| |
Debian: DSA-4685-1: apt security update (May 14) |
| |
Shuaibing Lu discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could result in denial of service when processing specially crafted deb files.
|
| |
Debian: DSA-4684-1: libreswan security update (May 13) |
| |
Stephan Zeisberg discovered that the libreswan IPsec implementation could be forced into a crash/restart via a malformed IKEv1 Informational Exchange packet, resulting in denial of service.
|
| |
Debian: DSA-4683-1: thunderbird security update (May 8) |
| |
Multiple security issues have been found in Thunderbird which could result in spoofing the displayed sender email address, denial of service or potentially the execution of arbitrary code.
|
| |
Debian: DSA-4682-1: squid security update (May 8) |
| |
Multiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service.
|
| |
Debian: DSA-4676-2: salt security update (May 7) |
| |
The update for salt for the oldstable distribution (stretch) released as DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and CVE-2020-11652. Updated salt packages are now available to correct this issue. For reference, the original advisory text follows.
|
| |
Debian: DSA-4681-1: webkit2gtk security update (May 7) |
| |
The following vulnerability has been discovered in the webkit2gtk web engine: CVE-2020-3885
|
| |
Fedora 30: viewvc FEDORA-2020-c952520959 (May 15) |
| |
Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog - security fix: escape subdir lastmod file name (#211) - fix standalone.py first request failure (#195) ViewVC 1.1.27 ChangeLog: - suppress stack traces (with option to show) (#140) - distinguish text/binary/image files by icons (#166, #175) - colorize alternating file content lines (#167) - link to the instance root from the
|
| |
Fedora 32: kernel FEDORA-2020-4c69987c40 (May 14) |
| |
The 5.6.12 stable update contains a number of important fixes across the tree.
|
| |
Fedora 32: mailman FEDORA-2020-20b748e81e (May 14) |
| |
New version v2.1.32 Security fix for CVE-2020-12137 Change mode of /etc/mailman to 2755 (#1656765)
|
| |
Fedora 32: oddjob FEDORA-2020-238bbf85d8 (May 13) |
| |
This update includes a security fix for CVE-2020-10737. Additionally, From 0.34.6: - update license on src/buffer.h - changes "/var/run" to "/run" in systemd service file (Orion Poplawski, #1834511) From 0.34.5: - apply patch from Matthias Gerstner of the SUSE security team to fix a possible race condition in the mkhomedir helper (noted above, this fixes CVE-2020-10737) -
|
| |
Fedora 32: glpi FEDORA-2020-ee30e1109f (May 13) |
| |
Last Upstream release, including (among others): - (security) Prevent execution of SQL injection while assigning a technician, - (security) Permit to change key used to store passwords, - (security) Improve CSRF token, - (security) Fix several possible XSS, - (security) Fix a few possible SQL injections, - Fix SCSS caching issues, - Fix inline images handling on item update, - Fix PHP 7.4
|
| |
Fedora 32: grafana FEDORA-2020-c6b0c7ebbb (May 13) |
| |
rebase to upstream Grafana 6.7.3 - including fix for CVE-2020-12458 and CVE-2020-12459
|
| |
Fedora 32: java-latest-openjdk FEDORA-2020-755e4213b5 (May 13) |
| |
OpenJDK 14 April CPU update
|
| |
Fedora 31: glpi FEDORA-2020-885e2343ed (May 13) |
| |
Last Upstream release, including (among others): - (security) Prevent execution of SQL injection while assigning a technician, - (security) Permit to change key used to store passwords, - (security) Improve CSRF token, - (security) Fix several possible XSS, - (security) Fix a few possible SQL injections, - Fix SCSS caching issues, - Fix inline images handling on item update, - Fix PHP 7.4
|
| |
Fedora 31: grafana FEDORA-2020-d109a1d1d9 (May 13) |
| |
rebase to upstream Grafana 6.7.3 - including fix for CVE-2020-12458 and CVE-2020-12459
|
| |
Fedora 31: mailman FEDORA-2020-69f2f1d987 (May 13) |
| |
New version v2.1.30 Security fix for CVE-2020-12137
|
| |
Fedora 31: java-latest-openjdk FEDORA-2020-36298e20f7 (May 13) |
| |
OpenJDK 14 April CPU update
|
| |
Fedora 30: java-1.8.0-openjdk FEDORA-2020-21ca991b3b (May 12) |
| |
Update to OpenJDK 8u252 (April Critical Patch Update) - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-8225603: Enhancement for big integers - JDK-8227542: Manifest improved jar headers -
|
| |
Fedora 30: seamonkey FEDORA-2020-36b36afea6 (May 12) |
| |
Update to 2.53.2 If you have Lightning and/or Chatzilla extensions previously disabled, they are enabled after the update. Disable it again if needed (in about:addons), or remove completely (which can improve startup time).
|
| |
Fedora 32: seamonkey FEDORA-2020-ca99cb4d40 (May 12) |
| |
Update to 2.53.2 If you have Lightning and/or Chatzilla extensions previously disabled, they are enabled after the update. Disable it again if needed (in about:addons), or remove completely (which can improve startup time).
|
| |
Fedora 30: xen FEDORA-2020-cbc3149753 (May 10) |
| |
update to 4.11.4 ---- multiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741] (#1823912, #1823914) Missing memory barriers in read-write unlock paths [XSA-314, CVE-2020-11739] (#1823784) Bad error path in GNTTABOP_map_grant [XSA-316, CVE-2020-11743] (#1823926) Bad continuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742] (#1823943)
|
| |
Fedora 31: community-mysql FEDORA-2020-261c9ddd7c (May 10) |
| |
**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893
|
| |
Fedora 30: community-mysql FEDORA-2020-20ac7c92a1 (May 10) |
| |
**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893
|
| |
Fedora 32: chromium FEDORA-2020-c4a555b0bb (May 9) |
| |
Are you ready, kids? I said, are you ready? Whoooooo has another update for you to see? Google Chromium! For browsing and tweeting (but not FTP) Google Chromium! If improved security be something you wish Google Chromium! Then run dnf while you flop like a fish! Google Chromium! Google Chromium! Google Chromium! Google Chromium! Ahem. Sorry*. This update fixes the following
|
| |
Fedora 32: community-mysql FEDORA-2020-136dc82437 (May 9) |
| |
**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893
|
| |
Fedora 31: crawl FEDORA-2020-de88782eaa (May 9) |
| |
- Release 0.24.1
|
| |
Fedora 31: roundcubemail FEDORA-2020-35e12da5fe (May 9) |
| |
**Version 1.4.4** This is a **service and security update** to the stable version 1.4 of Roundcube Webmail. It contains four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. - Fix bug where attachments with Content-Id were attached to the message on reply (#7122) - Fix identity selection on reply when both sender and
|
| |
Fedora 30: roundcubemail FEDORA-2020-57f2df7424 (May 8) |
| |
**Version 1.4.4** This is a **service and security update** to the stable version 1.4 of Roundcube Webmail. It contains four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. - Fix bug where attachments with Content-Id were attached to the message on reply (#7122) - Fix identity selection on reply when both sender and
|
| |
Fedora 32: crawl FEDORA-2020-c976cfa87e (May 8) |
| |
- Release 0.24.1
|
| |
Fedora 32: roundcubemail FEDORA-2020-835b7f0615 (May 8) |
| |
**Version 1.4.4** This is a **service and security update** to the stable version 1.4 of Roundcube Webmail. It contains four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. - Fix bug where attachments with Content-Id were attached to the message on reply (#7122) - Fix identity selection on reply when both sender and
|
| |
Fedora 31: nss FEDORA-2020-3c52435c2d (May 8) |
| |
- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
|
| |
Fedora 31: firefox FEDORA-2020-3c52435c2d (May 8) |
| |
- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
|
| |
Fedora 31: mingw-gnutls FEDORA-2020-d14280a6e8 (May 8) |
| |
https://lists.gnupg.org/pipermail/gnutls-help/2020-March/004642.html
|
| |
Fedora 30: firefox FEDORA-2020-f389eab5d1 (May 7) |
| |
- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
|
| |
Fedora 30: nss FEDORA-2020-f389eab5d1 (May 7) |
| |
- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
|
| |
Fedora 30: teeworlds FEDORA-2020-0d6b80678a (May 7) |
| |
0.7.5
|
| |
Fedora 32: mingw-gnutls FEDORA-2020-f90fb78f70 (May 7) |
| |
https://lists.gnupg.org/pipermail/gnutls-help/2020-March/004642.html
|
| |
Fedora 31: seamonkey FEDORA-2020-678a5157f7 (May 7) |
| |
Update to 2.53.2 If you have Lightning and/or Chatzilla extensions previously disabled, they are enabled after the update. Disable it again if needed (in about:addons), or remove completely (which can improve startup time).
|
| |
Fedora 31: libldb FEDORA-2020-9cf0b1c8f1 (May 7) |
| |
Update to Samba 4.11.8
|
| |
Fedora 31: samba FEDORA-2020-9cf0b1c8f1 (May 7) |
| |
Update to Samba 4.11.8
|
| |
Fedora 31: ceph FEDORA-2020-81b9c6cddc (May 7) |
| |
ceph-14.2.9 GA Security fix for CVE-2020-1760 ceph: header-splitting in RGW GetObject has a possible XSS Security fix for CVE-2020-1759 ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions
|
| |
Gentoo: GLSA-202005-13: Chromium, Google Chrome: Multiple vulnerabilities (May 14) |
| |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202005-12: OpenSLP: Multiple vulnerabilities (May 14) |
| |
Multiple vulnerabilities have been found in OpenSLP, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202005-11: VLC: Buffer overflow (May 14) |
| |
A buffer overflow in VLC might allow local or remote attacker(s) to execute arbitrary code.
|
| |
Gentoo: GLSA-202005-10: libmicrodns: Multiple vulnerabilities (May 14) |
| |
Multiple vulnerabilities have been found in libmicrodns, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202005-09: Python: Denial of Service (May 14) |
| |
A vulnerability in Python could lead to a Denial of Service condition.
|
| |
Gentoo: GLSA-202005-08: Xen: Multiple vulnerabilities (May 14) |
| |
Multiple vulnerabilities have been found in Xen, the worst of which could allow privilege escalation.
|
| |
Gentoo: GLSA-202005-07: FreeRDP: Multiple vulnerabilities (May 14) |
| |
Multiple vulnerabilities have been found in FreeRDP, the worst of which could result in a Denial of Service condition.
|
| |
Gentoo: GLSA-202005-06: LIVE555 Media Server: Multiple vulnerabilities (May 14) |
| |
Multiple vulnerabilities have been found in LIVE555 Media Server, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202005-05: Squid: Multiple vulnerabilities (May 12) |
| |
Multiple vulnerabilities have been found in Squid, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202005-04: Mozilla Firefox: Multiple vulnerabilities (May 12) |
| |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202005-03: Mozilla Thunderbird: Multiple vulnerabilities (May 12) |
| |
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202005-02: QEMU: Multiple vulnerabilities (May 12) |
| |
Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code.
|
| |
Gentoo: GLSA-202005-01: Long Range ZIP: Multiple vulnerabilities (May 12) |
| |
Multiple vulnerabilities have been found in Long Range ZIP, the worst of which could result in a Denial of Service condition.
|
| |
RedHat: RHSA-2020-2171:01 Important: kernel-rt security and bug fix update (May 14) |
| |
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2169:01 Moderate: Red Hat JBoss Enterprise Application (May 14) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2165:01 Moderate: openstack-manila security update (May 14) |
| |
An update for openstack-manila is now available for Red Hat OpenStack Platform 16 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2168:01 Moderate: Red Hat JBoss Enterprise Application (May 14) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2148:01 Important: Red Hat OpenShift Service Mesh 1.1.2 (May 13) |
| |
An update for servicemesh-proxy is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2146:01 Important: .NET Core on Red Hat Enterprise Linux (May 13) |
| |
An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2142:01 Moderate: Ansible security and bug fix update (May 13) |
| |
An update for ansible is now available for Ansible Engine 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-2143:01 Important: .NET Core security update (May 13) |
| |
An update for .NET Core is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2026:01 Important: OpenShift Container Platform 4.2.33 (May 13) |
| |
Red Hat OpenShift Container Platform release 4.2.33 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2027:01 Moderate: OpenShift Container Platform 4.2.33 (May 13) |
| |
An update for openshift-clients is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2126:01 Important: qemu-kvm security update (May 13) |
| |
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2125:01 Important: kpatch-patch security update (May 13) |
| |
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2117:01 Important: podman security update (May 12) |
| |
An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2116:01 Important: buildah security and bug fix update (May 12) |
| |
An update for buildah is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2081:01 Moderate: python-virtualenv security update (May 12) |
| |
An update for python-virtualenv is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2082:01 Important: kernel security and bug fix update (May 12) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2068:01 Moderate: python-pip security update (May 12) |
| |
An update for python-pip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-2085:01 Important: kernel-rt security and bug fix update (May 12) |
| |
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2113:01 Important: Red Hat Single Sign-On 7.3.8 security (May 12) |
| |
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2112:01 Important: Red Hat Single Sign-On 7.3.8 security (May 12) |
| |
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2108:01 Important: Red Hat Single Sign-On 7.3.8 security (May 12) |
| |
New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of
|
| |
RedHat: RHSA-2020-2106:01 Important: Red Hat Single Sign-On 7.3.8 security (May 12) |
| |
New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2107:01 Important: Red Hat Single Sign-On 7.3.8 security (May 12) |
| |
New Red Hat Single Sign-On 7.3.8 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2103:01 Important: kernel security update (May 12) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2102:01 Important: kernel security and bug fix update (May 12) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2104:01 Important: kernel-alt security and bug fix update (May 12) |
| |
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2070:01 Important: libreswan security update (May 12) |
| |
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2071:01 Important: libreswan security update (May 12) |
| |
An update for libreswan is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2069:01 Important: libreswan security update (May 12) |
| |
An update for libreswan is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2009:01 Important: OpenShift Container Platform 4.3.19 (May 12) |
| |
Red Hat OpenShift Container Platform release 4.3.19 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2065:01 Important: qemu-kvm-ma security update (May 11) |
| |
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2064:01 Important: chromium-browser security update (May 11) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2063:01 Important: Red Hat JBoss Enterprise Application (May 11) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2059:01 Important: Red Hat JBoss Enterprise Application (May 11) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2058:01 Important: Red Hat JBoss Enterprise Application (May 11) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2060:01 Important: Red Hat JBoss Enterprise Application (May 11) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2061:01 Important: Red Hat JBoss Enterprise Application (May 11) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2062:01 Important: Red Hat JBoss Enterprise Application (May 11) |
| |
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2020-2054:01 Important: Open Liberty 20.0.0.5 Runtime security (May 11) |
| |
Open Liberty 20.0.0.5 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2020-2050:01 Critical: thunderbird security update (May 11) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-2049:01 Critical: thunderbird security update (May 11) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-2046:01 Critical: thunderbird security update (May 11) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2020-2047:01 Critical: thunderbird security update (May 11) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2020-2048:01 Critical: thunderbird security update (May 11) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
Slackware: 2020-133-01: mariadb Security Update (May 12) |
| |
New mariadb packages are available for Slackware 14.1 and -current to fix security issues.
|
| |
SUSE: 2020:1285-1 important: python-PyYAML (May 15) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1277-1 important: libvirt (May 14) |
| |
An update that solves two vulnerabilities and has four fixes is now available.
|
| |
SUSE: 2020:14369-1 moderate: syslog-ng (May 14) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1275-1 important: the Linux Kernel (May 14) |
| |
An update that solves 35 vulnerabilities and has 21 fixes is now available.
|
| |
SUSE: 2020:1274-1 important: python-paramiko (May 14) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1273-1 moderate: grafana (May 13) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
SUSE: 2020:1272-1 important: apache2 (May 13) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:1264-1 moderate: openconnect (May 13) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2020:1255-1 important: the Linux Kernel (May 12) |
| |
An update that solves 53 vulnerabilities and has 32 fixes is now available.
|
| |
SUSE: 2020:1250-1 important: libvirt (May 11) |
| |
An update that solves one vulnerability and has 5 fixes is now available.
|
| |
SUSE: 2020:1225-1 important: MozillaThunderbird (May 11) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
SUSE: 2020:14359-1 important: MozillaFirefox (May 11) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:1227-1 important: squid (May 11) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
SUSE: 2020:1219-1 important: openldap2 (May 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1221-1 moderate: syslog-ng (May 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1218-1 important: MozillaFirefox (May 7) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:1220-1 important: ghostscript (May 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:14358-1 important: openldap2 (May 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1211-1 important: webkit2gtk3 (May 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1209-1 important: MozillaFirefox (May 7) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
SUSE: 2020:1212-1 important: ghostscript (May 7) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2020:1210-1 important: openldap2 (May 7) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
SUSE: 2020:1213-1 moderate: rmt-server (May 7) |
| |
An update that contains security fixes can now be installed.
|
| |
Ubuntu 4360-1: json-c vulnerability (May 14) |
| |
json-c could be made to execute arbitrary code if it received a specially crafted JSON file.
|
| |
Ubuntu 4359-1: APT vulnerability (May 14) |
| |
APT could be made to crash if it opened a specially crafted file.
|
| |
Ubuntu 4358-1: libexif vulnerabilities (May 13) |
| |
Several security issues were fixed in libexif.
|
| |
Ubuntu 3911-2: file regression (May 13) |
| |
USN-3911-1 introduced a regression in file.
|
| |
Ubuntu 4356-1: Squid vulnerabilities (May 13) |
| |
Several security issues were fixed in Squid.
|
| |
Ubuntu 4357-1: IPRoute vulnerability (May 13) |
| |
IPRoute could be made to execute arbitrary code if it received a specially crafted input.
|
| |
Ubuntu 4353-2: Firefox regression (May 12) |
| |
USN-4353-1 caused a regression in Firefox.
|
| |
Ubuntu 4355-1: PulseAudio vulnerability (May 12) |
| |
PulseAudio could allow unintended access to snap packages.
|
| |
Ubuntu 4354-1: Mailman vulnerability (May 11) |
| |
Mailman could be made to inject arbitrary content in the login page if it received a specially crafted input.
|
| |
Ubuntu 4353-1: Firefox vulnerabilities (May 7) |
| |
Firefox could be made to crash or run programs as your login if it opened a malicious website.
|
| |
Debian LTS: DLA-2210-1: apt security update (May 14) |
| |
When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not
|
| |
Debian LTS: DLA-2176-1: inetutils security update (May 14) |
| |
NOTE: This DLA was intially sent on 2020-04-14 but for reasons unknown failed to reach the mailing list. It is being re-sent now to ensure that it appears in the mailing list archive. No new version of
|
| |
Debian LTS: DLA-2208-1: wordpress security update (May 11) |
| |
Multiple CVE(s) were discovered in the src:wordpress package. CVE-2020-11026
|
| |
Debian LTS: DLA-2207-1: libntlm security update (May 10) |
| |
It was discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse
|
| |
Debian LTS: DLA-2206-1: thunderbird security update (May 9) |
| |
Multiple security issues have been found in Thunderbird which could result in spoofing the displayed sender email address, denial of service or potentially the execution of arbitrary code.
|
| |
Debian LTS: DLA-2205-1: firefox-esr security update (May 8) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
|
| |
Debian LTS: DLA-2204-1: mailman security update (May 7) |
| |
It was discovered that there was an arbitrary content injection vulnerability in the Mailman mailing list manager. For Debian 8 "Jessie", this issue has been fixed in mailman version
|
| |
ArchLinux: 202005-5: qutebrowser: certificate verification bypass (May 11) |
| |
The package qutebrowser before version 1.11.1-1 is vulnerable to certificate verification bypass.
|
| |
ArchLinux: 202005-4: a2ps: multiple issues (May 11) |
| |
The package a2ps before version 4.14-9 is vulnerable to multiple issues including arbitrary command execution and arbitrary code execution.
|
| |
ArchLinux: 202005-3: firefox: multiple issues (May 9) |
| |
The package firefox before version 76.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing and insufficient validation.
|
| |
ArchLinux: 202005-2: chromium: arbitrary code execution (May 9) |
| |
The package chromium before version 81.0.4044.138-1 is vulnerable to arbitrary code execution.
|
| |
SciLinux: SLSA-2020-2082-1 Important: kernel on SL7.x x86_64 (May 15) |
| |
kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) SL7 x86_64 bpftool-3.10.0-1127.8.2.el7.x86_6 [More...]
|
| |
SciLinux: SLSA-2020-2103-1 Important: kernel on SL6.x i386/x86_64 (May 13) |
| |
Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) SL6 x86_64 kernel-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.29.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.29.2.el6.i686 [More...]
|
| |
SciLinux: SLSA-2020-2049-1 Critical: thunderbird on SL6.x i386/x86_64 (May 11) |
| |
Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397) [More...]
|
| |
SciLinux: SLSA-2020-2050-1 Critical: thunderbird on SL7.x x86_64 (May 11) |
| |
Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397) [More...]
|
| |
openSUSE: 2020:0656-1: moderate: python-markdown2 (May 12) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0653-1: important: ghostscript (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0654-1: moderate: cacti, cacti-spine (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0654-1: moderate: cacti, cacti-spine (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0651-1: moderate: python-markdown2 (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0648-1: important: chromium (May 11) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:0620-1: important: chromium (May 11) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:0635-1: important: opera (May 11) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2020:0624-1: important: LibVNCServer (May 11) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2020:0628-1: important: sqliteodbc (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0642-1: moderate: php7 (May 11) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
openSUSE: 2020:0643-1: important: MozillaThunderbird (May 11) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2020:0631-1: moderate: rpmlint (May 11) |
| |
An update that contains security fixes can now be installed.
|
| |
openSUSE: 2020:0636-1: important: slirp4netns (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0621-1: important: MozillaFirefox (May 11) |
| |
An update that fixes 7 vulnerabilities is now available.
|
| |
openSUSE: 2020:0622-1: moderate: ovmf (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0627-1: moderate: rubygem-actionview-5_1 (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0623-1: important: squid (May 11) |
| |
An update that fixes 6 vulnerabilities is now available.
|
| |
openSUSE: 2020:0630-1: important: python-PyYAML (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0647-1: important: openldap2 (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2020:0646-1: important: webkit2gtk3 (May 11) |
| |
An update that fixes one vulnerability is now available.
|
| |
Mageia 2020-0210: chromium-browser-stable security update (May 10) |
| |
Chromium-browser 81.0.4044.138 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.129 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code,
|
| |
Mageia 2020-0207: libvncserver security update (May 8) |
| |
Updated libvncserver packages fix security vulnerability: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value (CVE-2019-20788).
|
| |
Mageia 2020-0206: roundcubemail security update (May 8) |
| |
Updated roundcubemail packages fix security vulnerabilities: - Cross-Site Scripting (XSS) via malicious HTML content (CVE-2020-12625) - CSRF attack can cause an authenticated user to be logged out
|
| |
Mageia 2020-0205: samba security update (May 8) |
| |
Updated samba packages fix security vulnerabilities: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server (CVE-2020-10700).
|
| |
Mageia 2020-0204: qt4 security update (May 8) |
| |
Updated qt4 packages fix security vulnerabilities: A double-free or corruption during parsing of a specially crafted illegal XML document (CVE-2018-15518).
|
| |
Mageia 2020-0203: vlc security update (May 8) |
| |
Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets (CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079, CVE-2020-6080).
|
| |
Mageia 2020-0202: matio security update (May 8) |
| |
Updated matio packages fix a security vulnerability: Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c (CVE-2019-13107).
|
