| |
Debian: DSA-4636-1: python-bleach security update (Feb 28) |
| |
It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'noscript' and one or more raw text tags were whitelisted.
|
| |
|
| |
Fedora 31: sudo FEDORA-2020-8b563bc5f4 (Mar 5) |
| |
- update to latest development version 1.9.0b1 - added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages Resolves: rhbz#1787823 - Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945 - fixes: CVE-2019-18634 - By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account Resolves: rhbz#1786709 -
|
| |
Fedora 31: opensmtpd FEDORA-2020-283dc7f094 (Mar 4) |
| |
Release 6.6.4p1 (2020-02-24) --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Release 6.6.3p1 (2020-02-10) --- - Following the 6.6.2p1 release, various improvements were
|
| |
Fedora 30: opensmtpd FEDORA-2020-31216ab928 (Mar 3) |
| |
Release 6.6.4p1 (2020-02-24) --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Release 6.6.3p1 (2020-02-10) --- - Following the 6.6.2p1 release, various improvements were
|
| |
Fedora 30: thunderbird FEDORA-2020-2211f3adde (Mar 3) |
| |
Update to latest upstream version
|
| |
Fedora 31: kernel FEDORA-2020-227a4c0530 (Mar 2) |
| |
The 5.5.7 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 30: kernel FEDORA-2020-fe00e12580 (Mar 2) |
| |
The 5.5.7 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 31: kernel-headers FEDORA-2020-3cd64d683c (Feb 28) |
| |
The 5.5.6 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 31: kernel-tools FEDORA-2020-3cd64d683c (Feb 28) |
| |
The 5.5.6 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 31: kernel FEDORA-2020-3cd64d683c (Feb 28) |
| |
The 5.5.6 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 30: openjpeg2 FEDORA-2020-8193c0aa68 (Feb 28) |
| |
This update backports a patch for CVE-2020-8112.
|
| |
Fedora 30: mingw-openjpeg2 FEDORA-2020-8193c0aa68 (Feb 28) |
| |
This update backports a patch for CVE-2020-8112.
|
| |
Fedora 31: proftpd FEDORA-2020-876b1f664e (Feb 27) |
| |
This update, to the current upstream stable release version, is a cumulative bug-fix release including a security fix for a use-after-free vulnerability (CVE-2020-9273): successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
|
| |
Fedora 31: mingw-libpng FEDORA-2020-2f4a1bffba (Feb 27) |
| |
Update to libpng-1.6.37, see https://sourceforge.net/projects/libpng/files/libpng16/1.6.37/ for details.
|
| |
Fedora 31: php FEDORA-2020-32f9a2b308 (Feb 27) |
| |
**PHP version 7.3.15** (20 Feb 2020) **Core:** * Fixed bug php#71876 (Memory corruption htmlspecialchars(): charset `*' not supported). (Nikita) * Fixed bug #php#79146 (cscript can fail to run on some systems). (clarodeus) * Fixed bug php#78323 (Code 0 is returned on invalid options). (Ivan Mikheykin) * Fixed bug php#76047 (Use-after-free when accessing already destructed backtrace
|
| |
Fedora 31: firejail FEDORA-2020-7f6e0e6e00 (Feb 27) |
| |
Rebase to version 0.9.62
|
| |
Fedora 31: golang-vitess FEDORA-2020-bd764dd275 (Feb 27) |
| |
Rebuilt to fix [GHSA- jf24-p9p9-4rjh](https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh); Potential DoS Vector in gorilla/websocket <= v1.4.0.
|
| |
Fedora 31: golang-github-gorilla-websocket FEDORA-2020-0ae6297680 (Feb 27) |
| |
Update to latest version. Fix GHSA-jf24-p9p9-4rjh.
|
| |
Fedora 30: proftpd FEDORA-2020-76c707cff0 (Feb 27) |
| |
This update, to the current upstream stable release version, is a cumulative bug-fix release including a security fix for a use-after-free vulnerability (CVE-2020-9273): successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.
|
| |
Fedora 30: mingw-libpng FEDORA-2020-512f0121dc (Feb 27) |
| |
Update to libpng-1.6.37, see https://sourceforge.net/projects/libpng/files/libpng16/1.6.37/ for details.
|
| |
Fedora 30: php FEDORA-2020-4ea970ebc6 (Feb 27) |
| |
**PHP version 7.3.15** (20 Feb 2020) **Core:** * Fixed bug php#71876 (Memory corruption htmlspecialchars(): charset `*' not supported). (Nikita) * Fixed bug #php#79146 (cscript can fail to run on some systems). (clarodeus) * Fixed bug php#78323 (Code 0 is returned on invalid options). (Ivan Mikheykin) * Fixed bug php#76047 (Use-after-free when accessing already destructed backtrace
|
| |
Fedora 30: firejail FEDORA-2020-0fb484d7f7 (Feb 27) |
| |
Rebase to version 0.9.62
|
| |
Fedora 30: hugo FEDORA-2020-279c61dd70 (Feb 27) |
| |
Rebuilt to fix [GHSA- jf24-p9p9-4rjh](https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh); Potential DoS Vector in gorilla/websocket <= v1.4.0.
|
| |
Fedora 30: caddy FEDORA-2020-279c61dd70 (Feb 27) |
| |
Rebuilt to fix [GHSA- jf24-p9p9-4rjh](https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh); Potential DoS Vector in gorilla/websocket <= v1.4.0.
|
| |
Fedora 30: golang-github-gorilla-websocket FEDORA-2020-8f18c45545 (Feb 27) |
| |
Update to latest version. Fix GHSA-jf24-p9p9-4rjh.
|
| |
|
| |
RedHat: RHSA-2020-0652:01 Moderate: OpenShift Container Platform 4.2.21 (Mar 5) |
| |
An update for ose-installer-artifacts-container and ose-installer-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-0734:01 Moderate: Red Hat OpenShift Service Mesh 1.0.9 (Mar 5) |
| |
Red Hat OpenShift Service Mesh 1.0.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-0731:01 Important: virt:8.1 and virt-devel:8.1 security (Mar 5) |
| |
An update for the virt:8.1 and virt-devel:8.1 modules is now available for Advanced Virtualization for RHEL 8.1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0730:01 Important: qemu-kvm-rhev security, bug fix, (Mar 5) |
| |
An update for qemu-kvm-rhev is now available for Red Hat Virtualization Engine 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0726:01 Important: sudo security update (Mar 5) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0729:01 Important: Red Hat Data Grid 7.3.5 security update (Mar 5) |
| |
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0728:01 Moderate: Red Hat Data Grid 7.3.4 security update (Mar 5) |
| |
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-0727:01 Important: Red Hat Data Grid 7.3.3 security update (Mar 5) |
| |
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0720:01 Low: python-waitress security update (Mar 5) |
| |
An update for python-waitress is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0721:01 Moderate: openstack-octavia security update (Mar 5) |
| |
An update for openstack-octavia is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-0708:01 Important: http-parser security update (Mar 4) |
| |
An update for http-parser is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0707:01 Important: http-parser security update (Mar 4) |
| |
An update for http-parser is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0704:01 Important: xerces-c security update (Mar 4) |
| |
An update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0703:01 Important: http-parser security update (Mar 4) |
| |
An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0702:01 Important: xerces-c security update (Mar 4) |
| |
An update for xerces-c is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0617:01 Moderate: OpenShift Container Platform 4.2.21 (Mar 4) |
| |
An update is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-0698:01 Important: kpatch-patch security update (Mar 3) |
| |
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0567:01 Important: Red Hat build of Eclipse Vert.x 3.8.5 (Mar 3) |
| |
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
|
| |
RedHat: RHSA-2020-0664:01 Important: kernel security, bug fix, (Mar 3) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0666:01 Moderate: qemu-kvm security and enhancement update (Mar 3) |
| |
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-0669:01 Important: qemu-kvm-ma security update (Mar 3) |
| |
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0663:01 Moderate: ruby security update (Mar 3) |
| |
An update for ruby is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-0661:01 Important: kernel security and enhancement update (Mar 3) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0653:01 Important: kernel security and bug fix update (Mar 3) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2020-0637:01 Low: Red Hat Satellite 5 - 90 day End Of Life (Feb 27) |
| |
This is the 90 day notification of the End Of Life (EOL) plans for the following versions of Red Hat Satellite 5: * Red Hat Satellite 5.8 on Red Hat Enterprise Linux 6 2. Relevant releases/architectures:
|
| |
RedHat: RHSA-2020-0638:01 Low: Red Hat Satellite Proxy 5 - 90 day End Of (Feb 27) |
| |
This is the 90 day notification of the End Of Life (EOL) plans for the following versions of Red Hat Satellite Proxy 5: * Red Hat Satellite Proxy 5.8 2. Relevant releases/architectures:
|
| |
RedHat: RHSA-2020-0631:01 Important: ppp security update (Feb 27) |
| |
An update for ppp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0633:01 Important: ppp security update (Feb 27) |
| |
An update for ppp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0632:01 Important: java-1.7.0-openjdk security update (Feb 27) |
| |
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0634:01 Important: ppp security update (Feb 27) |
| |
An update for ppp is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-0630:01 Important: ppp security update (Feb 27) |
| |
An update for ppp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-0526:01 Moderate: OpenShift Container Platform 4.2.20 (Feb 27) |
| |
An update for jenkins-slave-base-rhel7-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
|
| |
Slackware: 2020-064-01: ppp Security Update (Mar 4) |
| |
New ppp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
|
| |
Slackware: 2020-062-01: seamonkey Security Update (Mar 2) |
| |
New seamonkey packages are available for Slackware 14.2 and -current to fix security issues.
|
| |
|
| |
SUSE: 2020:0601-1 moderate: gimp (Mar 6) |
| |
An update that solves three vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0604-1 moderate: librsvg (Mar 6) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0605-1 moderate: the Linux Kernel (Mar 6) |
| |
An update that solves 11 vulnerabilities and has 57 fixes is now available.
|
| |
SUSE: 2020:0598-1 moderate: tomcat (Mar 5) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:0594-1 moderate: gd (Mar 5) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:0589-1 postgresql10 (Mar 5) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0580-1 important: the Linux Kernel (Mar 4) |
| |
An update that solves 22 vulnerabilities and has 152 fixes is now available.
|
| |
SUSE: 2020:0580-1 important: the Linux Kernel (Mar 4) |
| |
An update that solves 22 vulnerabilities and has 152 fixes is now available.
|
| |
SUSE: 2020:0585-1 moderate: cloud-init (Mar 4) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0586-1 postgresql96 (Mar 4) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0578-1 moderate: yast2-rmt (Mar 3) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:14306-1 moderate: python (Mar 3) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0576-1 moderate: compat-openssl098 (Mar 3) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:0568-1 moderate: ovmf (Mar 3) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
SUSE: 2019:3060-2 moderate: libpng16 (Mar 3) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2020:0560-1 important: the Linux Kernel (Mar 2) |
| |
An update that solves 36 vulnerabilities and has 196 fixes is now available.
|
| |
SUSE: 2020:0560-1 important: the Linux Kernel (Mar 2) |
| |
An update that solves 36 vulnerabilities and has 196 fixes is now available.
|
| |
SUSE: 2020:0559-1 important: the Linux Kernel (Mar 2) |
| |
An update that solves 23 vulnerabilities and has 136 fixes is now available.
|
| |
SUSE: 2020:0557-1 moderate: python36 (Mar 2) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0558-1 important: the Linux Kernel (Mar 2) |
| |
An update that solves 15 vulnerabilities and has 150 fixes is now available.
|
| |
SUSE: 2020:0555-1 moderate: python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Mar 2) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:14304-1 moderate: permissions (Feb 28) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2020:0545-1 moderate: permissions (Feb 28) |
| |
An update that solves one vulnerability and has four fixes is now available.
|
| |
SUSE: 2020:0547-1 moderate: permissions (Feb 28) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2020:0538-1 moderate: Security Beta Salt (Feb 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14301-1 moderate: Security Beta Salt (Feb 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14303-1 moderate: Security Beta Salt (Feb 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0540-1 moderate: Security Beta Salt (Feb 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0528-1 important: java-1_8_0-ibm (Feb 28) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2020:0522-1 moderate: php5 (Feb 28) |
| |
An update that solves 9 vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0527-1 moderate: mariadb (Feb 28) |
| |
An update that solves two vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2020:0523-1 moderate: mariadb-100 (Feb 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:0512-1 moderate: rsyslog (Feb 27) |
| |
An update that solves two vulnerabilities and has four fixes is now available.
|
| |
SUSE: 2020:0511-1 important: the Linux Kernel (Feb 27) |
| |
An update that solves 34 vulnerabilities and has 170 fixes is now available.
|
| |
SUSE: 2020:0510-1 moderate: python (Feb 27) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
SUSE: 2020:0516-1 moderate: openssl (Feb 27) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:0519-1 moderate: texlive-filesystem (Feb 27) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:14295-1 moderate: openssl (Feb 27) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:0520-1 moderate: texlive-filesystem (Feb 27) |
| |
An update that contains security fixes can now be installed.
|
| |
SUSE: 2020:0505-1 moderate: mariadb (Feb 27) |
| |
An update that solves two vulnerabilities and has four fixes is now available.
|
| |
SUSE: 2020:14294-1 moderate: libexif (Feb 27) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
|
| |
Ubuntu 4296-1: Django vulnerability (Mar 4) |
| |
Django could allow unintended access to the database.
|
| |
Ubuntu 4295-1: Rake vulnerability (Mar 3) |
| |
Rake could be made run arbitrary commands it received a specially crafted file.
|
| |
Ubuntu 4290-2: libpam-radius-auth vulnerability (Mar 3) |
| |
libpam-radius-auth could be made to crash if it received specially crafted network traffic.
|
| |
Ubuntu 4288-2: ppp vulnerability (Mar 2) |
| |
ppp could be made to crash or run programs if it received specially crafted network traffic.
|
| |
Ubuntu 4294-1: OpenSMTPD vulnerabilities (Mar 2) |
| |
Several security issues were fixed in opensmtpd.
|
| |
Ubuntu 4293-1: libarchive vulnerabilities (Mar 2) |
| |
Several security issues were fixed in libarchive.
|
| |
|
| |
Debian LTS: DLA-2134-1: pdfresurrect security update (Mar 5) |
| |
It was discovered that there was an out-of-bounds write vulnerability in pdfresurrect, a tool for extracting or scrubbing versioning data from PDF documents.
|
| |
Debian LTS: DLA-2133-1: tomcat7 security update (Mar 4) |
| |
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569
|
| |
Debian LTS: DLA-2132-1: libzypp security update (Mar 3) |
| |
It was discovered that there was an issue where incorrect default permissions on a HTTP cookie store could have allowed local attackers to read private credentials.
|
| |
Debian LTS: DLA-2117-1: zsh security update (Mar 2) |
| |
A privilege escalation vulnerability was discovered in zsh, a shell with lots of features, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted.
|
| |
Debian LTS: DLA-2115-2: proftpd-dfsg regression update (Mar 2) |
| |
It was discovered that there was a regression in a previous fix for a use-after-free vulnerability in the proftpd-dfsg FTP server. Exploitation of the original vulnerability within the memory pool handling
|
| |
Debian LTS: DLA-2114-1: linux-4.9 security update (Mar 2) |
| |
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
|
| |
Debian LTS: DLA-2130-1: libapache2-mod-auth-openidc security (Feb 29) |
| |
An issue has been found in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. Due to insufficient validatation of URLs an Open Redirect vulnerability
|
| |
Debian LTS: DLA-2129-1: firebird2.5 security update (Feb 29) |
| |
An issues has been found in firebird2.5, an RDBMS based on InterBase 6.0. As UDFs can be used for a remote authenticated code execution (as user firebird), UDFs have been disabled in the default configuration
|
| |
Debian LTS: DLA-2126-1: gst-plugins-base0.10 security update (Feb 28) |
| |
Some isses have been found in gst-plugins-base0.10, a package that provides GStreamer plugins from the "base" set. All issues are related to crafted ico-files that could result in an
|
| |
Debian LTS: DLA-2125-1: collabtive security update (Feb 28) |
| |
An issue has been found in collabtive, a web-based project management software. Due to missing checks an attacker could upload scripts, which would execute code on the server by accessing for example avatar images.
|
| |
Debian LTS: DLA-2124-1: php5 security update (Feb 28) |
| |
Two issues have been found in php5, a server-side, HTML-embedded scripting language. Both issues are related to crafted data that could lead to reading after an allocated buffer and result in information disclosure or
|
| |
Debian LTS: DLA-2123-1: pure-ftpd security update (Feb 27) |
| |
An uninitialized pointer vulnerability was discovered in pure-ftpd, a secure and efficient FTP server, which could result in an out-of-bounds memory read and potential information disclosure.
|
| |
Debian LTS: DLA-2122-1: libusbmuxd security update (Feb 27) |
| |
It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.
|
| |
Debian LTS: DLA-2121-1: libimobiledevice security update (Feb 27) |
| |
It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.
|
| |
|
| |
ArchLinux: 202003-2: opensc: denial of service (Mar 5) |
| |
The package opensc before version 0.20.0-1 is vulnerable to denial of service.
|
| |
ArchLinux: 202003-1: chromium: access restriction bypass (Mar 5) |
| |
The package chromium before version 80.0.3987.132-1 is vulnerable to access restriction bypass.
|
| |
ArchLinux: 202002-13: opensmtpd: arbitrary command execution (Mar 5) |
| |
The package opensmtpd before version 6.6.4p1-1 is vulnerable to arbitrary command execution.
|
| |
ArchLinux: 202002-12: weechat: multiple issues (Mar 5) |
| |
The package weechat before version 2.7.1-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.
|
| |
ArchLinux: 202002-11: chromium: multiple issues (Feb 29) |
| |
The package chromium before version 80.0.3987.122-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.
|
| |
ArchLinux: 202002-10: webkit2gtk: multiple issues (Feb 29) |
| |
The package webkit2gtk before version 2.26.4-1 is vulnerable to multiple issues including arbitrary code execution, cross-site scripting, sandbox escape, denial of service and same-origin policy bypass.
|
| |
|
| |
CentOS: CESA-2020-0703: Important CentOS 7 http-parser (Mar 4) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0703
|
| |
CentOS: CESA-2020-0704: Important CentOS 7 xerces-c (Mar 4) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0704
|
| |
CentOS: CESA-2020-0702: Important CentOS 6 xerces-c (Mar 4) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0702
|
| |
CentOS: CESA-2020-0630: Important CentOS 7 ppp (Feb 27) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0630
|
| |
CentOS: CESA-2020-0632: Important CentOS 6 java-1.7.0-openjdk (Feb 27) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0632
|
| |
CentOS: CESA-2020-0631: Important CentOS 6 ppp (Feb 27) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0631
|
| |
|
| |
SciLinux: SLSA-2020-0702-1 Important: xerces-c on SL6.x i386/x86_64 (Mar 5) |
| |
xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) SL6 x86_64 xerces-c-3.0.1-21.el6_10.i686.rpm xerces-c-3.0.1-21.el6_10.x86_64.rpm xerces-c-debuginfo-3.0.1-21.el6_10.i686.rpm xerces-c-debuginfo-3.0.1-21.el6_10.x86_64.rpm xerces-c-devel-3.0.1-21.el6_10.i686.rpm xerces-c-devel-3.0.1-21.el6_10.x86_64.rpm [More...]
|
| |
SciLinux: SLSA-2020-0704-1 Important: xerces-c on SL7.x x86_64 (Mar 5) |
| |
xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) SL7 x86_64 xerces-c-3.1.1-10.el7_7.i686.rpm xerces-c-3.1.1-10.el7_7.x86_64.rpm xerces-c-debuginfo-3.1.1-10.el7_7.i686.rpm xerces-c-debuginfo-3.1.1-10.el7_7.x86_64.rpm xerces-c-devel-3.1.1-10.el7_7.i686.rpm xerces-c-devel-3.1.1-10.el7_7.x86_64.rpm noar [More...]
|
| |
SciLinux: SLSA-2020-0703-1 Important: http-parser on SL7.x x86_64 (Mar 5) |
| |
nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) SL7 x86_64 http-parser-2.7.1-8.el7_7.2.i686.rpm http-parser-2.7.1-8.el7_7.2.x86_64.rpm http-parser-debuginfo-2.7.1-8.el7_7.2.i686.rpm http-parser-debuginfo-2.7.1-8.el7_7.2.x86_64.rpm http-parser-devel-2.7.1-8.el7_7.2.i686.rpm http-parser-devel-2.7.1-8.el7_7.2.x86_64.rpm - Scient [More...]
|
| |
SciLinux: SLSA-2020-0632-1 Important: java-1.7.0-openjdk on SL6.x i386/x86_64 (Feb 27) |
| |
OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalizat [More...]
|
| |
SciLinux: SLSA-2020-0631-1 Important: ppp on SL6.x i386/x86_64 (Feb 27) |
| |
ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) SL6 x86_64 ppp-2.4.5-11.el6_10.x86_64.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.x86_64.rpm i386 ppp-2.4.5-11.el6_10.i686.rpm ppp-debuginfo-2.4.5-11.el6_10.i686.rpm [More...]
|
| |
SciLinux: SLSA-2020-0630-1 Important: ppp on SL7.x x86_64 (Feb 27) |
| |
ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) SL7 x86_64 ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm - Scientific Linux Development Team
|
| |
|
| |
openSUSE: 2020:0307-1: moderate: squid (Mar 6) |
| |
An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2020:0305-1: important: openfortivpn (Mar 5) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:0302-1: moderate: permissions (Mar 4) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
openSUSE: 2020:0301-1: important: openfortivpn (Mar 4) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:0293-1: important: nodejs8 (Mar 3) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:0289-1: moderate: mariadb (Mar 3) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
openSUSE: 2020:0286-1: important: ppp (Mar 2) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0284-1: important: cacti, cacti-spine (Mar 2) |
| |
An update that solves 10 vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2020:0278-1: important: webkit2gtk3 (Mar 2) |
| |
An update that fixes 8 vulnerabilities is now available.
|
| |
openSUSE: 2020:0274-1: moderate: python3 (Mar 1) |
| |
An update that solves two vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2020:0273-1: moderate: proftpd (Mar 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:0272-1: important: cacti, cacti-spine (Mar 1) |
| |
An update that solves 10 vulnerabilities and has two fixes is now available.
|
| |
openSUSE: 2020:0264-1: moderate: libexif (Mar 1) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:0261-1: moderate: python-azure-agent (Feb 29) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0255-1: moderate: libsolv, libzypp, zypper (Feb 27) |
| |
An update that solves one vulnerability and has 10 fixes is now available.
|
| |
openSUSE: 2020:0253-1: moderate: yast2-rmt (Feb 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0250-1: moderate: enigmail (Feb 27) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2020:0259-1: important: chromium (Feb 27) |
| |
An update that solves two vulnerabilities and has one errata is now available.
|
| |
openSUSE: 2020:0248-1: important: weechat (Feb 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0247-1: important: ipmitool (Feb 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
|
| |
Mageia 2020-0111: wireshark security update (Feb 29) |
| |
Updated wireshark packages fix security vulnerabilities: LTE RRC dissector memory leak. WiMax DLMAP dissector crash.
|
| |
Mageia 2020-0110: kernel security update (Feb 29) |
| |
This update is based on upstream 5.5.6 and fixes atleast the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the
|
| |
Mageia 2020-0109: hiredis security update (Feb 29) |
| |
Updated hiredis packages fix security vulnerability: async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked (CVE-2020-7105).
|
| |
Mageia 2020-0108: rsync security update (Feb 29) |
| |
Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9840,
|
| |
Mageia 2020-0107: zsh security update (Feb 29) |
| |
Updated zsh packages fix security vulnerability: A privilege escalation vulnerability was discovered in zsh, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted (CVE-2019-20044).
|
