Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.
| |
Debian: DSA-4472-1: expat security update (Jun 28) |
| |
It was discovered that Expat, an XML parsing C library, did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service.
|
| |
Debian: DSA-4471-1: thunderbird security update (Jun 24) |
| |
For the stable distribution (stretch), these problems have been fixed in
|
| |
Debian: DSA-4469-1: libvirt security update (Jun 22) |
| |
Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the
|
| |
Debian: DSA-4468-1: php-horde-form security update (Jun 21) |
| |
A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution.
|
| |
Debian: DSA-4447-2: intel-microcode security update (Jun 20) |
| |
DSA 4447-1 shipped updated CPU microcode for most types of Intel CPUs as mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities. This update provides additional support for some Sandybridge server
|
|
|
| |
Fedora 29: drupal7-uuid FEDORA-2019-a872068cd3 (Jun 28) |
| |
- https://www.drupal.org/project/uuid/releases/7.x-1.3 - https://www.drupal.org/sa-contrib-2019-052
|
| |
Fedora 29: php-typo3-phar-stream-wrapper2 FEDORA-2019-af7bef7165 (Jun 28) |
| |
## php-typo3-phar-stream-wrapper2 ### v2.1.2 Handling mime-type & Windows paths #### Resolved Issues - \#34: Normalize resolved Windows path to Unix-style - \#42: Avoid analysing non-phar files on alias resolving - \#40: Add Windows tests using AppVeyor - \#33: Add alternative mime-type resolving (without ext- fileinfo) ### v2.1.1 Phar Alias Handling & Performance Releases v3.1.1 and
|
| |
Fedora 29: php-brumann-polyfill-unserialize FEDORA-2019-af7bef7165 (Jun 28) |
| |
## php-typo3-phar-stream-wrapper2 ### v2.1.2 Handling mime-type & Windows paths #### Resolved Issues - \#34: Normalize resolved Windows path to Unix-style - \#42: Avoid analysing non-phar files on alias resolving - \#40: Add Windows tests using AppVeyor - \#33: Add alternative mime-type resolving (without ext- fileinfo) ### v2.1.1 Phar Alias Handling & Performance Releases v3.1.1 and
|
| |
Fedora 30: drupal7-uuid FEDORA-2019-9f613ab692 (Jun 26) |
| |
- https://www.drupal.org/project/uuid/releases/7.x-1.3 - https://www.drupal.org/sa-contrib-2019-052
|
| |
Fedora 30: php-brumann-polyfill-unserialize FEDORA-2019-a8121923d5 (Jun 26) |
| |
## php-typo3-phar-stream-wrapper2 ### v2.1.2 Handling mime-type & Windows paths #### Resolved Issues - \#34: Normalize resolved Windows path to Unix-style - \#42: Avoid analysing non-phar files on alias resolving - \#40: Add Windows tests using AppVeyor - \#33: Add alternative mime-type resolving (without ext- fileinfo) ### v2.1.1 Phar Alias Handling & Performance Releases v3.1.1 and
|
| |
Fedora 30: php-typo3-phar-stream-wrapper2 FEDORA-2019-a8121923d5 (Jun 26) |
| |
## php-typo3-phar-stream-wrapper2 ### v2.1.2 Handling mime-type & Windows paths #### Resolved Issues - \#34: Normalize resolved Windows path to Unix-style - \#42: Avoid analysing non-phar files on alias resolving - \#40: Add Windows tests using AppVeyor - \#33: Add alternative mime-type resolving (without ext- fileinfo) ### v2.1.1 Phar Alias Handling & Performance Releases v3.1.1 and
|
| |
Fedora 30: thunderbird FEDORA-2019-fd116d3002 (Jun 24) |
| |
Update to latest upstream version.
|
| |
Fedora 30: tomcat FEDORA-2019-1a3f878d27 (Jun 24) |
| |
This update includes a rebase from 9.0.13 up to 9.0.21 which resolves two CVEs along with various other bugs/features: * rhbz#1673856 tomcat-9.0.21 is available * rhbz#1713279 CVE-2019-0221 tomcat: XSS in SSI printenv * rhbz#1693326 CVE-2019-0199 tomcat: Apache Tomcat HTTP/2 DoS
|
| |
Fedora 30: mozjs60 Security Update (Jun 23) |
| |
Fix CVE-2019-11707 Fix CVE-2019-11708
|
| |
Fedora 30: gjs Security Update (Jun 23) |
| |
Fix CVE-2019-11707 Fix CVE-2019-11708
|
| |
Fedora 29: libxslt Security Update (Jun 23) |
| |
Update to 1.1.33 and fix CVE-2019-11068
|
| |
Fedora 29: poppler Security Update (Jun 21) |
| |
Security fix for CVE-2019-12293, CVE-2019-10872 and CVE-2019-10871.
|
| |
Fedora 29: evince Security Update (Jun 21) |
| |
Security fix for CVE-2019-11459.
|
| |
Fedora 29: firefox Security Update (Jun 21) |
| |
- New upstream version (67.0.4) - Fixes CVE-2019-11708: sandbox escape using Prompt:Open - Release notes are at https://www.mozilla.org/en-US/firefox/67.0.4/releasenotes/
|
| |
Fedora 30: firefox Security Update (Jun 21) |
| |
- New upstream version (67.0.4) - Fixes CVE-2019-11708: sandbox escape using Prompt:Open - Release notes are at https://www.mozilla.org/en-US/firefox/67.0.4/releasenotes/
|
| |
Fedora 29: firefox Security Update (Jun 20) |
| |
- New upstream version (67.0.3) - Fixed CVE-2019-11707: Type confusion in Array.pop ---- - New upstream version (67.0.2) - Release notes are available at https://www.mozilla.org/en-US/firefox/67.0.2/releasenotes/
|
|
|
| |
RedHat: RHSA-2019-1633:01 Moderate: Red Hat OpenShift Container Platform (Jun 27) |
| |
An update for atomic-openshift is now available for OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-1632:01 Moderate: Red Hat OpenShift Container Platform (Jun 27) |
| |
An update for atomic-openshift is now available for OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-1626:01 Important: thunderbird security update (Jun 27) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-1624:01 Important: thunderbird security update (Jun 27) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-1623:01 Important: thunderbird security update (Jun 27) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-1619:01 Important: vim security update (Jun 27) |
| |
An update for vim is now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-1591:01 Low: OpenShift Container Platform 4.1 image (Jun 26) |
| |
An update for ose-cluster-kube-apiserver-operator-container and ose-cluster-openshift-apiserver-operator-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-1603:01 Critical: firefox security update (Jun 25) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-1604:01 Critical: firefox security update (Jun 25) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-1602:01 Important: kernel-alt security update (Jun 25) |
| |
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-1594:01 Important: redhat-virtualization-host security (Jun 25) |
| |
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this updated as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-1587:01 Important: python security update (Jun 20) |
| |
An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-1580:01 Important: virt:rhel security update (Jun 20) |
| |
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-1579:01 Important: libvirt security and bug fix update (Jun 20) |
| |
An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-1569:01 Moderate: redhat-virtualization-host security and (Jun 20) |
| |
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-1571:01 Moderate: rhvm-appliance security, bug fix, (Jun 20) |
| |
An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-1578:01 Moderate: libvirt security update (Jun 20) |
| |
An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
|
| |
Slackware: 2019-172-01: mozilla-firefox Security Update (Jun 21) |
| |
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.
|
| |
Slackware: 2019-171-01: bind Security Update (Jun 20) |
| |
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a denial-of-service security issue.
|
|
|
| |
SUSE: 2019:1716-1 moderate: glibc (Jun 27) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2019:1308-2 important: java-1_8_0-ibm (Jun 27) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2019:1712-1 moderate: ImageMagick (Jun 25) |
| |
An update that solves 9 vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2019:1703-1 moderate: SUSE Manager Server 3.2 (Jun 25) |
| |
An update that solves one vulnerability and has 24 fixes is now available.
|
| |
SUSE: 2019:1693-1 moderate: tomcat (Jun 25) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:1692-1 important: the Linux Kernel (Jun 24) |
| |
An update that solves 9 vulnerabilities and has 7 fixes is now available.
|
| |
SUSE: 2019:1690-1 important: libvirt (Jun 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1686-1 important: libvirt (Jun 24) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:1687-1 moderate: postgresql96 (Jun 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1574-2 important: samba (Jun 24) |
| |
An update that solves one vulnerability and has four fixes is now available.
|
| |
SUSE: 2019:14102-1 important: glib2 (Jun 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1684-1 important: MozillaFirefox (Jun 22) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1683-1 important: MozillaThunderbird (Jun 22) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
SUSE: 2019:1682-1 important: MozillaFirefox (Jun 22) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1648-1 moderate: Recommended evince (Jun 21) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:1674-1 important: the Linux Kernel (Live Patch 0 for SLE 12 SP4) (Jun 21) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2019:1645-1 moderate: netpbm (Jun 21) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:1668-1 important: the Linux Kernel (Live Patch 32 for SLE 12 SP1) (Jun 21) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:1671-1 important: the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Jun 21) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:1644-1 important: java-1_8_0-ibm (Jun 21) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2019:1643-1 important: libvirt (Jun 21) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:14101-1 moderate: netpbm (Jun 21) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:14100-1 important: libvirt (Jun 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1637-1 important: libvirt (Jun 21) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:1596-1 important: glib2 (Jun 21) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2019:1607-1 moderate: wireshark (Jun 21) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2019:14098-1 moderate: libssh2_org (Jun 21) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:1606-1 moderate: libssh2_org (Jun 21) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:1603-1 moderate: exempi (Jun 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1597-1 important: dbus-1 (Jun 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1599-1 important: libvirt (Jun 21) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2019:1610-1 moderate: wireshark (Jun 21) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2019:1601-1 important: sqlite3 (Jun 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1608-1 moderate: compat-openssl098 (Jun 21) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2019:1591-1 important: dbus-1 (Jun 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1629-1 important: MozillaFirefox (Jun 21) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:1594-1 important: glib2 (Jun 21) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:1602-1 important: gstreamer-0_10-plugins-base (Jun 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:14097-1 important: libvirt (Jun 21) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:1595-1 important: dbus-1 (Jun 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1605-1 moderate: SDL2 (Jun 21) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:14099-1 moderate: libssh2_org (Jun 21) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:1600-1 important: gstreamer-plugins-base (Jun 21) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1581-1 important: the Linux Kernel (Live Patch 3 for SLE 15) (Jun 20) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2019:1588-1 important: the Linux Kernel (Live Patch 10 for SLE 15) (Jun 20) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:1576-1 important: enigmail (Jun 20) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:1574-1 important: samba (Jun 20) |
| |
An update that solves one vulnerability and has four fixes is now available.
|
|
|
| |
Ubuntu 4042-1: poppler vulnerabilities (Jun 27) |
| |
Several security issues were fixed in poppler.
|
| |
Ubuntu 4040-2: Expat vulnerability (Jun 26) |
| |
Expat could be made to consume a high amount of RAM and CPU resources if it received a specially crafted XML file.
|
| |
Ubuntu 4040-1: Expat vulnerability (Jun 26) |
| |
Expat could be made to consume a high amount of RAM and CPU resources if it received a specially crafted XML file.
|
| |
Ubuntu 4038-2: bzip2 vulnerabilities (Jun 26) |
| |
Several security issues were fixed in bzip2.
|
| |
Ubuntu 4038-1: bzip2 vulnerabilities (Jun 26) |
| |
Several security issues were fixed in bzip2.
|
| |
Ubuntu 4037-1: policykit-desktop-privileges update (Jun 25) |
| |
A security improvement has been made to policykit-desktop-privileges.
|
| |
Ubuntu 4036-1: OpenStack Neutron vulnerability (Jun 25) |
| |
A system hardening measure could be bypassed.
|
| |
Ubuntu 4035-1: Ceph vulnerabilities (Jun 25) |
| |
Several security issues were fixed in Ceph.
|
| |
Ubuntu 4034-1: ImageMagick vulnerabilities (Jun 25) |
| |
Several security issues were fixed in ImageMagick.
|
| |
Ubuntu 4033-1: libmysofa vulnerability (Jun 24) |
| |
libmysofa could be made to crash if it received specially crafted input.
|
| |
Ubuntu 4032-1: Firefox vulnerability (Jun 24) |
| |
A sandbox escape was discovered in Firefox.
|
| |
Ubuntu 4031-1: Linux kernel vulnerability (Jun 24) |
| |
64-Bit PowerPC systems could be made to expose sensitive information.
|
| |
Ubuntu 4030-1: web2py vulnerabilities (Jun 21) |
| |
Several security issues were fixed in web2py.
|
| |
Ubuntu 3977-3: Intel Microcode update (Jun 20) |
| |
The system could be made to expose sensitive information.
|
| |
Ubuntu 4023-1: Mosquitto vulnerabilities (Jun 20) |
| |
Several security issues were fixed in Mosquitto.
|
| |
Ubuntu 4028-1: Thunderbird vulnerabilities (Jun 20) |
| |
Several security issues were fixed in Thunderbird.
|
| |
Ubuntu 4027-1: PostgreSQL vulnerability (Jun 20) |
| |
PostgreSQL could be made to crash or run programs if it received specially crafted network traffic.
|
| |
Ubuntu 4026-1: Bind vulnerability (Jun 20) |
| |
Bind could be made to crash if it received specially crafted network traffic.
|
|
|
| |
Debian LTS: DLA-1838-1: mupdf security update (Jun 28) |
| |
Several minor issues have been fixed in mupdf, a lightweight PDF viewer tailored for display of high quality anti-aliased graphics.
|
| |
Debian LTS: DLA-1835-2: python3.4 regression update (Jun 25) |
| |
The update issued as DLA-1835-1 caused a regression in the http.client library in Python 3.4 which was broken by the patch intended to fix CVE-2019-9740 and CVE-2019-9947.
|
| |
Debian LTS: DLA-1837-1: rdesktop security update (Jun 25) |
| |
Several security vulnerabilities were discovered in the rdesktop RDP client, which could result in buffer overflows and execution of arbitrary code.
|
| |
Debian LTS: DLA-1836-1: thunderbird security update (Jun 25) |
| |
Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8 "Jessie", these problems have been fixed in version
|
| |
Debian LTS: DLA-1835-1: python3.4 security update (Jun 24) |
| |
Multiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language, including
|
| |
Debian LTS: DLA-1834-1: python2.7 security update (Jun 24) |
| |
Multiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language, including
|
| |
Debian LTS: DLA-1833-1: bzip2 security update (Jun 24) |
| |
Two issues in bzip2, a high-quality block-sorting file compressor, have been fixed. One, CVE-2019-12900, is a out-of-bounds write when using a crafted compressed file. The other, CVE-2016-3189, is a potential
|
| |
Debian LTS: DLA-1832-1: libvirt security update (Jun 24) |
| |
Two vulnerabilities were discovered in libvirt, an abstraction API for different underlying virtualisation mechanisms provided by the kernel, etc.
|
| |
Debian LTS: DLA-1831-1: jackson-databind security update (Jun 21) |
| |
More Polymorphic Typing issues were discovered in jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x or logback-core jar in the classpath, an attacker can send a
|
| |
Debian LTS: DLA-1830-1: znc security update (Jun 20) |
| |
A vulnerability was discovered in the ZNC IRC bouncer which could result in remote code execution.
|
| |
Debian LTS: DLA-1828-1: python-urllib3 security update (Jun 20) |
| |
A vulnerability was discovered in python-urllib3, an HTTP library with thread-safe connection pooling, whereby an attacker can inject CRLF characters in the request parameter.
|
| |
Debian LTS: DLA-1829-1: firefox-esr security update (Jun 20) |
| |
Samuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website.
|
|
|
| |
CentOS: CESA-2019-1587: Important CentOS 7 python (Jun 24) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:1587
|
| |
CentOS: CESA-2019-1579: Important CentOS 7 libvirt (Jun 20) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:1579
|
| |
CentOS: CESA-2019-1578: Moderate CentOS 6 libvirt (Jun 20) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:1578
|
| |
CentOS: CESA-2019-1467: Important CentOS 6 python (Jun 20) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:1467
|
|
|
| |
SciLinux: SLSA-2019-1604-1 Critical: firefox on SL6.x i386/x86_64 (Jun 26) |
| |
Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) SL6 x86_64 firefox-60.7.2-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.2-1.el6_10.x86_64.rpm firefox-60.7.2-1.el6_10.i686.rpm firefox-debuginfo-60.7.2-1.el6_10.i686.rpm i386 firefox-60.7.2-1.el6_10.i686.rpm firefox-debuginfo-60.7.2-1.el6_10.i686.rpm - [More...]
|
| |
SciLinux: SLSA-2019-1587-1 Important: python on SL7.x x86_64 (Jun 21) |
| |
python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160) SL7 x86_64 python-2.7.5-80.el7_6.x86_64.rpm python-debuginfo-2.7.5-80.el7_6.i686.rpm python-debuginfo-2.7.5-80.el7_6.x86_64.rpm python-libs-2.7.5-80.el7_6.i686.rpm python-libs-2.7.5-80.el7_6.x86_64.rpm python-debug-2.7.5-80.el7_6.x86_64.rpm python-devel-2.7. [More...]
|
| |
SciLinux: SLSA-2019-1578-1 Moderate: libvirt on SL6.x i386/x86_64 (Jun 20) |
| |
libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE [More...]
|
| |
SciLinux: SLSA-2019-1579-1 Important: libvirt on SL7.x x86_64 (Jun 20) |
| |
libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE [More...]
|
|
|
| |
openSUSE: 2019:1658-1: moderate: libmediainfo (Jun 27) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:1638-1: important: gstreamer-0_10-plugins-base (Jun 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:1632-1: moderate: SDL2 (Jun 27) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:1637-1: moderate: compat-openssl098 (Jun 27) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
openSUSE: 2019:1635-1: moderate: ansible (Jun 27) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2019:1639-1: important: gstreamer-plugins-base (Jun 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:1635-1: moderate: ansible (Jun 27) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2019:1650-1: important: glib2 (Jun 27) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:1649-1: moderate: exempi (Jun 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:1645-1: important: sqlite3 (Jun 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:1646-1: moderate: wireshark (Jun 27) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2019:1640-1: moderate: libssh2_org (Jun 27) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:1633-1: moderate: SDL2 (Jun 27) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:1657-1: moderate: exempi (Jun 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:1629-1: moderate: libmediainfo (Jun 26) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2019:1623-1: moderate: GraphicsMagick (Jun 25) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2019:1624-1: moderate: aubio (Jun 25) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2019:1621-1: moderate: docker (Jun 25) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:1619-1: moderate: GraphicsMagick (Jun 24) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2019:1614-1: important: python-Jinja2 (Jun 24) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2019:1618-1: moderate: aubio (Jun 24) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2019:1612-1: important: enigmail (Jun 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:1612-1: important: enigmail (Jun 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:1606-1: important: MozillaThunderbird (Jun 24) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2019:1604-1: important: dbus-1 (Jun 24) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:1602-1: moderate: openssh (Jun 24) |
| |
An update that solves two vulnerabilities and has four fixes is now available.
|
| |
openSUSE: 2019:1603-1: moderate: ImageMagick (Jun 24) |
| |
An update that solves 5 vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:1605-1: moderate: netpbm (Jun 24) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2019:1595-1: important: MozillaFirefox (Jun 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:1593-1: important: MozillaFirefox (Jun 23) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:1594-1: critical: MozillaThunderbird (Jun 23) |
| |
An update that fixes two vulnerabilities is now available.
|
|
|
| |
Mageia 2019-0197: kernel-linus security update (Jun 20) |
| |
This kernel-linus update is based on the upstream 4.14.127 and fixes atleast the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to
|
| |
Mageia 2019-0199: git security update (Jun 20) |
| |
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017 (CVE-2018-19486).
|
| |
Mageia 2019-0198: firefox security update (Jun 20) |
| |
The updated firefox packages fix a security vulnerability that's being exploited in the wild: Type confusion in Array.pop. (CVE-2019-11707)
|
| |
Mageia 2019-0200: phpmyadmin security update (Jun 20) |
| |
Updated phpmyadmin packages fix security vulnerabilities: A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. (CVE-2019-11768, PMASA-2019-3)
|
| |
Mageia 2019-0192: flash-player-plugin security update (Jun 20) |
| |
Updated flash-player-plugin package fixes a security vulnerability: A use after free that leads to arbitrary code execution. (CVE-2019-7845) References:
|
| |
Mageia 2019-0195: kernel security update (Jun 20) |
| |
This kernel update is based on the upstream 4.14.127 and fixes atleast the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to
|
| |
Mageia 2019-0193: thunderbird security update (Jun 20) |
| |
The updated thunderbird packages fix some bugs and security vulnerabilities: Heap buffer overflow in icalparser.c. (CVE-2019-11703) Heap buffer overflow in icalvalue.c. (CVE-2019-11704)
|
| |
Mageia 2019-0194: graphicsmagick security update (Jun 20) |
| |
GraphicsMagick 1.3.32 is now released, fixing another 52 additional issues detected by oss-fuzz. Of special mention is a bug reported to us by "Battle Furry" via our security mail alias. This bug (was considered to be a "feature")
|
| |
Mageia 2019-0196: kernel-tmb security update (Jun 20) |
| |
This kernel-tmb update is based on the upstream 4.14.127 and fixes atleast the following security issues: Jonathan Looney discovered that it is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to
|
