderate: ansible security and bug fix update (Jul 9) | ||
|
An update for ansible is now available for Ansible Engine 2.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |
||
| RedHat: RHSA-2019-1706:01 Moderate: ansible security and bug fix update (Jul 9) | ||
|
An update for ansible is now available for Ansible Engine 2.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |
||
| RedHat: RHSA-2019-1705:01 Moderate: ansible security and bug fix update (Jul 9) | ||
|
An update for ansible is now available for Ansible Engine 2.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |
||
| RedHat: RHSA-2019-1700:01 Important: python27-python security update (Jul 8) | ||
|
An update for python27-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
||
| RedHat: RHSA-2019-1699:01 Important: redhat-virtualization-host security (Jul 8) | ||
|
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
||
| RedHat: RHSA-2019-1696:01 Critical: firefox security update (Jul 8) | ||
|
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from |
||
| Slackware: 2019-191-01: mozilla-firefox Security Update (Jul 10) | ||
|
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. |
||
| SUSE: 2019:1823-1 important: the Linux Kernel (Jul 12) | ||
|
An update that solves 11 vulnerabilities and has two fixes is now available. |
||
| SUSE: 2019:1793-1 important: Test SUSE:SLE-12-SP5 (Jul 11) | ||
|
An update that contains security fixes can now be installed. |
||
| SUSE: 2019:1819-1 fence-agents (Jul 11) | ||
|
An update that solves one vulnerability and has one errata is now available. |
||
| SUSE: 2019:1812-1 moderate: libqb (Jul 10) | ||
|
An update that fixes one vulnerability is now available. |
||
| SUSE: 2019:1813-1 fence-agents (Jul 10) | ||
|
An update that solves one vulnerability and has one errata is now available. |
||
| SUSE: 2019:1810-1 moderate: postgresql10 (Jul 10) | ||
|
An update that fixes two vulnerabilities is now available. |
||
| SUSE: 2019:1809-1 fence-agents (Jul 10) | ||
|
An update that solves one vulnerability and has one errata is now available. |
||
| SUSE: 2019:14120-1 important: sqlite3 (Jul 10) | ||
|
An update that fixes one vulnerability is now available. |
||
| SUSE: 2019:1802-1 moderate: kernel-firmware (Jul 10) | ||
|
An update that solves one vulnerability and has 8 fixes is now available. |
||
| SUSE: 2019:1806-1 important: libdlm, libqb (Jul 10) | ||
|
An update that solves one vulnerability and has three fixes is now available. |
||
| SUSE: 2019:1804-1 important: ruby-bundled-gems-rpmhelper, ruby2.5 (Jul 10) | ||
|
An update that solves 21 vulnerabilities and has two fixes is now available. |
||
| SUSE: 2019:1803-1 moderate: kernel-firmware (Jul 10) | ||
|
An update that solves one vulnerability and has two fixes is now available. |
||
| SUSE: 2019:1791-1 moderate: libqb (Jul 9) | ||
|
An update that fixes one vulnerability is now available. |
||
| SUSE: 2019:1789-1 moderate: SUSE Manager 4.0 : Server and Proxy (Jul 9) | ||
|
An update that solves two vulnerabilities and has 7 fixes is now available. |
||
| SUSE: 2019:1792-1 moderate: kernel-firmware (Jul 9) | ||
|
An update that solves one vulnerability and has two fixes is now available. |
||
| SUSE: 2019:1789-1 moderate: SUSE Manager 4.0 : Server and Proxy (Jul 9) | ||
|
An update that solves two vulnerabilities and has 7 fixes is now available. |
||
| SUSE: 2019:1789-1 moderate: SUSE Manager 4.0 : Server and Proxy (Jul 9) | ||
|
An update that solves two vulnerabilities and has 7 fixes is now available. |
||
| SUSE: 2019:1790-1 moderate: SUSE Manager 3.2 : Server and Proxy (Jul 9) | ||
|
An update that solves two vulnerabilities and has one errata is now available. |
||
| SUSE: 2019:1790-1 moderate: SUSE Manager Server 3.2 (Jul 9) | ||
|
An update that solves one vulnerability and has one errata is now available. |
||
| SUSE: 2019:1785-1 important: zeromq (Jul 9) | ||
|
An update that fixes one vulnerability is now available. |
||
| SUSE: 2019:1783-1 important: postgresql10 (Jul 9) | ||
|
An update that fixes one vulnerability is now available. |
||
| SUSE: 2019:14117-1 important: zeromq (Jul 8) | ||
|
An update that fixes one vulnerability is now available. |
||
| SUSE: 2019:1772-1 important: python-Pillow (Jul 8) | ||
|
An update that fixes one vulnerability is now available. |
||
| SUSE: 2019:1776-1 important: zeromq (Jul 8) | ||
|
An update that solves one vulnerability and has one errata is now available. |
||
| SUSE: 2019:1773-1 moderate: ImageMagick (Jul 8) | ||
|
An update that solves one vulnerability and has one errata is now available. |
||
| SUSE: 2019:1769-1 important: the Linux Kernel (Live Patch 1 for SLE 15 SP1) (Jul 8) | ||
|
An update that fixes one vulnerability is now available. |
||
| SUSE: 2019:1768-1 important: the Linux Kernel (Live Patch 26 for SLE 12 SP3) (Jul 8) | ||
|
An update that fixes one vulnerability is now available. |
||
| SUSE: 2019:1765-1 important: the Linux Kernel (Live Patch 0 for SLE 15 SP1) (Jul 8) | ||
|
An update that fixes two vulnerabilities is now available. |
||
| SUSE: 2019:1767-1 important: the Linux Kernel (Live Patch 34 for SLE 12 SP1) (Jul 8) | ||
|
An update that fixes two vulnerabilities is now available. |
||
| SUSE: 2019:0838-2 important: bash (Jul 5) | ||
|
An update that fixes one vulnerability is now available. |
||
| SUSE: 2019:1398-2 libpng16 (Jul 5) | ||
|
An update that solves two vulnerabilities and has one errata is now available. |
||
| SUSE: 2019:1749-1 moderate: libu2f-host (Jul 4) | ||
|
An update that fixes four vulnerabilities is now available. |
||
| SUSE: 2019:1750-1 moderate: libu2f-host, pam_u2f (Jul 4) | ||
|
An update that fixes three vulnerabilities is now available. |
||
| SUSE: 2019:14114-1 moderate: MozillaFirefox, mozilla-nss, mozilla-nspr (Jul 4) | ||
|
An update that contains security fixes can now be installed. |
||
| SUSE: 2019:0048-2 moderate: helm-mirror (Jul 4) | ||
|
An update that solves three vulnerabilities and has two fixes is now available. |
||
| SUSE: 2019:1744-1 important: the Linux Kernel (Jul 4) | ||
|
An update that solves three vulnerabilities and has 26 fixes is now available. |
||
| SUSE: 2019:1744-1 important: the Linux Kernel (Jul 4) | ||
|
An update that solves three vulnerabilities and has 26 fixes is now available. |
||
| SUSE: 2019:1746-1 moderate: php5 (Jul 4) | ||
|
An update that fixes three vulnerabilities is now available. |
||
| Ubuntu 4051-2: Apport vulnerability (Jul 9) | ||
|
Apport could be made to expose sensitive information in crash reports. |
||
| Ubuntu 4053-1: GVfs vulnerabilities (Jul 9) | ||
|
Several security issues were fixed in GVfs. |
||
| Ubuntu 4052-1: Whoopsie vulnerability (Jul 9) | ||
|
Whoopsie could be made to crash or expose sensitive information if it processed a specially crafted crash report. |
||
| Ubuntu 4051-1: Apport vulnerability (Jul 9) | ||
|
Apport could be made to expose sensitive information in crash reports. |
||
| Ubuntu 4049-2: GLib vulnerability (Jul 8) | ||
|
GLib did not properly restrict directory and file permissions. |
||
| Ubuntu 4050-1: ZeroMQ vulnerability (Jul 8) | ||
|
ZeroMQ could be made to crash or run programs if it received specially crafted network traffic. |
||
| Ubuntu 4049-1: GLib vulnerability (Jul 8) | ||
|
GLib did not properly restrict directory and file permissions. |
||
| Ubuntu 4048-1: Docker vulnerabilities (Jul 8) | ||
|
Docker could be made to overwrite files as the administrator. |
||
| Ubuntu 4047-1: libvirt vulnerabilities (Jul 8) | ||
|
Several security issues were fixed in libvirt. |
||
| Ubuntu: Ubuntu 18.10 (Cosmic Cuttlefish) reaches End of Life on July 18 2019 (Jul 4) | ||
| Ubuntu 4046-1: Irssi vulnerabilities (Jul 4) | ||
|
Several security issues were fixed in Irssi. |
||
| Ubuntu 4038-4: bzip2 regression (Jul 4) | ||
|
USN-4038-1 introduced a regression in bzip2. |
||
| Ubuntu 4038-3: bzip2 regression (Jul 4) | ||
|
USN-4038-1 introduced a regression in bzip2. |
||
| Debian LTS: DLA-1852-1: python3.4 security update (Jul 11) | ||
|
The urllib library in Python ships support for a second, not well known URL scheme for accessing local files ("local_file://"). This scheme can be used to circumvent protections that try to block local file access |
||
| Debian LTS: DLA-1851-1: openjpeg2 security update (Jul 10) | ||
|
Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000 image library. CVE-2016-9112 |
||
| Debian LTS: DLA-1850-1: redis security update (Jul 10) | ||
|
It was discovered that there were two heap buffer overflows in the Hyperloglog functionality provided by the Redis in-memory key-value database. |
||
| Debian LTS: DLA-1848-1: libspring-security-2.0-java security update (Jul 9) | ||
|
Spring Security support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user |
||
| Debian LTS: DLA-1849-1: zeromq3 security update (Jul 8) | ||
|
Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a lightweight messaging kernel library. A remote, unauthenticated client connecting to an application using the libzmq library, running with a |
||
| Debian LTS: DLA-1847-1: squid3 security update (Jul 7) | ||
|
It was discovered that there were multiple cross-site scripting vulnerabilities in the squid3 caching proxy server. For Debian 8 "Jessie", these issues have been fixed in squid3 |
||
| Debian LTS: DLA-1844-1: lemonldap-ng security update (Jul 4) | ||
|
It was discovered that there was a XML external entity vulnerability in the lemonldap-ng single-sign on system. This may have led to the disclosure of confidential data, denial of service, server side request forgery, port scanning, etc. |
||
| ArchLinux: 201907-3: python2-django: silent downgrade (Jul 9) | ||
|
The package python2-django before version 1.11.22-1 is vulnerable to silent downgrade. |
||
| ArchLinux: 201907-2: python-django: silent downgrade (Jul 9) | ||
|
The package python-django before version 2.2.3-1 is vulnerable to silent downgrade. |
||
| ArchLinux: 201907-1: irssi: arbitrary code execution (Jul 9) | ||
|
The package irssi before version 1.2.1-1 is vulnerable to arbitrary code execution. |
||
| CentOS: CESA-2019-1726: Important CentOS 6 dbus (Jul 11) | ||
|
Upstream details at : https://access.redhat.com/errata/RHSA-2019:1726 |
||
| SciLinux: SLSA-2019-1765-1 Critical: firefox on SL6.x i386/x86_64 (Jul 11) | ||
|
This update upgrades Firefox to version 60.8.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following [More...] |
||
| SciLinux: SLSA-2019-1763-1 Critical: firefox on SL7.x x86_64 (Jul 11) | ||
|
This update upgrades Firefox to version 60.8.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following [More...] |
||
| SciLinux: SLSA-2019-1726-1 Important: dbus on SL6.x i386/x86_64 (Jul 10) | ||
|
dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) SL6 x86_64 dbus-1.2.24-11.el6_10.x86_64.rpm dbus-debuginfo-1.2.24-11.el6_10.i686.rpm dbus-debuginfo-1.2.24-11.el6_10.x86_64.rpm dbus-libs-1.2.24-11.el6_10.i686.rpm dbus-libs-1.2.24-11.el6_10.x86_64.rpm dbus-x11-1.2.24-11.el6_10.x86_64.rpm dbus-devel-1.2.24-11.el6_10.i686.rpm dbus-devel-1 [More...] |
||
| openSUSE: 2019:1697-1: important: gvfs (Jul 7) | ||
|
An update that solves four vulnerabilities and has one errata is now available. |
||
| openSUSE: 2019:1699-1: important: gvfs (Jul 7) | ||
|
An update that solves four vulnerabilities and has one errata is now available. |
||
| Mageia 2019-0208: ffmpeg security update (Jul 11) | ||
|
This update provides ffmpeg version 4.1.4, which fixes several security vulnerabilities and other bugs which were corrected upstream References: - https://bugs.mageia.org/show_bug.cgi?id=25109 |
||
| Mageia 2019-0207: microcode security update (Jul 10) | ||
|
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices(AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. This update provides Amd SEV Firmware to 0.17 build 22 (CVE-2019-9836). |
||
| Mageia 2019-0206: irssi security update (Jul 10) | ||
|
Irssi before 1.0.8 and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server (CVE-2019-13045). References: - https://bugs.mageia.org/show_bug.cgi?id=25025 |
||
| Mageia 2019-0205: dosbox security update (Jul 10) | ||
|
Dosbox 0.74-3 is a security release: * Fixed that a very long line inside a bat file would overflow the parsing buffer. (CVE-2019-7165 by Alexandre Bartel) * Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when |
||
| Mageia 2019-0204: postgresql11 security update (Jul 10) | ||
|
An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. |
||
