| |
Debian: DSA-4557-1: libarchive security update (Oct 31) |
| |
A use-after-free was found in libarchive, a multi-format archive and compression library, which could result in denial of service and potentially the execution of arbitrary code is a malformed archive is processed.
|
| |
Debian: DSA-4556-1: qtbase-opensource-src security update (Oct 31) |
| |
An out-of-bounds memory access was discovered in the Qt library, which could result in denial of service through a text file containing many directional characters.
|
| |
Debian: DSA-4555-1: pam-python security update (Oct 29) |
| |
Malte Kraus discovered that libpam-python, a PAM module allowing PAM modules to be written in Python, didn't sanitise environment variables which could result in local privilege escalation if used with a setuid binary.
|
| |
Debian: DSA-4551-1: golang-1.11 security update (Oct 25) |
| |
Daniel Mandragona discovered that invalid DSA public keys can cause a panic in dsa.Verify(), resulting in denial of service. For the stable distribution (buster), this problem has been fixed in
|
| |
Debian: DSA-4550-1: file security update (Oct 25) |
| |
A buffer overflow was found in file, a file type classification tool, which may result in denial of service or potentially the execution of arbitrary code if a malformed CDF (Composite Document File) file is processed.
|
| |
Debian: DSA-4549-1: firefox-esr security update (Oct 24) |
| |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service.
|
| |
|
| |
Fedora 29: sudo FEDORA-2019-72755db9c7 (Oct 30) |
| |
* Rebase to 1.8.28 * Fixed CVE-2019-14287
|
| |
Fedora 31: php FEDORA-2019-4adc49a476 (Oct 30) |
| |
**PHP version 7.3.11** (24 Oct 2019) **Core:** * Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) * Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif :** * Fixed bug php#78442 ('Illegal component' on exif_read_data since PHP7) (Kalle) **FPM:** * Fixed bug php#78599 (env_path_info underflow in fpm_main.c can lead to RCE).
|
| |
Fedora 31: tcpdump FEDORA-2019-6db0d5b9d9 (Oct 29) |
| |
New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452,
|
| |
Fedora 31: libxslt FEDORA-2019-fdf6ec39b4 (Oct 28) |
| |
Fixes for CVE-2019-13117, CVE-2019-13118
|
| |
Fedora 30: proftpd FEDORA-2019-7559f29ace (Oct 28) |
| |
This is a cumulative bug-fix update from upstream, including a fix for a pre- authentication remote denial of service issue.
|
| |
Fedora 31: proftpd FEDORA-2019-848e410cfb (Oct 27) |
| |
This is a cumulative bug-fix update from upstream, including a fix for a pre- authentication remote denial of service issue.
|
| |
Fedora 30: tcpdump FEDORA-2019-d06bc63433 (Oct 27) |
| |
New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452,
|
| |
Fedora 29: libpcap FEDORA-2019-b92ce3144a (Oct 26) |
| |
Security fix for CVE-2018-16301, CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15165
|
| |
Fedora 31: libpcap FEDORA-2019-4fe461079f (Oct 26) |
| |
Security fix for CVE-2018-16301, CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15165
|
| |
Fedora 30: libpcap FEDORA-2019-eaa681d33e (Oct 26) |
| |
Security fix for CVE-2018-16301, CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15165
|
| |
Fedora 31: firefox FEDORA-2019-b88bd94ce8 (Oct 26) |
| |
- Updated to latest upstream version (70.0)
|
| |
Fedora 31: java-11-openjdk FEDORA-2019-f14a32de28 (Oct 26) |
| |
Update to OpenJDK October CPU (security update). See: https://openjdk.org/groups/vulnerability/advisories/2019-10-15 https://mail.openjdk.org/pipermail/jdk-updates-dev/2019-October/002025.html
|
| |
Fedora 31: java-1.8.0-openjdk FEDORA-2019-b89d284d7d (Oct 26) |
| |
OpenJDK October CPU security update. See: https://openjdk.org/groups/vulnerability/advisories/2019-10-15 https://mail.openjdk.org/pipermail/jdk8u-dev/2019-October/010452.html
|
| |
Fedora 31: xpdf FEDORA-2019-759ba8202b (Oct 26) |
| |
xpdf 4.02. Lots of security fixes here.
|
| |
Fedora 31: chromium FEDORA-2019-9a5e81214f (Oct 26) |
| |
Chromium update to 77.0.3865.120. For the upstream announcement see https://chromereleases.googleblog.com/2019/10/stable-channel-update-for- desktop.html.
|
| |
Fedora 31: jss FEDORA-2019-24a0a2f24e (Oct 26) |
| |
Security fix for CVE-2019-14823
|
| |
Fedora 31: apache-commons-compress FEDORA-2019-da0eac1eb6 (Oct 26) |
| |
Update to version 1.19. Resolves CVE-2019-12402.
|
| |
Fedora 31: mod_auth_openidc FEDORA-2019-a25d5df3b4 (Oct 26) |
| |
Upgrade to latest upstream which fixes some CVEs
|
| |
Fedora 31: wordpress FEDORA-2019-f21ad78845 (Oct 26) |
| |
**WordPress 5.2.4 Security Release** WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. **Security Updates** * Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. * Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. * Props to
|
| |
Fedora 31: firefox FEDORA-2019-218018ec82 (Oct 26) |
| |
- New upstream version (69.0.3)
|
| |
Fedora 31: mediawiki FEDORA-2019-3ba38e1cdb (Oct 26) |
| |
== Security fixes == * (T230402, CVE-2019-16738) SECURITY: Add permission check for suppressed account to Special:Redirect. == Links to all mentioned tasks == * https://phabricator.wikimedia.org/T230402 * https://phabricator.wikimedia.org/T227662
|
| |
Fedora 31: opendmarc FEDORA-2019-6a2ca74e55 (Oct 26) |
| |
This update provides the final 1.3.2 release (previously the package was 1.3.2 beta). It also includes the previously-omitted database schema directory (resolving [#1415753](https://bugzilla.redhat.com/show_bug.cgi?id=1415753)) and rddmarc tools, and backports proposed fixes for a [crasher bug](https://bugzilla.redhat.com/show_bug.cgi?id=1673293) and [security issue
|
| |
Fedora 31: libapreq2 FEDORA-2019-be108ff0f4 (Oct 26) |
| |
Patch CVE-2019-12412.
|
| |
Fedora 31: jackson-annotations FEDORA-2019-cf87377f5f (Oct 26) |
| |
- Update jackson-parent to version 2.10. - Update jackson-bom to version 2.10.0. - Update jackson-annotations to version 2.10.0. - Update jackson-core to version 2.10.0. - Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.
|
| |
Fedora 31: jackson-bom FEDORA-2019-cf87377f5f (Oct 26) |
| |
- Update jackson-parent to version 2.10. - Update jackson-bom to version 2.10.0. - Update jackson-annotations to version 2.10.0. - Update jackson-core to version 2.10.0. - Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.
|
| |
Fedora 31: jackson-databind FEDORA-2019-cf87377f5f (Oct 26) |
| |
- Update jackson-parent to version 2.10. - Update jackson-bom to version 2.10.0. - Update jackson-annotations to version 2.10.0. - Update jackson-core to version 2.10.0. - Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.
|
| |
Fedora 31: jackson-core FEDORA-2019-cf87377f5f (Oct 26) |
| |
- Update jackson-parent to version 2.10. - Update jackson-bom to version 2.10.0. - Update jackson-annotations to version 2.10.0. - Update jackson-core to version 2.10.0. - Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.
|
| |
Fedora 31: jackson-parent FEDORA-2019-cf87377f5f (Oct 26) |
| |
- Update jackson-parent to version 2.10. - Update jackson-bom to version 2.10.0. - Update jackson-annotations to version 2.10.0. - Update jackson-core to version 2.10.0. - Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.
|
| |
Fedora 31: ming FEDORA-2019-a1b6fc5274 (Oct 26) |
| |
Backport security fixes from [PR#145](https://github.com/libming/libming/pull/145) Fixes: CVE-2018-7866, CVE-2018-7873, CVE-2018-7876, CVE-2018-9009, CVE-2018-9132
|
| |
Fedora 29: java-11-openjdk FEDORA-2019-4bafcdb85f (Oct 25) |
| |
Update to OpenJDK October CPU (security update). See: https://openjdk.org/groups/vulnerability/advisories/2019-10-15 https://mail.openjdk.org/pipermail/jdk-updates-dev/2019-October/002025.html
|
| |
Fedora 29: java-1.8.0-openjdk FEDORA-2019-a87aba290f (Oct 25) |
| |
OpenJDK October CPU security update. See: https://openjdk.org/groups/vulnerability/advisories/2019-10-15 https://mail.openjdk.org/pipermail/jdk8u-dev/2019-October/010452.html
|
| |
Fedora 29: xpdf FEDORA-2019-01da705767 (Oct 25) |
| |
xpdf 4.02. Lots of security fixes here.
|
| |
Fedora 29: tcpdump FEDORA-2019-85d92df70f (Oct 25) |
| |
New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452,
|
| |
Fedora 29: jss FEDORA-2019-4d33c62860 (Oct 25) |
| |
Security fix for CVE-2019-14823
|
| |
Fedora 29: mod_auth_openidc FEDORA-2019-23638d42f3 (Oct 25) |
| |
Upgrade to latest upstream which fixes some CVEs
|
| |
Fedora 29: kernel-headers FEDORA-2019-41e28660ae (Oct 25) |
| |
The 5.3.6 update contains a number of important fixes across the tree This is a rebase to the 5.3 series ---- The 5.2.20 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 29: kernel-tools FEDORA-2019-41e28660ae (Oct 25) |
| |
The 5.3.6 update contains a number of important fixes across the tree This is a rebase to the 5.3 series ---- The 5.2.20 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 29: kernel FEDORA-2019-41e28660ae (Oct 25) |
| |
The 5.3.6 update contains a number of important fixes across the tree This is a rebase to the 5.3 series ---- The 5.2.20 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 30: java-1.8.0-openjdk FEDORA-2019-d03db48dca (Oct 25) |
| |
OpenJDK October CPU security update. See: https://openjdk.org/groups/vulnerability/advisories/2019-10-15 https://mail.openjdk.org/pipermail/jdk8u-dev/2019-October/010452.html
|
| |
Fedora 30: xpdf FEDORA-2019-a457286734 (Oct 25) |
| |
xpdf 4.02. Lots of security fixes here.
|
| |
Fedora 30: chromium FEDORA-2019-78aa18e571 (Oct 25) |
| |
Chromium update to 77.0.3865.120. For the upstream announcement see https://chromereleases.googleblog.com/2019/10/stable-channel-update-for- desktop.html.
|
| |
Fedora 30: jss FEDORA-2019-68c2fbcf82 (Oct 25) |
| |
Security fix for CVE-2019-14823
|
| |
Fedora 30: apache-commons-compress FEDORA-2019-c96a8d12b0 (Oct 25) |
| |
Update to version 1.19. Resolves CVE-2019-12402.
|
| |
Fedora 30: mod_auth_openidc FEDORA-2019-7b06f18a10 (Oct 25) |
| |
Upgrade to latest upstream which fixes some CVEs
|
| |
Fedora 31: kernel-tools FEDORA-2019-6a67ff8793 (Oct 24) |
| |
The 5.3.7 update contains a number of important fixes across the tree. The update also includes a fix for the [CVE-2019-17666](https://access.redhat.com/security/cve/CVE-2019-17666) security vulnerability regarding a buffer overflow in a Realtek wireless driver.
|
| |
Fedora 31: kernel FEDORA-2019-6a67ff8793 (Oct 24) |
| |
The 5.3.7 update contains a number of important fixes across the tree. The update also includes a fix for the [CVE-2019-17666](https://access.redhat.com/security/cve/CVE-2019-17666) security vulnerability regarding a buffer overflow in a Realtek wireless driver.
|
| |
|
| |
Gentoo: GLSA-201910-01: PHP: Arbitrary code execution (Oct 25) |
| |
A vulnerability in PHP might allow an attacker to execute arbitrary code.
|
| |
|
| |
RedHat: RHSA-2019-3297:01 Important: Red Hat Process Automation Manager (Oct 31) |
| |
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3286:01 Critical: php security update (Oct 31) |
| |
An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-3287:01 Critical: php security update (Oct 31) |
| |
An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-3292:01 Important: Red Hat Decision Manager 7.5.0 (Oct 31) |
| |
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3281:01 Critical: firefox security update (Oct 31) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
RedHat: RHSA-2019-3278:01 Important: sudo security update (Oct 31) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-3267:01 Moderate: OpenShift Container Platform 4.1 (Oct 30) |
| |
An update for openshift-enterprise-cli-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3266:01 Moderate: OpenShift Container Platform 4.1 (Oct 30) |
| |
An update for openshift is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3265:01 Important: OpenShift Container Platform 4.1 (Oct 30) |
| |
An update is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3255:01 Moderate: heketi security, bug fix, (Oct 30) |
| |
Updated heketi packages that fix one security issue, multiple bugs, and adds various enhancements is now available for OpenShift Container Storage 3.11 Batch 4 Update. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-3253:01 Moderate: samba security and bug fix update (Oct 30) |
| |
An update for samba is now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3245:01 Important: OpenShift Container Platform 4.2 (Oct 29) |
| |
An update for apb, containernetworking-plugins, and golang-github-prometheus-promu is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-3244:01 Important: Red Hat Fuse 7.4.1 security update (Oct 29) |
| |
A micro version update (from 7.4 to 7.4.1) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact
|
| |
RedHat: RHSA-2019-3239:01 Important: OpenShift Container Platform 3.10 (Oct 29) |
| |
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3238:01 Low: OpenShift Container Platform 3.10 mediawiki (Oct 29) |
| |
An update for mediawiki is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3222:01 Moderate: systemd security and bug fix update (Oct 29) |
| |
An update for systemd is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3231:01 Important: kpatch-patch security update (Oct 29) |
| |
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3225:01 Important: jss security update (Oct 29) |
| |
An update for jss is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3232:01 Moderate: polkit security update (Oct 29) |
| |
An update for polkit is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3234:01 Important: pango security update (Oct 29) |
| |
An update for pango is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3237:01 Important: thunderbird security update (Oct 29) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3220:01 Important: kernel security and bug fix update (Oct 29) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3217:01 Important: kernel-alt security and bug fix update (Oct 29) |
| |
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3218:01 Important: kernel security and bug fix update (Oct 29) |
| |
An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-3219:01 Important: sudo security update (Oct 29) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-3210:01 Important: thunderbird security update (Oct 29) |
| |
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3211:01 Critical: chromium-browser security update (Oct 29) |
| |
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3209:01 Important: sudo security update (Oct 28) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
|
| |
RedHat: RHSA-2019-3207:01 Important: Ansible security and bug fix update (Oct 24) |
| |
An update is now available for Ansible Engine 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3205:01 Important: sudo security update (Oct 24) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3204:01 Important: sudo security update (Oct 24) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
|
| |
RedHat: RHSA-2019-3203:01 Important: Ansible security and bug fix update (Oct 24) |
| |
An update is now available for Ansible Engine 2.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3202:01 Important: Ansible security and bug fix update (Oct 24) |
| |
An update is now available for Ansible Engine 2.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3201:01 Important: Ansible security update (Oct 24) |
| |
An update is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3197:01 Important: sudo security update (Oct 24) |
| |
An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
|
| |
RedHat: RHSA-2019-3200:01 Moderate: Red Hat AMQ Streams 1.3.0 release and (Oct 24) |
| |
Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
|
| |
RedHat: RHSA-2019-3196:01 Critical: firefox security update (Oct 24) |
| |
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
|
| |
|
| |
SUSE: 2019:2875-1 important: samba (Oct 31) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2871-1 important: MozillaFirefox, MozillaFirefox-branding-SLE (Oct 31) |
| |
An update that fixes 9 vulnerabilities is now available.
|
| |
SUSE: 2019:2872-1 important: MozillaFirefox (Oct 31) |
| |
An update that fixes 51 vulnerabilities is now available.
|
| |
SUSE: 2019:2868-1 important: samba (Oct 30) |
| |
An update that solves three vulnerabilities and has four fixes is now available.
|
| |
SUSE: 2019:2866-1 important: samba (Oct 30) |
| |
An update that solves three vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2019:2829-1 important: the Linux Kernel (Live Patch 35 for SLE 12 SP1) (Oct 30) |
| |
An update that solves two vulnerabilities and has two fixes is now available.
|
| |
SUSE: 2019:2859-1 important: the Linux Kernel (Live Patch 14 for SLE 15) (Oct 30) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2019:2864-1 important: the Linux Kernel (Live Patch 4 for SLE 15 SP1) (Oct 30) |
| |
An update that solves three vulnerabilities and has 9 fixes is now available.
|
| |
SUSE: 2019:2820-1 important: dbus-1 (Oct 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2821-1 important: the Linux Kernel (Live Patch 33 for SLE 12 SP1) (Oct 30) |
| |
An update that solves 8 vulnerabilities and has 8 fixes is now available.
|
| |
SUSE: 2019:2819-1 important: php7 (Oct 30) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2810-1 moderate: runc (Oct 29) |
| |
An update that solves one vulnerability and has two fixes is now available.
|
| |
SUSE: 2019:2808-1 moderate: libtomcrypt (Oct 29) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2809-1 important: php7 (Oct 29) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:14202-1 important: samba (Oct 29) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2803-1 moderate: graphite-web (Oct 29) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2802-1 moderate: python3 (Oct 29) |
| |
An update that solves two vulnerabilities and has three fixes is now available.
|
| |
SUSE: 2019:2798-1 moderate: python3 (Oct 28) |
| |
An update that fixes two vulnerabilities is now available.
|
| |
SUSE: 2019:2786-1 moderate: docker-runc (Oct 25) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2787-1 moderate: docker-runc (Oct 25) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2781-1 moderate: nfs-utils (Oct 25) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2785-1 moderate: ImageMagick (Oct 25) |
| |
An update that fixes 10 vulnerabilities is now available.
|
| |
SUSE: 2019:2783-1 important: xen (Oct 25) |
| |
An update that fixes 11 vulnerabilities is now available.
|
| |
SUSE: 2019:14201-1 important: xen (Oct 25) |
| |
An update that fixes 12 vulnerabilities is now available.
|
| |
SUSE: 2019:2782-1 moderate: nfs-utils (Oct 25) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2780-1 moderate: binutils (Oct 25) |
| |
An update that fixes 28 vulnerabilities is now available.
|
| |
SUSE: 2019:2778-1 moderate: accountsservice (Oct 24) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
SUSE: 2019:2776-1 moderate: nfs-utils (Oct 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2779-1 moderate: binutils (Oct 24) |
| |
An update that fixes 28 vulnerabilities is now available.
|
| |
SUSE: 2019:14199-1 important: xen (Oct 24) |
| |
An update that fixes 13 vulnerabilities is now available.
|
| |
SUSE: 2019:2771-1 moderate: nfs-utils (Oct 24) |
| |
An update that fixes one vulnerability is now available.
|
| |
SUSE: 2019:2769-1 important: xen (Oct 24) |
| |
An update that fixes 16 vulnerabilities is now available.
|
| |
|
| |
Ubuntu 4171-1: Apport vulnerabilities (Oct 30) |
| |
Several security issues were fixed in Apport.
|
| |
Ubuntu 4170-2: Whoopsie regression (Oct 30) |
| |
USN-4170-1 caused a regression in Whoopsie.
|
| |
Ubuntu 4173-1: FreeTDS vulnerability (Oct 30) |
| |
FreeTDS could be made to crash or run programs if it received specially crafted network traffic.
|
| |
Ubuntu 4172-1: file vulnerability (Oct 30) |
| |
file could be made to crash or run programs if it opened a specially crafted file.
|
| |
Ubuntu 4170-1: Whoopsie vulnerability (Oct 30) |
| |
Whoopsie could be made to crash, expose sensitive information or run programs if it processed a specially crafted crash report.
|
| |
Ubuntu 4169-1: libarchive vulnerability (Oct 29) |
| |
libarchive could be made to execute arbitrary code if it received specially crafted archive file.
|
| |
Ubuntu 4167-2: Samba vulnerabilities (Oct 29) |
| |
Several security issues were fixed in Samba.
|
| |
Ubuntu 4168-1: Libidn2 vulnerabilities (Oct 29) |
| |
Several security issues were fixed in Libidn2.
|
| |
Ubuntu 4167-1: Samba vulnerabilities (Oct 29) |
| |
Several security issues were fixed in Samba.
|
| |
Ubuntu 4166-2: PHP vulnerability (Oct 29) |
| |
PHP could be made to run programs if it received specially crafted network traffic.
|
| |
Ubuntu 4166-1: PHP vulnerability (Oct 28) |
| |
PHP could be made to run programs if it received specially crafted network traffic.
|
| |
|
| |
Debian LTS: DLA-1979-1: italc security update (Oct 30) |
| |
Several vulnerabilities have been identified in the VNC code of iTALC, a classroom management software. All vulnerabilities referenced below are issues that have originally been reported against Debian source package
|
| |
Debian LTS: DLA-1978-1: python-ecdsa security update (Oct 30) |
| |
It was discovered that python-ecdsa, a cryptographic signature library for Python, did not correctly verify DER encoded signatures. Malformed signatures could lead to unexpected exceptions and in some cases did not raise any exception.
|
| |
Debian LTS: DLA-1977-1: libvncserver security update (Oct 30) |
| |
LibVNC contained a memory leak (CWE-655) in VNC server code, which allowed an attacker to read stack memory and could be abused for information disclosure.
|
| |
Debian LTS: DLA-1976-1: imapfilter security update (Oct 30) |
| |
The imapfilter tool, a utility for scripting IMAP operations in lua, lacked server name / certificate peer hostname validation support.
|
| |
Debian LTS: DLA-1973-1: libxslt security update (Oct 27) |
| |
A security vulnerability was discovered in libxslt, a XSLT 1.0 processing library written in C. In xsltCopyText in transform.c, a pointer variable is not reset under
|
| |
Debian LTS: DLA-1974-1: proftpd-dfsg security update (Oct 27) |
| |
An issue has been found in proftp-dfsg, a versatile, virtual-hosting FTP daemon.
|
| |
Debian LTS: DLA-1972-1: mosquitto security update (Oct 26) |
| |
Several issues have been found in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker.
|
| |
Debian LTS: DLA-1971-1: libarchive security update (Oct 26) |
| |
An issue has been found in libarchive, a multi-format archive and compression library.
|
| |
Debian LTS: DLA-1970-1: php5 security update (Oct 26) |
| |
Emil Lerner, beched and d90pwn found a buffer underflow in php5-fpm, a Fast Process Manager for the PHP language, which can lead to remote code execution.
|
| |
|
| |
ArchLinux: 201910-17: chromium: multiple issues (Oct 28) |
| |
The package chromium before version 78.0.3904.70-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, access restriction bypass, authentication bypass, denial of service, information disclosure, privilege escalation and cross-site scripting.
|
| |
ArchLinux: 201910-16: firefox: multiple issues (Oct 28) |
| |
The package firefox before version 70.0-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, denial of service, insufficient validation and same-origin policy bypass.
|
| |
ArchLinux: 201910-15: thunderbird: multiple issues (Oct 28) |
| |
The package thunderbird before version 68.2.0-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, denial of service, insufficient validation and same-origin policy bypass.
|
| |
ArchLinux: 201910-14: php: arbitrary code execution (Oct 28) |
| |
The package php before version 7.3.11-1 is vulnerable to arbitrary code execution.
|
| |
|
| |
CentOS: CESA-2019-3197: Important CentOS 7 sudo (Oct 31) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3197
|
| |
CentOS: CESA-2019-3210: Important CentOS 7 thunderbird (Oct 31) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3210
|
| |
CentOS: CESA-2019-3193: Critical CentOS 7 firefox (Oct 31) |
| |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3193
|
| |
|
| |
SciLinux: SLSA-2019-3286-1 Critical: php on SL7.x x86_64 (Oct 31) |
| |
php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) SL7 x86_64 php-5.4.16-46.1.el7_7.x86_64.rpm php-bcmath-5.4.16-46.1.el7_7.x86_64.rpm php-cli-5.4.16-46.1.el7_7.x86_64.rpm php-common-5.4.16-46.1.el7_7.x86_64.rpm php-dba-5.4.16-46.1.el7_7.x86_64.rpm php-debuginfo-5.4.16-46.1.el7_7.x86_64.rpm php-devel-5.4.16-46.1.el7_7.x86_64.rpm php-embedded-5.4.1 [More...]
|
| |
SciLinux: SLSA-2019-3210-1 Important: thunderbird on SL7.x x86_64 (Oct 29) |
| |
This update upgrades Thunderbird to version 68.2.0. * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buf [More...]
|
| |
SciLinux: SLSA-2019-3197-1 Important: sudo on SL7.x x86_64 (Oct 24) |
| |
sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287) SL7 x86_64 sudo-1.8.23-4.el7_7.1.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.1.x86_64.rpm sudo-debuginfo-1.8.23-4.el7_7.1.i686.rpm sudo-devel-1.8.23-4.el7_7.1.i686.rpm sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm - Scientific Linux Development Team
|
| |
|
| |
openSUSE: 2019:2418-1: moderate: docker-runc (Oct 31) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2415-1: moderate: binutils (Oct 30) |
| |
An update that fixes 28 vulnerabilities is now available.
|
| |
openSUSE: 2019:2408-1: moderate: nfs-utils (Oct 29) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2399-1: moderate: lz4 (Oct 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2398-1: moderate: lz4 (Oct 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2397-1: moderate: sysstat (Oct 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2395-1: moderate: sysstat (Oct 28) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2394-1: moderate: zziplib (Oct 28) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:2396-1: moderate: zziplib (Oct 28) |
| |
An update that solves one vulnerability and has one errata is now available.
|
| |
openSUSE: 2019:2392-1: important: the Linux Kernel (Oct 27) |
| |
An update that solves 5 vulnerabilities and has 98 fixes is now available.
|
| |
openSUSE: 2019:2393-1: moderate: python (Oct 27) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2019:2389-1: moderate: python (Oct 27) |
| |
An update that fixes three vulnerabilities is now available.
|
| |
openSUSE: 2019:2388-1: moderate: openconnect (Oct 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2385-1: moderate: openconnect (Oct 27) |
| |
An update that fixes one vulnerability is now available.
|
| |
openSUSE: 2019:2379-1: important: procps (Oct 26) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
openSUSE: 2019:2376-1: important: procps (Oct 26) |
| |
An update that fixes 5 vulnerabilities is now available.
|
| |
|
| |
Mageia 2019-0308: file security update (Oct 29) |
| |
Updated file packages fix security vulnerability: A buffer overflow was found in file which may result in denial of service or potentially the execution of arbitrary code if a malformed CDF (Composite Document File) file is processed (CVE-2019-18218).
|
| |
Mageia 2019-0307: php and pcre2 security update (Oct 29) |
| |
Updated php and pcre2 packages fix security vulnerabilities: - FPM (#78599) env_path_info underflow in fpm_main.c can lead to RCE. (CVE-2019-11043) - MBString (#78633) Heap buffer overflow (read) in mb_eregi.
|
| |
Mageia 2019-0306: kernel security update (Oct 29) |
| |
This kernel update is based on the upstream 5.3.7 and fixes several issues: * various security issues in the usb subsystem * rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)
|
| |
Mageia 2019-0305: graphviz security update (Oct 29) |
| |
The updated packages fix a security vulnerability: The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. (CVE-2019-11023)
|
