|
Debian: DSA-4642-1: thunderbird security update (Mar 19) |
|
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For the oldstable distribution (stretch), these problems have been fixed
|
|
Debian: DSA-4641-1: webkit2gtk security update (Mar 16) |
|
The following vulnerability has been discovered in the webkit2gtk web engine: CVE-2020-10018
|
|
Debian: DSA-4640-1: graphicsmagick security update (Mar 15) |
|
This update fixes several vulnerabilities in Graphicsmagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed.
|
|
|
|
Fedora 31: chromium FEDORA-2020-f6271d7afa (Mar 19) |
|
Update to 80.0.3987.132. Lots of security fixes here. VAAPI re-enabled by default except on NVIDIA. List of CVEs fixed (since last update): * CVE-2019-20446 * CVE-2020-6381 * CVE-2020-6382 * CVE-2020-6383 * CVE-2020-6384 * CVE-2020-6385 * CVE-2020-6386 * CVE-2020-6387 * CVE-2020-6388 * CVE-2020-6389 * CVE-2020-6390 * CVE-2020-6391 * CVE-2020-6392 *
|
|
Fedora 30: webkit2gtk3 FEDORA-2020-f3fa778924 (Mar 19) |
|
Update to WebKitGTK 2.28.0. * Add API to enable Process Swap on (Cross-site) Navigation. * Add user messages API for the communication with the web extension. * Add support for same-site cookies. * Service workers are enabled by default. * Add support for Pointer Lock API. * Add flatpak sandbox support. * Make ondemand hardware acceleration policy never leave accelerated compositing
|
|
Fedora 32: libarchive FEDORA-2020-235688c222 (Mar 19) |
|
Automatic update for libarchive-3.4.2-1.fc32.
|
|
Fedora 31: nethack FEDORA-2020-16268b450d (Mar 18) |
|
Update to NetHack 3.6.6
|
|
Fedora 30: nethack FEDORA-2020-4c3d74204a (Mar 18) |
|
Update to NetHack 3.6.6
|
|
Fedora 32: nethack FEDORA-2020-76ea2955f0 (Mar 18) |
|
Update to NetHack 3.6.6
|
|
Fedora 31: libxslt FEDORA-2020-90c768a947 (Mar 17) |
|
Security and performance fixes.
|
|
Fedora 31: php-horde-Horde-Form FEDORA-2020-a55b70b4ab (Mar 16) |
|
**Horde_Form 2.0.20** * [mjr] SECURITY: Prevent ability to specify temporary filename (CVE-2020-8866, Reported By: Andrea Cardaci working with Trend Micro Zero Day Initiative).
|
|
Fedora 30: php-horde-Horde-Form FEDORA-2020-a69f99bc67 (Mar 16) |
|
**Horde_Form 2.0.20** * [mjr] SECURITY: Prevent ability to specify temporary filename (CVE-2020-8866, Reported By: Andrea Cardaci working with Trend Micro Zero Day Initiative).
|
|
Fedora 32: php-horde-Horde-Form FEDORA-2020-d0288d8022 (Mar 16) |
|
**Horde_Form 2.0.20** * [mjr] SECURITY: Prevent ability to specify temporary filename (CVE-2020-8866, Reported By: Andrea Cardaci working with Trend Micro Zero Day Initiative).
|
|
Fedora 32: couchdb FEDORA-2020-73bd8167a0 (Mar 16) |
|
CouchDB 3.0.0
|
|
Fedora 32: mediawiki FEDORA-2020-5812c67c74 (Mar 16) |
|
https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-December/000243.html
|
|
Fedora 32: java-1.8.0-openjdk-aarch32 FEDORA-2020-db5888b6bf (Mar 16) |
|
8u242 update
|
|
Fedora 32: sudo FEDORA-2020-7c1b270959 (Mar 16) |
|
- update to latest development version 1.9.0b1 - added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages Resolves: rhbz#1787823 - Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945 - fixes: CVE-2019-18634 - By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account Resolves: rhbz#1786709 -
|
|
Fedora 32: mbedtls FEDORA-2020-924b00afec (Mar 16) |
|
- Update to 2.16.5 Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released Security Advisory:
|
|
Fedora 32: sympa FEDORA-2020-8f7dcb7d00 (Mar 16) |
|
Update to sympa 6.2.54 : - Fixes CVE-2020-9369 - See https://sympa-community.github.io/security/2020-001.html for details
|
|
Fedora 32: cacti FEDORA-2020-d6a9e27bb1 (Mar 16) |
|
- Update to 1.2.10 - CVE-2020-8813 Release notes:
|
|
Fedora 32: cacti-spine FEDORA-2020-d6a9e27bb1 (Mar 16) |
|
- Update to 1.2.10 - CVE-2020-8813 Release notes:
|
|
Fedora 31: ansible FEDORA-2020-a3f12bcff4 (Mar 15) |
|
Update to 2.9.6 bugfix release and 2 CVE fixes: CVE-2020-1737, CVE-2020-1739
|
|
Fedora 31: couchdb FEDORA-2020-83f513fd7e (Mar 13) |
|
CouchDB 3.0.0
|
|
Fedora 31: mediawiki FEDORA-2020-a8ac31fed0 (Mar 13) |
|
https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-December/000243.html
|
|
Fedora 30: mediawiki FEDORA-2020-d24bd1cad3 (Mar 13) |
|
https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-December/000243.html
|
|
Fedora 30: python3-typed_ast FEDORA-2020-9b3dabc21c (Mar 13) |
|
Fixes for CVE-2019-19274 and CVE-2019-19275
|
|
Fedora 30: java-1.8.0-openjdk-aarch32 FEDORA-2020-0e6897cd35 (Mar 12) |
|
8u242 update
|
|
Fedora 30: seamonkey FEDORA-2020-b00f3fbb69 (Mar 12) |
|
Upgrade to 2.53.1 SeaMonkey-2.53.1, being initially based on the Firefox-56 and Thunderbird-56 code, incorporates now a lot of backported features and security fixes from the newer Firefox/Thunderbird versions up to 75. That way it tries to be a modern browser, preserving the same time the familiar user interface and the ability to use traditional extensions and addons. This version makes
|
|
Fedora 30: mbedtls FEDORA-2020-e7f95c4df0 (Mar 12) |
|
- Update to 2.16.5 Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released Security Advisory:
|
|
Fedora 30: sympa FEDORA-2020-bb5aa250c9 (Mar 12) |
|
Update to sympa 6.2.54 : - Fixes CVE-2020-9369 - See https://sympa-community.github.io/security/2020-001.html for details
|
|
Fedora 30: zsh FEDORA-2020-9009363f0f (Mar 12) |
|
- drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044)
|
|
Fedora 31: firefox FEDORA-2020-18f712ef2d (Mar 12) |
|
- New Firefox version (74.0)
|
|
Fedora 31: java-1.8.0-openjdk-aarch32 FEDORA-2020-f43d9b394f (Mar 12) |
|
8u242 update
|
|
Fedora 31: monit FEDORA-2020-9c19202d55 (Mar 12) |
|
Update to 5.26.0 (includes security fix for CVE-2019-11454 and CVE-2019-11455)
|
|
Fedora 31: mbedtls FEDORA-2020-0ab860bb95 (Mar 12) |
|
- Update to 2.16.5 Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released Security Advisory:
|
|
Fedora 31: sympa FEDORA-2020-79516cb689 (Mar 12) |
|
Update to sympa 6.2.54 : - Fixes CVE-2020-9369 - See https://sympa-community.github.io/security/2020-001.html for details
|
|
Fedora 31: zsh FEDORA-2020-3f38f3e517 (Mar 12) |
|
- drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044)
|
|
|
|
Gentoo: GLSA-202003-46: ClamAV: Multiple vulnerabilities (Mar 19) |
|
Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition.
|
|
Gentoo: GLSA-202003-45: PyYAML: Arbitrary code execution (Mar 19) |
|
A flaw in PyYAML might allow attackers to execute arbitrary code.
|
|
Gentoo: GLSA-202003-44: Binary diff: Heap-based buffer overflow (Mar 19) |
|
A heap-based buffer overflow in Binary diff might allow remote attackers to execute arbitrary code.
|
|
Gentoo: GLSA-202003-43: Apache Tomcat: Multiple vulnerabilities (Mar 19) |
|
Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could lead to arbitrary code execution.
|
|
Gentoo: GLSA-202003-42: libgit2: Multiple vulnerabilities (Mar 19) |
|
Multiple vulnerabilities have been found in libgit2, the worst of which could result in the arbitrary execution of code.
|
|
Gentoo: GLSA-202003-41: GNU FriBidi: Heap-based buffer overflow (Mar 19) |
|
A heap-based buffer overflow in GNU FriBidi might allow remote attackers to execute arbitrary code.
|
|
Gentoo: GLSA-202003-40: Cacti: Multiple vulnerabilities (Mar 19) |
|
Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code.
|
|
Gentoo: GLSA-202003-39: phpMyAdmin: SQL injection (Mar 19) |
|
An SQL injection vulnerability in phpMyAdmin may allow attackers to execute arbitrary SQL statements.
|
|
Gentoo: GLSA-202003-38: PECL Imagick: Arbitrary code execution (Mar 19) |
|
A vulnerability in Imagick PHP extension might allow an attacker to execute arbitrary code.
|
|
Gentoo: GLSA-202003-37: Mozilla Network Security Service: Multiple vulnerabiliti (Mar 16) |
|
Multiple vulnerabilities have been found in Mozilla Network Security Service (NSS), the worst of which may lead to arbitrary code execution.
|
|
Gentoo: GLSA-202003-36: libvorbis: Multiple vulnerabilities (Mar 16) |
|
Multiple vulnerabilities have been found in libvorbis, the worst of which could result in a Denial of Service condition.
|
|
Gentoo: GLSA-202003-35: ProFTPd: Multiple vulnerabilities (Mar 16) |
|
Multiple vulnerabilities have been found in ProFTPd, the worst of which may lead to arbitrary code execution.
|
|
Gentoo: GLSA-202003-34: Squid: Multiple vulnerabilities (Mar 16) |
|
Multiple vulnerabilities have been found in Squid, the worst of which could lead to arbitrary code execution.
|
|
Gentoo: GLSA-202003-33: GStreamer Base Plugins: Heap-based buffer overflow (Mar 15) |
|
A heap-based buffer overflow in GStreamer Base Plugins might allow remote attackers to execute arbitrary code.
|
|
Gentoo: GLSA-202003-32: Libgcrypt: Side-channel attack (Mar 15) |
|
A vulnerability in Libgcrypt could allow a local attacker to recover sensitive information.
|
|
Gentoo: GLSA-202003-31: gdb: Buffer overflow (Mar 15) |
|
A buffer overflow in gdb might allow a remote attacker to cause a Denial of Service condition.
|
|
Gentoo: GLSA-202003-30: Git: Multiple vulnerabilities (Mar 15) |
|
Multiple vulnerabilities have been found in Git, the worst of which could result in the arbitrary execution of code.
|
|
Gentoo: GLSA-202003-29: cURL: Multiple vulnerabilities (Mar 15) |
|
Multiple vulnerabilities have been found in cURL, the worst of which may lead to arbitrary code execution.
|
|
Gentoo: GLSA-202003-28: libarchive: Multiple vulnerabilities (Mar 15) |
|
Multiple vulnerabilities have been found in libarchive, the worst of which may lead to arbitrary code execution.
|
|
Gentoo: GLSA-202003-27: libssh: Arbitrary command execution (Mar 15) |
|
A vulnerability in libssh could allow a remote attacker to execute arbitrary commands.
|
|
Gentoo: GLSA-202003-26: Python: Multiple vulnerabilities (Mar 15) |
|
Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition.
|
|
Gentoo: GLSA-202003-25: libTIFF: Multiple vulnerabilities (Mar 15) |
|
Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in a Denial of Service condition.
|
|
Gentoo: GLSA-202003-22: WebkitGTK+: Multiple vulnerabilities (Mar 15) |
|
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.
|
|
Gentoo: GLSA-202003-21: runC: Multiple vulnerabilities (Mar 15) |
|
Multiple vulnerabilities have been discovered in runC, the worst of which may lead to privilege escalation.
|
|
Gentoo: GLSA-202003-20: systemd: Heap use-after-free (Mar 15) |
|
A heap use-after-free flaw in systemd at worst might allow an attacker to execute arbitrary code.
|
|
Gentoo: GLSA-202003-19: PPP: Buffer overflow (Mar 15) |
|
A buffer overflow in PPP might allow a remote attacker to execute arbitrary code.
|
|
Gentoo: GLSA-202003-18: libvirt: Multiple vulnerabilities (Mar 14) |
|
Multiple vulnerabilities have been discovered in libvirt, the worst of which may result in the execution of arbitrary commands.
|
|
Gentoo: GLSA-202003-17: nfdump: Multiple vulnerabilities (Mar 14) |
|
Multiple vulnerabilities have been found in nfdump, the worst of which could result in the execution of arbitrary code.
|
|
Gentoo: GLSA-202003-16: SQLite: Multiple vulnerabilities (Mar 14) |
|
Multiple vulnerabilities have been found in SQLite, the worst of which could result in the arbitrary execution of code.
|
|
Gentoo: GLSA-202003-15: ICU: Integer overflow (Mar 14) |
|
An integer overflow flaw in ICU could possibly allow for the execution of arbitrary code.
|
|
Gentoo: GLSA-202003-14: atftp: Multiple vulnerabilities (Mar 14) |
|
Multiple vulnerabilities have been found in atftp, the worst of which could result in the execution of arbitrary code.
|
|
Gentoo: GLSA-202003-13: musl: Stack-based buffer overflow (Mar 14) |
|
A stack-based buffer overflow in musl might allow an attacker to have an application dependent impact.
|
|
Gentoo: GLSA-202003-12: sudo: Multiple vulnerabilities (Mar 14) |
|
Multiple vulnerabilities have been found in sudo, the worst of which could result in privilege escalation.
|
|
Gentoo: GLSA-202003-11: SVG Salamander: Server-Side Request Forgery (Mar 14) |
|
A SSRF may allow remote attackers to forge illegitimate requests.
|
|
Gentoo: GLSA-202003-10: Mozilla Thunderbird: Multiple vulnerabilities (Mar 14) |
|
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.
|
|
Gentoo: GLSA-202003-09: OpenID library for Ruby: Server Side Request Forgery (Mar 14) |
|
A vulnerability in OpenID library for Ruby at worst might allow an attacker to bypass authentication.
|
|
Gentoo: GLSA-202003-08: Chromium, Google Chrome: Multiple vulnerabilities (Mar 13) |
|
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. [More...]
|
|
Gentoo: GLSA-202003-07: RabbitMQ C client: Arbitrary code execution (Mar 12) |
|
A vulnerability in RabbitMQ C client might allow an attacker to execute arbitrary code.
|
|
Gentoo: GLSA-202003-06: Ruby: Multiple vulnerabilities (Mar 12) |
|
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code.
|
|
Gentoo: GLSA-202003-05: e2fsprogs: Arbitrary code execution (Mar 12) |
|
A vulnerability in e2fsprogs might allow an attacker to execute arbitrary code.
|
|
Gentoo: GLSA-202003-04: Vim, gVim: Remote execution of arbitrary code (Mar 12) |
|
A vulnerability has been found in Vim and gVim concerning how certain modeline options are treated.
|
|
Gentoo: GLSA-202003-03: PostgreSQL: Multiple vulnerabilities (Mar 12) |
|
Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in the execution of arbitrary code.
|
|
Gentoo: GLSA-202003-02: Mozilla Firefox: Multiple vulnerabilities (Mar 12) |
|
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.
|
|
Gentoo: GLSA-202003-01: Groovy: Arbitrary code execution (Mar 12) |
|
A vulnerability within serialization might allow remote attackers to execute arbitrary code.
|
|
|
|
RedHat: RHSA-2020-0801:01 Moderate: OpenShift Container Platform 3.11 (Mar 19) |
|
An update for openshift-enterprise-postgresql-apb is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0802:01 Moderate: OpenShift Container Platform 3.11 (Mar 19) |
|
An update for openshift-enterprise-mariadb-apb is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0798:01 Moderate: OpenShift Container Platform 3.11 (Mar 19) |
|
An update for openshift-enterprise-mediawiki-apb is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0803:01 Moderate: OpenShift Container Platform 3.11 (Mar 19) |
|
An update for jenkins-slave-base-rhel7-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0800:01 Moderate: OpenShift Container Platform 3.11 (Mar 19) |
|
An update for openshift-enterprise-mysql-apb is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0799:01 Moderate: OpenShift Container Platform 3.11 (Mar 19) |
|
An update for openshift-enterprise-mediawiki-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0796:01 Moderate: OpenShift Container Platform 3.11 (Mar 19) |
|
An update for openshift-enterprise-apb-base-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0795:01 Moderate: OpenShift Container Platform 3.11 (Mar 19) |
|
Red Hat OpenShift Container Platform release 3.11.188 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0905:01 Important: thunderbird security update (Mar 19) |
|
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0903:01 Important: zsh security update (Mar 19) |
|
An update for zsh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0902:01 Important: icu security update (Mar 19) |
|
An update for icu is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0901:01 Important: icu security update (Mar 19) |
|
An update for icu is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0899:01 Important: Red Hat Decision Manager 7.7.0 (Mar 18) |
|
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0897:01 Important: icu security update (Mar 18) |
|
An update for icu is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0896:01 Important: icu security update (Mar 18) |
|
An update for icu is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0898:01 Important: python-imaging security update (Mar 18) |
|
An update for python-imaging is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0895:01 Moderate: Red Hat Process Automation Manager (Mar 18) |
|
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0892:01 Important: zsh security update (Mar 18) |
|
An update for zsh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0889:01 Important: slirp4netns security update (Mar 17) |
|
An update for slirp4netns is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0870:01 Low: python-flask security update (Mar 17) |
|
An update for python-flask is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0834:01 Important: kernel security, bug fix, (Mar 17) |
|
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0853:01 Important: zsh security update (Mar 17) |
|
An update for zsh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0850:01 Moderate: python-pip security update (Mar 17) |
|
An update for python-pip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0839:01 Important: kernel-rt security and bug fix update (Mar 17) |
|
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0851:01 Moderate: python-virtualenv security update (Mar 17) |
|
An update for python-virtualenv is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0855:01 Important: tomcat security update (Mar 17) |
|
An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0861:01 Important: Red Hat JBoss Web Server 3.1 Service (Mar 17) |
|
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0856:01 Important: java-1.8.0-ibm security update (Mar 17) |
|
An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0860:01 Important: Red Hat JBoss Web Server 3.1 Service (Mar 17) |
|
An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0831:01 Important: kernel security update (Mar 17) |
|
An update for kernel is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0824:01 Moderate: Open Liberty 20.0.0.3 Runtime security (Mar 16) |
|
Open Liberty 20.0.0.3 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0820:01 Important: firefox security update (Mar 16) |
|
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0819:01 Important: firefox security update (Mar 16) |
|
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0816:01 Important: firefox security update (Mar 16) |
|
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0815:01 Important: firefox security update (Mar 16) |
|
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
|
RedHat: RHSA-2020-0697:01 Moderate: OpenShift Container Platform 4.1.38 (Mar 12) |
|
An update for skopeo is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0695:01 Moderate: OpenShift Container Platform 4.1.38 (Mar 12) |
|
Red Hat OpenShift Container Platform release 4.1.38 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0694:01 Moderate: OpenShift Container Platform 4.1.38 (Mar 12) |
|
An update is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
|
RedHat: RHSA-2020-0813:01 Critical: Red Hat JBoss Enterprise Application (Mar 12) |
|
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0812:01 Critical: Red Hat JBoss Enterprise Application (Mar 12) |
|
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
|
RedHat: RHSA-2020-0804:01 Important: Red Hat JBoss Enterprise Application (Mar 12) |
|
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0805:01 Important: Red Hat JBoss Enterprise Application (Mar 12) |
|
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
RedHat: RHSA-2020-0806:01 Important: Red Hat JBoss Enterprise Application (Mar 12) |
|
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of
|
|
RedHat: RHSA-2020-0811:01 Important: Red Hat JBoss Enterprise Application (Mar 12) |
|
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
|
|
|
Slackware: 2020-073-01: mozilla-thunderbird Security Update (Mar 13) |
|
New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
|
|
|
|
SUSE: 2020:0725-1 important: tomcat (Mar 19) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0721-1 important: MozillaThunderbird (Mar 19) |
|
An update that fixes 7 vulnerabilities is now available.
|
|
SUSE: 2020:0722-1 moderate: nghttp2 (Mar 19) |
|
An update that solves one vulnerability and has one errata is now available.
|
|
SUSE: 2020:0717-1 important: MozillaFirefox (Mar 19) |
|
An update that fixes 7 vulnerabilities is now available.
|
|
SUSE: 2020:0715-1 postgresql10 (Mar 18) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0712-1 moderate: skopeo (Mar 18) |
|
An update that solves one vulnerability and has one errata is now available.
|
|
SUSE: 2020:0705-1 moderate: apache2-mod_auth_openidc (Mar 17) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0706-1 moderate: apache2-mod_auth_openidc (Mar 17) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:14323-1 moderate: librsvg (Mar 17) |
|
An update that solves 5 vulnerabilities and has one errata is now available.
|
|
SUSE: 2020:0699-1 ovmf (Mar 16) |
|
An update that fixes four vulnerabilities is now available.
|
|
SUSE: 2020:0697-1 moderate: cni, cni-plugins, conmon, fuse-overlayfs, podman (Mar 16) |
|
An update that solves one vulnerability and has two fixes is now available.
|
|
SUSE: 2020:0693-1 moderate: wireshark (Mar 13) |
|
An update that fixes 59 vulnerabilities is now available.
|
|
SUSE: 2020:0688-1 moderate: the Linux Kernel (Mar 13) |
|
An update that solves three vulnerabilities and has 84 fixes is now available.
|
|
SUSE: 2020:0671-1 moderate: SUSE Manager Server 4.0 (Mar 13) |
|
An update that solves three vulnerabilities and has 51 fixes is now available.
|
|
SUSE: 2020:0670-1 moderate: Recommended SUSE Manager Server 3.2 (Mar 13) |
|
An update that contains security fixes can now be installed.
|
|
SUSE: 2020:0686-1 important: MozillaFirefox (Mar 13) |
|
An update that fixes 7 vulnerabilities is now available.
|
|
SUSE: 2020:0684-1 moderate: salt (Mar 13) |
|
An update that solves two vulnerabilities and has 7 fixes is now available.
|
|
SUSE: 2020:0671-1 moderate: SUSE Manager Server 4.0 (Mar 13) |
|
An update that solves two vulnerabilities and has 51 fixes is now available.
|
|
SUSE: 2020:0668-1 moderate: glibc (Mar 13) |
|
An update that solves one vulnerability and has two fixes is now available.
|
|
SUSE: 2020:0667-1 important: the Linux Kernel (Mar 13) |
|
An update that solves 6 vulnerabilities and has 102 fixes is now available.
|
|
SUSE: 2020:0658-1 moderate: php5 (Mar 12) |
|
An update that fixes two vulnerabilities is now available.
|
|
SUSE: 2020:0661-1 important: squid (Mar 12) |
|
An update that fixes 10 vulnerabilities is now available.
|
|
SUSE: 2020:0660-1 important: openstack-manila (Mar 12) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:0659-1 important: openstack-manila (Mar 12) |
|
An update that fixes one vulnerability is now available.
|
|
SUSE: 2020:14313-1 important: ipmitool (Mar 12) |
|
An update that solves one vulnerability and has one errata is now available.
|
|
SUSE: 2020:14312-1 important: MozillaFirefox (Mar 12) |
|
An update that fixes 7 vulnerabilities is now available.
|
|
SUSE: 2020:0649-1 moderate: the Linux Kernel (Mar 12) |
|
An update that solves four vulnerabilities and has 80 fixes is now available.
|
|
|
|
Ubuntu 4308-1: Twisted vulnerabilities (Mar 19) |
|
Several security issues were fixed in Twisted.
|
|
Ubuntu 0064-1: Linux kernel vulnerability (Mar 19) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu 4307-1: Apache HTTP Server update (Mar 18) |
|
TLSv1.3 support has been enabled in Apache HTTP Server in Ubuntu 18.04 LTS.
|
|
Ubuntu 4171-5: Apport regression (Mar 18) |
|
USN-4171-1 introduced a regression in Apport.
|
|
Ubuntu 4306-1: Dino vulnerabilities (Mar 17) |
|
Several security issues were fixed in dino-im.
|
|
Ubuntu 4305-1: ICU vulnerability (Mar 17) |
|
ICU could be made to execute arbitrary code if it received a specially crafted string.
|
|
Ubuntu 4304-1: Ceph vulnerability (Mar 17) |
|
Ceph could be made to stop responding if it received specially crafted network traffic.
|
|
Ubuntu 4303-2: Linux kernel (HWE) vulnerability (Mar 16) |
|
The system could be made to expose sensitive information.
|
|
Ubuntu 4303-1: Linux kernel vulnerability (Mar 16) |
|
The system could be made to expose sensitive information.
|
|
Ubuntu 4302-1: Linux kernel vulnerabilities (Mar 16) |
|
Several security issues were fixed in the Linux kernel.
|
|
Ubuntu 4301-1: Linux kernel vulnerabilities (Mar 16) |
|
Several security issues were fixed in the Linux kernel.
|
|
Ubuntu 4300-1: Linux kernel vulnerabilities (Mar 16) |
|
Several security issues were fixed in the Linux kernel.
|
|
|
|
Debian LTS: DLA-2149-1: rails security update (Mar 20) |
|
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers.
|
|
Debian LTS: DLA-2145-2: twisted security update (Mar 19) |
|
It was discovered that there were was a regression introduced in DLA-2145-1 due to the incorrect application of the upstream patch for CVE-2020-10108 & CVE-2020-10109 regarding a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework
|
|
Debian LTS: DLA-2147-1: gdal security update (Mar 18) |
|
tif_getimage.c in LibTIFF, as used in GDAL has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
|
|
Debian LTS: DLA-2146-1: libvncserver security update (Mar 17) |
|
In libvncserver, through libvncclient/cursor.c, there is a possibility of a heap overflow, as reported by Pavel Cheremushkin.
|
|
Debian LTS: DLA-2145-1: twisted security update (Mar 17) |
|
It was discovered that there were a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework for building various types of internet applications.
|
|
Debian LTS: DLA-2144-1: qemu security update (Mar 16) |
|
Two out-of-bounds heap buffer accesses were found in QEMU, a fast processor emulator, which could result in denial of service or abitrary code execution.
|
|
Debian LTS: DLA-2143-1: slurm-llnl security update (Mar 16) |
|
Several issue were found in Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system.
|
|
Debian LTS: DLA-2142-1: slirp security update (Mar 13) |
|
It was discovered that there was a buffer overflow vulnerability in slirp, a SLIP/PPP emulator for using a dial up shell account. This was caused by the incorrect usage of return values from snprintf(3).
|
|
|
|
ArchLinux: 202003-13: bluez: access restriction bypass (Mar 20) |
|
The package bluez before version 5.54-1 is vulnerable to access restriction bypass.
|
|
ArchLinux: 202003-12: chromium: multiple issues (Mar 20) |
|
The package chromium before version 80.0.3987.149-1 is vulnerable to multiple issues including access restriction bypass, arbitrary code execution and information disclosure.
|
|
ArchLinux: 202003-11: thunderbird: multiple issues (Mar 16) |
|
The package thunderbird before version 68.6.0-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary command execution and information disclosure.
|
|
ArchLinux: 202003-10: okular: arbitrary command execution (Mar 16) |
|
The package okular before version 19.12.3-3 is vulnerable to arbitrary command execution.
|
|
ArchLinux: 202003-9: webkit2gtk: arbitrary code execution (Mar 16) |
|
The package webkit2gtk before version 2.28.0-1 is vulnerable to arbitrary code execution.
|
|
ArchLinux: 202003-8: firefox: multiple issues (Mar 12) |
|
The package firefox before version 74.0-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, arbitrary command execution, content spoofing and information disclosure.
|
|
ArchLinux: 202003-7: mbedtls: private key recovery (Mar 12) |
|
The package mbedtls before version 2.16.5-1 is vulnerable to private key recovery.
|
|
ArchLinux: 202003-6: linux: multiple issues (Mar 12) |
|
The package linux before version 5.5.7.arch1-1 is vulnerable to multiple issues including authentication bypass and information disclosure.
|
|
ArchLinux: 202003-5: python-django: sql injection (Mar 12) |
|
The package python-django before version 3.0.4-1 is vulnerable to sql injection.
|
|
ArchLinux: 202003-4: golang-golang-x-crypto: denial of service (Mar 12) |
|
The package golang-golang-x-crypto before version 0.0.20200303-1 is vulnerable to denial of service.
|
|
ArchLinux: 202003-3: ppp: arbitrary code execution (Mar 12) |
|
The package ppp before version 2.4.7-7 is vulnerable to arbitrary code execution.
|
|
|
|
CentOS: CESA-2020-0790: Important CentOS 6 kernel (Mar 12) |
|
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0790
|
|
|
|
SciLinux: SLSA-2020-0905-1 Important: thunderbird on SL7.x x86_64 (Mar 19) |
|
Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addre [More...]
|
|
SciLinux: SLSA-2020-0896-1 Important: icu on SL6.x i386/x86_64 (Mar 18) |
|
ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531) SL6 x86_64 icu-debuginfo-4.2.1-15.el6_10.i686.rpm icu-debuginfo-4.2.1-15.el6_10.x86_64.rpm libicu-4.2.1-15.el6_10.i686.rpm libicu-4.2.1-15.el6_10.x86_64.rpm icu-4.2.1-15.el6_10.x86_64.rpm libicu-devel-4.2.1-15.el6_10.i686.rpm libicu-devel-4.2.1-15.el6_10.x86_64.rpm i386 icu-debuginfo-4.2.1- [More...]
|
|
SciLinux: SLSA-2020-0898-1 Important: python-imaging on SL6.x i386/x86_64 (Mar 18) |
|
python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312) SL6 x86_64 python-imaging-1.1.6-20.el6_10.x86_64.rpm python-imaging-debuginfo-1.1.6-20.el6_10.x86_64.rpm python-imaging-devel-1.1.6-20.el6_10.x86_64.rpm python-imaging-sane-1.1.6-20.el6_10.x86_64.rpm python-imaging-tk-1.1.6-20.el6_10.x86_64.rpm i386 python-ima [More...]
|
|
SciLinux: SLSA-2020-0892-1 Important: zsh on SL6.x i386/x86_64 (Mar 18) |
|
zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) SL6 x86_64 zsh-4.3.11-11.el6_10.x86_64.rpm zsh-debuginfo-4.3.11-11.el6_10.x86_64.rpm zsh-html-4.3.11-11.el6_10.x86_64.rpm i386 zsh-4.3.11-11.el6_10.i686.rpm zsh-debuginfo-4.3.11-11.el6_10.i686.rpm zsh-html-4.3.11-11.el6_10.i686.rpm - Scientific Linux Development Team
|
|
SciLinux: SLSA-2020-0897-1 Important: icu on SL7.x x86_64 (Mar 18) |
|
ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531) SL7 x86_64 icu-debuginfo-50.2-4.el7_7.i686.rpm icu-debuginfo-50.2-4.el7_7.x86_64.rpm libicu-50.2-4.el7_7.i686.rpm libicu-50.2-4.el7_7.x86_64.rpm icu-50.2-4.el7_7.x86_64.rpm libicu-devel-50.2-4.el7_7.i686.rpm libicu-devel-50.2-4.el7_7.x86_64.rpm noarch libicu-doc-50.2-4.el7_7.noarch.rpm - S [More...]
|
|
SciLinux: SLSA-2020-0834-1 Important: kernel on SL7.x x86_64 (Mar 17) |
|
kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) Bug Fix(es): * SL7.7 - [More...]
|
|
SciLinux: SLSA-2020-0850-1 Moderate: python-pip on SL7.x (noarch) (Mar 17) |
|
python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) * python-requests: Redirect from HTTPS to HTTP do [More...]
|
|
SciLinux: SLSA-2020-0855-1 Important: tomcat on SL7.x (noarch) (Mar 17) |
|
tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) SL7 noarch tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm tomcat-7.0.76-11.el7_7.noarch.rpm tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm tomcat-jsp-2. [More...]
|
|
SciLinux: SLSA-2020-0853-1 Important: zsh on SL7.x x86_64 (Mar 17) |
|
zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) SL7 x86_64 zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm - Scientific Linux Development Team
|
|
SciLinux: SLSA-2020-0851-1 Moderate: python-virtualenv on SL7.x (noarch) (Mar 17) |
|
python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) SL7 noarch python-virtualenv- [More...]
|
|
SciLinux: SLSA-2020-0816-1 Important: firefox on SL6.x i386/x86_64 (Mar 16) |
|
This update upgrades Firefox to version 68.6.0 ESR. * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-681 [More...]
|
|
SciLinux: SLSA-2020-0815-1 Important: firefox on SL7.x x86_64 (Mar 16) |
|
This update upgrades Firefox to version 68.6.0 ESR. * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-681 [More...]
|
|
|
|
openSUSE: 2020:0362-1: moderate: wireshark (Mar 19) |
|
An update that fixes 59 vulnerabilities is now available.
|
|
openSUSE: 2020:0357-1: moderate: salt (Mar 18) |
|
An update that solves two vulnerabilities and has 7 fixes is now available.
|
|
openSUSE: 2020:0345-1: important: tomcat (Mar 15) |
|
An update that fixes three vulnerabilities is now available.
|
|
openSUSE: 2020:0343-1: moderate: librsvg (Mar 15) |
|
An update that fixes one vulnerability is now available.
|
|
openSUSE: 2020:0341-1: important: php7 (Mar 15) |
|
An update that fixes four vulnerabilities is now available.
|
|
openSUSE: 2020:0340-1: important: MozillaFirefox (Mar 14) |
|
An update that fixes 7 vulnerabilities is now available.
|
|
|
|
Mageia 2020-0145: okular security update (Mar 18) |
|
Updated okular packages fix security vulnerability: Okular can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries (CVE-2020-9359).
|
|
Mageia 2020-0144: webkit2 security update (Mar 18) |
|
Updated webkit2 packages fix security vulnerability: WebKitGTK through 2.26.4 contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution (CVE-2020-10018).
|
|
Mageia 2020-0143: sleuthkit security update (Mar 18) |
|
Updated sleuthkit packages fix security vulnerability: In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c (CVE-2020-10232).
|
|
Mageia 2020-0142: thunderbird security update (Mar 14) |
|
The updated packages fix a security vulnerabilities: Out of bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503) Use-after-free when removing data about origins. (CVE-2020-6805)
|
|
Mageia 2020-0141: firefox security update (Mar 14) |
|
Updated firefox packages fix security vulnerabilities: The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds
|
|
Mageia 2020-0140: kernel security update (Mar 13) |
|
This update is based on upstream 5.5.9 and fixes atleast the following security vulnerabilities: In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to
|
|
Mageia 2020-0139: ppp security update (Mar 12) |
|
Updated ppp packages fix security vulnerability: Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name
|
