Thank you for subscribing to the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.


Important advisories issued this week include a warning from ArchLinux of multiple issues with freerdp and a critical SuSE Linux update fixing a serious vulnerability in Python 3 which could lead to DoS conditions. Continue reading to learn about other significant advisories issued this week. Stay healthy, safe and secure - both on and offline!

LinuxSecurity.com Feature Extras:

7 Best Linux Distros for Security and Privacy in 2020 - Privacy and security are pressing concerns for all of us these days " not a day goes by that we arent bombarded with security news headlines about hacks, breaches and the increased storing and monitoring of sensitive personal information by governments and corporations.

What You Need to Know About Linux Rootkits [Updated] - Rootkits are an effective way for attackers to hide their tracks and keep access to the machines over which they have gained control. Read on to learn about rootkits, how to detect them and how to prevent them from being installed on your system in the first place.

  Debian: DSA-4716-1: docker.io security update (Jul 2)
 

Etienne Champetier discovered that Docker, a Linux container runtime, created network bridges which by default accept IPv6 router advertisements. This could allow an attacker with the CAP_NET_RAW capability in a container to spoof router advertisements, resulting in information
  Debian: DSA-4715-1: imagemagick security update (Jul 2)
 

This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.
  Debian: DSA-4714-1: chromium security update (Jul 1)
   
  Debian: DSA-4713-1: firefox-esr security update (Jul 1)
 

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
  Debian: DSA-4712-1: imagemagick security update (Jun 30)
 

This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.
  Debian: DSA-4711-1: coturn security update (Jun 29)
 

Several vulnerabilities were discovered in coturn, a TURN and STUN server for VoIP. CVE-2020-4067
  Debian: DSA-4710-1: trafficserver security update (Jun 27)
 

A vulnerability was discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service via malformed HTTP/2 headers.
  Fedora 31: alpine 2020-f822ea9330 (Jul 2)
 

2.23 fixes CVE-2020-14929 (#1850048,#1850047) and new version (#1848786)
  Fedora 32: firefox 2020-55077d678a (Jul 2)
 

Update to latest upstream version
  Fedora 32: hostapd 2020-df3e1cfde9 (Jul 2)
 

Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP)
  Fedora 32: mutt 2020-1cb4c3697b (Jul 2)
 

Security fix for CVE-2020-14954
  Fedora 32: alpine 2020-386249cec2 (Jul 2)
 

2.23 fixes CVE-2020-14929 (#1850048,#1850047) and new version (#1848786)
  Fedora 32: chromium 2020-08561721ad (Jul 1)
 

Update to 83.0.4103.116. Fixes CVE-2020-6509. ---- Black Lives Matter. Saying this does not mean that other lives do not matter. It should not be controversial to say this. If I say Chromium updates matter, it does not mean that other Fedora packages do not matter, it means that a Chromium update is needed to fix this giant pile of severe security vulnerabilities, here, today,
  Fedora 32: ntp 2020-a0b39d58db (Jul 1)
 

This update fixes a security issue causing a memory leak when an AES-CMAC key is enabled for authentication.
  Fedora 32: libEMF 2020-964e46d289 (Jun 30)
 

This release fixes security issue CVE-2020-13999 .
  Fedora 32: php-PHPMailer 2020-06e87e71fe (Jun 30)
 

Fix CVE-2020-13625 vulnerability.
  Fedora 32: lynis 2020-f251753b0f (Jun 30)
 

Update to 3.0.0 (rhbz #1848716), fixes CVE-2020-13882 / CVE-2019-13033
  Fedora 31: libEMF 2020-4407a1983d (Jun 30)
 

This release fixes security issue CVE-2020-13999 .
  Fedora 31: php-PHPMailer 2020-0bbe6304e3 (Jun 30)
 

Fix CVE-2020-13625 vulnerability.
  Fedora 31: lynis 2020-059e1591d6 (Jun 30)
 

Update to 3.0.0 (rhbz #1848716), Fixes CVE-2020-13882 / CVE-2019-13033
  Fedora 31: xen 2020-e49a911382 (Jun 28)
 

Special Register Buffer speculative side channel [XSA-320]
  Fedora 32: curl FEDORA-2020-6af1dd2936 (Jun 26)
 

- avoid overwriting a local file with -J (CVE-2020-8177) - fix partial password leak over DNS on HTTP redirect (CVE-2020-8169)
  Fedora 31: suricata FEDORA-2020-cd84e46e68 (Jun 25)
 

This release fixes a number of issues found in the 4.1 branch.
  Fedora 31: microcode_ctl FEDORA-2020-11ddbfbdf0 (Jun 25)
 

Security fix for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543 ---- Security fixes for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543
  Fedora 31: fwupd FEDORA-2020-ad1c74c2a1 (Jun 25)
 

- New upstream release - Actually reload the DFU device after upgrade has completed - Capture the dock SKU in report metadata - Correctly set the Logitech device protocol - Do not use shim for non-secure boot configurations - Ensure that the DeviceID is set for child devices - Fix an error when detaching MSP430 - Fix the DeviceID set by GetDetails - Force the prometheus minor version from
  Fedora 31: thunderbird FEDORA-2020-5f7f8fcbce (Jun 25)
 

Update to latest upstream version.
  Fedora 32: mingw-sane-backends FEDORA-2020-b845771719 (Jun 25)
 

https://gitlab.com/sane-project/backends/-/releases
  Fedora 32: mingw-libjpeg-turbo FEDORA-2020-86fa578c8d (Jun 25)
 

Security fix for CVE-2020-13790
  RedHat: RHSA-2020-2817:01 Moderate: rh-nginx116-nginx security update (Jul 2)
 

An update for rh-nginx116-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2816:01 Important: RH-SSO 7.4.1 adapters for Red Hat (Jul 2)
 

A security update is now available for Red Hat Single Sign-On 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 6 Red Hat Product Security has rated this update as having a security impact of
  RedHat: RHSA-2020-2814:01 Important: RH-SSO 7.4.1 adapters for Red Hat (Jul 2)
 

A security update is now available for Red Hat Single Sign-On 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 7.3 Red Hat Product Security has rated this update as having a security impact of
  RedHat: RHSA-2020-2813:01 Important: Red Hat Single Sign-On 7.4.1 security (Jul 2)
 

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2795:01 Important: Red Hat OpenShift Service Mesh 1.1 (Jul 1)
 

An update for servicemesh-operator is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2799:01 Important: Red Hat OpenShift Service Mesh (Jul 1)
 

An update for servicemesh-cni is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2796:01 Important: Red Hat OpenShift Service Mesh (Jul 1)
 

An update for servicemesh-grafana is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2798:01 Important: Red Hat OpenShift Service Mesh 1.1 (Jul 1)
 

An update for servicemesh-proxy is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2595:01 Moderate: OpenShift Container Platform 4.2.36 (Jul 1)
 

An update for ose-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2592:01 Moderate: OpenShift Container Platform 4.2.36 (Jul 1)
 

An update for containernetworking-plugins is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2594:01 Moderate: OpenShift Container Platform 4.2.36 (Jul 1)
 

An update for openshift is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2776:01 Moderate: OpenShift Container Platform 4.2.36 (Jul 1)
 

Red Hat OpenShift Container Platform release 4.2.36 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2593:01 Moderate: OpenShift Container Platform 4.2.36 (Jul 1)
 

An update for python-psutil is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2784:01 Important: httpd24-nghttp2 security update (Jul 1)
 

An update for httpd24-nghttp2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2783:01 Important: Red Hat JBoss Enterprise Application (Jul 1)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2779:01 Important: Red Hat JBoss Enterprise Application (Jul 1)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2780:01 Important: Red Hat JBoss Enterprise Application (Jul 1)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact
  RedHat: RHSA-2020-2781:01 Important: Red Hat JBoss Enterprise Application (Jul 1)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2777:01 Moderate: kernel-rt security and bug fix update (Jul 1)
 

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  RedHat: RHSA-2020-2774:01 Important: virt:rhel security update (Jun 30)
 

An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2773:01 Important: virt:rhel security update (Jun 30)
 

An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2770:01 Moderate: kernel security and bug fix update (Jun 30)
 

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
  RedHat: RHSA-2020-2769:01 Important: ruby security update (Jun 30)
 

An update for ruby is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
  RedHat: RHSA-2020-2771:01 Moderate: microcode_ctl security, (Jun 30)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.4 Advances Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2768:01 Low: file security update (Jun 30)
 

An update for file is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
  RedHat: RHSA-2020-2761:01 Important: chromium-browser security update (Jun 29)
 

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2737:01 Important: OpenShift Container Platform 4.4.z (Jun 29)
 

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2758:01 Moderate: microcode_ctl security, (Jun 29)
 

An update for microcode_ctl is now available for Red at Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2757:01 Moderate: microcode_ctl security, (Jun 29)
 

An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2755:01 Important: nghttp2 security update (Jun 25)
 

An update for nghttp2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-2751:01 Important: Red Hat AMQ Broker 7.7 release and (Jun 25)
 

Red Hat AMQ Broker 7.7 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  Slackware: 2020-181-01: mozilla-firefox Security Update (Jun 29)
 

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
  SUSE: 2020:1828-1 moderate: systemd (Jul 2)
 

An update that solves one vulnerability and has 9 fixes is now available.
  SUSE: 2020:1822-1 important: python3 (Jul 2)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1823-1 moderate: ntp (Jul 2)
 

An update that solves four vulnerabilities and has two fixes is now available.
  SUSE: 2020:1819-1 important: unbound (Jul 1)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:14415-1 moderate: ntp (Jul 1)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2020:1806-1 transfig (Jun 30)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:1807-1 moderate: openconnect (Jun 30)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1805-1 moderate: ntp (Jun 30)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2020:1803-1 important: squid (Jun 30)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:1800-1 moderate: xmlgraphics-batik (Jun 30)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1798-1 moderate: mariadb-100 (Jun 30)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:14414-1 important: mutt (Jun 30)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:1796-1 moderate: unzip (Jun 29)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1794-1 important: mutt (Jun 29)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:1792-1 moderate: python3-requests (Jun 26)
 

An update that solves two vulnerabilities and has 10 fixes is now available.
  SUSE: 2020:1790-1 important: tomcat (Jun 26)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1791-1 important: tomcat (Jun 26)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1788-1 important: tomcat (Jun 26)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1789-1 important: tomcat (Jun 26)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1779-1 important: the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Jun 26)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2020:1784-1 important: the Linux Kernel (Live Patch 27 for SLE 12 SP3) (Jun 26)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:1771-1 important: mutt (Jun 26)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:1773-1 important: curl (Jun 26)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1772-1 important: unbound (Jun 26)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:1770-1 important: squid (Jun 26)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1769-1 important: squid (Jun 26)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1781-1 important: the Linux Kernel (Live Patch 29 for SLE 12 SP3) (Jun 26)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1775-1 important: the Linux Kernel (Live Patch 3 for SLE 12 SP5) (Jun 26)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:1749-1 important: tigervnc (Jun 25)
 

An update that solves 5 vulnerabilities and has four fixes is now available.
  SUSE: 2020:1767-1 important: the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Jun 25)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:1754-1 important: the Linux Kernel (Live Patch 9 for SLE 12 SP4) (Jun 25)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:1764-1 important: the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Jun 25)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1758-1 important: the Linux Kernel (Live Patch 5 for SLE 12 SP4) (Jun 25)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:1747-1 important: ceph (Jun 25)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1748-1 important: ceph (Jun 25)
 

An update that solves one vulnerability and has 9 fixes is now available.
  Ubuntu 4414-1: Linux kernel vulnerabilities (Jul 2)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4413-1: Linux kernel vulnerabilities (Jul 2)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4412-1: Linux kernel vulnerabilities (Jul 2)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4411-1: Linux kernel vulnerabilities (Jul 2)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4410-1: Net-SNMP vulnerability (Jul 2)
 

Net-SNMP could be made to crash if it received specially crafted input.
  Ubuntu 4409-1: Samba vulnerabilities (Jul 2)
 

Several security issues were fixed in Samba.
  Ubuntu 4408-1: Firefox vulnerabilities (Jul 2)
 

Firefox could be made to crash or run programs as your login if it opened a malicious website.
  Ubuntu 4407-1: LibVNCServer vulnerabilities (Jul 2)
 

Several security issues were fixed in LibVNCServer.
  Ubuntu: Ubuntu 19.10 (Eoan Ermine) reaches End of Life on July 17 2020 (Jul 2)
   
  Ubuntu 4406-1: Mailman vulnerability (Jun 29)
 

Mailman could be made to inject arbitrary content in the login page if it received a specially crafted input.
  Ubuntu 4405-1: GLib Networking vulnerability (Jun 29)
 

Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
  Ubuntu 4404-2: Linux kernel vulnerabilities (Jun 25)
 

Several security issues were fixed in the NVIDIA graphics driver kernel modules.
  Ubuntu 4404-1: NVIDIA graphics drivers vulnerabilities (Jun 25)
 

Several security issues were fixed in NVIDIA graphics drivers.
  Debian LTS: DLA-2268-2: mutt regression update (Jun 30)
 

Two vulnerabilities have been discovered in mutt, a console email client. CVE-2020-14093
  Debian LTS: DLA-2268-1: mutt security update (Jun 30)
 

Two vulnerabilities have been discovered in mutt, a console email client. CVE-2020-14093
  Debian LTS: DLA-2267-1: libmatio security update (Jun 30)
 

In libmatio, a library to read and write Matlab MAT files, a vulnerability was fixed in Mat_VarReadNextInfo4 in mat4.c that could lead to a heap-based buffer over-read in strdup_vprintf.
  Debian LTS: DLA-2266-1: nss security update (Jun 30)
 

Several vulnerabilities were fixed in nss, the Network Security Service libraries. CVE-2020-12399
  Debian LTS: DLA-2265-1: mailman security update (Jun 30)
 

GNU Mailman allowed arbitrary content injection via the Cgi/private.py private archive login page.
  Debian LTS: DLA-2264-1: libvncserver security update (Jun 30)
 

Several vulnerabilities have been discovered in libVNC (libvncserver Debian package), an implemenantation of the VNC server and client protocol.
  Debian LTS: DLA-2263-1: drupal7 security update (Jun 30)
 

CVE-2020-13663 - Drupal SA 2020-004 The Drupal core Form API does not properly handle certain form
  Debian LTS: DLA-2262-1: qemu security update (Jun 29)
 

Several vulnerabilities were fixed in qemu, a fast processor emulator. CVE-2020-1983
  Debian LTS: DLA-2261-1: php5 security update (Jun 29)
 

It has been discovered, that a vulnerability in php5, a server-side, HTML-embedded scripting language, could lead to exhausted disk space on the server. When using overly long filenames or field names, a memory
  Debian LTS: DLA-2260-1: mcabber security update (Jun 28)
 

It was discovered that there was a "roster push attack" in mcabber, a console-based Jabber (XMPP) client. This is identical to CVE-2015-8688 for gajim.
  Debian LTS: DLA-2259-1: picocom security update (Jun 28)
 

It was discovered that there was a command injection vulnerability in picocom, a minimal dumb-terminal emulation program.
  Debian LTS: DLA-2258-1: zziplib security update (Jun 28)
 

Several issues have been fixed in zziplib, a library providing read access on ZIP-archives. They are basically all related to invalid memory access and resulting crash or memory leak.
  Debian LTS: DLA-2257-1: pngquant security update (Jun 28)
 

It was found that pngquant, a PNG (Portable Network Graphics) image optimising utility, is susceptible to a buffer overflow write issue triggered by a maliciously crafted png image, which could lead into
  Debian LTS: DLA-2256-1: libtirpc security update (Jun 28)
 

It was discovered that libtiprc, a transport-independent RPC library, could be used for a denial of service or possibly unspecified other impact by a stack-based buffer overflow due to a flood of crafted ICMP and UDP
  Debian LTS: DLA-2255-1: libtasn1-6 security update (Jun 28)
 

A vulnerability has been discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library.
  Debian LTS: DLA-2254-1: alpine security update (Jun 25)
 

CVE-2020-14929 Alpine before 2.23 silently proceeds to use an insecure connection
  ArchLinux: 202006-16: tomcat8: denial of service (Jun 30)
 

The package tomcat8 before version 8.5.56-1 is vulnerable to denial of service.
  ArchLinux: 202006-15: freerdp: multiple issues (Jun 30)
 

The package freerdp before version 2:2.1.2-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.
  ArchLinux: 202006-14: imagemagick: information disclosure (Jun 30)
 

The package imagemagick before version 7.0.10.20-1 is vulnerable to information disclosure.
  ArchLinux: 202006-13: bind: denial of service (Jun 30)
 

The package bind before version 9.16.4-1 is vulnerable to denial of service.
  ArchLinux: 202006-12: chromium: arbitrary code execution (Jun 30)
 

The package chromium before version 83.0.4103.116-1 is vulnerable to arbitrary code execution.
  ArchLinux: 202006-11: sqlite: arbitrary code execution (Jun 30)
 

The package sqlite before version 3.32.3-1 is vulnerable to arbitrary code execution.
  openSUSE: 2020:0917-1: important: opera (Jul 2)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2020:0908-1: important: curl (Jun 29)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0914-1: important: squid (Jun 29)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0915-1: important: mutt (Jun 29)
 

An update that fixes three vulnerabilities is now available.
  openSUSE: 2020:0912-1: important: unbound (Jun 29)
 

An update that fixes three vulnerabilities is now available.
  openSUSE: 2020:0910-1: important: squid (Jun 29)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0913-1: important: unbound (Jun 29)
 

An update that fixes three vulnerabilities is now available.
  openSUSE: 2020:0911-1: important: tomcat (Jun 29)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0906-1: moderate: graphviz (Jun 29)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0903-1: important: mutt (Jun 29)
 

An update that fixes three vulnerabilities is now available.
  openSUSE: 2020:0902-1: important: chromium (Jun 29)
 

An update that solves one vulnerability and has 5 fixes is now available.
  openSUSE: 2020:0898-1: important: ceph (Jun 29)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0893-1: important: chromium (Jun 28)
 

An update that solves four vulnerabilities and has four fixes is now available.
  openSUSE: 2020:0892-1: moderate: grafana, grafana-piechart-panel, grafana-status-panel (Jun 28)
 

An update that fixes three vulnerabilities is now available.
  openSUSE: 2020:0887-1: important: chromium (Jun 28)
 

An update that solves one vulnerability and has 5 fixes is now available.
  openSUSE: 2020:0883-1: important: curl (Jun 27)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2020:0880-1: mercurial (Jun 27)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0876-1: moderate: graphviz (Jun 26)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0872-1: moderate: bluez (Jun 26)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0870-1: moderate: mariadb (Jun 26)
 

An update that fixes 5 vulnerabilities is now available.
  openSUSE: 2020:0869-1: mercurial (Jun 26)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0865-1: moderate: uftpd (Jun 25)
 

An update that fixes one vulnerability is now available.