Advisories

Linux Advisory Watch: July 24th, 2020

Thank you for subscribing to the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.


Important advisories issued this week include a warning from ArchLinux of multiple issues with freerdp and critical CentOS 6 and CentOS 7 Firefox updates mitigating multiple serious vulnerabilities in the popular web browser. Continue reading to learn about other significant advisories issued this week. Stay healthy, safe and secure - both on and offline!


LinuxSecurity.com Feature Extras:

Top 8 File and Disk Encryption Tools for Linux - Data protection is an imperative aspect of digital security for both businesses and individuals. In this new remote work environment brought on by COVID-19, securing ones private data is more critical than ever.

5 Open-Source Blockchain Technologies That Linux Users Need to Know About - With hundreds of thousands of open-source projects underway, its easy to say that open source has become a standard in software development. And when talking about open source, the first development environment that comes to mind is, of course, Linux. Halfway through 2020, around 50% of software developers say they use the Linux operating system (OS) for their projects.


  Debian: DSA-4733-1: qemu security update (Jul 24)
 

It was discovered that incorrect memory handling in the SLIRP networking implementation could result in denial of service or potentially the execution of arbitrary code.

  Debian: DSA-4732-1: squid security update (Jul 21)
 

Two security issues were discovered in the Squid proxy caching server, which could result in cache poisoning, request smuggling and incomplete validation of hostnames in cachemgr.cgi.

  Debian: DSA-4731-1: redis security update (Jul 19)
 

An integer overflow flaw leading to a stack-based buffer overflow was discovered in redis, a persistent key-value database. A remote attacker can use this flaw to cause a denial of service (application crash).

  Debian: DSA-4730-1: ruby-sanitize security update (Jul 19)
 

Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the "relaxed" or a custom config allowing certain elements. Content in a or element may not be sanitized correctly even

  Debian: DSA-4729-1: libopenmpt security update (Jul 19)
 

Two security issues were found in libopenmpt, a cross-platform C++ and C library to decode tracked music files, which could result in denial of service and potentially the execution of arbitrary if malformed music files are processed.

  Debian: DSA-4728-1: qemu security update (Jul 19)
 

Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service. For the stable distribution (buster), these problems have been fixed in

  Debian: DSA-4627-1: tomcat9 security update (Jul 17)
 

Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service. For the stable distribution (buster), these problems have been fixed in

  Debian: DSA-4726-1: nss security update (Jul 17)
 

Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in side channel/timing attacks or denial of service.

  Fedora 32: python27 2020-e9251de272 (Jul 23)
 

Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)

  Fedora 32: java-11-openjdk 2020-5d0b4a2b5b (Jul 23)
 

# July 2020 OpenJDK security update for OpenJDK 11 Full release notes: https://bitly.com/openjdk1108 ## Security fixes - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233234: Better Zip Naming - JDK-8233239, CVE-2020-14562: Enhance TIFF support - JDK-8233255: Better Swing Buttons -

  Fedora 32: mod_authnz_pam 2020-cfbed9c9ff (Jul 23)
 

Rebase to upstream release 1.2.1.

  Fedora 32: podofo 2020-ebbf149f3b (Jul 23)
 

Add patch to bump W_MAX_BYTES to 8.

  Fedora 31: singularity 2020-198fdb12a1 (Jul 22)
 

Upgrade to upstream 3.6.0. Remove patch #4679 for el8.

  Fedora 31: mbedtls 2020-5b60029fe2 (Jul 22)
 

- Update to 2.16.7 Security advisory: https://tls.mbed.org/tech- updates/security-advisories/mbedtls-security-advisory-2020-07

  Fedora 31: cacti 2020-7dddce530c (Jul 22)
 

- Update to 1.2.13 Release notes: https://www.cacti.net/release_notes.php?version=1.2.13

  Fedora 31: cacti-spine 2020-7dddce530c (Jul 22)
 

- Update to 1.2.13 Release notes: https://www.cacti.net/release_notes.php?version=1.2.13

  Fedora 31: xen 2020-76cf2b0f0a (Jul 22)
 

incorrect error handling in event channel port allocation leads to DoS [XSA-317, CVE-2020-15566] (#1854465) inverted code paths in x86 dirty VRAM tracking leads to DoS [XSA-319, CVE-2020-15563] (#1854463) xen: insufficient cache write-back under VT-d leads to DoS [XSA-321, CVE-2020-15565] (#1854467) missing alignment check in VCPUOP_register_vcpu_info leads to DoS [XSA-327, CVE-2020-15564]

  Fedora 32: java-1.8.0-openjdk 2020-e418151dc3 (Jul 22)
 

# July 2020 OpenJDK security update for OpenJDK 8. Full release notes: https://bitly.com/oj8u262 ## New features * [JDK-8223147](https://bugs.openjdk.java.net/browse/JDK-8223147): JFR Backport ## Security fixes - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578:

  Fedora 32: singularity 2020-716d38e751 (Jul 22)
 

Upgrade to upstream 3.6.0. Remove patch #4679 for el8.

  Fedora 32: mingw-python3 2020-dfb11916cc (Jul 22)
 

Backport patch for CVE-2019-20907. ---- Update to 3.8.3, backport patch for CVE-2020-14422.

  Fedora 32: cacti-spine 2020-8a15713da2 (Jul 22)
 

- Update to 1.2.13 Release notes: https://www.cacti.net/release_notes.php?version=1.2.13

  Fedora 32: mbedtls 2020-fa74e15364 (Jul 22)
 

- Update to 2.16.7 Security advisory: https://tls.mbed.org/tech- updates/security-advisories/mbedtls-security-advisory-2020-07

  Fedora 32: cacti 2020-8a15713da2 (Jul 22)
 

- Update to 1.2.13 Release notes: https://www.cacti.net/release_notes.php?version=1.2.13

  Fedora 31: mingw-LibRaw 2020-07f0a49a9e (Jul 21)
 

Backport fix for CVE-2020-15503.

  Fedora 31: php-horde-kronolith 2020-0fbd043bcf (Jul 21)
 

**kronolith 4.2.29** * [mjr] Fix regresssion in event modification notifications (Bug #15022). ---- **kronolith 4.2.28** * [mjr] **SECURITY**: Don't leak private details when sending notifications for private events (Bug #15011). * [mjr] Fix regression in display of clickable event URL property (Bug #14941).

  Fedora 31: mailman 2020-62f2df3ca4 (Jul 21)
 

notes=Security fix for CVE-2020-12108

  Fedora 32: mingw-LibRaw 2020-4f4c778096 (Jul 21)
 

Backport fix for CVE-2020-15503.

  Fedora 32: php-horde-kronolith 2020-2f88bad887 (Jul 21)
 

**kronolith 4.2.29** * [mjr] Fix regresssion in event modification notifications (Bug #15022). ---- **kronolith 4.2.28** * [mjr] **SECURITY**: Don't leak private details when sending notifications for private events (Bug #15011). * [mjr] Fix regression in display of clickable event URL property (Bug #14941).

  Fedora 32: targetcli 2020-83d2616f81 (Jul 21)
 

Update to version 2.1.53

  Fedora 32: glibc 2020-d860479b2a (Jul 18)
 

This update incorporates fixes from the upstream glibc 2.31 stable release branch, including a fix for a medium severity security vulnerability. (CVE-2020-6096)

  Fedora 32: nss 2020-3ef1937475 (Jul 18)
 

Updates the nspr and nss package to upstream NSPR 4.26 and NSS 3.54. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes: - https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.54_release_notes

  Fedora 32: nspr 2020-3ef1937475 (Jul 18)
 

Updates the nspr and nss package to upstream NSPR 4.26 and NSS 3.54. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes: - https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.54_release_notes

  Fedora 31: webkit2gtk3 2020-d2736ee493 (Jul 17)
 

Update to 2.28.3: * Fix kinetic scrolling with async scrolling. * Fix web process hangs on large GitHub pages. * Bubblewrap sandbox should not attempt to bind empty paths. * Fix threading issues in the media player. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850,

  Fedora 31: samba 2020-5131d30947 (Jul 17)
 

Update to Samba 4.11.11

  Fedora 31: libldb 2020-5131d30947 (Jul 17)
 

Update to Samba 4.11.11

  Fedora 31: python39 2020-b513391ca8 (Jul 16)
 

Update to 3.9.0b4

  Fedora 32: bashtop 2020-ff38f3a401 (Jul 16)
 

0.9.24 release

  Fedora 32: python39 2020-705c6ea5be (Jul 16)
 

Update to 3.9.0b4

  RedHat: RHSA-2020-3142:01 Important: Red Hat JBoss Enterprise Application (Jul 23)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3141:01 Important: Red Hat JBoss Enterprise Application (Jul 23)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3143:01 Important: Red Hat JBoss Enterprise Application (Jul 23)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3144:01 Important: Red Hat JBoss Enterprise Application (Jul 23)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3133:01 Important: Red Hat AMQ Broker 7.4.4 release and (Jul 23)
 

Red Hat AMQ Broker 7.4.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-2905:01 Important: Red Hat build of Thorntail 2.7.0 (Jul 23)
 

An update is now available for Red Hat build of Thorntail. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each

  RedHat: RHSA-2020-3118:01 Moderate: samba security update (Jul 23)
 

An update for samba is now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-3119:01 Moderate: samba security update (Jul 23)
 

An update for samba is now available for Red Hat Gluster Storage 3.5 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-3099:01 Important: java-11-openjdk security update (Jul 22)
 

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3098:01 Important: java-11-openjdk security update (Jul 22)
 

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3105:01 Important: openstack-keystone security update (Jul 22)
 

An update for openstack-keystone is now available for Red Hat OpenStack Platform 16 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3100:01 Important: java-1.8.0-openjdk security update (Jul 22)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3102:01 Important: openstack-keystone security update (Jul 22)
 

An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3101:01 Important: java-1.8.0-openjdk security update (Jul 22)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3096:01 Important: openstack-keystone security update (Jul 22)
 

An update for openstack-keystone is now available for Red Hat OpenStack Platform 10 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3090:01 Moderate: Red Hat OpenShift Service Mesh 1.1 (Jul 22)
 

An update for servicemesh-proxy is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-3087:01 Moderate: Red Hat OpenShift Jaeger 1.17.5 (Jul 22)
 

An update for jaeger-all-in-one-rhel7-container, jaeger-agent-rhel7-container, jaeger-collector-rhel7-container, jaeger-query-rhel7-container, jaeger-ingester-rhel7-container and jaeger-rhel7-operator-container is now available for Jaeger-1.17.

  RedHat: RHSA-2020-3084:01 Important: rh-nodejs10-nodejs security update (Jul 21)
 

An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3073:01 Important: kpatch-patch security update (Jul 21)
 

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-3053:01 Moderate: container-tools:rhel8 security, bug fix, (Jul 21)
 

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-3050:01 Low: cloud-init security, bug fix, (Jul 21)
 

An update for cloud-init is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-3038:01 Important: thunderbird security update (Jul 21)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-3032:01 Moderate: mod_auth_openidc:2.3 security and bug (Jul 21)
 

An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-3041:01 Important: kernel security and bug fix update (Jul 21)
 

An update for kernel is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3046:01 Important: thunderbird security update (Jul 21)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3045:01 Important: sane-backends security update (Jul 21)
 

An update for sane-backends is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3043:01 Important: jbig2dec security update (Jul 21)
 

An update for jbig2dec is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3044:01 Important: dbus security update (Jul 21)
 

An update for dbus is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3042:01 Important: nodejs:10 security update (Jul 21)
 

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3040:01 Important: virt:rhel security update (Jul 21)
 

An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3019:01 Important: kernel security, bug fix, (Jul 21)
 

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3016:01 Important: kernel-rt security and bug fix update (Jul 21)
 

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-3014:01 Important: dbus security update (Jul 21)
 

An update for dbus is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-3011:01 Moderate: NetworkManager security and bug fix (Jul 21)
 

An update for NetworkManager is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-3010:01 Important: kernel security, bug fix, (Jul 21)
 

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-2926:01 Moderate: OpenShift Container Platform 4.4.13 (Jul 21)
 

An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-2927:01 Moderate: OpenShift Container Platform 4.4.13 (Jul 21)
 

An update for machine-config-daemon and openshift is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-3005:01 Important: Red Hat Integration Debezium 1.1.3 (Jul 20)
 

An update for Debezium PostgreSQL connector is now available for Red Hat Integration. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-3003:01 Moderate: Red Hat Ceph Storage 4.1 security and (Jul 20)
 

An update is now available for Red Hat Ceph Storage 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-2989:01 Critical: .NET Core security update (Jul 17)
 

An update for .NET Core is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2020-2988:01 Critical: .NET Core security and bugfix update (Jul 16)
 

An update for .NET Core is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2020-2985:01 Important: java-1.8.0-openjdk security update (Jul 16)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-2968:01 Important: java-1.8.0-openjdk security update (Jul 16)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-2972:01 Important: java-1.8.0-openjdk security update (Jul 16)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-2969:01 Important: java-11-openjdk security update (Jul 16)
 

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-2970:01 Important: java-11-openjdk security and (Jul 16)
 

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-2971:01 Important: jbig2dec security update (Jul 16)
 

An update for jbig2dec is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2020-2966:01 Important: thunderbird security update (Jul 16)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2020-2967:01 Important: sane-backends security update (Jul 16)
 

An update for sane-backends is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  SUSE: 2020:2032-1 important: freerdp (Jul 23)
 

An update that fixes 31 vulnerabilities is now available.

  SUSE: 2020:2025-1 moderate: perl-YAML-LibYAML (Jul 23)
 

An update that contains security fixes can now be installed.

  SUSE: 2020:14437-1 moderate: samba (Jul 23)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:2028-1 moderate: libraw (Jul 23)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:2029-1 moderate: libraw (Jul 23)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:2027-1 important: the Linux Kernel (Jul 23)
 

An update that solves 19 vulnerabilities and has 162 fixes is now available.

  SUSE: 2020:2015-1 important: qemu (Jul 23)
 

An update that fixes 5 vulnerabilities is now available.

  SUSE: 2020:2008-1 important: java-11-openjdk (Jul 22)
 

An update that fixes 8 vulnerabilities is now available.

  SUSE: 2020:2009-1 moderate: vino (Jul 22)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:1992-1 important: webkit2gtk3 (Jul 21)
 

An update that fixes 8 vulnerabilities is now available.

  SUSE: 2020:1990-1 important: webkit2gtk3 (Jul 21)
 

An update that fixes 8 vulnerabilities is now available.

  SUSE: 2020:1991-1 important: xrdp (Jul 21)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:1983-1 important: tomcat (Jul 21)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:1984-1 moderate: openexr (Jul 21)
 

An update that fixes three vulnerabilities is now available.

  SUSE: 2020:1973-1 moderate: Salt (Jul 21)
 

An update that solves three vulnerabilities and has 12 fixes is now available.

  SUSE: 2020:14429-1 moderate: SUSE Manager Client Tools (Jul 21)
 

An update that solves three vulnerabilities and has 18 fixes is now available.

  SUSE: 2020:14430-1 moderate: SUSE Manager Client Tools (Jul 21)
 

An update that solves three vulnerabilities and has 18 fixes is now available.

  SUSE: 2020:1972-1 moderate: SUSE Manager Client Tools (Jul 21)
 

An update that solves four vulnerabilities and has 13 fixes is now available.

  SUSE: 2020:1970-1 moderate: SUSE Manager Client Tools (Jul 21)
 

An update that solves four vulnerabilities and has 15 fixes is now available.

  SUSE: 2020:1971-1 moderate: Salt (Jul 21)
 

An update that solves three vulnerabilities and has 12 fixes is now available.

  SUSE: 2020:14431-1 moderate: SUSE Manager Client Tools (Jul 21)
 

An update that solves 11 vulnerabilities and has 251 fixes is now available.

  SUSE: 2020:1974-1 moderate: salt (Jul 21)
 

An update that solves four vulnerabilities and has 7 fixes is now available.

  SUSE: 2020:1963-1 important: tomcat (Jul 20)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:1962-1 important: tomcat (Jul 20)
 

An update that fixes one vulnerability is now available.

  SUSE: 2020:1958-1 moderate: MozillaFirefox (Jul 20)
 

An update that contains security fixes can now be installed.

  SUSE: 2020:1957-1 moderate: cni-plugins (Jul 20)
 

An update that fixes one vulnerability is now available.

  Ubuntu 4434-1: LibVNCServer vulnerabilities (Jul 23)
 

Several security issues were fixed in LibVNCServer.

  Ubuntu 4433-1: OpenJDK vulnerabilities (Jul 23)
 

Several security issues were fixed in OpenJDK.

  Ubuntu 4430-2: Pillow vulnerabilities (Jul 23)
 

Pillow could be made to crash if it opened a specially crafted file.

  Ubuntu 4431-1: FFmpeg vulnerabilities (Jul 22)
 

Several security issues were fixed in FFmpeg.

  Ubuntu 4428-1: Python vulnerabilities (Jul 22)
 

Several security issues were fixed in Python.

  Ubuntu 4430-1: Pillow vulnerabilities (Jul 22)
 

Pillow could be made to crash if it opened a specially crafted file.

  Ubuntu 4429-1: Evolution Data Server vulnerability (Jul 22)
 

Evolution Data Server could be made to expose sensitive information over the network.

  Ubuntu 4427-1: Linux kernel vulnerabilities (Jul 22)
 

Several security issues were fixed in the Linux kernel.

  Ubuntu 4426-1: Linux kernel vulnerabilities (Jul 22)
 

Several security issues were fixed in the Linux kernel.

  Ubuntu 4425-1: Linux kernel vulnerabilities (Jul 22)
 

Several security issues were fixed in the Linux kernel.

  Ubuntu: Ubuntu 19.10 (Eoan Ermine) End of Life reached on July 17 2020 (Jul 17)
   
  Debian LTS: DLA-2287-1: poppler security update (Jul 23)
 

Several issues were found in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents.

  Debian LTS: DLA-2286-1: tomcat8 security update (Jul 22)
 

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2020-13934

  Debian LTS: DLA-2285-1: librsvg security update (Jul 22)
 

Several vulnerabilities have been found in librsvg, an SVG rendering library. This update corrects some denial of service issues via exponential element processing, stack exhaustion or application crash when processing specially crafted files, as well as some memory safety

  Debian LTS: DLA-2284-1: ksh security update (Jul 21)
 

A flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and

  Debian LTS: DLA-2283-1: nginx security update (Jul 20)
 

An HTTP request smuggling issue was discovered in the ngx_lua plugin for nginx, a high-performance web and reverse proxy server, as demonstrated by the ngx.location.capture API.

  Debian LTS: DLA-2282-1: rails security update (Jul 20)
 

Multiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application.

  Debian LTS: DLA-2281-1: evolution-data-server security update (Jul 16)
 

Damian Poddebniak and Fabian Ising discovered a response injection vulnerability in Evolution data server, which could enable MITM attacks.

  SciLinux: SLSA-2020-2966-1 Important: thunderbird on SL6.x i386/x86_64 (Jul 16)
 

Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) SL6 x86_64 thunderbird-68.10.0-1.el6_10.x86_64 [More...]

  openSUSE: 2020:1050-1: moderate: cni-plugins (Jul 23)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1051-1: important: tomcat (Jul 23)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1049-1: moderate: cni-plugins (Jul 23)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1043-1: moderate: xmlgraphics-batik (Jul 23)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1042-1: moderate: MozillaFirefox (Jul 23)
 

An update that contains security fixes can now be installed.

  openSUSE: 2020:1035-1: moderate: redis (Jul 23)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1037-1: important: singularity (Jul 23)
 

An update that solves 5 vulnerabilities and has one errata is now available.

  openSUSE: 2020:1035-1: moderate: redis (Jul 23)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1034-1: moderate: MozillaFirefox (Jul 22)
 

An update that contains security fixes can now be installed.

  openSUSE: 2020:1027-1: moderate: openconnect (Jul 21)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1025-1: important: LibVNCServer (Jul 21)
 

An update that fixes 10 vulnerabilities is now available.

  openSUSE: 2020:1023-1: important: ldb, samba (Jul 21)
 

An update that solves 6 vulnerabilities and has 7 fixes is now available.

  openSUSE: 2020:1022-1: moderate: ant (Jul 20)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1021-1: important: chromium (Jul 20)
 

An update that fixes 26 vulnerabilities is now available.

  openSUSE: 2020:1020-1: important: chromium (Jul 20)
 

An update that fixes 26 vulnerabilities is now available.

  openSUSE: 2020:1016-1: moderate: mumble (Jul 20)
 

An update that contains security fixes can now be installed.

  openSUSE: 2020:1017-1: important: MozillaFirefox (Jul 20)
 

An update that fixes 13 vulnerabilities is now available.

  openSUSE: 2020:1015-1: moderate: openexr (Jul 19)
 

An update that fixes three vulnerabilities is now available.

  openSUSE: 2020:1014-1: important: google-compute-engine (Jul 19)
 

An update that fixes three vulnerabilities is now available.

  openSUSE: 2020:1011-1: important: singularity (Jul 19)
 

An update that fixes three vulnerabilities is now available.

  openSUSE: 2020:1005-1: moderate: pdns-recursor (Jul 19)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1007-1: moderate: ntp (Jul 19)
 

An update that solves four vulnerabilities and has two fixes is now available.

  openSUSE: 2020:1005-1: moderate: pdns-recursor (Jul 19)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1003-1: moderate: cairo (Jul 19)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1002-1: important: python-ipaddress (Jul 19)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:0994-1: important: slirp4netns (Jul 18)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:0997-1: moderate: openconnect (Jul 18)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:1001-1: moderate: rubygem-puma (Jul 18)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:0996-1: important: google-compute-engine (Jul 18)
 

An update that fixes three vulnerabilities is now available.

  openSUSE: 2020:0999-1: important: xrdp (Jul 18)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:0987-1: important: slirp4netns (Jul 18)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:0990-1: moderate: rubygem-puma (Jul 18)
 

An update that fixes two vulnerabilities is now available.

  openSUSE: 2020:0988-1: important: LibVNCServer (Jul 18)
 

An update that fixes 10 vulnerabilities is now available.

  openSUSE: 2020:0989-1: important: python-ipaddress (Jul 18)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:0985-1: important: xen (Jul 18)
 

An update that solves 5 vulnerabilities and has one errata is now available.

  openSUSE: 2020:0984-1: important: samba (Jul 18)
 

An update that solves four vulnerabilities and has two fixes is now available.

  openSUSE: 2020:0976-1: important: openldap2 (Jul 17)
 

An update that solves one vulnerability and has one errata is now available.

  openSUSE: 2020:0978-1: important: LibVNCServer (Jul 17)
 

An update that fixes one vulnerability is now available.

  openSUSE: 2020:0983-1: important: MozillaFirefox (Jul 17)
 

An update that fixes 13 vulnerabilities is now available.

  openSUSE: 2020:0982-1: important: MozillaThunderbird (Jul 17)
 

An update that fixes 5 vulnerabilities is now available.

  openSUSE: 2020:0970-1: moderate: openexr (Jul 16)
 

An update that fixes three vulnerabilities is now available.

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.